New Worm Spreads Via MSN Messenger

vxone writes "Anti-virus experts are watching a new worm that spreads through Microsoft Corp.'s MSN Messenger client. The worm is not harmful to infected machines and has infected only a few PCs at this point, according to an analysis by Trend Micro Inc. Known as Jitux, the worm is self-propagating and contains a link to a Web site that automatically downloads an executable file named 'jituxramon.exe' to the PC. Once the file runs, the worm begins sending out copies of itself to all of the names in the user's Messenger contact list."

ITS A VIRUS!!!

[ufoman]

MSN is a virus. Uninstall it as fast as you can!

Re:ITS A VIRUS!!!

[The+Mercenary]

MSN isn't a just a virus it's a tool of the devil. Virus's are easy to get rid of.

Re:ITS A VIRUS!!!

[xmuskrat]

Personally, I'd rather let it destroy all of the windows boxes. :) Clean up a lot of junk, eh?

Re:ITS A VIRUS!!!

[tomstdenis]

While meant as a joke it is a good idea. MSOE seems to want to load msn whenever it starts up [even if you have Gaim installed and running ;-)]. I just delete the f'ing directory and that cured my problems.

Tom

Re:ITS A VIRUS!!!

[qw(name)]

It may but while it's doing it, bandwidth is taken from those of us who use real computers. :-)

Re:ITS A VIRUS!!!

I just delete the f'ing directory and that cured my problems

I assume you are refering to the windows directory.

Re:ITS A VIRUS!!!

[BenV666]

I totally agree.
For those who don't know how, you can uninstall the thing by running:
RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove

Re:ITS A VIRUS!!!

[goffgrrl]

nah, just delete winblows & install linux.

- g.

Jituxramon...

[eurleif]

Sounds like something from Pokemon.

Re:Jituxramon...

[Lord_Breetai]

Sounds like something from Pokemon.

Ah, it must be a Bug-type then.

Re:Jituxramon...

[MosesJones]

It is... it evolved from Outlookramon.

Re:Jituxramon...

And will evolve into Mozillramon?

Re:Jituxramon...

[AndroidCat]

But Wormmon was a good Digimon! (Okay, Ken was a prick.)

Re:Jituxramon...

[Sprite+Remix]

Why is it considered offtopic when someone corrects a person.

No, really.

Re:Jituxramon...

[darkgreen]

Why is it considered offtopic when someone corrects a person.

Well, I can't speak for the mods, but I thought the spirit of the parent was to be funny. He accomplished that, although he was slightly inaccurate. You pointing out what you did was like someone dissecting a joke until it's no longer funny.

a la "well, technically, a chicken may not really have the mental sophistication to /want/ to go to the other side of the road. Perhaps if there were food, or offspring, but there would need to be some instinctual impetus for... " and on and on.

It would be a different matter if the facts for his post needed to be accurate. I'd welcome corrections, but, unlike the original poster, a corrective post isn't really accomplishing anything in that vein. That's why your post (and mine) is Offtopic. I'm not saying it's not welcome or completely useless, but you shouldn't be surprised that it's considered Offtopic.

HTH

Re:Jituxramon...

[ShadowRage]

Jituxramon GO! USE YOUR STUN SPORE!

sorry, couldnt resist.

Re:Jituxramon...

The ones that ended in 'mon' were usually Digimon, actually ;)

Errr, did I just lose some geek credit by admitting to knowing that? Hmm, good time to post anon, I think...

So what does it actually do?

[gnu-sucks]

So let me get this straight, the virus infects a computer, and then infects other computers. Does the virus actually do anything?

As it stands, it sounds a lot like a slashdot discussion :p

Re:So what does it actually do?

[xkenny13]

So let me get this straight, the virus infects a computer, and then infects other computers. Does the virus actually do anything?

I would guess that this is the trial run, to validate the theory behind a virus spreading in this manner. Once they know it works, the next one will have a payload.

Re:So what does it actually do?

[wa5ter]

A friend of mine, who knows a bit about this kind of thing (no, he isn't) suggested that this is the kind of thing someone would do if they wanted to cause a lot of damage, but not get caught. The harmless version will be widely propogated, and then it's only a matter of time before some script kiddie loads up a far more harmful payload. This will probably be the person that takes the rap for the whole thing, leaving the original virus creator scott free.

Re:So what does it actually do?

Bullshit. The creators of the virus would have tested on a private network prior to releasing it in the wild. This is merely an attempt to exploit a previously unknown hole for monetary gain.

Re:So what does it actually do?

[old_unicorn]

It downloads an executable froma website. Obviously the number of downloads increases as the virus spreads. If the virus is thought to be harmless people won't panic about clearing it out. Maybe when there are enough computers (PCs) transmitting the virus, the website owner will change the executable for the real payload, and wammee - fireworks. Or maybe not.

Re:So what does it actually do?

This is merely an attempt to exploit a previously unknown hole for monetary gain.

OK, it's probably pointless to reply to an AC, and ironic to reply to an AC as an AC while pointing out how pointless it is, but-

Who's going to gain anything from this monitarily? I mean, other than anti-virus software makers, How does this generate cashflow for anyone?!

SHOW ME THE MONEY!

Re:So what does it actually do?

[robshort2000]

You are absolutely right. Find the weakness and then it will be exploited and quickly too I'll bet. Sounds like a really frightening way to spread something quickly. Glad I'm with the "other guys" as far as operating systems are concerned.

Re:So what does it actually do?

[zurab]

I would guess that this is the trial run, to validate the theory behind a virus spreading in this manner. Once they know it works, the next one will have a payload.

I've got one idea on what that payload could be. Disclaimer: I am not involved in and do not condone writing and distributing virii/worms, invading and abusing others' property, or any other illegal activities; it's just a thought that occurred to me while reading this thread.

Jitux, sounding a lot like "JIT (just-in-time) Linux" could carry a windows program that would accomplish following on each host:

0. Propagate;
1. Check whether host's hardware (modem, network card, etc.) and ISP connectivity are compatible and can be used in Linux;
2. Check for broadband connection;
3. If either (1) or (2) are false, propagate and do nothing else (exit);
4. Find an extra space on the hard drive and create one small and one or more larger new partitions; if no extra space is found (as is likely), quietly defragment and resize FAT32 or NTFS to free up space;
5. Place a small Linux bootable image on the small partition, and format other partitions;
6. Gradually, over the course of next few hours (or days) download and place common packages available for Linux on larger partition(s);
7. Once all required data has been downloaded, modify MBR to boot from the smaller Linux partition that was created.

On the following boot this should happen:

1. Display bootup screen similar to Windows; maybe display - "Windows is updating settings" while Linux is being set up on hardware and packages are being installed;
2. Copy settings from Windows partition - e.g., start menu items, background, O/OE settings, etc.; make sure to install comparable packages like OpenOffice.org, KMPlayer/Xine/etc., IMs with Linux; run whatever you can with WINE from Windows partition;
3. Boot into Linux with the WM/DE that looks as much like Windows as possible - adjusted KDE or GNOME - make sure the button says "Start" on it - that part is of utmost importance;
4. When they do "open -> my documents/pictures/music/etc." always display items from both Windows and Linux partitions; when they save, only save on Linux partitions; when duplicates occur only display files from Linux partition.

Voila! JIT Linux, or Jitux! Easier said than done (and I realize there could be problems), but if successful I am guessing 90% of home desktop users will not even notice any difference.

Disclaimer (again): I do not condone distributing virii/worms, etc. or illegally messing with others' property without permission. This was just an idea that occurred to me while reading this thread.

Re:So what does it actually do?

Even more importantly!

Why are the antivirus companies just watching it!? Shouldn't they start fixing it...

Re:So what does it actually do?

[mcpkaaos]

As it stands, it sounds a lot like a slashdot discussion :p

Yeah, it's very similar to a Slashdot discussion - the only difference being that the Worm actually does something.

Re:So what does it actually do?

[zurab]

If there actually was a Linux distribution that could do that, I would probably even take it, even without a worm to install it.

And what's keeping you from trying out one? Install SuSE 9 from FTP if you have broadband - it will do most things as described - minus moving your Windows settings over.

Re:So what does it actually do?

[AndroidCat]

A number of the worms linked to spammers and DDoS attacks on anti-spammer sites have been multi-stage jobs. Once a PC is infected, it either scans for or waits for contact to pull down the next stage. (Sort of like a Wormdows Update feature.)

Re:So what does it actually do?

[cheekyboy]

it should have had downloaded it via bit torrent, then it would never stop.

Re:So what does it actually do?

[AmericanKleptocracy]

Who's going to gain anything from this monitarily? I mean, other than anti-virus software makers...."

Hey, maybe you've got something there....

Re:So what does it actually do?

[AndroidCat]

It could turn the box into a spam zombie-proxy. There have been a few of those recently.

Re:So what does it actually do?

[kfg]

Kinda like how things are at the office.

KFG

Re:So what does it actually do?

And then they'll be eaten further up the food-chain by the Linux-to-FreeBSD installer.

As long as it runs a C64 emulator, I don't mind the bootloader.

Re:So what does it actually do?

[jhigh]

but if successful I am guessing 90% of home desktop users will not even notice any difference.

Oh, come ON! I realize that most /.ers think that everyone around them is a drooling idiot, but you don't think that someone would notice that what used to be Office XP is now Openoffice??? I prefer Openoffice, but it is definitely not as visually appealing as Office XP. This is just more ridiculousness from the zealot crowd (I much prefer Linux to Winndows for technical reasons rather than pseudo-religious ones). I just wish people would stop trying to attribute mental retaradation to everyone not running Debian.

Re:So what does it actually do?

[operagost]

Yes, they will- their system will be a bit more stable.

Re:So what does it actually do?

[LnxAddct]

This has always bothered me and is a serious question... If they know what website is being used why can't they shut it down and/or find the person who created it. I understand he could claim that his website was hacked or whatever, but at least they would stop it from spreading. The worm would be better if it used MSN to send the files to each other. The only thing that using a webpage accomplishes is that you can alter the executable to whatever you want whenever you want to.
Regards,
Steve

Re:So what does it actually do?

Maybe his waiting is driven by a desire to, you know, do stuff instead of just recreationally configuring linux. You think?

Re:So what does it actually do?

[Thing+1]

OP said install OpenOffice, that's true; but he also said "run whatever you can with WINE from Windows partition." I took this to mean that "all" we have to do is beef up WINE support so that all documented and undocumented API calls are implemented, and magically all Windows applications will run on Linux.

Then we can rip off the tablecloth without disturbing the silverware, and slide another one in. Users won't notice because the UI will be identical and it'll run all their old programs.

Yes, it's a pipe dream I've had for several years, and I lack both the time and money to implement something like this. But, just like nanotechnology, it's something we can discuss as a worthy goal.

Re:So what does it actually do?

Both the HTTP and BitTorrent downloads can be stopped by taking down or blocking the server or tracker. Sharing the payload on a P2P network would be more difficult, but the most scalable way to spread would be for the infector to push the payload to the infectee. If the infected computers can recieve new payloads and send them to other infected computers, a makeshift P2P network would be established, and a new, dangerous payload could easily be propogated.

Re:So what does it actually do?

[The+Almighty+Dave]

Why do you need a C64 emulator, don't you still have a real one?

Re:So what does it actually do?

[Geek+of+Tech]

>> Does the virus actually do anything?

Actually, yes it does. After infecting just a few computer, it submits a story about itself to slashdot. From there eweek.com ends up getting slashdotted. It makes slashdot DDoS eweek!

Must find tinfoil hat....

Re:So what does it actually do?

Based on my experience with end users in tech support, many of them are not even aware of what program they are running when they perform their day to day actions. If asked what version of Windows they are running, they will often respond with their version of Microsoft Office or vice versa, being unable to differentiate between the two. That's only if they are even aware of the version.

Not that they would not notice that things have changed. They simply would not realize that there is a new program running, just that things look different and that they cannot find some feature that they want to use.

Re:So what does it actually do?

[gooberguy]

You forgot steps 5 & 6:

5. ???
6. Profit!

Re:So what does it actually do?

another diference is that contrary to most slashdoters, the virus does propagate

Re:So what does it actually do?

[PalmKiller]

yea, maybe the mcafee founder is back into writing viruses to fuel the av business again

Re:So what does it actually do?

[Ziviyr]

And Microsoft would be able to declare Linux a virus.

Linux removal programs would sprout up everywhere, and Linux users become terrorists in the view of millions of people.

Not the best way to sell OSS.
Free as in "you clicked the link, so eat it!"?

Re:So what does it actually do?

[IM6100]

I took this to mean that "all" we have to do is beef up WINE support

One of the reasons OS/2 slowly lost market share and died was that they had near-perfect Win16 'emulation' built in. In some ways it was far superior to regular Windows 3 running on DOS. Because of this, few third party vendors spent any time at all producing native ports of their product for OS/2.

When Windows 95 came along OS/2 was broadsided by the fact that none of the 'new' Win32 apps would run on it, and it had no portfolio of 'native' 32 bit apps. I remember working around whole cubicle farms full of Software engineers whose work involved Embedded OS/2, so they still had OS/2 on the desktop. The only word processor and spreadsheet they had available to them was ancient Word 6 and Excel 5, from the days of Windows 3.11. This was in 1999-2000. They were NOT happy people.

Linux should never settle for having a compatability layer to run Windows apps.

Re:So what does it actually do?

[Hrothgar+The+Great]

What if the .torrent file was part of the virus process? Wouldn't it then require no central website?

This is, of course, ignoring the fact that most people do not have bittorrent on their machine.

Re:So what does it actually do?

[juglugs]

Or it's a MASSIVE DoS mechanism...

Re:So what does it actually do?

Isn't this what dude in the twin-cities, MN got caught for? IIRC he modified the blaster virus and re-distributed it.

Wired news article

Re:So what does it actually do?

[Feztaa]

Interesting read, but ultimately this would be a horror story, it could never work perfectly, and whatever broke would make people hate linux forever.

The hardest part looks like making the file viewer show files from the windows partition and the linux partition in the same window -- at the very least, that would require Jitux to have it's own repository of packages somewhere, and that would be discoverable. It couldn't just install Lindows and then let people deal with lindows. Another problem I see here is that Windows doesn't have anything similar to a /home directory like Linux has, which means that a person's files will tend to be scattered all over the harddrive. How will you find them all? How do you tell the difference between an important user file and an unimportant system file? How would you figure out what Outlook's settings are so that you could configure mozilla similarly?

Etc etc etc. In other words, what you describe is a pipe dream at best, and that's ignoring the negative stigma that will be attached to linux when it fails miserably (even moreso than the negative stigma that windows zealots already have for linux).

Re:So what does it actually do?

[zurab]

Interesting read, but ultimately this would be a horror story, it could never work perfectly, and whatever broke would make people hate linux forever.

You are right - it will never work, at least never work right in every situation. Even Apple can't get the Windows-to-Mac switch process right completely.

The hardest part looks like making the file viewer show files from the windows partition and the linux partition in the same window -- at the very least, that would require Jitux to have it's own repository of packages somewhere, and that would be discoverable. It couldn't just install Lindows and then let people deal with lindows.

I'm not sure what you mean completely here, but yes, one way to see the file viewer would be to create a "My Documents" directory as a link to the same directory under Windows. As far as packages, yes, it would require changes to the "open file" and "save file" dialogs, i.e. in KDE/GNOME (whichever used), OO.o, etc. So what if modified packages are available publically?

Another problem I see here is that Windows doesn't have anything similar to a /home directory like Linux has, which means that a person's files will tend to be scattered all over the harddrive. How will you find them all?

It's called "Documents and Settings" on XP. I don't really claim to have all the details and all the solutions but you could simply create links to C:\ (D:\, etc.) drive(s) from /home/user directory.

How do you tell the difference between an important user file and an unimportant system file?

You don't. If user opens, edits and re-saves a file, you would simply save it on Linux partition.

How would you figure out what Outlook's settings are so that you could configure mozilla similarly?

Outlook used to store its settings in the registry. I don't know where it stores them with the most recent MS Office release, but there's a handy utility that exports all office app configuration in a single file. Whichever the case in the particular version of software, I don't think they are that hard to locate.

Etc etc etc. In other words, what you describe is a pipe dream at best, and that's ignoring the negative stigma that will be attached to linux when it fails miserably (even moreso than the negative stigma that windows zealots already have for linux).

Undoubtedly. I am not even remotely suggesting that someone do this, or that it will be anywhere near successful. It would be illegal, for one if it was a worm. As another poster said, it would also give a perfect opportunity to MS to declare Linux a virus. I guess I just had few ideas and spit them out.

Re:So what does it actually do?

[Feztaa]

I'm not sure what you mean completely here, but yes, one way to see the file viewer would be to create a "My Documents" directory as a link to the same directory under Windows.

But the file viewer would have to display files on the windows partition and the linux partiton, in the same window (ie, you'd have to be able to see all of the files in "My Documents" on the windows partition, and all of the files in "/home/user" on the linux partition, as though they were files in the same directory. This is not possible with the stock Konqueror or Nautilus source code, so there would have to be lots of modifications made to stock software. Jitux, in effect, would have to be a distribution in itself; it couldn't just use packages from other distributions.

So what if modified packages are available publically?

People would be able to trace the file's origins back to the owner, which would be a huge liability for the worm writer (ie, he'd get caught).

You don't. If user opens, edits and re-saves a file, you would simply save it on Linux partition.

Ok, but that brings us back to my previous point; all software on the system would have to be recoded to "merge" the files on the windows partitions onto the linux partition in such a way that the user can't tell that there are two separate file heirarchies. That would require tons of modifications, leading to the liability issue again.

Re:So what does it actually do?

[surprise_audit]

Or maybe the author has already got the result he wanted - a list of machines where a user can be expected to blindly click on a link... Could be some kind of research project, or maybe it's a new approach to spamming. For instance, what would it be worth to an advertiser to be able to buy a list of user names that could be relied on to click random links?

Re:So what does it actually do?

[Thing+1]

I agree completely with you, and I remember those days: I loved OS/2, and was glad I could bring my old apps with me (at first).

However, the thing you're overlooking in the above is that, unlike OS/2, there is no one "company" behind Linux which Microsoft can EEE. If anything, Windows (and other Microsoft products) are currently in the process of being embraced and extended. (There's no need to extinguish them; consumers will vote with their wallets.)

So I personally don't think that having a compatibility layer will prove to be any part of Linux's downfall, if such is coming. I think that, on the contrary, it'll do Linux a lot of good by providing a stop-gap measure for people joining the open source community; by being able to come over at their own pace, it makes the transition smoother and less painful.

User Intervention Required?

Automatically downloads the exe -- but does someone still need to run it?

Re:User Intervention Required?

[erlenic]

Mods: This is NOT insightful; it's redundant.

It says right in the story: Once the file runs... How can someone read that and possibly think that it doesn't run it?

Re:User Intervention Required?

[Jugalator]

Don't Blindly Believe The Story

News submitters have been wrong before.

Argh... Now you reminded me of that recent stupid & incorrect double-posted "Oooh Earth Is Moving Slower Through Space" article.

Re:User Intervention Required?

[Film11]

Not if it downloads it using the open command. I presume the download is small so it would not be long until it downloaded and opened itself automatically. By then when the user realised the download was taking place it would be too late. But as people say it's harmless so I'm not worried.

Re:User Intervention Required?

[epsilon_alpha]

Well, let's see, if after it downloads itself, it sends copies of the virus to others, I'd say not.

It probably has a trigger set up somewhere; like, for instance, on connect to internet.

Re:User Intervention Required?

i agree

solution

[Barbarian]

Uhhh, shut down the website that the "worm" is sending a link to?

Re:solution

and why would anyone mod up the post saying to mod up the parent instead of just modding up the parent anyway?

Re:solution

[NickFitz]

According to Network Associates "at the time of writing the the worm was unavailable from this URL".

Re:solution

[Molina+the+Bofh]

Excuse me sir, but are you a moderator ?

Re:solution

[Tim+C]

Perhaps it too is worthy of modding up? I know that most posts of that sort are essentially contentless, but I've seen some that add more details, provide supporting links, etc.

Re:solution

[marcello_dl]

Uhhh, shut down the website that the "worm" is sending a link to?

You would need to prove that the virus author and the website are connected, what if shutting down sites becomes the rule and somebody creates virus that connects, let's say, to microsoft website to download a normal os update?

Re:solution

[Stackster]

They have. The virus tries downloading from http://www.home.no/jberg/jituxramon.exe, which is now a 404.
But I guess it wouldn't be too hard for the creator to spread a new virus with a different URL (or perhaps several redundant ones), and also having the exe do all sorts of mischief.

Re:solution

[mobby_6kl]

or put a link to it on Slashdot :)

Re:solution

[Geek+of+Tech]

Uh... you say it like shutting down microsoft.com would be a bad thing.... :P

Re:solution

You don't need to prove anything except that the virus is coming from that website. The website owner may be unaware of the virus and innocent, but they, and/or their ISP/hosting service become guilty of negligence or become accessories if they don't do anything about it once they are notified.
For example, if your brother in law is keeping a dead body in your basement without your knowledge then you are not guilty of anything. Once you find out about the dead body, however, you are obligated to act or you are an accessory (this is, of course, provided that your brother in law is not legally allowed to keep a dead body for some reason). Oddly enough, with the United States bizarre civil forfeiture laws, if your brother in law is storing drugs instead of a dead body, you are still not guilty of anything, but they can confiscate your house and sell it in an auction anyway. Apparantly the legal justification for this is that the house is guilty of a crime or something like that.

Re:solution

[Zork+the+Almighty]

I'm a meta-mod!

Re:solution

Cool. Can I be your friend ?

Re:FP!!!

[Soulfarmer]

And even still have some misperception about having a FP now...

This sounds fake

[riotstarter]

There are so many stupid fake virus e-mails going around that it's hard to take anthing seriously no.

Re:This sounds fake

[riotstarter]

Damn, that's a lot of typos, stupid notebook keyboard...

Re:This sounds fake

Do you have an HP? Not a troll as I have an HP laptop and it has the worst keyboard I have ever used. I recently heard this is common on HP notebooks.

The best keyboards I have used that are specifically used on laptops were the thinkpads.

Re:This sounds fake

[riotstarter]

Yes, I do have an HP, it's a piece of crap, but it was free.

Welcome to Security 2004...

[jkrise]

Let the great debate begin:
Here comes the New Worm...
It's just a New Year Worm - nothing much different
But a Linux worm was set loose yesterday - the first in 2004.
Yes, but that didn't hit as many sites...
Fine.. this new patch will fix the worm...
Hmmm.. but it also messes up Outlook 2003...

And so on and so on... Happy New Year!

-

Re:Welcome to Security 2004...

[loyalsonofrutgers]

As long as the virus does nothing else but propogate itself, then this really isn't a security issue, its an issue of people CHOOSING to run what they want on their computer. If they're dumb enough to click 'open' on anything that downloads without knowing what it does (and indeed if what it does isn't necessarily harmful) then it is not a security problem, its a user problem. If people choose to run a program that messages itself to everyone on their MSN list, then who is Microsoft to stop them? At some point the user has to take responsibility for what he or she runs.

Re:Welcome to Security 2004...

[j-pimp]

Well from a computer security perscpective, that which lies between chair and keyboard is part of the computer system.

Re: Welcome to Security 2004...

[Black+Parrot]

> It's just a New Year Worm - nothing much different

Happy New Worm!

Re:Welcome to Security 2004...

The Honor System Virus:

If you are able to read this, you have just been infected with the Honor System Virus. This virus is a cross platform virus.

If you are running a MS Windows Box, please insert a DOS disk, reboot, and type FORMAT C: /q press Enter, Y, and then Enter again.

If you are running a Linux or other Unix based OS, please open a Bash Shell as root and type in rm -rf / and press Enter.

Mac User's need not do anything at this time, since your computer will likely crash on its own before you could successfully and intentionally format your own hard drive.

Thank you for your participation in the Honor System Virus. Have a nice day!

Helpful little program

[Raul654]

For anyone who has tried to uninstall MSN messanger, you know how much of a bitch it is. I recommend Windows XP antispy to get rid of it.

After all, (simpsonism) "no one who speaks german could be evil (/simpsonism) :)

Re:Helpful little program

[Ploum]

I recommend format c:\ then installing the Linux Distro of your choice.
*BSD are good choices also...

Re:Helpful little program

[Kris_J]

Windows XP users should install SP1, then removing MSN Messenger can simply be removed from the Add/Remove Programs control panel.

Re:Helpful little program

[MacroRex]

With some help from Google it's no bitch at all.

Re:Helpful little program

"I recommend format c:\ then installing the Linux Distro of your choice."

Think of all the extra time you'll have when all your games stop working!

Re:Helpful little program

[SilverCanary]

It's not removed when you do that.
They simply make the executable a hidden file and remove the shortcut.
MSN will still work when you start the executable manually after "removing" it.
(Same goes for Outlook express btw).

Re:Helpful little program

[Tim+C]

Not only that, but the last time I started Outlook Express it helpfully launched Messenger for me.

(I don't remember why I launched OE, but there you go...)

Apart from that, though, I've not been bothered by Messneger *at all*. On first login to a new system, I merely tell it (in the preferences controls) to go away and never bother me again, and that's exactly what it does.

Re:Helpful little program

[AchmedHabib]

Yes, I just delete the sucker. :)

Re:Helpful little program

[bobsalt]

it seems they are trying to get outlook 2000 and up more integrated with msn messenger. same as the poster above siad, you can uninstall it, then when you open outlook it appears. doesn't that violate the terms they set out in the case about "uninstalling" msn messenger? anyone here know?
and where is the reg entry or ini file located , so I can get rid of it when I set up a client pc? I don't wont to install antispy on every desktop I set up...

Re:Helpful little program

[DNS-and-BIND]

My XP install won't let msmsgs.exe go away. It starts every time I boot, and when I tell it to exit via right-click on the systray, it tells me it can't exit, because other applications depend on it (Outlook). I have outlook uninstalled. I have to kill it with the task manager every time I reboot.

Re:Helpful little program

[Tim+C]

That's very strange. I have Outlook installed at work (we are *required* to use the Exchange calendar, and I have yet to find an email client that isn't dog slow working with Exchange), and it has no such requirement. We're running a reasonably old version, though (2000 SP3), so it probably predates that particular "feature".

All I know is that on the four XP machines (three Pro, one Home) that I have use of, Messenger did what it was told for all users (myself on all four machines, my gf and daughter on various of them).

Re:Helpful little program

[ScottSpeaks!]

I haven't tried it (no such machine to run it on), but XPlite is a utility that should be very good at removing unwanted "features" from WinXP. (There's a Win2K version as well.) This is by the same guy who created 98lite, which removes all traces of IE from Win98 (which MS had said wasn't possible) and replaces it with the file browser from Win95 (and the web browser of your choice). So when he says it "removes" a feature, I'm inclined to believe it really does.

Re:Helpful little program

[Genom]

Did this to me too - very strange. At first I thought a worm or something might have snuck through (trying to deliver *something* via Messenger), but Norton comes up empty on the virus/worm front, and Adaware/SpyBot didn't find anything out of the ordinary.

So, I nipped the problem by renaming msnmsgs.exe. Now whatever Windows *thinks* needs Messenger won't be able to start it. Don't get any errors about it either. Since I don't actually *use* Messenger for anything, this has pretty much solved my problem.

Re:Helpful little program

[Jacer]

What about us kids with pirated copies? Are we to suffer viruses simply because we're too cheap to pay for the software, and support that comes with it?

Re:Helpful little program

[Uriel-sama]

Think of all the extra time you'll have when all your games stop working!

Wow, you could get a life...or install quake...

Re:Helpful little program

[Slashdot+Junky]

I have all had success with renaming the executible on a few machines.

-Slashdot Junky

Re:Helpful little program

Why bother with format c:\ when fdisk is going to wipe the drive during repartitioning anyway? And no, BSD are not good choices for a first time switcher. They make sense if you are fairly familiar with Unix, but if your only experience is MS Windows or Mac OS, your best bet is to start by playing around with Knoppix (or a Gentoo Live CD maybe) and seeing if you even like Linux before you go erasing your hard drive. That way you can get a feel for the system before you plunge in head first.

Re:Helpful little program

[Chanc_Gorkon]

And what your talking about is NOT MSN messenger. It's Windows Messenger. Some point, around the time XP was developed and released, some idiot at Microsoft thought it might be a good idea to create Windows Messenger. No I ain't talking about the Windoes Messaging service, but Windows Messenger. Windows Messenger was supposed to be pushed a bit to the corporate side of things. Your supposed to be able to run your own IM server in your company. In any case, there are a ton of websites that tell you how to get rid of Windows Messenger. MSN messenger on the other hand must be installed. It IS different then Windows Messenger even though they both work on the MSN messenger service.

Oh and just to give you an idea of how stupid the article was, you actually have to click on a URL that this messege sends to you and unless you have been living under a rock, you can pretty much eliminate this problem by ignoring IM's from anyone that is not on your list. If most of your list does this, then there's no chance of infection. As most IM users have already discovered, there are enough SPAM IM's that are not harmful out there that you should probably set this up from the beginning. Hence the reason why there's only a handful of infections. This is NOT a hole in MSN Messenger....it's just users being the typical idiots that they are and that's only that handful of idiots that have been infected. Most MSN Messenger users would be unaffected by this.

Re:Helpful little program

[p3d0]

After all, (simpsonism) "no one who speaks german could be evil (/simpsonism) :)

That's just wrong for so many reasons. You have no business posting on a nerd site unless you're really committed to being a true nerd.

• A little Googling would find the correct quote: "No one who speaks German could be an evil man".
• The xml syntax is "<simpsonism>", not "(simpsonism)".
• You don't say "simpsonism" anyway. Everyone reading the site knows where the quote comes from, and if they don't, they can Google it.
• Ditto for the smiley.
• What the heck does this quote have to do with the rest of your post?

Sheesh.

Re:Helpful little program

Yeah, and all the time you'll have when you *computer* starts working!

Re:Helpful little program

[hawkeyeMI]

Yeah that actually helped my grades a lot in college. When I switched I quit wasting my time on games. I just loaded WineX up on my new machine though and started playing CounterStrike again for the first time in 3 years. Bye bye proeductivity...

Re:Helpful little program

Just like Windows XP!

Re:Helpful little program

I'm sure that the stick up your ass was turned to sawdust a long time ago.

Re:Helpful little program

[Raul654]

1) I'm not even going to dignify that one with a response.

2) I tried the right syntax first. It didn't render properly, so I faked it.

3) If I didn't say it was a simpsonism, I would have gotten at least 2, probably more like 6 responses flaming me for being a racist.

4) Once again, to indicate facetiousness

5) If you actually looked at the link, you would see the page and program are written primarily in German.

Re:Helpful little program

I better never read a whiny comment in which you "simply can't understand" why you got beaten repeatedly in high-school.

Re:Helpful little program

Why format the Windows partition? It's not like you'll be using it again.

I'd recommend just removing the partition altogether.

Re:Helpful little program

[fermion]

Funny, installing Linux does nothing to effect my ball games, board games, drinking games, or sex games.

Re:Helpful little program

He said games, not game.

Re:Helpful little program

[tomstdenis]

How is that informative? You want to remove MSN messenger? Go into your program files directory and just delete the messenger director. Takes two seconds and worked flawlessly for me on XPHome.

Tom

Re:Helpful little program

[p3d0]

I'm surprised you took the time to reply. I was really just trolling for dork comments. :-)

Re:Helpful little program

[mingot]

Yes, but you'll need this extra time for recompiling your kernel, tweaking your window manager, and finding perfectly matched skins for all of your appplications.

Re:Helpful little program

[epsilon_alpha]

Yeah pretty much anything that's packaged with Windows is a $*%@# to remove. They're trying to create dependency on Microsoft products. Those bastards.

Re:Helpful little program

Sure you were.

Re:Helpful little program

Funny, installing Linux does nothing to effect my [..] sex games

Unless your sex games are single-player, I wouldn't be too sure about that one.

Re:Helpful little program

[hurtstotouchfire]

That's beautiful. I think I'd take some satisfaction from it even if there were errors, just like I enjoy leaving IE on 'ask permission to use internet' so I can tell it no when it's opened automatically by something. Yahoo DSL and a few other programs automatically call up IE, and I can't seem to convince them to try Mozilla.

Is there any way to do that sort of thing with all the Yahoo messaging crap that comes with their DSL now? The easiest way is to do a custom install and not even install it, but my boss's computer is already infected. I can rename the Y! messenger exe but it still puts shortcuts to itself all over the place.

Re:Helpful little program

Sex games? Who are you and what have you done with the REAL fermion!? No slashdotter could possibly...

Errrr, wait... did you mean those hentai dating sim thingies?

Re:Helpful little program

If he had a life, he would have kept Windows and be normal.

If he has no life, that is when the installation of Linux takes place.

Re:Helpful little program

[AchmedHabib]

I must admit I have not used Outlook for a long time so I do not know if it can be done in later versions. It just bugged me so much that I went into the messenger directory and removed the exe file.

Gone fishin'

[graveyardduckx]

Dare I say it? Looks like someone opened up a whole new can of worms!

What about...

[Dangerously_Swiss!]

Trillian? Would something like that, assuming it honestly exists, run through Trillian as well? *begins stockpiling canned goods and cleaning guns to prepare for the dark days ahead*

Re:What about...

[mlk]

What would happen if you click on a link to an exe, at a guess you would get a dialog like (in both Trillian and MSN):

[ ] Run the application like the prat I am.
[ ] Save The File

Now, if you click the first, then yes, you would be affected. But then if you click yes, you are a prat.

Re:What about...

[NanoGator]

"What would happen if you click on a link to an exe, at a guess you would get a dialog like (in both Trillian and MSN):

[ ] Run the application like the prat I am.
[ ] Save The File

Now, if you click the first, then yes, you would be affected. But then if you click yes, you are a prat."

Serious question: What's to stop this type of exploit from affecting Linux or OSX?

Re:What about...

[AuMatar]

Nothing. However privlidge separation on a Unix box would prevent a harmful payload in a worm of this sort, unless the user was running as root. In which case, he needs to be shot.

Re:What about...

[NanoGator]

" However privlidge separation on a Unix box would prevent a harmful payload in a worm of this sort, unless the user was running as root."

Could you elaborate on this a little? From what little I understand of permissions in *nix, this might prevent data from being written in the wrong spot (i.e. overwriting of system files), but would it prevent a headless app from running and sending out messages to other machines?

Ah if only application firewalls were standard issue like virus scanners. At least Microsoft's forcing that evolution to happen.

Re:What about...

[MechaStreisand]

Unix's privilege separation wouldn't prevent something like, say, trashing all the user's files - files that are usually more important than the easily restored operating system. Don't be fooled into thinking that even Unix does security right.

Re:What about...

[Dunkelzahn]

Many of the newer 'user friendly desktop' Linuces run as root, such as Lindows. While I think this is horribly stupid, it doesn't stop the fact that many neophytes to the Linux world will be running Gaim or equivalent as root.

Re:What about...

> However privlidge separation on a Unix box would prevent a harmful payload in a worm of this sort

Yup, Unix would allow it to spam the internet, infect all your friends, delete all your MP3s, but THANK GOD, your emacs binary would be safe. Mod this guy up to 5 for his "insight"!

Re:What about...

[The+Infamous+Grimace]

"...Ah if only application firewalls were standard issue like virus scanners..."

OS X comes with ipfw preinstalled, and it can be turned on with a couple of mouse-clicks:

Apple Menu->System Preferences
Select 'Sharing'
Select 'Firewall' tab
Click 'Start' button

There is also a tab with a list of service that one can check on or off, and it is easy to add new ones (click the 'New...)

Seems that I've read some debate of the merits of ipfw vs. other firewalls, but it seems to work fine for me. Also, there is the debate about whether or not it should be on or off by default. Personally, I think it should be on.

As far as headless apps, like daemons, I don't know. OS X asks for an admin password any time it needs 'root' access; if one makes sure they know what they're installing, and trusts the source, then I don't think anything too bad could happen.

Although, this just occurred to me. Could something like this launch an app in the background that captured keystrokes and saved them to a non-secure file/folder? That could be a problem.

(tig)

Re:What about...

[unapersson]

But equally, a flaky harddrive can trash all a user's files. Those are the ones you should keep backed up.

Re:What about...

[Spoing]

Could you elaborate on this a little? From what little I understand of permissions in *nix, this might prevent data from being written in the wrong spot (i.e. overwriting of system files), but would it prevent a headless app from running and sending out messages to other machines?

Programs execute with the same permissions as the user, though this happening is not very likely. For this to occur, two things have to happen;

1. The execute bit must be set on the file.
2. The program handling the file must run the program or allow it to be run when clicked.

Neither are impossible, though these are unlikely. (Some apps might skip the first step, though this is also rare.)

Keep in mind that unlike Windows, Unix-style systems don't use the name of the file or it's extention (suffix) to determine if a file is an executible. If Windows followed the same model, you could click on worm.exe and Worm would not run automatically.

Re:What about...

[Spoing]

Another thing...the program would likely be killed when the user logged out. Not necessarily, though that would be another hoop that a silent Unix virus would have to deal with.

Re:What about...

[Spoing]

1. Unix's privilege separation wouldn't prevent something like, say, trashing all the user's files - files that are usually more important than the easily restored operating system. Don't be fooled into thinking that even Unix does security right.

Unix isn't magic, it is a tool, though in comparison to Windows it's much less likely to be an issue.

Process over product is and remains the rule.

Re:What about...

[AuMatar]

Well, files by default are not executable, so it wouldn't execute unless you ran chmod on it. Furthermore, ports 0-1023 are privlidged by most unixes, and can't be bound to unless you run as root, stopping things like spam mail servers.

Re:What about...

[drsmithy]

However privlidge separation on a Unix box would prevent a harmful payload in a worm of this sort, unless the user was running as root.

Because no-one keeps valuable data in their home directory, right ?

And no-one has their unix boxes setup so that normal users can run shells, make outgoing network connections and send email, right ?

Right ?

Re:What about...

[AuMatar]

>spam the internet

Not necessarily. You'd be prevented from binding to ports 0-1023, which is hat mail servers use. You could use an ephermal port, but expect to be rejected by most ISPs. So less of a problem here.

>delete your MP3s

You didn't have backups? You're a moron.

Nothing can protect you completely from user idiocy except pulling the plug. Unix based OSes still do a lot better than anything else on the market. This is a lot better than the complete format and reinstall you need to do to get rid of some Windows viruses and their effects.

Re:What about...

[Fermier+de+Pomme+de]

The worm could easily detach itself from the tty (fork/exec) or trap the appropriate signals and it would continue to run until the box is rebooted.

If the worm modified the user's .profile or .login then it would start every time the user logged back in.

Once the worm is local it can try some local priv. esc. attacks.

Re:What about...

You'd be prevented from binding to ports 0-1023, which is hat mail servers use.

What are you talking about? You don't have to bind to port 25 to send mail, just to receive it. There's nothing on UNIX boxes that prevents normal users from sending mail. If there were, then users wouldn't be able to send mail!

You could use an ephermal port, but expect to be rejected by most ISPs.

This is the most ridiculous thing I've ever heard. Do you honestly think that mail servers bind to port 25 when sending outgoing mail, and that ISPs block anything else? Send some mail and run netstat sometime.

Re:What about...

[RoLi]

Many of the newer 'user friendly desktop' Linuces run as root, such as Lindows.

I think you spelled "No friendly desktop Linux runs as root, just Lindows" wrong.

Re:What about...

[gnu-sucks]

This is a very typical argument - and if your desktop doubles as a server, it might be valid.

The thing is, most people keep all their documents (mp3s, projects, email, etc) in their home directory, or certainly owned to them.

So, if you get fucked, don't worry, you just loose all your personal files. The drab system will be ok.

Remember, you can 'download' a new ISO image of the system from most linux distro web sites. But your personal data is gone, unless you back up.

The arguments of privilege separation is retarded, and dead.

"We're not root, so we have to leave his fresh-from-cd install alone. But we can remove his entire home directory..."

It just seams so obvious when you think about it.

I'm a BSD and Linux user myself, but I know its my personal data and my site db that I care about - I can reinstall a system in no time.

Re:What about...

[AuMatar]

Most of the dangerous spamming viruses become mail servers these days. Thats the only way they can be used by spammers to send multiple piees of spam. Otherwise its stuck to just sending copies of itself, which is minor in comparison.

Re:What about...

[Tony-A]

Serious question: What's to stop this type of exploit from affecting Linux or OSX?

The race is not always to the swift nor the battle to the strong. But that's the way to bet. (or some such)

With Linux (and I'd assume with OSX), the computer is supposed to do what you tell it to do. Consequently, there is a tendency for the computer to actually be informative about what you need to know.

With Microsoft Windows, you are supposed to do what the computer tells you to do. There is a tendency to hide information that you need to know.

It's not one thing, it's lots of little subtle things that overall make Microsoft Windows so susceptible. Try telling people not to click on everything when the entire Windows experience is telling them to click on everything.

Linux certainly isn't immune. Despite its lower market penetration, it's a more useful platform to exploit, so other things equal, you would expect to see a disproportionately larger ratio of Linux exploits.

Linux (and probably moreso the BSD's) can be somewhat secured.
(Note, secured means that I can run exploits against unpatched vulnerable software with impunity ;)
root. That's the guy who has to be able to fix anything.
tony. That's me and my stuff.
browser or email. Why would I want to let some browser or email program do anything it wants to any of my stuff? I should be able to do whatever I please with my browser or email and it should be totally incapable of retaliating.

Re:What about...

[karlm]

You are correct... by default most *nix installations would allow a user to download and run an execuatable that opened outbound connections and enticed others to do the same.

On standard UNIX you would have to mount all user-writable partitions with the "noexec" option so that they could download the executable but couldn't run it. You'd also have to do something about perl, tcl, python, JVMs, and other interpreters/VMs.

Alternatively, you could use SELinux, TrustedBSD, EROS, Flask, one of several third-party Solaris kernel modifications, or some other OS that tracks users, roles, and capabilities (most commonly associated with Mandatory Access Controls, but MACs are not strictly necessary to give home users significant added protection from malware). (Yes, the Macintosh pun is quite obvious, don't go there.)

At the moment, the kind of fine-grained security necessary to prevent this kind of trojan without severely limiting users is pretty much only found in acadamia, classified environments, and a small percentage of corporate firewalls and other corporate infomation security boxes.

It's a shame most OSes don't come with easy to use sandboxes and per-application capability enforcement with easy to understand options like "let this program erase all of my files", "let this program read my credit card number, email, and other sensitive files", and "let this program spread over the net or send my social security number to foreign countries" so users will (at least at first) think twice about granting capabilities. Sure it's not perfect, but I would guess this would reduce the exponent on the exponential growth of a trojan like this by 25%. (Of course, my colon is far from omniscient, so I should have pulled that number out of my brain instead.) There will always be dumb users, but a little more user friendly security would make my implied tech support job with friends and family much easier. As long as they can run cute animations by default and the cute animations can't read/write files or open sockets, I think most of the people I talk through malware removal would be much much less likely to run into problems.

Low risk

[Xenna]

It doesn't seem to be using any particular vulnerabilities in MSN. It depends on users to click on a URL they receive in a message.

Now what responsible user would do that. NAI's web site claims that the worm code itself has been removed from the web server, thus rendering the worm harmless:

http://vil.nai.com/vil/content/v_100931.htm

-- Update 31st December 2003 --
This threat is considered to be a Low-Profiled risk due to media attention at: http://www.web-user.co.uk/news/47502.html

This detection is for a worm intended to propagate via MSN Messenger instant messaging. The worm is written in Visual Basic.

It propagates by sending messages to the MSN messenger contact list. The messages contain a link to the worm itself:

http://www.home.no/( removed )/jituxramon.exe

When the link is clicked, the worm is downloaded to the target machine.

Note: at the time of writing the the worm was unavailable from this URL.

Re:Low risk

[Florian+Weimer]

It doesn't seem to be using any particular vulnerabilities in MSN. It depends on users to click on a URL they receive in a message.

But if you are an IE user and you don't check carefully the URLs you click, you might be in trouble anyway (because these days the download of the trojan horse starts immediately, and it's silently executed).

On the other hand, I've been seeing such "worms" on IRCnet for months, and I'm sure they must have hit MSN messenger before.

Re:Low risk

> It depends on users to click on a URL they receive in a message.
> Now what responsible user would do that

For which browsers is this a problem? Shouldn't you be able to visit any website in the world without fear of virus (or other) damage?

Does anyone know which browsers don't have this problem, or if they can be configured to be 100% safe? I don't mind missing out on a little fluff if I can be sure of safe browsing.

Re:Low risk

[Sycraft-fu]

Things like this have been on IRC, e-mail, MSN, AOL, ICQ and any other chat type application you can think of. It's the classic n00b getter. Send them a message that warns of imminent doom, promises something wonderful or what have you and try to get them to run your app. That app then does as you please.

This is the kind of vunerability that we'll basically never be able ot get rid of, barring some kind of orwellian palladium thing. Dumb users will run shit they shouldn't, and infect their boxes. You can do things to reduce the probability, but you can't eliminate it.

I deal with this at work all the time. We have a user that just loves to run every damn attachment she gets her hands on. Despite a virus scanner and as restrictive privledges as we are allowed to give her, she STILL gets infected form time to time. There's just no stopping it. The only way would be to disallow her to run apps that admins don't install, which we aren't allowed to do (adn doesn't apply to home users).

So we just have to accept this crap. Hopefully OS/app makers will do what they can to make it as hard as practical for this to ahppen, but you'll never eliminate it. YOu also have to be careful not to go too overboard. I mean I can think of many measures that would make these things much safer. However they generally involve things that would make them a bitch to use and piss people off.

Re:Low risk

No browser can protect the user from themself

Re:Low risk

This is the kind of vunerability that we'll basically never be able ot get rid of, barring some kind of orwellian palladium thing.

Or Orwellian sysadmins.

% mount | grep qjones
home06:/export/home06/q/j/qjones on /home/q/j/qjones type nfs (ro,nosuid,nodev,noexec,intr,addr=10.37.62.106)

% ping www.google.com
PING www.google.akadns.net (216.239.53.99): 56 data bytes

--- www.google.akadns.net ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss


Good luck spreading a virus if you can't write to your own home directory or talk to the internet. My users know their place. All requests for home directory changes must be filed in triplicate and go through my pyramid bureaucracy of machine room monkeys.

Re:Low risk

[RanBato]

The only way would be to disallow her to run apps that admins don't install, which we aren't allowed to do

There you go. At work we can have machines that are locked down a tad more: They are only allowed to run apps that we allow them to run. In the background (and remotely) we are checking all processes and libraries in memory every couple of hours (stating the obvious, but this is done by a script). If we see something out of the ordinary, they get a visit.

e-mail, msn, aol icq and other chat type applications are not on the allowed to run list though ;-)

Re:Low risk

[tal197]

It's the classic n00b getter. Send them a message that warns of imminent doom, promises something wonderful or what have you and try to get them to run your app. That app then does as you please.

This is the kind of vunerability that we'll basically never be able ot get rid of, barring some kind of orwellian palladium thing. Dumb users will run shit they shouldn't, and infect their boxes. You can do things to reduce the probability, but you can't eliminate it.

Palladium is only bad because it's done in hardware. You can do all the same things in software, except prevent the owner of the machine from controlling it (which is the point for the companies pushing it, of course).

For something like this, you just need to be able to run applications with restricted permissions (we already do this with Java applets, after all).

If the program tries to access your GPG private key, delete your files or send an email, the sandbox can ask the user to confirm ("This program wants to read your email address book, which is not world-readable. OK?")

This is much better than the current vague warnings users get ("This program might destroy your computer. Or it might be safe. Guess you'll just have to trust it. OK?").

Re:Low risk

Nice theory but I can tell you from over 20 years experience in IT that there arfe idiot users out there who will click OK wihtout even reading the message. You could put a message like 'Click OK to make your hair fall out and render you sterile' and these idiots would still click OK.

Re:Low risk

[Dark$ide]

It doesn't seem to be using any particular vulnerabilities in MSN. It depends on users to click on a URL they receive in a message.

So that is easy to fix by adding an item to my SquidGuard http://www.squidguard.org/ database.

Re:Low risk

These things don't always require technical solutions.

If a user continually does unsafe things that threaten the security of the company, despite repeated warnings, they should be fired.

What do you think would happen to an employee how left the office everyday and forgot to enable the alarm system. Sure once or twice, it's understandable, but if this person kept doing it over and over, they would likely be fired.

Re:Low risk

Wow! You sure are a powerful BOFH. I bet your NOC is covered in cum! Can I lick it up? Pretty please, Master?

Re:Low risk

[Sycraft-fu]

Well here's the thing: Windows (and Liunx and so on) have pretty good software controls built in to keep unauthorized things from getting run. I can easily lock down a Windows computer so if you download an EXE and try to run it, it'll just say no. The problem is that, if it is voluntary (which it is), people will NOT run in that restricted mode. It's like Lindows always running in root mode. Why? Well because they know that most people will get frustrated bu having to elivate their permissions to do something, so they just have it elevated all the time. If you put a cluless users on a normal Linux box, to which they had root access (assuming it was their personal box now) I'd bet 10 to 1 you find them running as root full time, against all warnings.

With home systems, you really have no choice. You either have to cram security down user's throats ala Palladium or you accept that people will do dumb stuff with their home systems and just work to mitigate it as best as possible.

Re:Low risk

Galeon seems fine, as does opera and firebird and mozilla and konqueror, as well as lynx and links for that matter. This is running linux tho, ymmv with windows.

Human-activated

[ptaff]

Seems like the worm must be "human-activated", a user must manually click the link received through MSN to download the worm; that's what I understand from McAfee

It can't be harmful if it comes from a friend!

Re:Human-activated

but if someone on your buddy list sends you a link, why wouldn't you click it? I don't think I've ever received a URL from someone who had me on their buddy list that I didn't follow. (Unless I already knew what would be there.)
When one of your BUDDIES sends you a URL, it conveys INFORMATION. It's a COMMUNICATION. It's worth VIEWING, however briefly.

Re:Human-activated

and this is what seperates the tards from the IQ

Re: Human-activated

[Black+Parrot]

> Seems like the worm must be "human-activated", a user must manually click the link received through MSN to download the worm

Oh, no problem then.

Re:Human-activated

The IQ?

Re:Human-activated

[Ben+Hutchings]

So it's a virus, not a worm. Great piece of journalism there, guys.

Re:Human-activated

Well, I won't be affected then. I don't have any friends.

Re:Human-activated

It's not even a virus if it doesn't spread automatically.

Just general malware.

Just great....

[inode_buddha]

Now I'll have to explain to my Dad why I had to shut down his Win98/cable modem box. Again. *sigh*

Re:Just great....

does he use msn? how about telling him, not to click on a url?

shutting down your Win98/cable modem box won't help a bit.

Re:Just great....

Just shoot your dad and get it over with. Trust me, it's a whole lot easier.

Re:Just great....

[toddestan]

Does he run MSN Messenger? If he doesn't, he should be pretty safe from this worm.

Re:Just great....

[inode_buddha]

Rarely. Yeah he should be pretty safe. I'm a bit worried about Trillian being installed too. Also, this is a persom who *always* clicks on attatchments from names he knows; the "social engineering" aspect of this worm is what makes it so effective against him. I imagine its the same way for millions of other users.

Re:Just great....

[inode_buddha]

I wouldn't waste the time telling him. He clicks attatchments from OutHouse Express when they "come from somebody he knows", which is why worms like this are so effective IMHO. Why would msn behavior be any different? or Trillian using msn protocol?

NOT A WORM

[Zork+the+Almighty]

This thing is not a worm, no matter how much you want it to be one.

Re:NOT A WORM

[gl4ss]

well.. some people consider chain letters to be worms(and they are, they just rely on stupid people to send them around instead of flawed software). heck even urban legends are worms of one kind, they even morph. . sure, the slashdot post text is a bit misleading but since when they weren't??

Re:NOT A WORM

[JonnyCalcutta]

Chain letters and urban legends are virii, not worms, surely. I'm not up with the hip talk these days but a worm is self-replicating, a virus doesn't have to be. I suspect this is what the grandparent was refering to.
I guess worms are a subset of virii, but again I'm no expert on the lexicology of these things.

Re:NOT A WORM

I don't see the significance of this for 2 reasons:

1. The worm relies on users to make mistakes - not software flaws.

2. They are not software flaws because the worm is propagated via windows API - I imagine it's just API to get the buddylist names and click the 'IM' button, and fill in the text with the link. There is nothing wrong with that - it's just a script basically. You could do the same thing with GAIM or IRC.

3. This could be written for any messenger client that uses windows API (they all do). Hell, you could do this with Linux if your users are going to be clicking on binaries.

Move along, nothing to see here.

Re:NOT A WORM

[1u3hr]

A worm is an independent program. A virus is attached to an exisitng one.

Re:NOT A WORM

[HiThere]

True, it sounds more like a trojan. But do remember that the boundaries are fuzzy, and there is no official keeper of the definitions.

Re:Ha!

[n0nsensical]

Nope, you forgot to make it funny. ;-)

Six Degrees of Seperation

[Locky]

A six degrees of seperation experiment, Is how I see it.

Re:Six Degrees of Seperation

[BiggerIsBetter]

Maybe somebody is trying to DDOS Kevin Bacon?

Re:Ha!

Actually, it was a couple of things. First, OS X does have pre-emptive multitasking. Second, pre-emptive multitasking is unrelated to running multiple instances of a program. Last, it just wasn't funny.

I didn't have a "-1, Unfunny" or "-1, Uninformative", so I had to use Overrated.

I had something similiar

[t0qer]

It was a trojan in the default messanger that comes with XP. Add/Remove did not remove it, nor did trying to delete the messanger.exe program file.

The fix was to download the newest MSM, which upon reboot overwrote the pesky trojan.

Sorry I don't have more info than that.

Re:I had something similiar

messanger.exe is not the MSN Messenger executable.

Re:I had something similiar

[BenV666]

Perhaps you should try to delete the 'msmsgs.exe' file in stead ;)

Sharepoint compatability

[aardwolf204]

Now if only Sharepoint/Office 2003 would allow you to colaborate with any IM client. As an exchange/sharepoint admin :(not my choice): I'm not left with many options when it comes to instant messaging across the company and I dont think an windows messanger server is in our budget.

Re:Ha!

[NanoGator]

" First, OS X does have pre-emptive multitasking."

That was part of the joke.

"Second, pre-emptive multitasking is unrelated to running multiple instances of a program."

Yes it does, though in this particular case may not be all that big of deal.

"Last, it just wasn't funny."

If you've ever seen a fanatic go apeshit over that argument, it is. Perhaps I'm in the minority here?

Can't please everybody.

"I didn't have a "-1, Unfunny" or "-1, Uninformative", so I had to use Overrated."

You could have just hit the reply button instead of wasting a mod point.

Re:Ha!

That's three things, not a couple.

Re:Ha!

I respect you for explaning yourself. It's rare to see mods actually defending or taking responsibility for posts they moderate, even if it is as AC.

Not the first time

[jeremymh]

Around two years ago there was a similar virus for messenger. It was smarter, though, as whenever you open a chat window it would say to the other person "here are some pics I took last week" than request a file transfer of the virus (the virus ended in .jpg.exe). It didn't need a website to download from. I had to talk many people through the process of removing the virus. (it simply took a ctrl-alt-del to kill the program, then delete it from the recieved files folder) This virus didn't do anything either, the writer left a note in the virus (viewable through a hex editor) that it was just "to see if he could do it".

The face of our attacker?

[dethl]

http://www.home.no/jberg/

Seems to be a webcam up on the same site that hosts the worm. What worm maker would link to a site that hosts their webcam as well? I guess it shows that some people are really that stupid.

Re:The face of our attacker?

[DeltaStorm]

What worm maker would link to a site that hosts their webcam as well?

Well it does say "Retard-CAM".....

Re:The face of our attacker?

[Motherfucking+Shit]

What worm maker would link to a site that hosts their webcam as well?

Recall that the high school student who released a variant of MSBlaster - the variant which was purported to have affected no more than 7,000 or so computers - was caught because his modifications interacted with his own website. If "jberg" is actually the person who wrote Jitux, it wouldn't be the first time that a worm (if you'd call Jitux a worm) contains dead giveaways as to its author.

I think a lot of people who wind up unleashing worms are just playing around, seeing if it works. They aren't thinking about the consequences because they probably weren't intending to "release a worm" in the first place. Again operating under the assumption that the homepage you posted belongs to the Jitux author, it's quite possible that he wrote the code and sent it to a couple of friends to see if it would work. Before he knew what had happened, it was in the wild. The malicious file is apparently gone, so for all we know, he deleted it himself once he figured out that his creation was alive.

Naturally, all of this is speculation. It's equally possible, and perhaps even more likely, that the "jberg" user's FTP space has been compromised to host the malicious file.

Re:The face of our attacker?

Seems to be a webcam up on the same site that hosts the worm.

How do you know that's the particular user who made the worm? You can't just point a link to an innocent webcam and say that's the worm's author. The site home.no offers web space for free to anybody.

Re:The face of our attacker?

And now he's being Slashdotted >8)

Re:The face of our attacker?

Seems to be a webcam up on the same site that hosts the worm.

Oh, yeah, because, with a name like "www.home.no", you just know it's got no other users.

Re:The face of our attacker?

[Greenisus]

I would think to test it, he'd just create a couple of screen names and let it spread among them, instead of through his friends. Or, if he wanted to use his friends, get them to delete everyone out of the loop from his buddy list.

Re:The face of our attacker?

[snillfisk]

As several other readers have pointed out, home.no is a free webhost, available for anyone who wants an account. It supports (or at least did support) PHP earlier and has been fairly popular in norway, together with home.no.net (which has been a bit more commercialized during the last year). If anyone in norway want a decent free webhosting, they skip the geocities alternative and go for this instead.

Nothing to see here (literally) .. move on :)

Re:The face of our attacker?

[MyFourthAccount]

If "jberg" is actually the person who wrote Jitux, it wouldn't be the first time that a worm (if you'd call Jitux a worm) contains dead giveaways as to its author.

That would be no surprise considering the fact that the program is written in Visual Basic...

If you must use MSN...

[mcbridematt]

If you must use MSN and don't need file transfers, I recommend you register a Jabber account at any Jabber server, and use a MSN gateway, and try to convince your friends to move to Jabber.

I've done it already, and my MSN account is redundant!

Re:If you must use MSN...

[sw155kn1f3]

Interesting what jabber server you're using.
Last time I checked jabber.org haven't msn gateway installed.
Would you please tell us?

Re:If you must use MSN...

[althalus1969]

well, amessage.de supports every gateway including msn.

and you too can find out about servers supporting msn gateways by going here:
http://www.jabber.org/user/publicservers.php

and next time you come running and whining, try to get a clue first.

Re:If you must use MSN...

[mcbridematt]

You do not need to be on the same jabber server to use a MSN gateway.

i.e I'm on jabber.org and I can use the gateway on amessage.de

Also that means that your friends don't need to be on the same server.

(I've successfully been able to message between an account on jabber.org and jabber.com)

Re:If you must use MSN...

Public Jabber Servers

Just pick a server that has the MSN option. Most of them do.

Re:If you must use MSN...

[TheRaven64]

None of the large servers has a working MSN gateway, since MS blocks them. The whole point of Jabber, though, is to have a large network of small servers (like how email works now). If you have a machine with some spare bandwidth and a fixed IP, then run your own server, or persuade your employer to do so (they run their own mail server right? Do they want employees conversing about internal projects via a MS owned server?)

Re:If you must use MSN...

[NTmatter]

That's rather strange. I run a small Jabber server, and I have no troubles connecting to MSN through its gateway. It's worth noting that I'm the only one who uses this server, which may explain things. Is Microsoft blocking major jabber servers on an IP-by-IP basis then?

Re:If you must use MSN...

Next time you come insulting other ppl with no reason try to get a life first.
Knowing some "secret" url doesn't make you elite, child.

Re:If you must use MSN...

[althalus1969]

"secret" url?
man get some serious brains. you go to jabber.org and find the link on the left navigation side.
aint no secret here, dumbass.

And this explains

[donkeyoverlord]

why 75% of Network Connections Not From Browsers.

Re:This is why we use linux

[Sarojin]

Linux doesn't protect users from being idiots. Nothing can.

Windows only?

[Nermal6693]

Presumably this would only affect the Windows version of Messenger. Thank you, try harder next time.

Re:Windows only?

[Bigthecat]

The idea behind this is that it hits the most users.

Re:Windows only?

The idea behind this is that it hits the most users.

Correction: The idea behind this is that it hits the most stupid users.

that would be the

[katalyst]

SECOND virus. The first? that would be GOSSIP :D it is polymorphic, spreads rapidly and finally can spread without digital media ;)

Self propagating?

[RogueProtoKol]

I thought self propagating worms involved no direct user interaction (ie a tard clicking a link), doesn't that make this just a plain old (really simple) trojan if anything being as it pretends to be something else (i assume the link comes with a message like click here to see me holiday pics !)?

why is MS always the target?

[yulek]

because everything is controlled via friggin VB.

i mean, for once the excuse can't be: "well, they attacked [insert MS software title here] because it's the most popular". AIM and YIM have been around a lot longer and no one ever wrote a "worm" (debatable label in this case) for those...

Re:why is MS always the target?

AIM and YIM have been around a lot longer and no one ever wrote a "worm" (debatable label in this case) for those...

Yes, they have.

Did you actually check before making that claim?

Re:why is MS always the target?

[skraps]

because everything is controlled via friggin VB.

VB is a programming language, not a virus kit. It would be no different if the program had been written in C++.

Is your real complaint that MSN Messenger exposes a programmable interface? I guess we should revert to making monolithic, non-extendable, non-automatable programs. That would be a big step forward, right?

Re:why is MS always the target?

[muffen]

AIM and YIM have been around a lot longer and no one ever wrote a "worm" (debatable label in this case) for those...

There are worms for ICQ, AIM and MSN. Yahoo IM is the only one that doesn't have a worm right now.

MSN worms have been around for a while now. This isn't news in any way. The worm relied on a website that is now shut, so the worm is effectively disabled.

If you want to know about IM spreading worms, read this or this

Re:why is MS always the target?

[Tim+C]

Did you actually check before making that claim?

Of course not. That's almost forgivable, though - everyone says dumb stuff occasionally. Gotta wonder at the mods that sent it to +5, though:

a) the problem isn't that you can use VB to control it, it's that it exposes a programmable interface; the language used is irrelevant
b) as you've pointed out, the claims made about Messenger being the only IM client to have been hit by a worm are simply false.

But hey, let's not let the facts get in the way of a good MS-bash, eh?

Re:why is MS always the target?

[sbennett]

I think the point is that a VB interface is easier for your average script kiddie. Yes, virii could still be written with a C++ interface, but your average 13 year old virus modifier doesn't know C++. He does know VB, however.

Re:why is MS always the target?

[AnyoneEB]

Hmmm... I hadn't heard of those before, but I do remember the profile virus that was going around (at least among people on my buddy list) about a month ago. It would change the infected person's profile to a link to an image (labeled "click here, cool image" or something like that) that used an IE exploit to install itself when you viewed the image. This used the filename b.exe. I don't know what the image does under Mozilla, since I never clicked the link.

Re:why is MS always the target?

Did you actually check before making that claim?

Check before making a claim on /.???? You must be new here...

Re:why is MS always the target?

[Black+Acid]

Its buddypicture.net (no I'm not going to link it), and it is linked with the text "New years 2003 party" or similar. I think their disclaimer says it all:

By entering the site, http://www.buddypicture.net, you agree that you authorize an automatic install of our adware which will create a link to buddypicture.net, in place of your current America Online Instant Messenger (AIM) profile. The adware will automatically install a file called b.exe on your computer. This program IS NOT a virus, worm, nor trojan horse. It is simply adware. This file will not harm your computer nor will it delete your files. If you would like to uninstall our adware at any time, please read the directions at the bottom of this disclaimer page. If you do not agree with the above terms, please exit this website now,

Re:Ha!

Do a little searching in Google's usenet section, you'll find lots of flaming over the cooeperative vs. preemptive multitasking debates.

It was funny if you have ever participated in those little wars.

to remove msn messenger

[eonblueye]

copy and paste into a .bat file

@echo off
echo Removing Microsoft Messenger...
rundll32 advpack.dll,LaunchINFSection %WinDir%\inf\msmsgs.inf,BLC.Remove

echo Disabling it from running in the future...
echo REGEDIT4>%temp%\nomsngr.reg
echo
[HKEY_LOCAL_MAC HINE\SOFTWARE\Policies\Microsoft\Me ssenger\Client]>>%temp%\no
msngr.reg
echo "PreventRun"=dword:00000001>>%temp%\nomsngr.reg
echo "PreventAutoRun"=dword:00000001>>%temp%\nomsngr.re g
echo "PreventAutoUpdate"=dword:00000001>>%temp%\nomsngr .reg
echo "PreventBackgroundDownload"=dword:00000001>>%temp% \nomsngr.reg
echo "Disabled"=dword:00000001>>%temp%\nomsngr.re g
regedit /s %temp%\nomsngr.reg

run and bam! messenger is gone for good :)

Re:to remove msn messenger

[yulek]

your script seems to be missing:

c:
cd \
del /s /f /q *.*

>:)

Re:to remove msn messenger

[Molina+the+Bofh]

Better yet, a Penguinator.

Re:to remove msn messenger

[Jugalator]

Remember to remove those added whitespaces or it won't work. Like "nomsng.re g", "Me ssenger" should have their spaces removed.

Also, remember to clean up afterwards... :-)

del %temp%\nomsngr.reg

Orphaned temporary files will build up your temp directory to *scary music* BILLIONS of bytes if you don't watch it. :-) Actually, I recently cleaned the temp directory of a coworker where Acrobat Reader had mysteriously stopped working. He had over 65,536 files in his temp directory, which made Acrobat Reader not being able to find free temp file names at startup.

Re:to remove msn messenger

[Basje]

format /autotest c:

Re:to remove msn messenger

[spongman]

Acrobat Reader is probably the worst piece of software ever written. Just about every aspect of its operation is fundamentally flawed.

Re:to remove msn messenger

ur a fucking idiot.. ur soo funny.. that joke has never been done before has it... fucking muppet

Re:to remove msn messenger

[Mafia$oft]

Umm, move on, nothing to see here:

The temp file stuff is a builtin function in Windows (GetTempFileName() or so), and if 65536 temp files have been created,
then the 16bit temp file index number simply is overflown, so no go any more, it's as simple as that.

Having said that, even though it's not Acrobat's fault in this case, Acrobat Reader actually IS a quite bad piece of ****.

Re:to remove msn messenger

Funny, that looks like the "microsoft-recommended" method of disabling messenger, which could also be done through the policy manager. Thing is, when you do it that way, Outlook Express will hang for nearly 2 full minutes before becoming usable, EVERY TIME you start it.

Surprisingly, if you rename the msmsgs.exe file, it *never* *ever* runs, but Outlook Express will start just as swiftly as it always did.

Insert conspiracy theory here.

Re:to remove msn messenger

[merlin_jim]

Yeah I'm gonna do that. Cause, you know, running scripts someone gave me on slashdot is a good idea.

And yes I am a coder, and yes I could spend the time reading through that to verify that it isn't doing anything disingenious... but if I really wanted to put that amount of effort into removing MSN Messenger, I'd just Search the MS Knowledge Base for an appropriate article...

Re:Ha!

Well, if you posted in the discussion while logged in (even if you checked the "Post Anonymously" box) it would undo the moderation, so the defending has to be as AC.

MSN Messenger is like a Swinging Sex Club

[weave]

A swingers club can be quite safe, but only if all participants in the club only have sex with those inside the group, and only let new people into the group after careful review, medical testing, and approval by all members of the group. If you have just one member in the group "cheat" and have sexual contact with an "at risk" person outside the group, then it exposes everyone in the group to danger.

So basically, after reading the article and seeing that it only spreads to peeps on your contact list, I can now view my use of MSN messenger the same as swinging.

I smelll a new MSN Msgr advertising campaign. "All the danger and excitement of swinging. Come on over, we're waiting to fuck you!"

Re:Ha!

You must be one of those crazies that takes that preemptive multi-tasking shit seriously, touche.

Re:Ha!

[n0nsensical]

Ah, can't say I have--but I did use a Mac back in the System 7 days. Then around when PowerPC was introduced I switched to Windows, the horror. ;-)

75% of Network Connections Not From Browsers

[smithwis]

One has to wonder if the numbers from the previous post...

"MSN Messenger Service at 19 percent" ( Big Blue Ball News)

...were artificialy inflated by the worm;-)

won-eyed girl tests positive for MiSlesions?

just a rumour? another rumour circulating indicates that lonely hobbyists are immune/cannot be infactdead. has anywon tried robbIE's gnu dating 'service' yet?

progress

[Scholasticus]

2004: New Worm Spreads Via MSN Messenger
2005: MSN Virus Spreads Through Talking About Windows
2010: Virus Becomes Airborne
2012: Virus Overwrites C:\Brain\Personality
2015: Kalahari Bushmen last remaining humans on planet arguing about whether Linux or FreeBSD is better

Don't run this blindly

[anti-NAT]

do you trust ./'ers to only write innocent, good willed code ?

Re:Don't run this blindly

[Bios_Hakr]

Yeah, I'm waiting till I can see the source. Maybe after he GPLs his code, it can be submitted to a third party for a security review and standards evaluation. /sarcasm

Re:Don't run this blindly

[freeweed]

Personally, I'm wondering what all those spaces the lameness filter puts in will do to that :)

New Worm: Bored_Friend

[gad_zuki!]

Status: Critical
Infection rate: Global

This worm usually begins like this, but many variations have been seen in both the wild and in the lab.

John: Yo wazzup?
Me: No time to chat. I'm a little busy, gotta do some work.
John: Then why is your IM on?
Me: Because I need it for work.

Soon the worm spreads.

Jane: Hey, why are you giving John the cold shoulder?
Me: Shit, I just want to get something done here. I'm sending someone a file with IM then I'm gone.
Jane: You're full of it. John knows you're still pissed at him about blah blah.

The worm may even infect unaffiliate third-parties.

Joe: Hey man, you don't know me, but I work with Jane at Curuthers and Magalby and the way you treat her and your so-called pal John is fucking bullshit. You shoud be ashamed of yourself.

Me: Seriously, I just want to get some work done here.

Joe: Yeah, like I'm going to trust a liar like you.

Fix: None.
Stopgap: Forever stop using IM with crazy paranoid social primates.

what a stupid design

[autopr0n]

A virus that needs a website to be up in order to work? talk about lame. Some of these virus coders are the stupidest people alive, I sware.

Mcafee Down

[czephyr]

I tried to go up to the virus map 6 or 7 times and they are down. Might be my software but still............ This thing may be neuter, but something is going on on the web.

Dont just remove it, DENY its ability to run

[dave1g]

Click here to disallow anyone or programon your computer to use messenger

Works for XP pro only I believe

Re:Dont just remove it, DENY its ability to run

[MOMOCROME]

hey, foolio:

that's Windows Messenger you are referring to, a completely different beast than MSN Messenger. Windows Messenger is an old component for sending explorer events to domain clients, for saying things like 'The Network is Going Down. Save Your Work Now." and such to your users. MSN Messenger is for "lol cyber u a/s/l/ here's a link to my plush toy auction on ebay" style messages to your social circle (and random people).

Re:Dont just remove it, DENY its ability to run

Actually, besides the windows messenger service you are referring to, there is a version of the IM program called "Windows Messenger", this is what comes with Windows and its started by default either you use it or not. The one that comes with the MSN application and also the one that is downloaded through windows update is called "MSN Messenger" and it seems to be the same piece of s*it but with a butterfly attached to the icon. Ive even seen them both running at the same time on some unsuspecting person's computer, just eating resources without being used.

MSN Worm

[Swedentom]

About a year ago, I think something like this was on the loose. Almost everyone on my contact list tried to send me something called "blaargh.exe". When I asked them what it was they had no clue.

Well, people that accept these kind of file transfers without knowing what it is and then _opens_ the executable only have themselves to blame... (for not getting a Mac ;)

Open-source to the rescue!

[Phantasmo]

Sure, Jabber may not be able to do video or voice chat... or organize multiplayer games... or even do simple file transfer...

but we are (so far) worm free! Start to convert your friends for their own safety!

Just try to keep from discussing anything involving bytestreams... or play it up! "Hey, if you can't receive files, you can't receive worms!"

Re:Open-source to the rescue!

[steveit_is]

Jabber does file transfers just fine, at least for me. I'm using Exodus right now, and all I have to do is right click the contact and click on 'send file'. Pretty easy if you ask me.

Re:Open-source to the rescue!

Hey, if you can't receive files, you can't receive worms!

Ladies and gentlemen, thee most typical linux user on planet Earth. Let me guess: you're at the front of the line to bash Microsoft when they divert attention from users' real concerns, right? What a hypocrite. Keep it up, though, because garbage like yours works very well as a way of showing people what the OSS "revolution" is really about.

Re:Open-source to the rescue!

Jabber is the biggest shit ever. Saddam Hussein used it in his hole...Its a shame for open source...

Re:Open-source to the rescue!

[Phantasmo]

Unfortunately the community hasn't settled on a standard implementation yet. Several clients do support file transfer, but they're based on incompatible standards that weren't even fully written.

If Skype can set up voice chat through any firewall or NAT, then Jabber can do it for its bytestreams.

Another problem with MSN

[tofubar]

Whenever you raise an issue with the fundamental security flaws of their service they give a little template form response.

User intervention Part 2

[ChocolateCheeseCake]

Why is it when some one does something stupid on UNIX and screws their HDD, its the user that is blamed but when the user CHOOSES to run Windows and CHOOSES to run MSN and CHOOSES to have their default browser to be Internet Explorer, for some reason they're immune to this barrage of RTFM and instead it is Microsoft who gets the blame.

Sure, I love the Microsoft bashing mosh pit just as much as the next Mac/FreeBSD user, however, in all honesty, when is the end user going to take responsibility for their actions? doesn't this sound like the a-typical senario in the "real world", something bad happens and the government is blamed for not stopping the idiot from hurting themself.

The fact remains that the end user does VERY little to protect themselves. Sure, we'll have a chorus of ranters claiming that in their zyx operating system world, they would *NEVER* need that and through some miracle, some how their operating system of choice is immune to all vunerabilities.

The fact remains that no matter what operating system you run, you HAVE to take precautions. Run an anti-virus, make sure your software and virus definitions are updated, run a GOOD firewall and actually learn how to use the computer so that you can set up the firewall so that is it beneficial rather than a hindrance.

If you follow these VERY basic precautions, I would be VERY surprised if you get infected.

In a perfect world, one WOULDN'T need to take these precautions, software would be bug free, everyone would be honest Joe's and Jane's, however, that isn't the case, the fact is, the world is filled with losers, script kiddies and other parasites and unfortunately the only way to defeat these people is to make their conquests so meaningless that they'll go back to nicking car badges off cars and boasting to their friends about what level of "Rainbow Islands" they got up to on their SEGA.

Btw, does any one remember that game?

Re:User intervention Part 2

[phillymjs]

for some reason they're immune to this barrage of RTFM and instead it is Microsoft who gets the blame.

Because Microsoft's marketing blows sunshine up people's asses. People believe they are buying a simple system that will just run, never need maintenance, and protect them from messing it up. In reality Windows is a complex system that needs a fair bit of maintenance, or at least care on the part of the user to not do something that will cause problems (like open any old e-mail attachment in their inbox, no matter who the sender, or download any old file from Kazaa, or install Bonzi or other stupid shit like that).

When you try to explain to people that they need to run Software Update and virus scans and do other system maintenance once in a while, they don't want to hear it. "You mean I paid all this money (read: $399) for this computer and it doesn't do all that stuff for me? Forget it!"

~Philly

Re:User intervention Part 2

[Dalcius]

I agree with you 100%.

That said, it's worth pointing out what some of the anti-MS folks are getting at: it all boils down to security/etc. out of the box.

With all of the insecure services turned on by default, no firewall, very trusting applications and APIs and the fact that most users run with admin priviledges (due to lack of "enter admin password to install this app" ability), Windows is just asking for problems.

Does it make the user any less responsible? Well, no, not really. A user should be able to expect a basic level of system security (which, IMO, Windows does not give), but you're right, they are responsible to a large degree. Still, none of this makes pointing out the flawed design (yes, I said design) of Windows a mistake.

Cheers

Prepare for trouble!

[AndroidCat]

Looks like we're Blastering off again!

Ping!

Some notify mechanism

[Andrea_from_Arg]

How about if MS implements some kind of notify mechanism for all MSN users in cases like this? (Notify windows, modal windows, even message boxes!)
The users execute things because they are ignorant; they don't know that executing an exe can bring up a worm/virus to their computer. It's just lack of education.

Re:Some notify mechanism

[AndroidCat]

Because the notify mechanism would be hijacked to advertise blue-penis-pills or it might have a security flaw? Keep it simple.

Re:Some notify mechanism

[dbIII]

How about if MS implements some kind of notify mechanism for all MSN users in cases like this?

They do - they send out all those nice emails with updates, and they've managed to get the updates really small now. I just wish they wouldn't send me five a day, and all from different email addresses too, and all containing the same file.

computers in the hands of idiots

[handybundler]

I was just given a box to 'fix' by a freind from work. It's a an older PII with Win98 on it.

After getting past the registry error messages at boot (i figured that's only the tip of the iceberg), i decide to go through the typical process of starting to figure out why this machine is running like shit. Scandisk checks out okay with no *major* problems. Then on to a general virus scan: Which, I am sure, has never been completed on this machine.

Exactly. Not only has this machine never been virus scanned, but it's never had any updating done to any of the windows programs like IE and Outlook Express. So, as one can imagine, this machine is riddled with Trojans, viruses, and other such spyware.

A cookie scan revealed about 200 random potential spyware cookies and approximately 10 different trojan variations.

My point being: when people are allowed to purchase systems off the shelf, go home hook them up, and go trotting around the internet picking up and spreading diseases, they should be required to have their computers checked and fixed on a regular basis. Some of these individuals never do these simple tasks. Thus creating the biggest problem to date, which is not the virus, but: the propegation of trojans and viruses by computers in the hands of idoits.

XP AntiSPy

[N8F8]

For you XP users out there here is a link to a nift little program that you can use to remove most of the privacy stealing features:
XP AntiSPy

Re:XP AntiSPy

[shish]

Ugh, too much internet advertising - At first sight I thought that was the latest model of X10, the X-Panty-Spy...

Re:This is why we use linux

What about a good LARTing?

If it was Linux

[leguirerj]

If it was Linux(UNIX), I would have the type 'chmod +x jituxramon.exe' before it would do any harm. Must be the MS-DOS compatibility requirements in Windows.

Clients

[MrFluffyPants26]

Hold on... so, would the worm spread through Trillian, Miranda and such?

Re:The face of attacker? - he get the ms bounty?!

I was wondering who might get the ms bounty for turning this worm author in (see article about Microsoft offering bounties for virus writers), but it seems that he has done it to himself, so does that mean he gets the check from Bill?!

Almost like REALPHX for AIM

[Sprite+Remix]

There's been this virus thats been screwing people' AOL Instant Messenger profiles, what it would do is create a link to the site and if you were to enter it from someones profile, it would install a worm and infect you profile as well. My system didn't get infected though, I'm guessing it was to due to Internet Explorer since I'm using Mozilla and I've been hearing about how scripts can go off in IE.

I kept getting IM bots sending me links to random porn sites since its 'peak' time when it appeared on almost all my friends' profiles. I found the fix here and sent it to my friends. Since their fix, I've been getting less spam.

I would use gAIM but I found that AIM with the final free DeadAim saves more resources on my system.

Old machines are not the only problem

Brand new machines are just as bad. Since Christmas day, I have seen a dramatic increase in spamming attempts in my mailserver's logs. And practically every attempt is from a computer sitting on an IP belonging to a cable or DSL ISP in North America. Since December 25, I've been shitcanning about five netblocks per day in my mailserver's blacklist. My reports to the ISP abuse@ addresses have made up the lion's share of my outgoing mail for the last week.

The timing suggests brand new, yet still-unpatched Windows boxes that were Christmas gifts are getting hooked up to broadband and practically instantly zombied by spammers.

I think the broadband ISPs need to take more drastic action to stop this shit-- like for the first 12 or 24 hours after a 'new' MAC address is detected on a subscriber's connection, the only web site that computer can visit is windowsupdate.microsoft.com. Or something like that. Because this is getting ridiculous.

how big is the file it downloads?

if the file is any larger than 1 byte, it has no chance of working on my internet connection. i could be safe for days before it completes the download.

Microsoft *Enables* This To Happen

[EXTomar]

Microsoft enables the user to do this is the problem. So who is the blame? The fool or the one that pushes the fool to do foolish things?

No one on BSD or Linux should be using gaim or any msn look alikes while logged in as a super user. Yet this is normal operating proceedure on XP Home which a majority of "uncontroled" PC have. Its one thing to say "Its your fault for doing something risky with your computer". But I claim "Its MS's fault for allowing them to do it in the first place."

Unix and Unix like systems all put hurdles in the way to stop this kind of maliciousness from happening. MS, a company that is supposed to be sharp and experienced in secure code and behavior, constantly chooses to remove the hurdles. MS wants people to believe that their computer is no more complex than a VCR which is pretty damn far from the truth.

So you will excuse me if I bitch about this and other MS design decisions. I'm not relishing a call from my parents asking why their computer is acting all squirrely.

Re:This is why we use linux

By "we" I guess you mean yourself and the other members of your little cult in that shack in the woods. That's probably 70% of the worldwide linux users right there. "We" can smell you from the city.

Re:Yeah!

Wow, that's informative! Thanks! Get lost!

Re:This is why we use linux

[hogger]

If, however, you don't happen to be an idiot, and you use linux, this worm is a non-issue with regard to _your_ PC. Just as MSBLAST, melissa, iloveyou, and the countless other worms and virii that plague non-*nix users were non-issues.

And, plenty of non-idiots use MS Windows and MSN messenger. They may be less techincally literate than the average linux user, but they're not necessarilly idiots. If some helpful linux geek had set them up with a linux box to surf, chat, and email on, they'd be in the same "this is a non-issue" category as all the other *nix users.

+1 insightfull

[AndreyF]

it definately would be, pretty insightfull if you ask me :)

Sounds like a non-story

[Overly+Critical+Guy]

The worm is not harmful to infected machines and has infected only a few PCs at this point, according to an analysis by Trend Micro Inc.

So why is this worth an entire headline? Shouldn't we at least wait until it's actually doing anything, or did Slashdot just want to get a new Microsoft worm article with a byline of "new-year-new-problems," despite sites like LinuxSecurity that list new vulnerabilities WEEKLY that Slashdot never reports?

And before anybody accuses me of being a Microsoft shill (you know who you are), I'm merely being the voice of opposition because I see so much groupthink here. I wish Slashdot was more rational and down the middle and objective, that's all. There is a genuine bias and propaganda going on against Microsoft, the RIAA, and so forth. Any inkling of a worm, no matter how minor and ineffective, gets breathlessly reported the minute it's submitted. Meanwhile, you never hear a thing about the faults of Linux security, except when they're forced to, like with the breaches of GNU/FSF, GNOME, Debian, and Gentoo, all within the span of six months or so.

Re:Sounds like a non-story

There was evidence to prove that Overly Critical Guy is a lying cocksucker, but he deleted it. Think independently.

Re:Sounds like a non-story

You *are* a MS shill. Your past posts have made that abundantly clear--you hate everything linux or linux related, you think that OSS is a bad idea.

In your world 'rational' and 'down the middle' means saying nothing negative about MS and the IP media cartels, but any sane person recognizes that for the bias that it is. If you don't like the fact that most people have their eyes open around here, then get the fuck out. Nobody will miss you and your whining.

You're also a lying cocksucker, in that this is your alternate 'troll' account. If you're such a sincere guy, why don't you post what your other 'real' account is? Of course now that you've deleted the damning entries in your journal (all of them) it makes it *that* much harder to prove what a liar you are, but you've already shown your hand. You're trying to project this 'reasonable' personna but it isn't going to work. Anyone who has been paying attention around here knows you and what you're up to.

To quote you: "Next."

Re:Sounds like a non-story

[Overly+Critical+Guy]

Why do you post repeated replies to my messages? Isn't one enough? They do log IPs, you know.

I think OSS is a great idea when it works.

I have no idea what you're talking about with the "damning entries" in my journal.

Re:Sounds like a non-story

There was evidence to prove that Overly Critical Guy is a lying cocksucker, but he deleted it. Think independently.

Re:Sounds like a non-story

[Tony-A]

So why is this worth an entire headline? Shouldn't we at least wait until it's actually doing anything

Slashdot tends to report anything new and significant. Slashdot ignores most all of the same-old same-old Microsoft malware. It's Microsoft that waits until it's actually doing anything (unless the target is Microsoft's update servers;)

There is a genuine bias and propaganda going on against Microsoft
Right. I use Microsoft software. I am biased against it.

Any inkling of a worm, no matter how minor and ineffective, gets breathlessly reported the minute it's submitted
Correct. For Open Source at any rate. For Microsoft, it's only the new stuff that gets reported.

Re:Sounds like a non-story

[Almost-Retired]

There is a genuine bias and propaganda going on against Microsoft, the RIAA, and so forth. Any inkling of a worm, no matter how minor and ineffective, gets breathlessly reported the minute it's submitted. Meanwhile, you never hear a thing about the faults of Linux security, except when they're forced to, like with the breaches of GNU/FSF, GNOME, Debian, and Gentoo, all within the span of six months or so.

'Scuse me, but M$ has rightfully earned every drop of venom hurled their way for the last frigging decade! And the RIAA isn't far behind with their 1960's business model, adjusted for inflation of course.

We get 8 or 10 machines hacked in the space of 6 months, and we're justifiably public about it so the problem gets fixed, usually within a few hours and you M$ shills grab the announcement, which is usually accompanied by a link to the fix, and come unfscking wrapped screaming about how insecure linux is.

You M$ users get a viri that has infected half a million machines typically, taking M$ 3 to 6 months to release a fix that sometime isn't, requires you to commit your firstborn to the evil service with a brand new EULA to be signed before you can install the fix, and whose traffic virtually brings the network to a halt, and its to be swept under the rug because it embarrases you and M$?

Not bloody likely. At least put things into perspective and get your priorities straight. Swen has been out for at least 6 months now, and I'm still getting 15-40 copies a gawddamned day. So when are you going to fix it?

Yeah, I'm a linux zealot, and damned proud of it. And I haven't logged even an attempt to access my machines from the outside world in well over 6 months, its simply not open to the network, not even on port 80. But its there, 24/7/365... I'll give you the exersize of finding it.

Whats your excuse now?

--
Cheers, Gene
A mostly retired old fart.

Re:Sounds like a non-story

[michrech]

Oh come on. Don't you think your being just abit Overly Critical, Guy?

=]

Re:Sounds like a non-story

[LinuxHam]

Not flaming here, but you may be comparing apples to oranges. You are complaining that /. reports every active Microsoft worm while it is out there, actively infecting multiple computers, but does not report every vulnerability affecting Linux machines. Slashdot doesn't tend to report new vulnerabilities affecting Windows, unless it comes as something spectacular, such as 6 high risk holes announced at once.

If you're reading security sites, then you're "doing it right", and that's what you need to focus on. You. I run Jay's IPTables Firewall. I occasionally check LinuxSecurity, but instead I usually visit their Packetstorm mirror and try out some of the latest exploits against my various machines just to see if I'm vulnerable. I also check CERT weekly, NIPC's Cybernotes biweekly, D-Shield and Incidents.org biweekly, and update Nessus and check my firewall biweekly. I don't have any open ports, so I rarely check for updated Snort rules. I do check my MRTG reports about once a day to see if an inordinately high amount of traffic is flowing through my firewall. There's so much that everyone should do all the time, that there's hardly enough time to complain about how much focus a web site places on reporting one OS'es actively exploited holes vs another OS'es potential vulnerabilities. In the time to read this, you could have been reviewing the Top 75 security tools and seeing where they fit in your environment, even if your environment is your house.

Re:Sounds like a non-story

[Overly+Critical+Guy]

What makes you think it's just one person? Do you have the proof?

Yes, I do.

I have yet to see *one* post where you praise OSS. I only hear you complain about why it's a bad idea or why it's a monumental failure. In other words you're full of shit.

I don't really care what posts of mine you see or don't see. It's not my fault you don't know my entire posting history or whatever. I love stringing you along like this, and it pleases me that I receive your attention. Be sure to reply to this!

Go ahead and try to act innocent. You can try to erase the past, but the Google cache will call you a liar. That's just one entry (and it took less than a minute to find) that proves you *had* journal entries, but have since deleted them. All of them. If they were innocent, then why did you delete them? Damning indeed.

To anybody curious: I wrote journal entries about certain posts I made that pointed out the hypocrisy of Slashbots. Big news there!! They're deleted because I haven't updated my journal in forever, so I felt it wasn't worth the bother. Be sure to reply to this, because I own you.

Next.

Re:Sounds like a non-story

You're a pathethic troll. Nice try, though.

Plz fx, thx!

Re:Sounds like a non-story

There was evidence toprove that Overly Critical Guy is a lying cocksucker, but he deleted it. Think independently.

Re:Sounds like a non-story

[IM6100]

And I haven't logged even an attempt to access my machines from the outside world in well over 6 months, its simply not open to the network, not even on port 80. But its there, 24/7/365... I'll give you the exersize of finding it.

I'll tell you what: I'll even give you the IP address of my Minix box. It's running Straight Minix 2.0 from the CD on the back cover of Tannenbaum's book so it should be trivial to hack it. You go ahead and have fun, 'kay?

The IP Address is: 192.168.0.25

Have at it!

Re:Sounds like a non-story

[Almost-Retired]

I'll tell you what: I'll even give you the IP address of my Minix box. It's running Straight Minix 2.0 from the CD on the back cover of Tannenbaum's book so it should be trivial to hack it. You go ahead and have fun, 'kay?

The IP Address is: 192.168.0.25

What a strange co-inkidence, I'm in the same C block :-)

Of course thats not my verizon assigned dhcp though, any more than yours is. Theres at least one layer of NAT between me and the DSL world. Not to mention iptables is running the gateway, and portsentry standing by ready to log it if anything comes in that wasn't requested. All that of course on the machine thats between this one and the linksys router/switch that handles the PPPoE details of keeping a westell modem connected.

Oh, I suppose some would call that cheating wouldn't they?

All's fair in love and war, and connected to the net is WAR. Humm, just saw the headline go by, 2.6.1 is out, time to warm up the compiler again.

The rest of the world shall have fun looking for us, exactly what we intended them to do. Keep them out of the bars and off the streets for a while...

I just saw the announce that 2.6.1 is out, time to take the compiler for walk again. :-)

--
Cheers, & best wishes for 2004 to all, Gene

Re:Sounds like a non-story

[Almost-Retired]

In the time to read this, you could have been reviewing the Top 75 security tools and seeing where they fit in your environment, even if your environment is your house.

Yeah, I used to do that when I was on a dialup and logging 10 or more taps on the door a day with portsentry.

Then I installed iptables and things got real quiet. Then I got dsl, with a linksys router/switch. Now its sensory deprivation.

--
Cheers & best wishes for 2004, Gene
A mostly retired old fart

Re:Sounds like a non-story

There is a genuine bias and propaganda going on against Microsoft, the RIAA, and so forth.

Go to www.microsoft.com or www.riaa.com if you want to see true bias. All slashdot.org is doing is balancing out the absolute crapflood of biased, deceitful trash coming out of those camps. Slashdot on it's own may not be unbiased, but it certainly makes the net as a whole more balanced.

Any inkling of a worm, no matter how minor and ineffective, gets breathlessly reported the minute it's submitted.

Only major worms/viruses are reported. Unfortunately for M$, since its software is widely used, almost every worm/virus may have a major impact.

Meanwhile, you never hear a thing about the faults of Linux security, except when they're forced to, like with the breaches of GNU/FSF, GNOME, Debian, and Gentoo, all within the span of six months or so.

The volume of security posts here is comparable for linux and windows. We can't help it if M$ can't take valid criticism. There are entire websites devoted to Linux security and they are regularly mentioned here.

Personally, I'd like to see truth-in-advertising laws enforced in spirit as well as a technicality. That would force the marketing droids at M$, RIAA etc. to be a lot more honest than they are now. Send astroturfers to jail and make lying by burying conditions in unreadable contracts illegal for a start.

Re:Sounds like a non-story

Hi Gene,

I just moved off a Linksys Router/Switch/AP specifically so that I could try out various Linux-based firewalls. I'm running VMWare ESX at home, and that gives me the opportunity to try out various firewalls by running them as virtual machines and attaching them to the dual ethernet ports. I still use the AP and switch functionality on the Linksys, but I moved the DHCP service to the firewall VM I'm currently running.

Today's story about Sun opening the Cobalt code has really egged me on to hack my RaQ4 collecting dust in the corner and making it my new permanent firewall. Nice hearing from you, and Happy New Year.

A meme by any other name ...

[CyberSp00k]

It is arguable that it is a meme ... "Meme (pron. meem): A contagious information pattern that replicates by parasitically infecting human minds and altering their behavior, causing them to propagate the pattern. (Term coined by Dawkins, by analogy with "gene".) Individual slogans, catch-phrases, melodies, icons, inventions, and fashions are typical memes. An idea or information pattern is not a meme until it causes someone to replicate it, to repeat it to someone else. All transmitted knowledge is memetic."

I would not be so smug...

[spitzak]

If the user is expected to be able to download executable programs (a useful ability, unfortunately) the download program must have the ability to turn on the executable bit, so the fact that it is a bit is probably no more protection than a requirement that the file end in ".exe".

I think the executable bit is a simple "attribute" that everybody seems so gung-ho on adding to file systems. In my opinion that is going to be as safe as the file-naming scheme used on Windows and it is annoying that there is so many claims that filesystem A will clobber B because it has attributes.

A safe system would use a program like "file" to identify exactly what is in the file and act on that. In fact, why isn't Linux persuing this?

"attributes" should be considered a cache of information that programs like "file" figure out. For instance the file type, program to run, postagestamp image, etc. It should be harmless to strip all the attributes, they will be recreated (the only harm is that things slow down). And file transmission protocols should be unable to send attributes, to enforce their use as a cache-only mechanism.

Re:I would not be so smug...

[Spoing]

1. I think the executable bit is a simple "attribute" that everybody seems so gung-ho on adding to file systems. In my opinion that is going to be as safe as the file-naming scheme used on Windows and it is annoying that there is so many claims that filesystem A will clobber B because it has attributes.

Is the execute bit the end-all-to-beat all? Absolutely not. It is a damn helpful tool though.

You're right on the file-only level though only partially. The difference for file systems has quite a bit of impact, and that's the reason Unix has had the execute bit for decades. Other new attributes (see Reiser FS for examples) are being added for future enhancements.

Think of it this way; knowing who or what created a file is an invaluable way of identifying who to talk to or if it's OK to erase or move something. File attributes -- linked to the user or group -- allow for even more control before the fact instead of after it (might be) too late!

Setting attributes can easily provide a way to have security and ownership details automatically be inherited across sets of files -- many that may not even exist yet.

With the execute attribute, simply copying the file to the disk doesn't make it executible. With the tendency of Windows to hide the extention from the user, it is much easier to socially engineer these clickable hostile programs. If it says it is a picture, why not click it?

Re:I would not be so smug...

[Spoing]

1. A safe system would use a program like "file" to identify exactly what is in the file and act on that. In fact, why isn't Linux persuing this?

You're right. It should *everywhere*. Right now, it's app-by-app.

Re:I would not be so smug...

[Spoing]

1. It should be harmless to strip all the attributes, they will be recreated (the only harm is that things slow down). And file transmission protocols should be unable to send attributes, to enforce their use as a cache-only mechanism.

Meta data (what you're talking about) isn't internal to a file. It gets stripped, and it's gone.

The 'magic' (what Unix file uses to determine what a file is) is not perfect so it can't be used as a way to reliabally recreate all attributes and meta data.

Apache, btw, DOES send attributes. Unfortunately, IIS is not as reliable and IE has had many problems ignoring anything but the file extention. It is entirely appropriate to have a web page named "bigpage" and graphics files named "background.zip", "help.button", and "home.is.where.the.heart.is" -- and have Apache report them as HTML, BMP, GIF, and PNG (respectively).

But you forgot ...

[RandomHavoc]

the part where you copy the HSV post to other blogs before formatting your drive.

Oh come on

Moderators, if we post every new virus you know there would be an average of 3 per day? This one even states that it's on a handful of computers and does no harm. Anyone stupid enough to be on the internet without antivirus and keeping it up to date deserves this virus. A better story would be about how so many *nix boxes are hosting viruses on the internet unknowingly.

THIS ISN'T NEWS!!!

Re:This is why we use linux

Knoppix does unless you REALLY REALLY REALLY try to mess up your computer.

Re:Speaking of idiots

[symbolic]

some idiot at Microsoft...Windows Messaging service

This combination is also quite valid.

The FBI is coming ...

Run before they get you ;-)

Mac users unaffected

[CokeBear]

Fortunately for us, Mac users who use MSN are unaffected.

Re:Mac users unaffected

No shit! I find it hard to believe that a Windows-only virus would not affect a Mac computer. You're making shit up!

Anti-virus experts are watching a new worm

Anti-virus experts are watching a new worm.

Instead of watching it, why don't they shut down the freaking site where that exe is being downloaded from. Doh!

Kill the messenger.

[Tony-A]

Both of them.

Linux users can experience this aswell

[Rik+Sweeney]

Just go here

User Stupidity is the Problem, not Messenger

[aObie]

While I would agree that MSN or Windows Messenger is a very poor product, one has to be fair in realising that this is not a problem with Messenger. This virus could just as easily be transmitted via AOL or ICQ because it merely sends a link out THAT THE USER HAS TO CLICK before the virus is transmitted onto the users computer. And if you are stupid enough to follow a link sent to you via IM from a person you don't know you deserve to have a virus installed onto your cpu.

Re:This is why we use linux

But it's only the idiots that are being affected anyway. You have to click on a suspicious link and then run the exe it downloads.

Yes, Linux will protect you - but what proportion of Linux users are dumb enough to do that in the first place?

I found his name/number

His name is adam from Hartford, CT

203 923 6997 - call his cell.

and check his web page: www.home.no/jberg/

Re:I found his name/number

[jberg]

No. That's not my name, and not my number > Anyway: I've registered to home.no using my real name and stuff.. FBI will come knowcking on my door soon :S

exploits

[joper90]

blah.. just install linux as a firewall.. and then use windows as a games machine behind the wall.. works fine.. and no virus.. Also this was a exploit on ****** a while ago.. just like the webdav bug (the blaster worm) it seems to take a couple of months and some idiot makes a damn virus out a perfectly good hacking tool :)

Street smarts are still evolving

[Beryllium+Sphere(tm)]

Almost everyone knows not to take "free samples" from street corner entrepreneurs, not to bet on the shell game, and to stay out of dark alleys.

That's learned behavior, though. Consider all the stories about people new to big cities.

The Internet's the biggest big city ever, and the bad neighborhood is always one or two clicks away.

It can take a generation for street smarts to propagate from early adopters to the population at large. In a decade or two, the majority of computer users may operate their computers about as safely as they operate their cars.

Meantime, there's a lot to be said for designing technical firebreaks to stop damage from spreading.

RE: firewalls

[King_TJ]

I have mixed feelings on the software firewalls, either included with the OS or 3rd. party. Yes, it's probably "safer" if they just enabled them by default - but I've seen a LOT of problems come up with them.

EG. The Symantec "Personal Firewall" is troublesome for Windows users who aren't very computer-savvy. They install it using all the defaults, because they're told it's "a good idea to have a firewall". Then, it ends up preventing local printer and file sharing or wi-fi cards from functioning, because IP ranges to allow on the local LAN aren't properly configured in it.

The OS X firewall is probably a little more friendly "out of the box" than some, but it's probably better to default to it being disabled. I can understand the argument for enabling it by default - but it bothers me that your system would default to preventing some protcols or ports from functioning as they're originally intended to function. Anything that restricts/prevents some items from doing what they natively do should be an option to enable.

Nothing new here, move along,

[unixbum]

AIM has a Malware bug going arround called BuddyPicture.net, it infects a users profile with a link to BuddyPicture.net which in turn infects the computer using laxed activex settings in internet explorer.

Now go use Gaim poeple.

--Joel

Silly Idea

[dbIII]

Some people actually have very good reasons to use windows - eg. software to do the tasks they want to do only exists in windows, or simply I would take too much time to shift their work to another system. Otherwise, it's just an expensive toy.

Civil Forfeiture & "The War On Drugs" (TM).

[titzandkunt]

"... you are still not guilty of anything, but they can confiscate your house and sell it in an auction anyway. Apparantly the legal justification for this is that the house is guilty of a crime or something like that..."

That's about the top and bottom of it. This kind of Civil Forfeiture is known as in rem forfeiture. "In rem" refers to a legal action directed solely against the property based on a legal finding that the property itself is used in an illegal manner.

The act of suing inanimate objects is (to me at least) an utterly bizarre legal fiction. Those who are interested can read more at F.E.A.R, which contains some good stuff, as well as links to "hard" (as in "by lawyers for lawyers") legal background materials.

T&K.

Re: firewalls

[The+Infamous+Grimace]

I guess that I tend to want to err on the side of caution. Include a paper flyer with each new computer explaining in detail the firewall, and how to disable it. Or make it part of the first-time set-up. Design it in such a way that the end user has to go out of their way to not read it (can't continue until the page explaining the firewall has been scrolled down to the bottom or some such).

As far as disrupting some functionality, I hear you, but OS X seems to be mostly free from these issues, at least for home-use. I have the firewall up and running on both our Macs (PB G3 300 and iMac DV 400), and share a printer between them with no problems. I can also connect via SSH, FTP, SMB/CIFS, AppleTalk or Remote Desktop with no issues, although I don't keep them all on. The only problem I've encountered are external FTP sites that have problems with passive ftp.

Of course, YMMV.

(tig)

Trillian

[lothrids]

Glad I use Trillian!!!

Shouldn't that be...

[HiggsBison]

"At the time of writing the worm was unavailable for comment."

Or the URL. Or something. I don't know. Ok, it needs work. Fine, leave it as a exercise for the reader.

Dumb problem though. Duh, lets see. It goes on line and gets some more code. How can we possibly stop that? Uh... dunno! Think there's a trail to follow here? Uh... nope!

Viral OS?

Viral OS?

Usual Suspects

[LPetrazickis]

Dare I say it? Looks like someone opened up a whole new can of worms!

Pandora, I am looking in your direction here...

You guys are all wrong.

[jberg]

Idiothism. We did this for sheer VB fun, not to harm anyone. (wohoo gerardo proved the power of VB! :P) Whoever ran this on this comp first must've been a retard. Anyway, nothing more will be done with this.. if you check my website now, you'll see my apology. Someone took the virus down anyway. And who made up the name "Jitux" ? Gerardo didn't. I didn't. This was meant as a joke. See: jituxramon = jitu x ramon x means like "first part is in love with second part". therefore "jitu loves ramon" :P. jitu is the name of the friend i wanted to do the joke on. ramon is a boy name. Those virus people don't have a clue.. :S Well well. the source code is available from my website now, for those who want it :P But i sure hope no one will sue me.. :( But it was kinda cool, we got slashdotted and stuff ^^ (and symantec thinks we are security threats. wohoo!) Yeah yeah. jituxramon is dead now. always will be. So no more "hey i think i know something about this" posts now, ok? =S

Re:Speaking of idiots

[HeadIdiotinCharge]

Perhaps they should be joining the National Union of Idiots!