Slashdot Mirror
Microsoft "Swen" Worm Squiggles Into Sight
greenhide writes "As forecast in this story, a new Microsoft worm has indeed wriggled to the surface. The W32.Swen's claim to fame is its professional looking email advertisement that pretends to be a fake Microsoft patch. Earlier viruses have made the claim, but none of them looked this good. It appears to have infected over 1.5 million machines. "
Thats one hell of a virus.
I suggest all Windows users go to http://www.knoppix.net/ and burn the CD.
If you use Linux, please help development of Autopac
It's been flooding my mailbox for more than a day now. Grr...
Swen, more like a swan am i rite?
Only took two days toi make it to slashdot? You guys are going soft.
Can I bum a sig? I left mine at the office.
of those machines seem to ahve sent it to me :(
...Rob
The American Dream isn't an SUV and a house in the suburbs; it's Don't Tread On Me.
After all these worms and virii are hitting MS boxen from every angle, there still aren't mentions of alternatives from major news sources. The Dallas Morning News, last week, had at least a causal glance by saying in one line "Macintosh users are unaffected".
Why isn't Linux and Macintosh turning this into a big propaganda opportunity? Both OS's can hold up the 'come to us, we've had our shots, we'll never get worms' flags and pray that the big media mentions it.
That's kind of funny, although it seems that this virus requires user interaction in order to spread, so we can't really blame M$ for this one :P
autopr0n is like, down and stuff.
At work, they have duped over 5 of my collegues...even AFTER the email went out saying that it was going around. Well, Make an OS that any idiot can use, and only idiots will use it, I guess...
My problem with all these worms is that it doesn't do anything after it propogates, so no one will really care except bandwidth-concious IT people. It should send itself out, then erase all the FAT tables on a hard drive.
Or deltree the c:\winnt or c:\windows directory (or both).
That would REALLY piss people off, who would demand that they do something to make sure that not happen again...like...I dunno...Linux or OSX?
Just a thought...
All of the big internet 'epidemics' so to speak (I Love You, WBlast, and so forth) have completly missed my system. I've been a Windows user for a long, long time and I don't think I've ever received an email containing a virus. Maybe my ISP just has really good filtering... or maybe the viruses only go after American domains... Weird.
The fake update has made it to Windows Update itself. Here is the name: "Recommended Update for Windows Rights Management client 1.0."
Do not download, it's only there to own your system.
The virus needs user interaction to propagate. Hence it is an e-mail virus. Only programs that propagate automatically are worms. One cannot necessarily expect the Washington Post to get such technicalities right. However, it would be nice if at least /. used proper terminology.
/. we known anymore, would it...
Then again, if it did, it wouldn't be the
On the bright side, deliveries of unrelated spam seem to have fallen due to the worm's load on the internet :-)
I was happy to get this e-mail from Microsoft so I could apply a cumulative patch. I'm usually so bad about patching my system in time, but this time they took the trouble to remind me personally!
No more worries for me!
~160 M$ patches in two days...damn, windows has more holes than swiss cheece.
http://archonon.sytes.net/
I was wondering why Microsoft would send an update to me, a Linux user :p This has been crowding my inbox for the last few days
History will be kind to me, for I intend to write it - Sir Winston Churchill
Nobody at my work saw a single sobig email. However we dont run our mail server (not that anybody else did either actually). So now I can Imagine yet another 2 weeks of sending and receiving only have of what is actually being transfered...
In fact just friday I received the tail end of email bounces from a week and a half before.
Five of'em in one day. Of course, the rest will go into the trash automatically, but it was an interesting experience finally catching a taste of the "commoner" internet.
Whats wrong with Linux? Linux isnt the operating system with a new worm coming out for it every week.
I feel pretty damn safe under Linux, how do you feel worrying about when the next worm will take over your entire machine? How do you feel about viruses, hows that Zone Alarm treating you?
If you use Linux, please help development of Autopac
Hypothetical advertisement: "Hey, we're Macs, and we don't have viruses."
I guarantee you that every virus writer and his(/her?) grandmother would flock to OS X and start writing viruses with reckless abandon. Apple, Linux, Amiga, Commodore 64, and whatever other less-used operating system is probably perfectly happy to have its users sitting fat, dumb, and happy and not bragging about it.
"Diplomacy is something you do until you find a rock." --Richard Pound
I can't help but feel that people have accepted the fact that Computers in general get Viruses. People complain about Windows, but Windows, to most people, is the only solution. So for them, the concept that Windows gets hit with so many viruses means that users in general get hit. No matter the OS.
I was explaining the other day to one of my business partners not to install this virus, and to delete it right away if he gets it.
He asked me if my computer was infected, whereby I had to explain once again that running Linux, I generally don't have to worry about things like this.
But the point is, for him, computers just get viruses. And because of that, I believe that most people are thinking: "Hrm, my computer got a virus.", not "Windows let another Virus through."
So the majority of the people that aren't really computer illeterate (the majority), don't really know what to think when people tell them Linux is more secure.
Because for them, it's still running on their computer, and their 'computer' got a virus. It's just their mentality. Of course, this is simply my opinion.
Jason Lotito
You know that if the situation in Terminator 3 (virus spreads over majority of systems) were to ever happen, it would happen as a result of having a massively homogenous computing environment. I really think that we should stop teaching kids how to use Word and Excel in middle school, and start teaching them how to install their own linux systems. We could create an army of informed computer users, something that Microsoft fears the most.
The Ro Factor - Jeep/Linux Weblog
I was waiting for a slashdot story to tell my why I found 500 'patch' emails in my inbox over the weekend.
There is one thing that Micro$oft is great at!!!
Virus propagators!
Yep, MicroSoft has NO EQUAL in the
virus propagation market.
There is NO competetor, Micro$oft
has the very finest virus propagators.
Microsoft has such a marketshare and such control over the media that to most average people, Windows IS the PC. There is nothing else, if you tell them about Linux they will say "Whats that?"
Kinda like how Apple was the PC in the 80s and no one knew about anything else.
If you use Linux, please help development of Autopac
well as long as you know that msare greedy, you should notice that it's a fake mail, would a greedy company offer a patch or even a virus for two versions that it no longer suports (win 95 & 98) ;)
Solid Splash design
Latest Linux Vunerablities, from the DSA security alert system
[20 Sep 2003] DSA-389 gnome-vfs - several vulnerabillities
[19 Sep 2003] DSA-388 kdebase - several vulnerabilities
[18 Sep 2003] DSA-387 gopher - buffer overflows
[18 Sep 2003] DSA-386 libmailtools-perl - input validation bug
[18 Sep 2003] DSA-385 hztty - buffer overflows
[17 Sep 2003] DSA-384 sendmail - buffer overflows
[17 Sep 2003] DSA-383 ssh-krb5 - possible remote vulnerability
[17 Sep 2003] DSA-382 ssh - possible remote vulnerability (new revision)
[16 Sep 2003] DSA-382 ssh - possible remote vulnerability
[13 Sep 2003] DSA-381 mysql - buffer overflow
[12 Sep 2003] DSA-380 xfree86 - buffer overflows, denial of service
[11 Sep 2003] DSA-379 sane-backends - several vulnerabilities
[07 Sep 2003] DSA-378 mah-jong - buffer overflows, denial of service
Just because Linux hasn't been hit hard yet, dosen't mean it will be, after all, theres a lot of old linux 2.2 boxes out there that have hundreds of holes, but just haven[t been penetrated yet.
So, I have recieved a number of these (thank goodness I am running OS X) and it appears that the "notification" also contains html. So, examining the html, it appears that it actually references microsoft.com.
If I were microsoft, it appears there is a simple way to defeat this by inserting html in the referenced source that warns recipients of this sort of thing.
Visit Jonesblog and say hello.
Social Engineering + Professionalism + Virus = One Fun Monday Morning
Karma: Can only be portioned out by the Cosmos.
I got a copy last night from 2 diffent senders both were caught by my wonderful ISP who filters for viri and removed the attachments. Seeing how it couldn't affect me since I run Linux I was quite happy anyway they do that. The Microsoft email does look quite good BTW I took a look before it hit the bit bucket. Both Emails were from California (The Bay area.)
As you can see I don't care about my karma.
This is from the creators of Sobig. They are trying to get as many venues to send spam as possible. Once the login/password + smtp info is gathered, it is sent to them and they now have a massive list of credentials to bombard the rest of the world with.
....because they're noticed too quickly. If you destroy your host immediately you're not going to propogate too far, now are you?
Yes, you could make it a little more complex with time-outs or a way to select certain targets as hosts for more sending and others to destroy, but it wouldn't last and last like some of the recent worms, because it's effects would be so noticeable.
This worm looks like a clever attempt at developing a new spam system.
It asks for the infected users name and email address. Great information for sending spam to.
It also asks for the users SMTP server, login name, and password. The spammer who developed this worm is looking for a way to used closed relays.
This worm is missing only 3 features, currently unreported, to be perfect. First, it should log this information and forward it in some anonymous manner (such as sending it to a few thousand people, one of whom is the desired recipient), second, second it should develop not only a list of email addresses, but also a map of who opens email sent to them by whom (so you can be sure the spam gets through), and third it should turn the comprimised computer into a distributed SPAM network relay.
The majority of windows users dont even patch their systems,theyll just ignore it.
This type of trojan has been around for a while. I've been getting fake MS e-mails for almost a year now. Official Microsoft statement that we give people on the phone "Microsoft never sends you files via e-mail unless you are on the phone with support personel and they specifically say they are e-mailing you something" 99.99999999% of the time, if MS e-mails you it will only direct you to their site to READ about the purpose of the patch and then download it. Also all MS security bulletins are digitally signed.
I've gotten this over 80 times now. It has a few typos though, so falling for it would be dumb, to the point where if you did, you deserve it.
However, this is bad, because it is bogging down the mail servers and the 'net in general, as well as filling up the mailbox and posibly causing ligitimit emails to be kicked back because of a full mailbox.
On a lighter note though, I'm using this as a means to judge how smart my relitives are.
Network Assocaites has some screenshots of the installer http://vil.nai.com/vil/content/v_100662.htm
It's a very good idea these days to just reject all executable attachments at "the gates" so to speak. I use postfix 1.1 so I added:
/etc/main.cf where the file referenced came from here:
c ks
body_checks = pcre:/etc/postfix/mime_header_checks
to
http://www.securitysage.com/files/mime_header_che
but there are many regular expression filters like this one. Note, with 2.x you need to use the 'mime_header_checks' directive rather than 'body_checks'.
If you want to send someone an executable, send it to them in a zip or tar.gz.
Boxen. Virii. Jeez -- go back to class.
that's how many of these emails i've gotten.... does it send one email to every alphanumeric combination?
Professional? You must be joking! No punctuation after the salutation, and the first sentence starts uncapitalized. Obviously bogus after the first 2 words plus 1 letter.
Remember this as well most people don't run all that stuff. Also lots on that list are subject to "local" exploits not remote exploits. The ssh exploits are the current baddies. Servers that run console only don't usually install xfree at all certainly not Mahjong and kdebase. It's not like Microsoft where the kitchen sink is installed and it's all enabled.
As you can see I don't care about my karma.
off to microsoft update. i sure hope there's a... oh.
.NET Framework version 1.1", "Root Certificates Update", "Windows Media Player 9 Series*", "Update for Windows Rights Management client 1.0" and some update for "IPSec and L2TP/IPSec."
"There are no critical updates available at this time. However, Windows Update has found other updates for your computer. To browse through these updates and select the ones you want to install, click a category title in the list."
well, lets see here. "Microsoft Windows Journal Viewer", "Microsoft
Well, as it turns out, i am either already patched against this new threat, or i'm hopelessly open to losing it all. yippy!
You are confusing me with someone who cares.
There goes my bandwidth ---- again.
Big Brother Bush is doubleplus ungood.
...Excusemeee? HellLOOO? Virus author guys? Remember the golden glory days of Jerusalem and Eddie/Dark Avenger? Back when the motto was "The smaller the better"? Back when anti-virus makers unceremoniously categorized everything above 8 kilobytes "huge and technically uninteresting"?
Me, here just went over severe headaches of Sobig with its interesting effects on my 50M quota on the mail server... It wasn't nice to delete 20 megabytes of virus spam twice a day. Sheesh.
*sigh* There it goes again. Let's see how many terabytes of this crap I find from my box this time and how many zillions of bogus bounces and "thoughtful" anti-virus failure notes this will generate.
Oh no, this multi talented worm is:
But wait! Theres MORE! It has its own SMTP engine. It attempts to halt anti-virus processes. It alters the registry AND THEN it even disables the ability to edit the registry!
Quite a nasty beasty really. And even for us nice safe Linux/BSD users there are issues. Clogged mailboxes are at least, a nuisance, at worse, a huge bandwidth cost. Those on dialup or liimited broadband access where you pay for d/ls and uploads will notice it!
So even those of us cheerfully NOT patching frantically have consequences. The celebrations of yet another MS problem are a bit premature it seems to me. I'd rather see more outrage that such an inherently insecure and easily manipulated OS is costing ALL of us online.
Nothing - well thats something.
There are several reasons what you said was just plain wrong. There were a lot of ways to avoid the RPC (MSBlast) worm. First, you could have patched when the patch was first released. It pre-dated the worm by several weeks. Second, you could have been running the built-in XP firewall. Third, you could have been running a 3rd party software firewall such as ZoneAlarm. Fourth, you could have been behind a firewall on another box or behind a hardware firewall. Fith, you could be behind a NAT box that is set not to pass incoming connect attempts to LAN side (which is the default setting for the 3 home routers I have owned). Doing any one of these would have dropped the likelyhood of getting the RPC worm to zero or near to it (e.g. it's perfect until and infected machine is hooked up behind the firewall). How are people who took one or several of these steps lucky? I have 3 Win boxen among the computers on my home network, none got infected. Though my router was catching about 5-8 infection attempts a second.
I'm sure there is an equilvent fix for sendmail. If you are running MS Exchange, the best way to fix your server is by taking a knife to its network cable.
-- Will program for bandwidth
The W32.Swen's claim to fame is its professional looking email advertisement that pretends to be a fake Microsoft patch.
So..if it pretends to be a fake MS patch, does that make it a real MS patch? Or does it pretend to be an MS patch which doesn't do what it's supposed to? Or...
Sorry, we have had to stop this live edition of talking crap, as Dave's head has exploded
Man, my email box is FULL of this shit. I feel like charging Billy Gates for the next excess bandwidth costs. Seriously, I've received HUNDRES of these fucking things. The only consolation I can take is that it must be fucking SPAMMERS that are getting the virus, because I simply don't have this many friends :)
This has prompted me to uninstall exim, and install sendmail / mimedefang / spamassassin. Lets see the fuckers get through THAT!
Some guy tracked the hidden counter inside the virus and posted the numbers: http://smharr4.dnsalias.net/security/index.html Pretty neat.
And on another issue, where's the button in Windows Update that says, "I don't want to add this patch ever, so stop bothering me!"? Looks like as long as I use Windows Update in the future, I'm going to be stuck having to look at this offered DRM patch, and that I'll always have to remember to refuse it.
I'm generally "Interesting," "Insightful," and even "Funny" here. What the hell happens to me at parties?
If you were using XP and you didnt get infected by the RPC worm you were lucky. The only way you could defend against it is Zone Alarm.
Lucky? Zone Alarm?? Well, at least you were able to show that you really don't know much about Windows (or at least not as much as you think you do).
-- Kircle
and it says it on the page as well... "Thank you for using Microsoft products". :):):):):)
I know...it's a little mean :) That's one reason i'm on a Mac.
I don't understand how people think this virus looks professional. The text is filled with typos and garbled and confusing to an experienced computer user like myself, it must come across as utterly incomprehesible to an inexperienced computer user. A presitgious software developer like Microsoft would never design such a crappy interface!
I motion that we start prefacing with the word "Microsoft" ALL worms and viruses that use Microsoft software vulnerabilities.
A little reading comprehension would help, guys. There's a big difference between an annoying virus that gives you lots of email and a worm that takes out the internet.
Seriously, I didnt get a single lovebug, or andythign like that. The only thing I've ever got is one copy of sircam.
I've had 350 of this bugger though. So much for being unnafected running linux - 50MB in 24 hours is arround 600bytes per second. I feal for the dialup user.
Sure I can filter them, but only after they get to my inbox.
If i get a e-mail writed in english i trhow it to the trash.
Swen isn't Blaster.
3 real newsgroup message from yesterday:
Poster1: I received a security alert email from Microsoft with a security patch
attachment. I installed it. Now I get about 60 or 70 emails an hour with
subjects like "Mail System Error - Returned Mail", "Mail delivery failed:
returning message to sender", "Delivery failure", etc. The messages are from
Microsoft Network Security Section, Mail Adminstartor, Microsoft Corporation
Technical Support, Mail Delivery System, etc.. I don't know why I'm getting
these because I'm not sending any message out. I'm even getting Security
Alert messages from Microsoft with attachements I've already installed
Help
----
Poster2: This was a virus and you are infected. Microsoft will NEVER send security
updates via email. Update your Antivirus software and scan your machine.
Alternatively you can go to www.trend.com and scan your PC over the
Internet.
----
Poster3: I received these also but never executed any of them and I still
received the 60 e-maoils per hour. I have Norton Anti-Virus 2004,
what do I do now????
----
Those MVP's on the board got my respect for their endurance and patience.
But this thing is not a worm, but a virus. It can't survive without the naivete of the clueless user. That problem might be solved by providing a leaflet for buyers of new computers, which will contain information such as:
And it's not the first virus that fakes MS advisories. There was at least another one that I received. It looked like a real advisory and even included a link to the IE advisory page ("for more information..")Slashdot community, please notice: I am looking for a girlfriend.
Nave H. Weiss
Comment removed based on user account deletion
follow up with several clever FAKE bounced
e-mails also containing it. I've been getting
about 10 per day (total) for the last 3-4 days
now, at an e-mail address I use to sell on eBay.
The "patch" e-mail looks very real, but of
course I'm not stupid, and the e-mail address
is obviously fake. I NEVER open e-mail any way
but as straight ASCII text, no matter who it is
from. And I NEVER open attachments, from ANYONE!
HANZOSAN IS A TROLLER, CHECK HIS COMMENT HISTROY.
Beating lameness filter.
a href=ignore thhscrap to beat the lasmeness Please try to keep posts on topic.
Try to reply to other people's comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriat
I wonder what the return IP address on the mail is... wouldn't users be able to see the SMTP headers so that they would know that M$ did not send it to them?
So, what happens when the user gets an email that looks like it came from support@apple.com and it tells them to install a binary file?
Same damned thing.
You can't patch the vulnerability that sits between the keyboard and the chair.
Although Microsoft has tried. Anyone running a version of Outlook released in the past 2 years can't open the binary attachment that this worm sends. If that was attempted elsewhere people would be crying bloody murder.
Fortunately, I am covered on three accounts - I use OS X on the client, I use Linux as a mailserver, and I run SpamAssassin on that server.
Bloody irritating though.
Cheers,
Ian
In the last few hours I started receiving a new one I believe. This one attempts to autorun in outlook using the html view flaw.
Got Code?
Has Linux based Virus scanner that can update itself to scan hard drives for known viruses. That way if Windows goes Wonky, boot to Knoppix and do a virus scan to see if you got infected.
That way you won't risk running an infected machine on the Internet and infect others.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
But this isn't exactly biological evolution we're talking about here; if one worm "goes extinct" by wiping the hard drives on it's fifty million hosts, there will still be crackers waiting to use new code (or the same code patched for a new exploit) for the next worm.
And even if the theory that destructive worms wouldn't spread as fast as non-destructive worms is true, it's not an explanation for why we haven't been seeing non-destructive worms. It's not as if criminals initially tried to exploit the RPC hole with a destructive worm and failed; the non-destructive worm was the only one written to begin with. I'd be very curious to know why - system crackers with a conscience?
I wanna troll damnit! Post a new story NOW! Can't stay way down here.
But they claim that it is really a virus. So how can you differentiate between the two?
Comment removed based on user account deletion
..that pretends to be a fake Microsoft patch
:)
There's something patently wrong in this sentence, but I can't quite put my finger on it...
Maybe it just confuses me on so many levels
Bot Assisted Blogging
Comment removed based on user account deletion
Persuade your ISP to use IMAP (or pay for the service yourself), and you don't need to download messages you don't care about. Plus, moden clients like Mozilla mail and KMail can even download partial messages, so attachments are not downloaded unless you actually open them.
as are those of you, who use somewhat intelligent clients.
...
I have one account that's on the receiving end of this worm, and I can only access it via webmail. A slow webmail. When I only have 20 messages (in all) it takes 35 seconds to load the page; when I have 472 unread messages it takes waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaay too long to load the page.
Oh, yeah - it gets better. I actually need this account, as it's the main communication with the rest of the school. Oh, yeah - a bunch of administrators who don't give a rats ass about this, and don't see the need to do a virus scan on the server - even though the university has 15,000 users, 5,000 computers (~4,000 running windows), hot spots in all buildings and gigabit internet. I can't wait for just one computer to get infected and set off a violent chain reaction.
Oh - just to spice things up - the university lent a helping hand in knocking the root servers off the internet a while back, but hey - that's okay - it's not a problem for the administrators, because "we're using unix, so we aren't in harms way", which was an actual response, when I called and gave them a heads up yesterday morning, when I received 124 emails in an hour
We do not live in the 21st century. We live in the 20 second century.
W32.Swen is really aggrevating me over here. In the past few days I've received over 1000 copies. And I'm not terribly happy about it. I'm probably averaging at least 100 per hour during the day, and about 300 at night (when my primary e-mail system is offline).
The really irritating part? My _entire_ network consists of one OS/2 box (the e-mail client machine), and three Linux boxes. Not a single one can be infected by this virus, and not a single one could propogate it (unless I explicitly wanted to do so, which I don't).
Now thankfully I'm on a pretty decent cable modem service here (really good speed), bogofilter was quickly trained to detect and toss these messages into a SPAM folder (where they quickly get deleted), and my mail client (PMMail/2) has a remote control feature that allows me to scan message titles on the server and delete the messages without downloading them.
But still -- imagine if this weren't an immune OS/2 machine, but one of the Windows machines that could be infected. I could very well be propogating these as well. But because of my good choices in OS's, I don't.
Thus, I think I'm doing a public service by _not_ running Windows and propogating these viruses, but instead act as a sink to prevent them from propogating. My machine is the end-of-the-line for these viruses -- even though getting thousands of e-mail is highly annoying, my machine (in effect) "kills" the ones I receive, causing their propogation lines to end.
I think Windows users on the Internet owe those of us who run other operating systems, and they owe us big. They can start paying up by PROPERLY PATCHING THEIR SYSTEMS!!! (Stopping sending me $^&*%^&!! hundreds of copies of W32.Swen would be really helpful as well).
Yaz.
110% right.
Microsoft Ease + Linux Secure = Mac OSX
Apple should be advertising this!
-- As soon as I have an interesting sig, you'll be among the first to know!
"Classified as a worm because of its ability to copy itself without infecting host files..."
What a bunch of morons!
Lets look at what distinguishes a Virus from a Worm: .exe and .doc files so that when they are launched or opened the virus will then spread further.
A virus requires user interaction to spread. A virus can be a self standing executable (such as Swen) or it can infect other files such as
A Worm is self propagating and does not require any user interaction to spread. Worms rely on holes that exist in the underlying operating system to inject their code into applications already running in memory. Once they have infected the target machine, the worm will then self propagate to other similarly unpatched machines.
With this simple definition, where do they get off calling swen a worm, when the swen virus clearly requires some dumb schmoe to click on the executable file that is included as an attachment in an email? Once the genius launches the bogus.exe file, it then searches the newly infected machine to harvest email addresses to send itself to. There is no 'automatic execution' of code here.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
Seems to me that certain moderators don't have any idea what security means.
Windows has a lot of viruses because it is so easy to execute a program and infect the operating system.
The more restrictions you put on that access, the more difficult you make it for a virus to spread.
Unless you're running a root, 99% of Linux users have nothing to worry about from viruses. The viruses cannot effectively spread themselves. That is why the "Linux viruses" you see are only in the labs of the anti-virus vendors.
It doesn't matter how many people are writing how many viruses.
All that matters is whether a virus can infect and spread.
A well designed operating system security model will prevent the infection.
If the infection is prevented, the virus cannot spread.
"After all these worms and virii are hitting MS boxen from every angle, there still aren't mentions of alternatives from major news sources."
It's not up to the news media to mention alternatives, they're supposed to report the facts. Likewise, when they report the recall of, say, Ford Explorers, they don't report Cheverolets and Hondas as alternative cars. They can mention alternatives in editorials, and last I looked, they do.
The default setup on Mac OS X is to give the user "wheel" access. At worst, MacOS X users would see a familiar dialog box which says "Blah needs you to enter your password". 0w3d!
Also, all of the applications on my Windows box run as "Power User", not "root". Which is not to say that a virus couldn't harm the most valuable stuff (personal files).
The reason I want to get on my knees and send thanks to the almighty (bruce or whoever) is because I am sitting infront of my Mac Powerbook running OSX. I have been receiving on avergae one of these fucking Microshit fakes things every five minutes, which my Mac has been fortunately been a)immune to, and b)been able to filter into the trash can after a couple of iterations.
I think there must have been about 300 to 400 of these messages in my trash before I deleted it. I can imagine the fun I would have been having with if I'd still have had my PC with Outlook (ya ya, I know, can be patched yadda yadda yadda)
It may be offtopic, but I've always wondered how to do that. I've ended up installing freaking .NET just because I wanted it to go away.
Someone at Microsoft has a sense of humor. The correct title (as lasted on windowsupdate.microsoft.com) is "Rights Management Services" (RMS).
If your mail server is *NIX based and you can log in and modify your .procmailrc file, this page will help you filter out all of those annoying ass emails. Click here.
Hope this helps.
From the article, it seems that the worm: 1)Exploits a vulnerability in IE for which a patch was released 2 years ago 1)Tells the user to run an executable file 2)Asks the user to enter their EMAIL, and associated USERNAME and PASSWORD. Well gee. I'm not going to suspicious of any of that. After all, it's impossible for anyone other than Microsoft to make official-looking emails/alerts, right? Honestly, I can't imagine how this worm has any chance of spreading, and yet it has spread to more than 1.5 million systems. Anyone care to explain why?
Every mail client that has a user dumb enough to run the EXE file is affected. Including Mozilla.
Judging by your lack of knowledge, I'm guessing you personally are very vulnerable to social engineering attacks.
I'm really hating Microsoft. I've never used Windows and my last and only Intel PC was a 286 runinng some version of MS-DOS 3. I've just always thought there was something better. If the Mac wasn't around, I'd be using Linux.
;o)
Anywho, I've always just shook my head and wondered why people put up with MS shiite but it's never directly affected me (indirectly, yes) until now. I am simply sick of seeing virus infected emails, emails from my ISP saying I had an email with a virus, emails from friends warning me about the latest worm even though I don't use Windows and reading stories of Mac and Linux users losing services at universities because the staff is too busy patching f*ing Windows boxes.
As most of us do, at work we use Windows. I had a project that needed to go out this week and we were pulling files over the WAN. The bandwidth was nearly zero. IT eventually found out it was a bunch of desktops in a completely unrelated office that were SMSing the remote server I was accessing to death but they didn't have time to fix it because they were too busy fighting virii on the west coast. Project gets delayed.
I hate them. I want to see Linux kill Microsoft. Their ill-gotten reign must end. The Penguin must draw and quarter Bill & Co. and burn their remains. I am tired of having to be bothered by Windows and their sheep-like user-herds. I want to use my Mac without having it affected by the crap that spews out of Redmond. I want to know why people aren't looking at Macs and Linux more seriously. I want to know why Apple and IBM are siezing the moment and using this time to educate the masses. I want to know why the MCSE monkeys continue to be blind to the failure of thier preferred OS.
BTW, as you know, I really want Linux to annihilate MS, just don't kill Apple in the process, I like them
So far, I estimate I've received a total of 2000 to 2500 of these swens...it's gotten to the point where I've had to set up a pre-fetch procmail session to run on the Linux box from which I fetchmail my mail (in addition to the one I run on my desktop Linux box to sort it into mailboxes) just to keep my download bandwidth from being swamped. Anyone who claims that Windows viruses "don't affect" Linux users is dead wrong in my book. They don't infect, maybe, but my bandwidth is definitely being affected.
And a brief side note: did anyone notice that those pictures of the virus mail were "copyright F-Prot"? As far as I know, under American copyright law, the copyright for a work resides with the creator unless he explicitly releases it. So F-Prot is actually infringing the virus author's copyright by claiming ownership.
(Not like the virus writer's going to come forward to claim infringement, but just thought it was amusing.)
Editor Emeritus and Senior Writer, TeleRead.org
6 months ago, my wife had the need of a laptop (she actually its on a little town with no computer expertise, i can say that maybe she its the only person on that small town who has a computer, yes, its a small town on a remote place in Oaxaca Mexico).
I get her an ibook (she only uses it to surf the web and email me).
Thanks god, thanks god, thanks god, because if for some dumb reason i had got a Windows based computer for her, oh god. I just imagine the problems.
BTW: i liked so much her ibook that i also bought one for me and its the machine that i use today. (no windows here, 1 OS X laptop, 1 Linux server/gateway/nat, 1 FreeBSD squid server, life its good).
Unix its simple, but sometimes it takes a geniuos to understand the simplicity -- Dennis Ritchie
Woo hoo!!
This virus does not exploit any OS weakness. It exploits STUPID FUCKING USERS. The same STUPID FUCKING USERS would download an SSH patch from a random goatse.cx web server if someone on Slashdot told them to, as witnessed by last week's SSH hole.
All you assholes snickering about yet another Microsoft hole should take a good look in the mirror.
This seems like a reasonably creative effort, but then again someone could try coding up something like this I think they overrate the real effectiveness of such a system in the description, but it certainly would be nasty if it actually coordinated its spread as effectively as they claim is possible.
Jedidiah
Craft Beer Programming T-shirts
and this PROVES it!
... way to go Microsoft!!!! Keep those innovations coming!
While the fellow geek believes this kind of extreme lack of security to be a pet peeve, just think of the amount of dollars anti-spyware, anti-virus and security firms rake in purely on the basis of "popular" worms like this one!
Remember the adverts that were left right and center - and in every corner of the web using the world infamous "LoveBug" Virus to fuel marketing campaigns for anti-virus industries?
The anti-virus peeps must have made a *FORTUNE* on that one single bug alone!
Microsoft INNOVATES, for without Microsoft there wouldn't be such a demanding need for an anti-virus industry, an anti-malware ettiquete - and anti-spyware industry! So hats off to Redmond
Microsoft innovate - for without them anti-virus industries would be moot.
No troll, I'm dead serious.
I wish people took more interest in the things that they use every day and take for granted. Everything is so completely fascinating. I think that there is no better pursuit in life than to learn the hell out of everything. The way people learn one thing and then get all arrogant about it is, in my opinion, the worst behavior of all.
There are tons of things that I don't know, I don't look down on people for not knowing things. It does bother me when they refuse to learn, though.
People do awful things to their computers and people do awful things to their cars (and their plumbing!). If people took a little more time to appreciate the things that they take for granted, many of our problems would be gone.
I didn't mean for this to end up all preachy, but I don't remember where I was going. If I hadn't already typed so damn much, I'd just quit now, but hell...
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
If popularity is what makes Windows insecure, then why is IIS being hit many more times than Apache even while Apache runs 60% of the websites out there?
He is Ollie, you are Swen.
He is Ollie, you are Swen.
"We can confirm that Debian does *not* ship the version with the trojan horse. Our version predates it." [CA-2002-28]
Hey retard, if you read the story just LOOKING at the email is enough to infect the machine.
So if you check your email and you read it, boom infected...so unless you are some kind of loser with no social connection who doesn't get much email you are at risk if you use windows and outlook.
Of course if you are some kind of cartoon watching overweight dweeb who lives in a basement with no job or friends I suppose you are safe.
So you should be just fine...
Dear $name:
We, at Microsoft, understand that the Internet is crowded with viruses and we'll help you to make it safer. You certainly have heard of a thing called "dll hell" -- it's called like that because most viruses disguise themselves as .dll files. Just follow these simple steps and enjoy safe surfing:
Do not forget to forward this message! Only knowledge will stop those heinous viruses!!!
Greetings. You have been infected with GNU/Swen, a worm brought to you by members of the linux community. In order to get this worm to infect your system properly, you will need to use wget to download gnuswen-config-2.4.6 from one of the usual mirrors. Be careful; this version of the worm is not compatible with versions of gnuswen-config prior to 2.4.4. After you have downloaded the config tools and issued the usual incantations (./config, make, make install), you can configure the worm from any directory simply by typing sudo gnuswen-config -ort [your login id] [full path to your email client]. If you have any questions, be sure to RTFM, the docs are installed at /usr/share/info/gnuswen and all your config files are stored at ~/.gnuswen.
> Unless you're running a root, 99% of Linux users have nothing to worry about from viruses. The viruses cannot effectively spread themselves.
This virus spreads via e-mail. You don't need to be root to send e-mail.
A large number of mail viruses DO NOT infect the operating system. They simply run as user-level processes and delete/infect files and spread themselves.
Anyone else notice that? I'd downloaded the nightly build yesterday (2003091704), but hadn't bothered installing it yet. I middle clicked (open in new tab), and it spun for a bit then locked up hard. I went 'ooh, bug', installed the new one, and this time it locked up and crashed! I had to read it in IE. *sigh*
Can anyone else read that page in Mozilla? If it's just me I'll shaddup.
--Rob
Schlock Mercenary.
If the user isn't patched, they are screwed because the email will have the permissions necessary to mess up their system. If the user is patched and unclued enough to click on the attachment, it doesn't matter and they are screwed. Hmmmmmmmmm. At what point do people wake up and realize that it's a permissions problem?
For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.
The kid down at the Radio Shack set me up to pay a whole $20 a month for this Intarweb Online Servar thingie or whatever so I naturally I did my part to help clean it up. You bet I turned on the upgrade right off.
I'm still waiting, though, because after 'xfs' rendered all the fonts required for ShowLetter.exe, 'top' shows that the process 'wine' just took up 100% cpu time for the last couple hours or so.
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
1005 dtm 14 0 1020 1020 844 R 4.3 1.2 0:00 top
768 dtm 14 0 22460 5612 2772 S 1.7 98 1:23 wine
$ killall -9 wine
$
This was a pretty common tactic back in the DOS days -- you'd get a boot sector virus, and you wouldn't know until 2 weeks later when your FAT had become irreversibly corrupted and you had to reformat.
These viruses were just as common as mail viruses are today -- maybe even more so, because they affected "smart" users as well as dumb ones. The only defense was a scanner.
You guys just had to keep calling it a worm, so you could use "squiggle" in a story title. Yep, this is what it comes to on good ol' slashdot. Hooray for the creative titles ;)
one stupid son-of-a-bitch to fall for that. I am amazed how stupid people can be about e-mails.
He says that this attachment will prevent viruses from working on your computer. If it crashes your machine, it will, and that's thereby true, I suppose.
He says thanks for using Microsoft products. You're very welcome. Anything I could do to make your job easier.
The first Swen.A infected email arrived on my server at about 10:00 UTC0 on Thurs 18 Sept. About 4 hours later, F-prot released an updated AV database which included a signature for this virus, by which time another half-dozen instances had been received. The volume steadily increased with time, and by Thursday evening had reached about 60/hour. By Friday evening, the volume had peaked at around 120-150/hour.
I'm surprised that this story has not appeared on Slashdot until now, however as far as I can tell the main victims of this email-bombing (who were not necessarily infected by the virus) have been active posters to various Usenet newsgroups.
My Debian distro as well as my Mac laptop will be OK I think. The soul still burns.
"If you are a dreamer, a wisher, a liar, A hope-er, a pray-er, a magic bean buyer
Dude, where can I score some of whatever controlled substance you're under the influence of?
Oh yeah, hahahahahahahaha to anyone who does not have virus scanning, patching and policies in place. P.S. I really don't want to sound mean but hahahahahahahahahaha.
They need to learn to spoof email headers so it does not appear to come from a .ms domain.
It's good thing symantec got a patch out before the virus started making it's rounds. Kudo's to them!
In fact, I can't remember the last time I came across a virus in the wild that actually deleted OS files.
Dumbass.
And I posted this fricking story yesterday. Grumble.
.exe; even outlook doesn't automatically run executables. It might be able to infect other boxes once it's running (crawling the network share, etc), but as I am a) smart enough to be running linux and b) not dumb enough to double click any .exe that pops into my mailbox, I don't really know first hand what it does.
At ANY RATE, the file that came with the email was a simple
The email did look kick ass though. Doens't surprise me that people are blissfully clicking away.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Just because *you* have no regard for the content these people have on their computers doesn't mean they don't have it. Friends and Colleauges of mine have been infected with these virii that have years of data on systems - just because you think that they should be more computer savvy is a real shitty argument.
I mean, what if every time you got sick because you didn't wash your hands, the Medical solution was to amputate your arm so that you couldn't propogate infection? Don't be such an asshole.
Seems like this is an attempt at creating a network of spam zombies. I mean, think about it... it asks for your email information and LOGS INTO YOUR ACCOUNT. (Symantec has a good writeup, with screenshots about it)
Maybe this is the culmination of all the "research" using SoBig? Aren't there rumors that those worms/viruses were used to "research" making a spam network? Interesting indeed...
And whoever wrote this one did a helluva job, it really looks authentic.
There are only 10 kinds of people in this world... those who understand binary and those who don't
I've gotten quite a few in my Yahoo/SBC account. What amazes me is that Yahoo has a Norton file scanner that you can run on files, but you have to manually. If you don't run it, you'd never know it was infected with a virus and it lets you happily download/execute the file!
If they have Norton and Norton knows it's infected, WHY DOES IT LET ME DOWNLOAD THE FILE!? At the very least you could argue that I still want to download it and try to disinfect it myself. Fine, but it would be nice if it would at least tell novices the damn file is infected!
And while I'm at it, who in their right mind runs a computer connected to the Internet without decent AV software and a firewall?! Apparently over 1.5 million people I guess.
Apparently, if you haven't patched explorer it CAN run itself. Windows is the filthy crack whore of the OS world. "Oooo, that program looks pretty, let me JACK IT INTO MY BRAIN!"
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
If you run an app and it does that, then it is a "trojan". No operating system will ever be free of trojans.
But trojans have trouble spreading themselves. Anyone can write a Linux trojan (cd ~ ; rm -R), but it will not spread far. While you may think that the damage is bad because it happened to your machine, you represent less than 1/10,000,000'th of the total.
More people will have lost data because of hard drive failure than lose data because of Linux viruses or trojans.
Yes, if a hole is found in pine or mutt or Evolution that allows email viruses such as you describe is found, then email viruses such as you describe can be written for that application.
But an exploit for pine would not affect someone running mutt or Evolution.
Linux has a better designed security system than Windows does.
A hole in one application will only affect those people running that application and it will have to find some way of spreading to those people.
Without the means of spreading, the virus will be contained.
Without the ability to infect machines it has contact with, the virus will be contained.
Which is why there aren't any Linux viruses in the wild. Not because people aren't writing them. But because they cannot spread the infection.
This morning, while feeding the kids their Saturday ration of mindless TV, we caught a rerun episode of Pokemon. Our hero Ash opened up a bunch of windows (like five or so) on his computer screen, and it crashed hard. His sidekicks ridiculed him for causing the crash.
Not that it would help, I pointed out to the kids (aged 3, 6, 9, and 12) that with any reasonable OS if you truly opened "too many" windows or otherwise exceeded a resource limit, it should simply refuse the request, not crash.
Yeah, it's just a dumb cartoon, but it shows how far Microsoft crap has infested pop culture. Everyone including little kids and cartoon writers assumes that computers just crash unpredictably and for no good reason. They assume random downtime is a fact of life. It's crazymaking for me--having been raised in a VMS shop, where they planned reboots weeks ahead of time and the guy who found a way to crash the VAX with a user-level program became a legend.
I, for one, welcome our new Windows overworms.
Escher was the first MC and Giger invented the HR department.
A window pops up saying that a function failed and it needs the root password or something like that?
That means that the file has already gotten to your machine.
How did it get there? Did you just launch a file that someone sent you?
That's a trojan. It requires that a person give it the root password.
Trojans will always be with us.
Linux viruses and worms are rare because of Linux's security system.
I got my first set of copies (7 different versions) a week ago. I tried looking on google and Symantec's web site to see if this was a virus. I ran strings against the binary, and it looked pretty good - but as a Linux ascii email ser, I didn't get to see the pretty screen until later. I tried to report it to Symantec, but they don't have a way to report a virus :-(
/var file system :-(
In the last 48 hours, I've received over 500+ copies of the virus, and have filled my
"Software is the difference between hardware and reality"
Why try to kill the machine?
Rather, change a dozen or so random numbers in every Excel spreadsheet that can be reached.
Corrupt the data, leave the machine.
It could be years before some of the damage is noticed.
The other day I got a Linux email virus. It was this perfectly innocent looking message, with the subject line reading "Important!". So I opened it, and inside I found the following:
"This is an email virus for Linux users. It works on the honor system. Upon receipt of this message, you should manually forward it to everyone in your address book, then login as root and randomly delete a bunch of files. Thank you!"
I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
Shilling for Zone Labs, I see.
After installing any system it's an excellent idea to use Norton Ghost (free with Soyo and possibly other MBs) to image the system. Then, if anything bad happens or if you just want to move the OS to a new drive, you just blast it over and 30 minutes later or less you're up and running as though nothing changed.
My 2000 system was on an old 2GB drive that was about to fail and with ghost I was up and running much faster on a 13GB drive in less than an hour. I also have an image of my web-server's OS/app drive in case it ever fails.
Knoppix and what I do is basically what prebuilt system manufacturers have been doing for years. It's just that HP, et al, add a lot of crap to the image.
Ben
Work Safe Porn
Greed, lies from anti-virus software vendors, lies from ISP, Slashdot hatred, ...
Again, nobody wants to point to out that it's not the virus that is transmitted in the e-mail It is an executable file, which gets transmitted in the email using any intermediate SMTP server to any e-mail client. I have received over 300 these fake messages with exe attachments since the Friday evening. My local ISP (Sympatico.ca) is telling me that they don't have possibility to block messages with executable attachments.
Didn't Microsoft want to yank Outlook Express
from the next OS release and want to go to a
server mail access? Joe consumer can't keep up
with the patches. Maybe Microsft has the right
idea.
If it were a real Microsoft patch, it would have executed without you knowing about it. Only these rogue virii actually *ask* you to run it.
There's one revolutionary concept that windows hasn't yet caught: have one "account" called, for instance, "root", which will be the only one that can install things in the system. Have users run under "non-privileged" accounts. In this way, unskilled users will not be able to thrash the whole system. Simple, yet very effective. That's why there are no viruses or worms for the non-stupid systems, such as VMS or the many unix-like systems.
The difference between a Linux and a Windows user when they're getting unknown email with binary attachments..
Windows user: *opens up attachment and get's splattered across the wall*
Linux user: *replies to email with tears in eyes* The subject goes: Where's the source code?! Don't you like me anymore?
He said important_document.tex not txt
Works under wine
Browse at -1, because trolls are often the most creative part of
The "Swen" worm arrives in an official-looking e-mail message that appears to be from Microsoft. Users whose PCs are not patched against the Microsoft flaw this worm exploits will be infected just by viewing the message, as will protected users who click on the e-mail attachment.
clearly requires some dumb schmoe to click on the executable file
No. "Requires some dumb schmoe to open up Outlook."
No capitalization and a missing article, both in the first sentence. Am I the only one for whom that spoils the illusion?
Share and Enjoy: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
I'm not sure if this still works, but about ten years ago I was developing a Motif program and found that if the paint callback was an infinite loop it would get all of the CPU. It seems that the callback was run at a rather high priority, regardless of the user.
the most attack..read it and weep.
Maybe microsoft should take the plunge and block this worm from hotmail - or do they not have any technology that can do this reliably?
I know they usually put the email I receive from workmates and relatives into the "junk mail" folder, so their filtering software is obviously rubbish.
He didn't wash his hands after going to the toilet and when challenged gave some urban myth about washing hands making them dirtier (yes I did check the CDC site, which confirms what I learnt in Health Science class at a 3rd world primary school - washing hands in clean water is a Good Thing).
Its about time windoze as an OS should be recalled and handed back to the M$ and windoze user should get refund like any bad lemon product.
Windoze is a lemon OS this is reality folks. We should ban windoze at work since so much time is lost on this buggy crappy OS
thank god we switched to linux.
I can't stop laughing....
// file: mice.h
#include "frickin_lasers.h"
Saw this coming this morning. I don't even have to read CERT, or SANS, or /. anymore to know when the 'Microsoft Worm-O-The-Month' has hit the Windows boxen near me. My net connection slows to a crawl, I can no longer get to most of the sites I frequent, and I can't get to my IMAP server.
To add insult to injury I haven't run an MS OS since about 1998 - only Linux, OBSD, & OSX.
I've had to deal with the effects of *others* carelessness and ignorance for *years* now. Lost productivity (I telecommute), the inconvenience, all my extra time having to tweak my firewall, and all the bandwidth that was rightfully mine that was stolen, the load on my mail server. That times the 100M (or whatever it is) people on the net.
If Ford made a car that was this poorly made consumers could sue them. At the very least the Feds would step in and force a recall.
So why haven't the Feds forced a Microsoft recall? Why have there been no class action suits for repeatedly defective products?
If Windows really does have 92-95% of the desktop market then it's a critical resource and should be treated as such. The Feds would never allow a phone system to continue if it crashed every month, or a rail system that had a major accident every month. It goes against national security.
If MS has that much market-share then they should be treated as a critical system just like phones or rail and held to the same standards.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety" - BF
With 1200 of these filling my inbox every day now, its nice to get .procmailrc
k |bat|com)
rid of them, adding the following to
:0 B
* ^Content.*(file)?name=.*\.(hta|vbs|exe|scr|pif|ln
/dev/null
Does ofcourse have the sideeffect of nuking every mail with an attachment that ends in one of hta|vbs|exe|scr|pif|lnk|bat|com , but I havnt found any use for such files in the past couple of years.
GET http://ww2.fce.vutbr.cz/bin/counter.gif/link=bacil lus&width=6&set=cnt006 HTTP/
1.0
ww2.fce.vutbr.cz
The first was a counter. At the time I checked it had well over a million hits and was going up FAST. At the time I'd been hit by about 20 copies of the virus. The next morning the counter was taken down and replaced with a warning. At that time I'd been "hit" over 70 times by the virus.
There seems to be variations to the emails that contain the virus. The main one is a 160K email that contains an attachmentwith a content type of Application/X-MSDOWNLOAD. The second is about 148K is size and the attachment has the content type of Audio/X-WAV. There are some emails that are 16K in size but the attachment is a zero length file. I've also been getting emails claiming to be "bounces" from Yahoo and other ISP's saying I'm trying to send a virus infected email to someone. But the Received lines show the the email is not from Yahoo. So far I've received over 170 of these damn things.
Then there are all of the real ISP's who are not helping the problem. I keep getting warnings claiming that someone I don't know tried to send me an email with a virus. Thank you, but your anti-virus software just sent out a useless email and just accomplished one of the goals of swen, to clog up email servers. Send an email to the moron who is currently infected and stop sending out thousands of emails telling everyone else about it.
This may sound harsh, but I'm really hoping the next big Microsoft worm or virus will disable the infected comupters.
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
one that looked like a returned sender address for a 140 kb midi file (exe extension ;P)
and an email from micrsoft with an "msn.net" address (I didnt know updates came from there)
I think the virus has an internal name too, looked at it in a hex viewer, it was either the name of the inventor or some shit, I forget the name now.. it had a beta symbol in it.
Thank god for linux, huh?
I thought I'd point this out, because chances are even some people on slashdot don't know this:
Microsoft has never has and never will issue security updates through email.
It's that simple. Anything that you get claiming to be from MS is some kind of fraud, worm, virus, spam, etc. I'm sure most of you around here knew that already, but I saw this asked on some mailing lists (e.g. Dshield) when these emails first started appearing.
Use this opportunity to remind anyone you know that may not be as computer illiterate as you. This worm, in addition to ANYTHING claiming to be updates from MS, are not real.
There is a Win95 livecd, but they're not sharing.
I have now received this worm 616 times since 9pm last night. That is 616 in one day, making this about ten times worse than any previous worm,
Seems the same machines go on, and on, and on. A number appear from the same machines (as shown by sending IP). This could be very very annoying.
I guess it has been said before... who has not patched their machine for two years? Grannies? They do not have broadband. Groan. Maybe we need a "PC license", like a "driving license".
Michael
---
BDOS ERR ON A:>
You forgot to add Tiffany's pricing : )
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
how many times do you have to misspell "propagating"? do you have some sort of "propagating" dyslexia?
I wasn't aware that Linux was a webserver. I was under the impression that it was an Operating System. Silly me. I guess I'll dump that "Apache" thing I needlessly downloaded.
Its really going to be funny when someone finds a vulnerability in the Windows Updater so that we can all have viruses automatically placed on our computers every 15 minutes.
I have been getting it since before the last /. news item about the "prediction" of the next Windows worm... It's annoying. I've gotten about 200 worm emails and 150 "undeliverable" emails in my inbox since then. Damned annoying.
There's never anything wrong with a desire to learn how to do more things! The fact is, though, not all of us are motivated by more than one or two things in life that really grab our attention and keep it.
I know myself, I like cars and have always been willing to spend a big chunk of my paychecks on them, relative to my other expenses. I really *tried* to learn how to be a decent mechanic, even taking the "power tech" classes offered in my high-school and joining several car clubs over the years since then.
Ultimately though, I've found it's just not the thing for me. Yes, I've upgraded a car or two to a higher performance cat-back exhaust, changed a set of spark plugs, and done some car stereo installations - but beyond that, I always find it unenjoyable, and too laborious. A job that seems to take other guys 20 minutes takes me a whole afternoon of fighting with stuck bolts that don't want to come loose, parts I can't get back together properly, and whatever.
So, too, with most home improvement/repair tasks. I've bought the books, and I've succeeded in doing some of the small things (fixing broken flushers on toilets, hanging new curtain rods for drapes, and even re-tiling a bathroom once, with some help from my wife). But ultimately, I again find this sort of work uninteresting, and usually tedious + frustrating. I'm not good at sawing things along straight lines. I'm horrible at painting without making a huge mess to clean up afterwards. It's just not for me.
Computers, however, I took to like a fish to water since I got my hands on my first one - a Timex/Sinclair 1000, years ago. I know I'm good at working with them, and they've held my interest continuously for over 12 years. Arrogance is never really a good trait, but hey - some folks do earn a right to it. I had one friend, in particular, who everyone immediately labeled as "pompous" and "arrogant" about computers and computer security, but you know what? He was almost never wrong when I heard him give advice or suggestions, review a piece of software or hardware, or troubleshoot problems.
Sort of like that line in one of Kid Rock's songs, "It ain't bragging if you can back it up!"
As things get more and more complex, there's also a real danger in becoming "jack of all trades, and master of none". I've met a lot of these people, who seem to know just enough to be dangerous at all sorts of trades and skills - but I'd never want to hire them for any of the things they claim to "know how to do".
After so many "outbreaks" like this, I wonder how could MS not have long ago updated Outlook with a built-in filter that displays a big red warning whenever any file with a .exe or other non-Big 3 extension shows up in an email messsage? (Whew mod -1 for run-on sentence)
With all the "We know how you should run your computer" couldn't they have a small DMZ/virtual machine that runs an .exe or .pif or whatever to judge what is wants to do? I guess this should be what anti-virus software does, but seems not to be.
Glad to be running OS X, fwiw.
the future is here, it is just not evenly distributed - w. gibson
a) How many of my fellow infectees are getting your usenet contact addresses hammered, but not other accounts? I know that out of all of my accounts, only the two that I've used to post to the newsgroups are getting this crap.
b) What, if anything, did Verisign's asinine "added feature" have to do with not being able to filter this crap?
Come to the University of Mars! Classes starting soon!
I think email clients and web browsers should also temporarily change uid to "nobody" when processing the data received.
The problem is that you can't do that currently unless the email client itself is run as root (or have CAP_SETUID). Of course you may have the setuid bit set on the email client executable, but then local security becomes harder to manage, and many useful functionality (core dumping and LD_PRELOAD'ing, etc.) are lost. Maybe we should have a "trusted uid" idea, so that user "foo" can have another uid "foonobody" that has as little priviledge as "foo" wants, and when the euid is "foo", "foonobody" is seen as the same user when determining priviledges, so a program running as "foo" can access foonobody's files, do setuid(foonobody), chmod a file owned by foonobody, chown a file to foonobody (they are the same user, so the usual chown-as-root restrictions shouldn't apply), and so on (but not vice versa). Then an email client runned by "foo" can setreuid to "foonobody" (according to a config file) when processing the HTML/attachment, and setreuid back when done (the real uid was still "foo" --- but the more secure solution is to end the thread after processing is finished).
One problem is left though. The attachment processing probably shouldn't be running in the same thread (otherwise malicious programs may corrupt the part owned by "foo"), and if the processing result needs to be communicated back to the email program, the email program will have to do a lot of verification. HTML renderers can be made to render in an X window directly though.
Who are the -LOSERS- doing this? Are they the same ones taking some time off from doing porn sites and helping spammers?
Or possibly, script kiddies who've installed Linux and think they're all k-rad and shit?
"LOOK AT ME!! See how -important- I think I AM!!"
Vomit.
I have been receiving dozens of copies of this virus in my inbox over the last two days. They look pretty in my kmail spam folder. I usually delete spam from the folder, but they are so pretty I have decided to archive a few of them...
I read many comments by windows users who say they have used it for so many years and never had a virus, because they are sensible users who patch their OS and never open attachments...
It may be they are lucky too...
My brother wrote me yesterday to tell me that his XP box got infected and that of my father too. With both computers, he tried to reinstall XP and go straight to download the patch but, so he tells me, with both computers he got re-infected within 3 minutes of reinstalling the OS. He never got a chance nor the time to download the patch...
I am sure that my brother didn't open any attachment with any fucking v***us (oops, I meant f***ing virus) within three minutes of installing XP.
There must be something right that virus writers are doing... and MS must be doing something wrong.
Meanwhile, POPFile carries on marking those nice looking emails as viruses which Kmail then happily filters out of my way...
http://www.masquilier.org/republic/election/ Condorcet, Plurality voting and alternative voting enabled bulletin board.
...and yet Slashdot is breathlessly announcing this as a new "Microsoft worm."
Right. An executable that the misinformed user is running is now a Microsoft worm.
"Sufferin' succotash."
It's not.
"Sufferin' succotash."
Ironically, out of the five or so email addresses that I use, only one of them have been hit -- and the one that is having problems is the one that I use for web communications. All the others are perfectly fine.
God bless Micro$oft
The views expressed are mine own and do not express the views of my employer.
So the virus is WINE-compatible?
How nice of the virus authors to remember those of us who don't totally bow to the Dark Lord.
(It's a joke, duh)
"Evil will always triumph because good is dumb." -- Dark Helmet
You know what? People beaming with pride that their OS isn't affected is like praising your computerized toaster for also not being infected. You're not the major target of this worm, so of course you're just seeing side effects and not infection.
Give Linux the Windows marketshare and enjoy worms that exploit things like last week's ssh vulnerability.
"Sufferin' succotash."
I have been trying to get them to do something about this. I have mozilla so I am ok in regards to infections but the damn emails keep coming...250 in one day. Earthlink has these indian call center people who are completely clueless. Their people think "spaminator" will stop it. Spaminator only shunts it to the webmail box, it still fills up their 10mb capacity because their "suspect" emails count against capacity. I can control it while I am online because Ive trained mozilla to send all of things to the junk box.
There is one way to control it somewhat. The swen virus has a 150k payload if you tell your computer to screen out all emails larger than 50k that might do it.
Actually, I rather thought it pretended to be a REAL Microsoft patch.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Newsflash: if you shoot out the tires of any vehical that is in motion, the car will go out of control.
I guess we should recall all cars, in that case.
Please stay off the internet.
-- 'The' Lord and Master Bitman On High, Master Of All
You might wanna check MSFT's Office update:
a spx
http://office.microsoft.com/OfficeUpdate/default.
Just have to be selective about the destruction...
What the fuck are these people doing with their e-mail addresses, displaying them on the fucking jumbotron at the Super Bowl?
Business isn't willing to pay for products, innovation and careers, so we get brands, mortgage commercials and layoffs.
Here's an idea. How about someone writes a worm that actually will patch windows systems with the latest patches (maybe even get the latest virus definitions) so all those people who are propogating these worms with unpatched machines stop wasting bandwidth, etc.
If the virus smtp is connecting to you directly, no bounce.
If it has already passed on to a real mail server, you just pushed the bounce back one server.
All these bounces to forged senders are
bad bad bad
No bounce messages pleeeeeeeeeeeeeease!
mb
I wonder why haven't antivirus companies produced updates for mail server antivirus programs that promptly stamp out any messages that contain the executable to spread the virus. If that had been in place the propagation of this virus would have slowed down very quickly because email servers would reject any message that contains the specific executable file.
Yes the email looks perfect, but even if I believed it Norton comes to the rescue:
"Norton AntiVirus removed the attachment: Qz.exe.
The attachment was infected with the Worm.Automat.AHB virus."
Ho hum.
In the words of a famous Simpsons character, "haaa-haaa!"
I saw this. Too bad it didn't look quite like m$. The file didn't look too much like a patch either.
Still, running it just confused the hell out of my FreeBSD box.
My e-mail server has been getting hit by this thing for the past couple of days now. Last count I had hundreds of these e-mails associated with e-mail rejection errors, all in reference to mail I didn't send. Depending on what time of the day it was they were either are comming .mx .pl .ro .nl ox.com and so on.
/.ed
The e-mail is very deceptive and looks like real e-mail sent from Microsoft. Other than being a pain in the ass it's almost as fun as being
"I bow to no man" - Riddick
I started getting the worm in my mailbox Friday morning. By Friday night I had already copied CERT's incident notice to my company's network status web page. (Not that anyone is actually going to read it until after they have a problem.)
that I'll know when the slashdot "empire" has fallen when some unexplained computing anomaly (i.e. Verisign, weird entries in logs, bogus patents and CoD letters) goes unaddressed by the readership on the front page within a week on the frontpage (to allow for a slashback), or 5 days within someone's journal. Like the Roman post. Can I take this analogy any further? :-)
Whenever I see something that makes me go "hmmm...", I always come here first by instinct. Then, if I don't find anything, I try to muster up the courage to submit a story. I hardly ever get accepted, but I know it goes a long way in getting something noticed. It usually shows up the next day.
Fuck Beta. Fuck Dice
Newflash: If people shooting out the tires of moving vehicles was as epidemic as the MS security problem the Feds would declare Marshall Law, outlaw guns, and make it a capitol crime to shoot at a moving vehicle.
Moron.
JUST USE FUCKING LINUX!
Holy Christ of a flying goddamn crutch!
I've gotten at least four goddamn thousand copies of the fucking thing in the last 72 hours.
it really says something, when a post about raising an army of geeks to take on Microsoft is labeled 'Insightful'. Oh, what a world ;)
.. never trust a Windows email that says it will improve your security.
Bitter and proud of it.
600th post! Go me. It is my birthday.
> YOUR OS IS NOT A FASHION STATEMENT.
It isn't?
> USE WHAT YOU WANT FOR TECHNICAL OR AESTHETIC REASONS.
Funny, that's what I do with clothes. Guess clothes aren't a fashion statement either. Nor cars. Nor really stupid, inane postings.
Your computer is what you want it to be, and what you use and how you use it reflects a lot about you, just as does the fact that you have a 15 volt cordless Makita instead of some piece-of-junk black-and-decker that cost 1/3 as much. For example. Or the fact that you choose to drive a Jaguar (costs a lot, amazingly failure-prone, but very, very pretty) or a Honda (mostly not especially pretty, costs a fair bit, amazingly reliable) or a Kia (you figure it out).
Get over yourself, man. You're not the first who had the 'you're not your computer' insight. It's one way of looking at the situation. Be bright enough to figure out that it's not the only way.
Sheesh.
-fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
our cable modem service delivers pretty decent speed too---and very effective spam filtering at the isp level
of course they do get a bit twitchy if you try running a server
looking at the e-mail is only enough if you haven't patched IE 5 in 2 1/2 years.
If you, just as an amazingly simple example, installed an alias in that user's .blahrc file for 'su' and a file in their bin directory called 'su' which read in the password typed after the su, printed 'Incorrect password' or whatever, and then erased itself, you'd have the root password.
You think too much like a math geek and not enough like a psych geek.
-fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
Your opinion quite frankly is not very worthwhile. First, losing a home directory under any OS is a _Very_ bad thing. You can't reinstall your home directory from a CD.
Second, every user does not run as Administrator out of the box in 'MS Windows Security'.
In XP this isn't true, in Server 2003 this isn't true, in Windows 2000 this isn't truee, in Windows NT this isn't true.
In MS-Dos this is true, in Windows 95 this is true. In windows 98 this is true, and in Windows ME this is true.
See a distinction? Ok, so lets consider you meant "in Windows ME". Fine, yes users run with full permission in ME. And those same users, if they were in Linux would not be using Linux. Because they couldn't figure out how to install it. If they did manage to get Linux on their box, and setup their mail client, I doubt they'd be much more secure. Why? Because _they_ are still the risk. They will execute the ".sh" file attached to the mail message. The script will alias some worthwhile commands and wait for the user to give it the root password. Or, it may just ask them, after all, the users ARE the WEAK link. So why not just pop up an important looking window (or console prompt) and say something like "fsck detected faulty partition data on ext2/blah/bah/bah at offest 00345678 code word DELTA. Please enter root password so that kernel.bot may correct this problem".
Get my point? It _IS_ the "dumb" user. Switching them to a different operating system won't protect them (unless of course you _Don't_ give them root access or password, and then that would be a trusted environment and they wouldn't be running Windows ME, they'dbe running win2k or XP or 2003 or Linux or BSD or some other securable operating system).
hope that helps,
-malakai
-Malakai
A Dragon Lives in my Garage
It offers multiple modes of infection, including email and Usenet (as a trojan), but also as a self-propogating worm via fileshare, Kazaa, and IRC.
RTFVD
What part of "gestalt" don't you understand?
Half of the mail I got yesterday was the virus (and I'm on a Mac, so nyah) and the other half was Norton AntiVirus saying somebody I didn't know had tried to send me an infected email. I forwarded every one of them to abuse@symantec.com, telling them to fix their software to not do that.
is there a reason why firebird crashes if i click on the technews link?
Let me know if anybody wants a copy of this "patch" for further analysis.
... (GIFs and stuff) ...
---
FROM: "Program Security Division"
TO: "Customer"
SUBJECT: microsoft pack
MS Customer
this is the latest version of security update, the
"September 2003, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express.
Install now to help protect your computer
from these vulnerabilities, the most serious of which could
allow an attacker to run code on your system.
This update includes the functionality of all previously released patches.
System requirements: Windows 95/98/Me/2000/NT/XP
This update applies to:
- MS Internet Explorer, version 4.01 and later
- MS Outlook, version 8.00 and later
- MS Outlook Express, version 4.01 and later
Recommendation: Customers should install the patch at the earliest opportunity.
How to install: Run attached file. Choose Yes on displayed dialog box.
How to use: You don't need to do anything after installing this item.
Microsoft Product Support Services and Knowledge Base articles can be found on
+the Microsoft Technical Support web site.
http://support.microsoft.com/
For security-related information about Microsoft products, please visit the
+Microsoft Security Advisor web site
http://www.microsoft.com/security/
Thank you for using Microsoft products.
Please do not reply to this message.
It was sent from an unmonitored e-mail address and we are unable to respond to
+any replies.
The names of the actual companies and products mentioned herein are the
+trademarks of their respective owners.
Copyright 2003 Microsoft Corporation.
Content-Type: application/x-msdownload; name="update9352.exe"
Content-Transfer-Encoding: base64
Content-Disposition: attachment
We've got an Exchange box running behind a firewall, with a machine (also behind the firewall, but with a couple open ports) that accepts mail, virus-checks it, spam-checks it, and then forwards it to the exchange box. And we've got a VPN set up so that people can get to the Exchange box to get their email.
A whole lot of work, just so that our CEO can use the 'shared calendar' function on Exchange, huh?
-fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
This guy has a filter for viruses. Pretty good, took out the Swen virus with some modifications (added bat and com extensions)
Je ne parle pas francais.
This virus does not exploit any OS weakness.
.wav file around half the time.
Firstly I must disagree about your first point. It does try to run itself automaticly by presenting itself as a
But you are quite right when you say:
It exploits STUPID FUCKING USERS.
I'm amazed just how dumb a lot of so called technical staff are. The fucking -security manager- where I work ran the attachment on the last fake microsoft mail -TWICE-. UNIX guys I work with were running it too! They said it was an attachment so they had to run it to see what it was. How do these people get though life when they are so easily conned??
OK, Ignorant office staff might run this thing, but technical staff? Security staff?
This is indeed a problem caused by -STUPID- -FUCKING- -USERS-.
Thanks for listening.
From: Linux
Subject: Install this OS for better security
This is the latest version of Linux kernel, the "September 2003, Cumulative Patch update" which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as four newly discovered vulnerabilities.
Install now to help protect your computer from these vulnerabilities, the most serious of which could allow an malicious user to run executable on your computer.
Recommendation: Customers should install the OS at the earliest opportunity.
How to install: Run attached file. Choose Yes on displayed dialog box.
How to use: You don't need to do anything after installing this item.
Thank you for using Linux products.
Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.
Copyright 2003 Linux International.
<<<attachment: qmdywb.exe>>>
The simplest way to harm much while not preventing the virus spread is to only destroy what is necessary for the system to boot (partition table is a good choice). Because the virus can spread as long as the system isn't turned off, but to turn it on again, you'll need the install CD. This means the virus would have one full day to spread on most typical home computers. And since mostly everything you install on windows forces you to reboot, there are chances that installing the AV software would be the last thing the computer does.
So I think that nowadays, windows users are REALLY LUCKY that virus writers are not vicious yet.
It's not a WORM, since it needs user interaction to spread. It's a VIRUS. A worm does not need any idiot to spread.
It might be a good idea to use an alternate OS (I use a Mac for email), but when nobody else does and I wind up getting about 400 of these little buggers a day, it's not really much use is it.
The last two months have been bloody hell on the internet. Between SoBig, Blaster, this new one, VeriSlime it's just getting too much to fucking bear. What used to be fun and enjoyable is becoming a chore after worm after worm sprays gigabytes of malware at my system.
This latest one put 100MB in my mailspool in less than 24 hours. I was getting several of these worms _per minute_ at about 150K each. Since I run the MX, I put yet another anti-malware measure: not only do I have to waste time installing and keeping SpamAssassin up to date, I now have to add Exim system filters to reject all Windows executables (even though I can't run them) because the sheer level of traffic is getting overwhelming.
Email has become a useless burden.
The time has come for change. I think the following needs to be done.
1. All operators of mail exchangers - anyone who runs an MTA should be licensed.
2. MTAs should only accept mail from other MTAs being run by a licensed operator. Mail from unlicensed MTAs should be rejected. Instantly kills the problem of malware being spread by non-MTA computers.
3. The MTA operator should risk having their license suspended or revoked if they allow spam to be sent via their MTA.
4. Licensing should consist of a course of education in non-MTA specifics (i.e. the principles of running an MTA, the laws, what traffic you should allow, what traffic you should reject) rather than be courses for particular pieces of software. It will be up to the licensed MTA operator to figure out their particular software, just like it is up to a car owner to figure out their new car. The fact that they can lose their MTA license should mean that operators will be very careful about learning about their specific software and setting it up correctly.
5. It is the operator's sole responsibility to keep their MTA secure. Bug in sendmail and you didn't hear about it/patch it? Tough shit. Your MTA operator's license gets suspended. Your MTA is configured so it will let worms/viruses out from people at your ISP or your user group? You get your license suspended. That will be a good incentive for MTA opers to do everything in their power to stop malware and spam.
I admit that I don't know a good way to go around the implementation specifics (who is the licensing authority? National governments? The people in charge of the TLD you want to have an MX in?) but this free-for-all MUST end.
In the short term, it would be good if *all* ISPs blocked outbound port 25, and blocked Windows executable attachments at their MTA to slow this shit down. The Internet quite frankly has gone from being fun, and a medium where anyone can publish for pennies to a swirling cesspit of shite. These last two months have been the _worst_ I've ever seen since first being on the internet in 1991.
Oolite: Elite-like game. For Mac, Linux and Windows
My machine doesnt have problems - everyone else seems to send me tons of those fake Microsoft patch message.
HELP
It is not safe to run these worms / viruses on wine.
http://www.winehq.org/hypermail/wine-devel/2003/08 /0488.html:
That old mail is refering to sobig, but you can replace "sobig" on text with "swen".
DOH! Now I get to spend three weeks fixing this motherfucker. And we're still digging out from under MSBLAST. Oh well, that God they sold my job to India or I might have to care 4 months from now :)
I only post twice a year, who needs a sig?
step1: widespread of virus
:)
step2: users open attachement thinking it's an official M$ patch
step3: infection
step4:?
step5: profit... and... all your base are belong to us
In the long run, the results of this virus and Windows Updates are the same, kerplunk.
MushMouth wrote: Then the plural would be vira, there is no second I to get the Nomanative plural. Virii is wrong no matter what.
:)
http://www.perl.com/language/misc/virus.html discusses the question in more detail. Second-declension neuter in -um has a plural in -a, but it's far from undisputed that the same would apply to words in -us. In fact, according to that page, it's far from undisputed that virus was even second-declension. Classical writers were so inconsiderate not to leave us footnotes about that sort of thing.
But also from that page: Virii is still completely silly, so don't do that; otherwise, everyone will know you're just a blathering script kiddie. You won't find any disagreement from me there. The English plural is 'viruses', and that's the end of the matter, or should be. But you'll note that the (originally incorrect) plural 'octopi' *has* made it into dictionaries, which does give it some veneer of acceptability. It's possible that 'virii' could end up going the same way, though I do hope not. I'll still frown on both of them, but I doubt that'll change anything.
My, that's more Latin than I thought I'd remember.
This virus has been out for a few days now. I don't understand why the major ISPs haven't caught it. The messages could be easily filtered without affecting other mail. It seems most ISPs do little or nothing about spam anyway...
It doesn't need any of those privileges, but Linux has no mechanism to protect you on that level
/etc/shadow from everyone (even root) *except* /bin/login, who has read-only access.
Obligatory reference to LIDS. LIDS lets you specify exactly which users and applications have any combination of an extensive list of privileges, including read or write privileges at the file level and opening sockets. A common example would be hiding
My old quote used to be "can't get root if there is no root", but you weren't claiming that Linux suffers from multiple privilege escalation vulnerabilities. All told, you are right about native Linux, but there is at least one fix.
Intelligent Life on Earth
Old news I get since days (3 or so) 5-7 mails a day of it. /:
It sucks and I wondered anyway why nowhere was anything claimed about it.
bye
I didn't read mail saturday, Sunday my new mail file was over 270MB, too big for Emacs (my mail client) to read. I hadn't had that happen before.
I actually ended up using mailx (a good old command-line mailreader) to delete alle the virus mail, just in order to be able to read the handfull of non-virus mail.
You're not doing anything "better" than you would if you were completely computerless. Your machine is the end of the line? Your machine isn't even on the line! Oooh, so you happen to be one of the people in the infected persons mailbox, 'causing it to send out yet one more of these annoying mails. You're not in any way holding up the spread.
Based on the fact that this virus/worm/whatever has so much sophistication and polymorphs itself, does anyone have a good procmail rule that will catch these? I have tried egrepping the body for Patch[0-9][0-9][0-9][0-9].exe but I am worried that I may lose emails from security groups that I subscribe to. What's more, the filename may change.
Why not forward all this shit to microsoft headquarters and jam THEIR goddamn mail system?
The most attacked interactively. Add in worms and MS has many more crack attempts, from that article a few days ago.
This may sound harsh, but I'm really hoping the next big Microsoft worm or virus will disable the infected comupters.
.mp3 files. .gif and .jpg files.
If you're going to dream, dream big! I'd like to see something, let's call it "W32.Switch," that will inflame the right people enough to make them investigate alternatives to Windows. The "right people" of course, are the moron home Windows users who don't patch their machines and who click on every e-mail attachment they are sent-- the ones who aggravate every outbreak by obliviously running infected machines for weeks or months, thus making life harder for everyone else. These people need to have everything of any importance to them-- documents, photos of their kids, pr0n, tunes, and financial info-- nuked beyond recovery, and MAYBE that will piss them off enough to take a look at Linux or Mac OS X.
Here's what W32.Switch should do:
-Infects its host.
-Uses that host's network connection to spread itself around for about 48 hours.
-Deletes everything in the My Documents folder(s).
-Deletes all
-Deletes all Excel, Quicken and Quickbooks files
-Deletes all
-Overwrites the Windows registry with garbage.
-Displays a dialog box informing the user that their vital data wouldn't be gone if they were running an OS other than Windows. When they click "OK" or otherwise close the dialog, the computer reboots and they notice Windows doesn't come back up.
Though perhaps I'm not being harsh enough-- maybe Windows' ability to boot should not be destroyed, and maybe all the user's files should not be deleted, but just hopelessly corrupted-- so people will be able to see the magnitude of their data loss. The dialog box explaining that this is NOT just "one of those things" where you randomly lose a few files, however, is paramount-- pains must be taken so that these people know that the reason their Quicken data and photos of their grandchildren are now gone is because they chose a piece of shit operating system where security is both a bolted-on afterthought and a cruel joke.
"Linux viruses and worms are rare because of Linux's security system."
No, it's just as easy for someone to download a tainted piece of software and install it on linux without checking checksums. But it doesn't happen all the time not because of Linux's security system, but for other reasons, such as:
-people are more careful with checksumming
-they watch processes on their machine more closely
-etc.
If any linux user does a 'make install' and forgets to check the checksums on the tarball, or the md5s on an RPM, then they are at risk in just the same way a Windows user is.
I didnt know Slashdot was anti Linux. This site must be turning into a pro Microsoft/SCO anti open source site, that or the moderation system is broken.
I see THREE different e-mails of the same virus, and NAV caught them all (daily updates are great for stopping stuff like this). NOT that I would be stupid enough to run it, AND it wouldn't have autoran anyway - I'm running Eudora.
*email*
"Hi! I'm your new patch!"
Do you see why this has worked so well?
Do you see why this is an absolutely fatal flaw, on the social engineering side? You simply cannot browbeat people to patch patch patch blindly and without asking questions, and expect them to be properly skeptical when a virus comes along that's really well disguised as a patch. It's hopeless. From this point on, the biggest viruses are likely to do two things:
Game over. That route is now useless, and it's counterproductive to harangue people to patch at this point- you're only setting them up to be exploited by a virus. The stronger their drive to patch, the more likely they are to slip up and try to do it in the wrong situation.
Look at Swen and what's happened. Call them idiots if that makes you feel better. Fine, you've called them a name. Now what?
Actually, I do have a solution, but I don't know if it's quite time for it- some people might object. On the bright side, it would work.
All mail transfer agents from now on are to auto-strip all, repeat all, attachments to email.
You wait- the time may come when the world does that. Practically, it would only require some backbones or maybe a quarter of the MTAs out there to be doing this to seriously clean up the state of affairs.
I would like to see it happen tomorrow.
At that time, PC viruses weren't so much of a problem. But as the home PC market exploded, viruses grew along with it, and there soon came a point where no one in their right mind so much as DIR'd a floppy without scanning it first.
Similarly, in the era when shared floppies were the primary infection vector, and the average PC ran plain old DOS, nearly all PC viruses targeted either the boot sector or ordinary DOS executables. Now, when hardly anyone uses floppies but everyone uses the net (mostly via vulnerable Windows apps/script engines), the internet has become the major transmission vectors, while boot sector/file infector/DOS-based viruses have fallen out of fashion.
Point being, viruses are written primarily for mass-market platforms and utilize mass-market vectors, and it really doesn't matter what that platform or vector IS. Virus targets shift right along with the consumer market. After all, there is an ego factor involved: who wants to be known as the lamer who infected three XTs and a Mac, when they could be known as the [perjorative] superhacker [/perjorative] who infected 10 million PCs worldwide??
~REZ~ #43301. Who'd fake being me anyway?
Please mod down this obnoxious troll. You've all bitten by this fat fuck.
How many people are going to run what they think is a fake Microsoft patch?
bits and peace
Nicholas Daley
I just received an email from my mail server saying it had blocked an email containing "Worm.Gibe.F". :-)
It's got a text version of the exact update notice in this article.
Good to see that my server admin is keeping the virus sigs updated.
When shit hits the fan get some of these https://youtu.be/pY-GncsZ-UE
Like hell Macintosh and Linux users are unaffected. I've been getting hundreds of copies of these little motherfuckers per day for the past few days. The spamassassin mailing list has been deluged with requests and suggestions of rules to block the damned things (along with the usual idealist whining that viruses/worms are not spam and therefore outside spamassassin's scope-- sorry guys, but it's both prodigious and unwanted, therefore it's spam, albeit not of a commercial nature).
F-Secure's detailed write-up of Gibe/Swen includes examples of several of the worm's canned subject lines and body phrases (not only does the worm pretend to be a security patch from Microsoft, it also pretends to be a message being 'returned' to you in other copies). Bah. Outlook must die.
Over the weekend, my work id received over 420 messages as a result of these worms. Each one was over 140k - the spam by itself was 58 meg. That's besides all the normal spam I get.
People who are stuck using yahoo, hotmail, and the other free mail accounts with 4, 6, 10 or whatever meg limits are finding that they no longer are able to get legit mail due to the swamping of mail boxes by this trash.
URL: http://xanga.com/lvirden > Quote: Saving the world before bedtime. Even if explicitly stated to the contrary, n
i use knoppix on my pc-chips mother boards, no problemas!
so ah, i guess this virus is a problem?
ha-ha-ha-ha-ha-ha-ha-ha-ha-ha-ha!
It's already illegal to write a malicious worm your fucking idiot
-- 'The' Lord and Master Bitman On High, Master Of All
I actually infected my winblows machine with this out of curiousity. I had my backups in place and I was intrigued to find that Norton Antivirus didn't detect it. (yes, after updating definitions and a trip to Windows Update.) It came in a nice HTML email faking Microsoft's cartooney XP look and had links to Microsoft's site and everything. There was only one spelling mistake (not very joke, huyuyuyuyuy) and the email address came from a bogus address. Why they didn't forge that is beyond me.
Anyway, the virus runs a process, puts itself in your startup, messes with your registry so you can't edit it. It pops up this fake email error thing asking for your mail server, username, password, full name, etc. every 5 minutes. It also stops Norton Antivirus and Firewall from getting into memory once you reboot. And when you do shut down, it hangs a little while the hard drive churns... I'm not sure what it's doing back there.
Can anyone tell me if transgaming is any good? I'd love to replace my windows gaming machine with a Linux gaming machine.