Slashdot Mirror
New Worm Spreads Via MSN Messenger
vxone writes "Anti-virus experts are watching a new worm that spreads through Microsoft Corp.'s MSN Messenger client. The worm is not harmful to infected machines and has infected only a few PCs at this point, according to an analysis by Trend Micro Inc. Known as Jitux, the worm is self-propagating and contains a link to a Web site that automatically downloads an executable file named 'jituxramon.exe' to the PC. Once the file runs, the worm begins sending out copies of itself to all of the names in the user's Messenger contact list."
Uhhh, shut down the website that the "worm" is sending a link to?
This thing is not a worm, no matter how much you want it to be one.
In Soviet America the banks rob you!
A friend of mine, who knows a bit about this kind of thing (no, he isn't) suggested that this is the kind of thing someone would do if they wanted to cause a lot of damage, but not get caught. The harmless version will be widely propogated, and then it's only a matter of time before some script kiddie loads up a far more harmful payload. This will probably be the person that takes the rap for the whole thing, leaving the original virus creator scott free.
Linux doesn't protect users from being idiots. Nothing can.
HOW'S MY POSTING? CALL 1-800-POSTING
Nothing. However privlidge separation on a Unix box would prevent a harmful payload in a worm of this sort, unless the user was running as root. In which case, he needs to be shot.
I still have more fans than freaks. WTF is wrong with you people?
I thought self propagating worms involved no direct user interaction (ie a tard clicking a link), doesn't that make this just a plain old (really simple) trojan if anything being as it pretends to be something else (i assume the link comes with a message like click here to see me holiday pics !)?
because everything is controlled via friggin VB.
i mean, for once the excuse can't be: "well, they attacked [insert MS software title here] because it's the most popular". AIM and YIM have been around a lot longer and no one ever wrote a "worm" (debatable label in this case) for those...
in this age of communication i'm just not getting through
" However privlidge separation on a Unix box would prevent a harmful payload in a worm of this sort, unless the user was running as root."
Could you elaborate on this a little? From what little I understand of permissions in *nix, this might prevent data from being written in the wrong spot (i.e. overwriting of system files), but would it prevent a headless app from running and sending out messages to other machines?
Ah if only application firewalls were standard issue like virus scanners. At least Microsoft's forcing that evolution to happen.
"Derp de derp."
Well from a computer security perscpective, that which lies between chair and keyboard is part of the computer system.
--- Justin Dearing http://www.justaprogrammer.net/ We're just programmers.
What worm maker would link to a site that hosts their webcam as well?
Well it does say "Retard-CAM".....
.sdrawkcab si gis siht
do you trust ./'ers to only write innocent, good willed code ?
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
Things like this have been on IRC, e-mail, MSN, AOL, ICQ and any other chat type application you can think of. It's the classic n00b getter. Send them a message that warns of imminent doom, promises something wonderful or what have you and try to get them to run your app. That app then does as you please.
This is the kind of vunerability that we'll basically never be able ot get rid of, barring some kind of orwellian palladium thing. Dumb users will run shit they shouldn't, and infect their boxes. You can do things to reduce the probability, but you can't eliminate it.
I deal with this at work all the time. We have a user that just loves to run every damn attachment she gets her hands on. Despite a virus scanner and as restrictive privledges as we are allowed to give her, she STILL gets infected form time to time. There's just no stopping it. The only way would be to disallow her to run apps that admins don't install, which we aren't allowed to do (adn doesn't apply to home users).
So we just have to accept this crap. Hopefully OS/app makers will do what they can to make it as hard as practical for this to ahppen, but you'll never eliminate it. YOu also have to be careful not to go too overboard. I mean I can think of many measures that would make these things much safer. However they generally involve things that would make them a bitch to use and piss people off.
About a year ago, I think something like this was on the loose. Almost everyone on my contact list tried to send me something called "blaargh.exe". When I asked them what it was they had no clue.
;)
Well, people that accept these kind of file transfers without knowing what it is and then _opens_ the executable only have themselves to blame... (for not getting a Mac
Sig Nature
Don't Blindly Believe The Story
News submitters have been wrong before.
Argh... Now you reminded me of that recent stupid & incorrect double-posted "Oooh Earth Is Moving Slower Through Space" article.
Beware: In C++, your friends can see your privates!
Why is it when some one does something stupid on UNIX and screws their HDD, its the user that is blamed but when the user CHOOSES to run Windows and CHOOSES to run MSN and CHOOSES to have their default browser to be Internet Explorer, for some reason they're immune to this barrage of RTFM and instead it is Microsoft who gets the blame.
Sure, I love the Microsoft bashing mosh pit just as much as the next Mac/FreeBSD user, however, in all honesty, when is the end user going to take responsibility for their actions? doesn't this sound like the a-typical senario in the "real world", something bad happens and the government is blamed for not stopping the idiot from hurting themself.
The fact remains that the end user does VERY little to protect themselves. Sure, we'll have a chorus of ranters claiming that in their zyx operating system world, they would *NEVER* need that and through some miracle, some how their operating system of choice is immune to all vunerabilities.
The fact remains that no matter what operating system you run, you HAVE to take precautions. Run an anti-virus, make sure your software and virus definitions are updated, run a GOOD firewall and actually learn how to use the computer so that you can set up the firewall so that is it beneficial rather than a hindrance.
If you follow these VERY basic precautions, I would be VERY surprised if you get infected.
In a perfect world, one WOULDN'T need to take these precautions, software would be bug free, everyone would be honest Joe's and Jane's, however, that isn't the case, the fact is, the world is filled with losers, script kiddies and other parasites and unfortunately the only way to defeat these people is to make their conquests so meaningless that they'll go back to nicking car badges off cars and boasting to their friends about what level of "Rainbow Islands" they got up to on their SEGA.
Btw, does any one remember that game?
Erotic uses a feather; Pornography uses the whole chicken
I was just given a box to 'fix' by a freind from work. It's a an older PII with Win98 on it.
After getting past the registry error messages at boot (i figured that's only the tip of the iceberg), i decide to go through the typical process of starting to figure out why this machine is running like shit. Scandisk checks out okay with no *major* problems. Then on to a general virus scan: Which, I am sure, has never been completed on this machine.
Exactly. Not only has this machine never been virus scanned, but it's never had any updating done to any of the windows programs like IE and Outlook Express. So, as one can imagine, this machine is riddled with Trojans, viruses, and other such spyware.
A cookie scan revealed about 200 random potential spyware cookies and approximately 10 different trojan variations.
My point being: when people are allowed to purchase systems off the shelf, go home hook them up, and go trotting around the internet picking up and spreading diseases, they should be required to have their computers checked and fixed on a regular basis. Some of these individuals never do these simple tasks. Thus creating the biggest problem to date, which is not the virus, but: the propegation of trojans and viruses by computers in the hands of idoits.
a/s/l here. Sorry, adding domain tags to your s
Because the notify mechanism would be hijacked to advertise blue-penis-pills or it might have a security flaw? Keep it simple.
One line blog. I hear that they're called Twitters now.
Hold on... so, would the worm spread through Trillian, Miranda and such?
but if successful I am guessing 90% of home desktop users will not even notice any difference.
/.ers think that everyone around them is a drooling idiot, but you don't think that someone would notice that what used to be Office XP is now Openoffice??? I prefer Openoffice, but it is definitely not as visually appealing as Office XP. This is just more ridiculousness from the zealot crowd (I much prefer Linux to Winndows for technical reasons rather than pseudo-religious ones). I just wish people would stop trying to attribute mental retaradation to everyone not running Debian.
Oh, come ON! I realize that most
Social Engineering Expert: Because there is no patch for stupidity.
Why is it considered offtopic when someone corrects a person.
/want/ to go to the other side of the road. Perhaps if there were food, or offspring, but there would need to be some instinctual impetus for... " and on and on.
Well, I can't speak for the mods, but I thought the spirit of the parent was to be funny. He accomplished that, although he was slightly inaccurate. You pointing out what you did was like someone dissecting a joke until it's no longer funny.
a la "well, technically, a chicken may not really have the mental sophistication to
It would be a different matter if the facts for his post needed to be accurate. I'd welcome corrections, but, unlike the original poster, a corrective post isn't really accomplishing anything in that vein. That's why your post (and mine) is Offtopic. I'm not saying it's not welcome or completely useless, but you shouldn't be surprised that it's considered Offtopic.
HTH
You don't need Geeksintraining if you're on Slashdot.
So why is this worth an entire headline? Shouldn't we at least wait until it's actually doing anything
Slashdot tends to report anything new and significant. Slashdot ignores most all of the same-old same-old Microsoft malware. It's Microsoft that waits until it's actually doing anything (unless the target is Microsoft's update servers;)
There is a genuine bias and propaganda going on against Microsoft
Right. I use Microsoft software. I am biased against it.
Any inkling of a worm, no matter how minor and ineffective, gets breathlessly reported the minute it's submitted
Correct. For Open Source at any rate. For Microsoft, it's only the new stuff that gets reported.
Not flaming here, but you may be comparing apples to oranges. You are complaining that /. reports every active Microsoft worm while it is out there, actively infecting multiple computers, but does not report every vulnerability affecting Linux machines. Slashdot doesn't tend to report new vulnerabilities affecting Windows, unless it comes as something spectacular, such as 6 high risk holes announced at once.
If you're reading security sites, then you're "doing it right", and that's what you need to focus on. You. I run Jay's IPTables Firewall. I occasionally check LinuxSecurity, but instead I usually visit their Packetstorm mirror and try out some of the latest exploits against my various machines just to see if I'm vulnerable. I also check CERT weekly, NIPC's Cybernotes biweekly, D-Shield and Incidents.org biweekly, and update Nessus and check my firewall biweekly. I don't have any open ports, so I rarely check for updated Snort rules. I do check my MRTG reports about once a day to see if an inordinately high amount of traffic is flowing through my firewall. There's so much that everyone should do all the time, that there's hardly enough time to complain about how much focus a web site places on reporting one OS'es actively exploited holes vs another OS'es potential vulnerabilities. In the time to read this, you could have been reviewing the Top 75 security tools and seeing where they fit in your environment, even if your environment is your house.
Intelligent Life on Earth
Glad I use Trillian!!!