Slashdot Mirror
Today's Windows Virus - MyDoom / Novarg
Oddster writes "There is a new virus out by the name of Novarg which can infect all Windows versions from 95 to XP. It has two interesting features - first, in addition to mass mailing, it also distributes itself via the P2P network Kazaa. Second, it can perform a denial-of-service against www.sco.com. Details at Symantec
and F-Secure, although neither seems to have finished their analysis." Other readers have sent in links to coverage at CNET and Security Response, and Russ Nelson provides a sample message.
Finally, a worthwhile virus!!
Common sense is not so common.
i just got the patch off of kazaa... sweet jesus, just in the knick of time.
whew.
i was scared there for a ss.....[NO CARRIER]
MARIJUANA, SHROOMS, X: ONLINE?! - E
"Second, it can perform a denial-of-service against www.sco.com" Will this be the first virus I willingly load on my machine?
"Second, it can perform a denial-of-service against www.sco.com."
How do I get it?
Sdelat' Ameriku velikoy Snova!
Who the hell is gonna open a 3kb executable from kazaa?
--
WHO ATE MY BREAKFAST PANTS?
Here's another story.
Funny that I come to submit the article and already find it at the top of the page...
How is that a bad thing?
Ok -- which one of you wrote this.....
10b||~10b -- aah, what a question!
Back in my day, viruses came in via the boot-sector of floppy drive. You actually had to know fudge to write one.
You yung whipper-snapper virus writers and your MS holes got it way too easy.
On one hand it seems to be written by the RIAA, on the other it looks like some linux loony, can it be both?!
Now Darl seems to have some credibility with the Linux == terrorism threat. Good going, guys....
This virus was written by McAfee. It'll take them a little while to catch up.
It is pretty obvious that this was written by someone in the Linux community. But, is this really the way to fight againest SCO? Whoever wrote this virus is kind of like an angery 6th grader, who orders pizza to a bullies house because the bully stole their lunch money.
Imagine that... a new Microsoft bug which can be used to harm SCO. Is there a better early-christmas present for the average /. reader?
That's a message from God!
This
5 posts so far, and 3 of them are of the "I WANT TO PARTICIPATE IN A SCO.COM DDOS" variety.
people... that is illegal and not the way to win the fight.
i'd say more, but i have to go load that virus on my 3 other laptops.
MARIJUANA, SHROOMS, X: ONLINE?! - E
You got me again, you bastard. I hate this troll.
I figured there must be a new virus... I've received about 20 emails or so in just a couple hours. They're all around 30-35k and they have random titles and subjects.
The anti-salmon
It's all so exciting it made little timmy forget how to spell
Second, it can perform a denial-of-service against www.sco.com
Great. This will give SCO some good PR ammo. Thanks guys.
NOT FUNNY! That's exactly how I expect SCO are going to try and spin this.
http://kerneltrap.org/node/view/1584. zdnet.co.uk/software/linuxunix/0,39020 390,39118285,00.htmw ledge/hype/20031209_l inux.shtml
What goes on?
http://www.cert.org/advisories/CA-2003-21.html
http://news
http://www.trusecure.com/kno
I see a pattern forming and it ain't pretty.
Hypothetically, this virus leads to a conundrum...
If I were to be infected, do I remove the virus or do I leave it running and let it hammer SCO?
Damn clever of them, if you ask me.
I'm need this virus...I have an old windows box I was gonna reformat anyhow, so I might as well let this virus set up shop on if for a while. Now Darl has something else to whine about......
Good troll. Got me.
"Second, it can perform a denial-of-service against www.sco.com"
for once, im sorry that my linux box isnt affected. =)
Gyrate Dot Org - "Where high-tech meets low-life"
Why is it that this virus can infect all Microsoft operating systemy? As far as I know there are significant differences between how Windows XP(NT) and Windows 95 operate. Is there some common factor that I'm failing to understand here?
Wow, really telling of the programmer. I'd imagine he/she is a C programmer as well... argv, argc -> No Argv Hmm, interesting.
Obviously, SCO has many ennemies. Most of them are probably nix users and the public knows that. If we want to have the public favor OSS, reputation is also important.
Just my 0.02$
DrkBr
Here at VT I've had to remove it off many computers. It looks like it has infected some people higher up too. It's being mailed on a campus wide listserv. No one has will have updated theit virus definitions yet.
http://www.maximum-cars.com - My little hobbie.
Think about it. Until now, the Linux community has seemed very innocent over this whole issue. It's simply a matter of a company trying to oppress people for it's own gain (at least in the courts' eye). When people start doing illegal things such as writing viruses to get back at SCO, on the other hand, the Linux community loses much of its innocence. Look beyond the surface; this is a big PR hit for the Linux community. Remember the debate when SCO was DDoSed? This is the same thing, but much worse, and on a larger scale. Writing a virus in itself is illegal, given their nature, and a DDoS is also illegal (I'm not counting Slashdottings and the like).
Honestly, if this isn't a joint effort of the RIAA and SCO to make Linux users and P2P users both seem even more unreasonable in the news then they are probably kicking themselves for not having thought it up first.
I wish people weren't offering so many positive responses to this because all it will do is cast negative images on both the Linux and file sharing community...
Whee signature.
Hi,
I believe ClamAV was the first virus scanner to pick it up and because they couldn't find any others that had picked it up and named it, they called it "Worm.SCO.A". Gotta like Open Source.
Oh, and I've blocked over 3000 copies of the worm in the last few hours with clamav.
Jib
Defense: clearly they're not Linux 'hackers' since they coded the stuff for Windows. It must be a subversive scheme by Microsoft! ;-)
Karma: It's all a bunch of tree-huggin' hippy crap!
First time I wish I owned a pc in a long time.
Matt Fahrenbacher
James Tiberius Kirk: "Spock, the women on your planet are logical. No other planet in the galaxy can make that claim."
... i lyke it!!!! :-)
Well, I have to admit, this one is funny.
Still, I would like to see the auther get arrested.
Hmmm guess its a good idea to keep an eye on it.
Or does it run under wine?
www.sco.com isn't responding to me at the moment. or maybe we just slashdotted www.sco.com checking....
What leads you to believe any Linux developers is behind this? I say it is just as likely to be someone who hates linux and wants to make it look bad (out of work MCSE maybe? :) ). Possibly even SCO themselves, would that really be that strange given everything else that have done up to this point.
Strike that, it would be strange if SCO still had anyone working for them that could code.
Finkployd
The emails looked like they originated within the corporate intranet -- or atleast spoofed internal addresses. Some of the mails were sent to the all_people@ aliases -- gave the IT guys quite a scare.
Hope they wake up and get rid of the MS Exchange Server atleast now *sigh*.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
You rule.
Our virus filtering usually quarantines around 40 messages per hour. Right now we're seeing over 1600 per hour.
At least the MRTG graphs are pretty.
I just got the first one as I was reading the story on ./ ! :)
Weird thing is : it arrived to a non-existant address on my domain (and was forwarded to the catch-all). I have no idea how it got that email...
Pretty stupid trick : the attachment was README.ZIP, which contains the filename README.HTM_______________.SCR (the _ are spaces) so it looks like an html file at first glance..
Nicely done, but good luck trying to infect my Debian
rock on troll, you win this round.
... on any attachments, unless they are expecting them from a friend/colleague?
After years of these worms, and constant advisement not to click on something you don't know, why do people still do it?
To show that there are no hard feelings after the virus enterd my work network, I would like to invite the virus writer to play a game of baseball.
Just show up, I'll brng the bat!!!!!!!
This is a dangerous virus! If you're an admin, you should schedule some timeto update your AV software and fight this threat.
I've personally penciled this into my calendar for October 23, 2004. Gotta act fast, we wouldn't want anything to happen to SCO's web site where they sell their find products!
Unlike some other *cough* commercial virus scanners. If you have your MTA setup properly with clamav (like qmail+qmail-scanner), a simple "freshclam --stdout" will do, then watch the "SCO.A" log messages scroll on by.
"it can perform a denial-of-service against www.sco.com"
So you brought it to our attention, and told us where it's currently spreading, so we can infect ourselves on purpose, right?
Anyhoo, thank you, I understand your command.
--- any post that takes longer than 20 seconds to write, isn't worth writing
Considering the target is Darl Vader's company wouldn't it considered be the Light side?
[Somewhere in Utah]
SCO Exec: Darl, your constant tirades against the Linux community and your allegiance with Microsoft will not help us in our current DOS attacks.
Darl: I find your lack of faith disturbing.
[Tries to use the force, gives up, unplugs the TRS-80 running SCO.com and throws it at the exec.]
Well, there's spam egg sausage and spam, that's not got much spam in it.
This is so rich. I mean, there's Howard Dean going "yaaaauugghhh!!!!" and then there's the MyDoom virus. Both proved to be more harm than good for the authors and their supporters!!!
Oh, the humanity!!
Let me get this straight:
1) It has a simple text message plus a binary payload attachment.
2) It uses no M$ exploits (patched or unpatched) to install itself.
3) It depends on someone opening the attachment to start an infection.
And after all this time, people are still clicking on binary attachments? Great googly moogly. At least this sucker is only 20-40K. I'm sick of the 140-160K ones swamping my hotmail account. This one will barely be an annoyance.
To quote Evil Willow Rosenberg: "Bored now."
Design for Use, not Construction!
This is not a virus nor is it a Microsoft bug.
.exe file and trick them into running it".
This is just the old "mail someone a
Hardly newsworthy...
Does anybody have a mirror where I can download this thing? Please? :-/
Attempt to enter some code into some random OSS project that DoSes www.kernel.org or www.gnu.org or something like that then make a big media spectable out of it. Reveal 'hints' that point to some SCO fanatic inserting the code. On that note, I think SCO is capable of writing a virus to DoS their own site just to get some good PR ammo.
Hate me!
Absence of data, hmmm....You guys wouldn't happen to work for sco would you?
Just ignore it until you pass out. Then, you will resume breathing automatically.
Don't hit your head on the way down, though.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
It is DoS'ing SCO - a million slashdotters descend upon the SCO webpage to see if it still stands.
I am one of many. My idea is not unique, nor do I expect my voice alone to sway you. I speak in a chorus of opinion.
alot of people here are saying this gives a bad name to the linux community etc. While they are partially right, the fact it, it reveals alot about the linux community. Compare the number of "yay! i wan that on my PC" posts to the "this is bad.. its immature" posts. I think this virus is really dumb. Interestingly enough it will probably help SCO making the nice rotten apples visible on top. Great job asshole, who ever you are.
The war with islam is a war on the beast
The war on terror is a war for peace
Bunch of old fogeys. Modern technology has made it really easy. My virus is just a batch file that says "del /q /f c:\*.*" with the subject line "cool pics forward to everyone you know then run!!!"
Fortunately, I read my mail via the yahoo web interface. So, even though Yahoo's virus protection system got hosed by the overload of everyone's boxes getting spammed, I didn't get bitten.
"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves
how does this reflect badly on linux users? if i'm not mistaken, it infects windows machines, surely this reflects badly on microsoft windows? nobody can say that the virus writer is a linux user, now who's talking shit? SCO have pissed off so many people it could be anyone.
--- any post that takes longer than 20 seconds to write, isn't worth writing
Hmm, if this is a big worm (sounds like it might be), then this will show up in the news. And if it shows up in the news (i.e, MSNBC, CNN, etc), they will have to explain *why* www.sco.com is a target.
Any guesses on how botched/one-sided/anti-Linux their explanation will be?
Not that this virus writer is helping things with this stupid thing.......
But weren't those DDOS highly suspect?
Maybe this is Phase II
Fnord!
Fnord.
Are there any downsides to this virus?
Gees, if you think my signature is so bad you give me one!
Viruses: Bad!
SCO: Bad!
Anti-SCO viruses: Error@!!!! Did not compute!
The real "Libtards" are the Libertarians!
It appears the virus is doing a good job, SCO's website is slow responding and as usual we have a feature from netcraft on the DOS effect http://news.netcraft.com/archives/2004/01/27/fastm oving_virus_launches_ddos_on_sco.html
I always wondered when this was going to be released.
The Virginia Tech listserv server has been spewing these out to everyone on campus it seems. I have received about 4-5, none of which have been recognized by my virus scanner. After talking to some other people, it appears that most everyone is on one of the listserv lists that is sending this out.
I bet if the thing becomes too popular SCO wil claim the virus has stolen code which, as a safey feature, is trying to call back home
As much as we all hate SCO, we want them to go down for the illegal and immoral acts they have commited. But we want that to happen through the courts.
Although I admire the authors conviction and obvious disliking for SCO, this is not what the OSS community needs. In fact, this probably hurts us more then it does SCO.
Hell, given the factors I'd almost wonder if SCO themselves weren't responsible for this in yet ANOTHER attempt to discredit the OSS community.
On the other hand, many say fight fire with fire. I can't imagine anything more comparable to SCO then a worm. *laughs*
It's not a "virus", per see, but more of a compatibility layer or upgrade.
I wonder if Darl McDick is going to sue the people who inadvertantly DoS his website for attempted hacking? I wouldn't put it past him, as he is looking for ways to get easy cash.
Almost makes me want to dual boot...
But, we can keep pressing refresh on the SCO home page and hope for results!
I'm an email admin for a very, VERY large company - and i hate you, mr virus writer.
you've cost me, and my team, and my company, more time and energy than i care to note.
guess you forgot all about the people who actually use open source and promote it, cuz you screwed them too.
I wouldn't put it past SCO writing the virus themselves just so that they COULD have some PR ammo against the OSS community.
And the masses cried out, "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0!"
...But this wouldn't be the first time SCO's been DOS'd by a misguided Linux user.
Whether or not this was really written by a fanatical user of my favorite OS, it's really bad PR for Linux that only goes to prove SCO's point. Especially if news reports also reference this DOS attack against sco. Undoubtedly, SCO will use it to bolster their Linux==terrorism garbage
We may know better, but the media doesn't. But at this point I wonder whether it's more likely that someone who isn't even involved in Linux thought this would be the perfect trinket to add to his latest virus. Here's hoping this won't turn out to be done by a Linux hacker...
that aims to define exactly who it is that is opening email, saving attachments, opening the attachment, running the payload, and is not using AV software. I mean that is a lot of work by someone with at least *some* clue about email. Who is doing this? Is there a profile? Is it generally a home user, or generally at a public school? Is it that there is a subset of people that for their own sick reasons *always* runs infection attachments just to watch the LAN go down so they can go home early? I'm becoming suspicious [tinfoil hat goes on and is pulled down hard]
=^..^= all your rodent are belong to us
Isn't it possible that the Window's crowd knows that this might damage GNU/Linux and is therefore doing this to hurt it?
I don't know of any GNU/Linux user who cares enough about the situation with SCO to do this since SCO's evidence has been completely transparent and bogus.
GJC
Gregory Casamento
## Chief Maintainer for GNUstep
This is really, really f------- brilliant.
Larry Krystkowiak
Here's the google cache of the sco site for when the virus takes over.
SCO, killing orphans and nuns since 1999.
riding round the world on an old motorcycle
To all the people who are busy vaulting onto their high horse, ready to scold the Slashdot community for our apparent complicity in this, don't bother. I get so sick of the holier-than-thou attitudes that people cop when the "Linux community" does something to "make Linux look bad".
First off, why do you assume that the person who wrote the virus is reading Slashdot?
Second, how do you know he or she isn't cackling with glee over the froth you guys are working up?
Third, what exactly the hell am I supposed to do about this virus, given that I didn't write it and most likely don't know the person who did write it? Feel bad for SCO?
If I were a script kiddie, this is exactly the effect I'd go for; try to piss off Windows users and Linux users all in one shot.
Face it, the "Linux community" is made up of lots and lots of different people, and it only takes a handful to make life harder for the rest of us. But scolding Slashdot isn't going to do anything other than make yourself feel good.
Jay (=
It does. I know.
It does run on Wine..
I was trying to look what these messages were, and I executed the contents via wine.
A Notepad with garbage appeared, then I do a netstat and I saw the control port beeing controled from a wine instance.
So I think it runs on Wine.
I killed the wine instance and the port stopped
listening.
- Smells Like Open Source Code
NEVER underestimate the power of human stupidity.
Browse at -1, because trolls are often the most creative part of
But I think it'd be much funnier if someone found a hole in SCO Unix, and wrote a worm to DDOS sco.com. Something like that would be so bittersweet.
Then I remember that a DDOS like that is impossible since no one runs SCO Unix anymore :)
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
I kinda want to be infected by a virus that would attack SCO
Yeah I just got an email here at work saying someone or somnething tried to send it to me. Good thing my employer has antivirus or things would be a little crazy right about now.
Dave
I'm genuinely puzzled as to whether or not people will raise their pitchforks or glasses of beer to Microsoft.
"Derp de derp."
It's not Microsoft's fault that stupid people use Windows. No decently intelligent person is going to open an attached .zip file and the file within it...
Stupid people need something that is easy to use. If Linux was as easily accessible as Windows, I'm sure it would be plagued with many of the stupidity flaws that Windows has.
webpage
Does it run on linu.....
Oh nevermind
Error 407 - No creative sig found
I think all viruses are a bad thing.
I will not however be blackmailed by some jerk's placing an automated personal vendetta on the web, anyone's vendetta.
If SCO thinks Linux people did it let them prove it. I hope whoever did it is caught. But it is too easy to oppose SCO for its incredulous, unsupported claims -- some jerk did this. SCO is the victem of playing to the MOB with grand pronouncements and no proof.
ls
If they hadn't put Linux in touch with Penny Marshell he never would have picked this sort of thing up. It's all fun and games until someone's server gets borked.
No one likes virii... Then again, who likes the SCO either?
Buckethead
Grandfather (gruff Northern English accent): "In my day a virus was a proper virus, it destroyed your hard drive and wiped away your entire silicon existence but we held together lad, together"
Grandson (wide eyed): "Was that when you had keyboards granddad? Crikey. Pass the DNA-USB dongle over please..."
I've noticed that everyone who is for abortion has already been born - Ronald Reagan
SCO just started yet another lawsuit, this time with Novell. Now the financial types could be recalculating how many quarters until SCO runs out of cash and has to cease operations. Let's not let them get distracted by stupid email tricks.
* ^ *Content-Disposition: attachment;
* filename=".*\.(pif|exe|scr|zip|bat|cmd)"
Looks like it works:
wee@foo:~$ grep 'mail/virus' .procmaillog | wc -l
21
Not terribly effcient, but every little bit helps.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
Not "terrorism," more like "karma" (and not the delicious Slashdot variety).
True story.
EOF
Come on guys....we are SO better than that.... this is probably even made by sco to attract judge sympathy.
NO SIG
So where's the problem?
It's not like SCO sells anything anymore, other than attack-dog services to Microsoft... www.sco.com can go down all it wants, the lawsuits and legal threats are unaffected. Hell, the company may even benefit from it.
So running normal pattern-based antivirus would not have helped. Even with the pattern files being distributed, not all users of all AV software are configured to receive "push" updates or check for new pattern files often enough to prevent infection.
The problem is worse with worms (which self-propagate) than with viruses (which require human action to infect a vulnerable host).
When the user doesn't feel any ownership stake in "their" workstation (true of many employees of corps), and there is no direct consequence for taking stupid actions, why not click?I do not deploy Linux. Ever.
Where are mod points when I need them?
Does the virus install it's source, whine about the GPL and insist on being called GNU/MyDoom?
OK. someone cracked up and wrote a virus that not only spreads illegaly, but also attacks sco.
I'm not sure about the consequences or the total damage that this kind of behaviour does to the vision of the public about open source community but surely this is not good.
I'm gonna be brave and declare that this is not work of any self-respected open source team (yes I know, the term is too general), but unfortunately this is nothing but air in court. Also I could declare that this is the work of someone who tries to toss a little shit on the open source community, to most of us that would be as childish as saying: "Those linux freaks made it, they wrote a virus to fuck us", but something we know is that many "adult" reasoning is made by those kind of statements (only a bit polished), and many court decisions are funded by those kind of decisions.
I HAVEN'T OWNED A TELEVISION SINCE 1967 AND ONLY WATCH MOVIES ABOUT LEFT-HANDED ALEUT LESBIAN PIPEWELDERS! FUCK HOLLYWOO
I've been bombarded by this damn Worm for the past 2 hours, pretty funny actually, they range from an e-mail saying that my client cant display 7 Bit ASCII so they included a binary file for me, or a simple message saying "hi heres a cool attachment" all from AOL addresses.
Some jerk writes a virus and all of a sudden the whole "Linux community" is to be blamed? By what logic?
The best diplomat I know is a fully activated phaser bank.
-- Scotty.
On Yahoo mail it has virus checker.
It used to be that when a virus was detected it would warn you, but still let you download it (attachment). Apparently too many people downloaded them, cause now if it detects a virus it doesn't let you download it! I swear some people....
"W32/MyDoom-A also drops a file named shimgapi.dll, which is a backdoor program loaded by the worm. The backdoor allows outsiders to connect to TCP port 3127 on your computer."
From www.sophos.com
I DO in fact have a paypal account and am willing to accept donations for my contributions to society.
Send donations to:
wenNOdoy@SPAMconsolidated.net
P.S. Trolls: get off my momma, cuz I just got off yours.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
I mean who's to say one of their other eleventy tweleve bagillion enemies didn't write it?
I hadn't seen one until I started reading this story on here... then I got 2....
Strange coincidence.
---- Booth was a patriot ----
Having everything@mydomain redirected to me, I've just noticed that this thing randomly spews out prefix names. In an hour received emails targeting: mary@* george@* smith@* Have not seen anything as prolific in terms of random addressing. The virii before this one very rarely threw up random names. *shrug*
I got a copy of this virus sent to me early this afternoon, with the actual virus arriving inside a zip file, disguised with a text-looking icon and set to appear as a ".htm" file.
.scr file.
.exe files blocked at our mailserver, but this one's sneaky: it's an executable file, zipped up.
.exe attachments to emails...my vote is a big NO...having just a .zip attachment is bad enough...at least some people don't know how to open a zip file :)
Then I got another copy a short while later, also zipped, but with different file names, this one a disguised
Then our administrator shut down our mail server just as the flood began...
We have all
Funny that we had already scheduled a meeting on whether or not to allow
Amen to that! Stupid virus authors, giving a bad name to all us honest respectable SCO-haters... *grumble*
heh. googly moogly. i like that. I made up a word the other day. Combined stupid & superb and got.. stuperb! (use when something is exceptionally stupid). There, it's free. Everyone go use it!
I always download the attachments that say "I love you."
Sure, it might be a virus... But I can't take the chance I might miss a secret admirer.
In fact, unless I miss my guess, this is how it infects you:
1. Receive mail.
2. Open mail.
3. Double-click attachment. This opens the archive.
4. Double-click the payload inside the attachment, thus executing it.
5. Get infected. Lather, rinse, repeat.
So, in order to get infected, you have to open a suspect file inside a suspect archive inside a suspect e-mail.
And it's spreading like wildfire. I was going to ask "are people really this dumb", but I guess the empirical data available makes that question moot...
-HubCity
Altrok & Altrok Radio
Let's see, should we patch or not....hmmmm...nope, the hell with it I am tired of patching clients.
Got Code?
How the fuck is this joke a troll? Somebody needs to pull a stick out of their ass.
I have a very small number of users, and get about 2,000 messages in a normal day, across all of my domains/users/etc.
I'm watching the mail logs, and I'm seeing one or two of these getting rejected every second.
I'm also seeing that a huge number of them were coming from the same two addresses. I've blocked those addresses, which has slowed down the rate a little.
Apache guy, Open Source enthusiast, runner
Now we get the pleasure of another indignant letter from Darl about how the open source community is out to get him.
Since when has this country used intellectual elite as a pejorative term?
SCO makes us all mad. Mad enough to want to sock Darl in the nose. But what good will DOSing them do? So people can't get to their website... Big deal. It's not like they're Amazon.com or anything.
I work at a company who has offices all over the world. One of our offices has XO Communications as it's ISP. The same ISP that SCO uses. I often hear one of our network engineers cursing them because the the service is poor and outages are not handled in a timely manner. It's not Hard to DOS them.
Perhaps the virus should have focused on a more useful target, like the law offices that are handling the whole SCO fiaSCO.
Looks like the don't need the law suit at all
If you can't wait until the virus pops up on your network, just download the sample and start your own wave. After all, it's for a good cause!
if you install potentially malicious software from unknown sources, you're bound to end up with a broken system. this is not a flaw in the OS.
if you install potentially malicious software from unknown sources, you're bound to end up with a broken system. this is not a flaw in the OS.
if you install potentially malicious software from unknown sources, you're bound to end up with a broken system. this is not a flaw in the OS.
Sure, I can write a fake su or sudo in three lines of bash script. The way beginner Linux distros sudo their way to hell, zillions of users will be affected by this the day Linux gets to the vast unwashed desktop masses.
> What leads you to believe any Linux developers is behind this?
Dude, have you read the first posts of this thread?
Many people argue that Linux has less problems because it is more secure. Others say this isn't true (for NT-based Windows, anyway), and that Windows is simply a higher profile target because of the higher user base. It is impossible to prove either arguement since no one knows how many security flaws are in either system. To add another variable to the problem, is Windows a target because Linux users hate Windows. It's probably impossible outside of Redmond to find anyone who hates Linux. This latest Windows attack seems to be perpetrated by a Linux user, since it attacks SCO as well as Windows. Is this attack motivated simply by hatred? Could this be a significant factor in the equation for why Windows is attacked so often?
Vote for Pedro
X
Comment removed based on user account deletion
Normally I would say this idea is paranoia. But then, your point deals with SCO, and we know they are both paranoid and dishonest. It is without many questions that SPAMers have used virus to advance their cause, and there is good reason to believe Darl et al have less integrity than SPAMers do...
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Strike that, it would be strange if SCO still had anyone working for them that could code.
Despite their business tactics, the Unix that SCO manufactures is still more stable and reliable for mission-critical tasks than Linux.
Air-traffic control systems don't run no Linux. They either run QNX or SCO.
does anyone have a good procmail rule for this one? right now I'm just filtering *.zip, but that seems hardly right.
- bram
i was just checking to see if sco.com was down and it dawned on me that whenever an 'evil' company such as sco goes down it is reported on /.. I wonder how much the slashdot effect plays into the consumption of bandwidth of the sites? this may provide to be intresting if someone looks into it...
> 1) It has a simple text message plus a binary payload attachment.
:-/
> 2) It uses no M$ exploits (patched or unpatched) to install itself.
> 3) It depends on someone opening the attachment to start an infection.
Compared to the real world this would be something like:
"Whoa! Theres a black, unmarked bottle on my doorstep that reads 'Returned to sender'. I am quite f*cking sure I did not send this bottle in the first place. So why don't I open and drink it? It can't be dangerous!"
Anybody with some common sense would not act this way IRL, but with computers its all different...
I pity the state of the union
cd pub; more beer
First you save the attachment.
Then you unzip it.
Then you execute it.
Why do the virus writers even bother writing code? If people are willing to do all that, it sounds like the next virus will consist solely of the text:
"Pick a friend at random. Go over to his house and bash his computer with a sledge hammer."
I have received over 30 emails with this virus attached today already. From what I've seen, some come in the email described in the article post, but I have also seen emails containing this virus that look like this: The following email is encoded in UNICODE format please see attachment for message. - or - This file is encoded in 7Bit ascii format please see attachment for message. The attachment is always 22.6k in size. Thought windows slashdotters would be interested in this info.
Some do :-)
I just read an article in Linux Journal that desctibed the process of porting the systems to Linux.
Jeff.
I'm really surprised that /. isn't serving up the virus just for us- those that can spread it would be more then happy too.
they didn't even link to sco in the article- that would have helped a little...
Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.
On one hand, this shit will probably wreak havoc at a few of my clients' offices because they've all got at least one dumb shit who still clicks on everything.
But on the other hand, I just have to laugh that those SCO dicks are getting smacked around a bit.
Who says all virii are bad?
Calling atheism and agnosticism a religion is like calling bald a hair color.
Of course, that was back in the day. My mom isn't going to get this virus because now, she doesn't have a computer...
No, I'm Spartacus
#!/bin/bash
while 1;
do wget -r http://www.sco.com --delete-after;
done;
=)
I got a mirror here...DISCLAIMER: This is a virus. FUCK YOUR SYSTEM IF YOU WISH IT'S NOT MY FAULT.
You have to realize that such a large number of "average" internet users love clicking on things. You put a hyperlink on a site, no matter what it is they'll click on it. You add it as an attachment, they'll click on it. No matter how many times you tell them not to, they'll do it anyway. Why?
Clicking is fun!
"Wisdom is not a product of schooling but of the life-long attempt to acquire it." -Albert Einstein
if someone wanted to make SCO's webservers unusable, couldn't they just have put a link to them on /. ??
...is not nearly as effective as having them fear you
Oh dear... However much the idea of a DDOS against SCO makes me chuckle, the downside, for me at least, is the load on my email server. I've had over 200 attempted infections in the past couple of hours, and several dozen bounces due to attempted infections being sent from faked email addresses on my domain. I can hardley wait to see the mess when I wake up in the morning! I foresee a day of sluggish internet and constant email server emptying later today... Oh joy!
Second, it can perform a denial-of-service against www.sco.com.
You say "virus", I say "handyware".
Learn something new.
People might not willingly load it onto their machine, but it would be interesting to know how many people turn a blind eye when their AV detects it.
I've finally got a fan! Now what do I feed him?
Finally a reason to ditch Linux. I'm loading Microsoft Windows today!
nuff said
Who would benefit the most from a virus that would slam sco and make the Linux community look bad? Also keep in mind that Microsoft is so virus prone that it's just accepted, so its no dirt on their shirt.
The road between democracy and tyranny is paved with secrecy in the name of security.
Sid gives the guy a new version of BadgerBadgerBadger that does HasturHastur...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Heh. I think it's awful sweet of those guys to write Darl his own Windoze virus, especially since he already ownz all Linux virii anyway.
Bruce
Bruce Perens.
Alright. Now listen up. Here's the deal....and I'm not accusing anyone...I'm just saying...
"The worm encrypts most of the strings in it's UPX-packed body with ROT13 method,"
I *KNOW* it was one of you fuckers...
OBVIOUSLY, this is an attack my Al Queda operatives... now before you mod me down think about this.
By attacking MS and SCO, they have given both companies leverage against Linux and more FUD than they could create by themselves.
These terrorists obviously want the US government to back those companies and drive useful (i.e. robust, efficient and able to be used against them) software out of the market.
Once, SCO and MS run things in the US no one will be able to recieve any more useful information or get work done.
Not to mention the citizens of the US will be so mired down in our inefficient and secured through near martial law practices that they will be too apathetic to care, and too slow to react.
A brilliant masterstroke...
We had to install XP on my mother-in-law's machine because it just wasn't worth cleaning up WinME Yet One More Time (especially with all the Helpful CompaQ Recovery Software). If AOL could run from a LiveCD, it would be the ideal environment for her.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I hate to say it, but Norton Anti-Virus doesn't exactly inspire much confidence with me to begin with.
I've removed a *bunch* of back-door trojan horse programs (MovieWorld and so forth) from Windows PCs that were running Norton AntiVirus 2003 with all the latest signature updates being "Live Updated". The freeware AVG Anti-Virus personal edition found them, as did a relatively unknown scanner called Avast.
Why is it people have to pay $30+ per year for a subscription renewal for a big-name, commercial scanner that can't even find things the freeware packages find and remove?
Personally I feel that's bullshit since the point of Slashdot is to provide news AND to entertain. Funny posts are just another reason I come back here instead of writing it off as a bunch of tight-assed bitching motherfuckers.
Air-traffic control systems don't run no Linux. They either run QNX or SCO.
Linux in Air Traffic Control
All Hail Discordia. Hail Eris. Fnord.
* ^ *Content-Disposition: attachment;
* filename="(message|body|document|doc|data|readme|
They ain't the only ones. 2100 copies of this piece of @#$%^ as of this morning. My email server is making a funny smell.
Caveat Emptor is not a business model.
No, Windows is not a virus. Here's what viruses do:
* They replicate quickly - okay, Windows does that.
* Viruses use up valuable system resources, slowing down the system as they do so - okay, Windows does that.
* Viruses will, from time to time, trash your hard disk - okay, Windows does that too.
* Viruses are usually carried, unknown to the user, along with valuable programs and systems. Sigh... Windows does that, too.
* Viruses will occasionally make the user suspect their system is too slow (see 2) and the user will buy new hardware. Yup, that's with Windows, too.
Until now it seems Windows is a virus but there are fundamental differences:Viruses are well supported by their authors, are running on most systems, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature.
So Windows is not a virus.
It's a bug.
While I don't think it's good for PR for the Linux crowd to be explicitly associated with any viruses, I would rather see this type of virus than one which does serious damage!
Any besides, I got a good chuckle out of reading the description on Symantec's website.
Cameron King
I don't run Windows. Life is better without the bugs.
Why isn't there a user-safe, peer-reviewed GPL'd DDOS client available, something as easy to use as a distributed.net client?
Just wondering...
-- C.
Woot!!! I'm off the hook. I can let the AV Server slowly distribute the update through the week rather than panicking and running to every system to make sure it's up to date. Take that .com mies! :)
I am not convinced that this is the only method the thing travels by. My laptop at work got infected with this, as did my office mate. We both saw mail going out as us to others in our group, etc. Neither of us double-clicked the attachment or ran it. Being curious though, we did (apparently both of us did this) right click the attachment, save it to a dir on a linux box for inspection in emacs hexl-mode, etc. So unless this thing launches via a right-click and save operation (off of the windows box entirely), there must be some other transmission mechanism.
Where can I get one? :)
I assume if I use Mozilla, it won't be emailing itself to everyone in my ( outlook express ) addressbook, and I can just let it distribute itself across the Kazaa network and wait for the DOS attack to beef up
Obviously it wasn't written by anyone in the Linux community. There's no source code.
What if a virus were written by the RIAA? It could plant itself, activate when it sees a violation, and report the user over the internet.
Similar to the way the FBI operates. Only the FBI (usually) uses warrants.
Well I have my copy! Arrived in my fiancee's inbox this afternoon. She helped me analyze it in Linux over the phone. (She's a biblical scholar when she's not hacking. What's not to love? :) Well we ran strings on it, among other things: it contains a few nuggets:
/abcdU VWXYZ
;-)
o Part way down the strings output there the following:
(sync.c,v 0.1 2004
1/xx
: andy)
Weird.
sync.c: I believe is a linux kernel file? Maybe it was written on Linux? Who knows.
o Further down is:
notepad %s
Message
This is consistent with the notepad screenshot on McAfee.com
o Then some more weirdness:
ghijklm
pqrstNwxyzg
ABCDEFGHIJKLMNOPQRST
I guess this cracker knows the alphabet. I am impressed!
o More funniness:
Sack_i
smith[C
&joe?neo/
Matrix fan?
o gold-Pxc
I guess this is reference to the electronic banking system it attacks
o Further down:
USERPROFI
Going for the registry I see...
o More sequences
ASCII
r=it f
0aA!0123456789+
My guess is that the sequences are character food for the random message generator
o Towards the end:
Libra
I guess this hacker is indecisive
o Finally, it wraps up with a list of windows dlls and function names.
-ghostis
our comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. Comment aborted.our comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. Comment aborted. lameness filter food
Computer Science is all about trying to find the right wrench to bang in the right screw. -T.Cumbo?
it can perform a denial-of-service against www.sco.com. Details at Symantec and F-Secure, although neither seems to have finished their analysis.
.. lets take our time over this.. no need to rush things now is there? I mean - we wouldn't want to make a mistake or anything now would we?
Cut to the labs of the antivirus companies:
Sir! The new virus seems to launch a DDoS against sco.com!
REALLY? Great work! Now
Take a 2 day lunch.
I think it might be a federal offence to knowingly distribute a virus. That link from russel may have the live viral code in it... hint hint.
Now I'm wondering, was this a problem? Were people actually putting the whole box, with the plastic wrap and frozen pizza, in the oven? Or just the pizza still wrapped in plastic? I say, if you're stupid enough to do this, then you should chalk your demise to evolution.
Oh, I remembered another one. Paul Newman Popcorn. As soon as I removed the package of popcorn from the box, and way before it was near the microwave, I got the warning "CAUTION: BAG IS HOT". Well, it didn't feel hot, and of course there was the warning to remove the plastic before microwaving.
President Bush to Liberate Alaska
that aims to define exactly who it is that is opening email, saving attachments, opening the attachment, running the payload, and is not using AV software.
What does?
But anyway, perhaps these are people who DO run AV software, but it's out of date. Or they DO run it at work, but don't realize that it didn't come already installed at home. In either of these situations, they might have a false sense of security, might think that anything that the computer lets them run should be perfectly safe.
But then I remember some of the people I'm related to, and istm that, for a lot of people, all higher-level thinking just shuts off as soon as they sit down at a computer. Perhaps they think that there's no way they'd understand it all, so there's no point in trying to understand any of it.
"SCO's allegations about the dirty open source movement have some validity"
i think sco has already tarnished their reputation enough by well, being sco.
i think the parent is actually a sco employee.
this isnt like microsoft or something thats sortof evil. its like bush. REAL evil.
I once stumbled across a scan of the "Amish virus" card on the internet...
It ran somewhat like this:
"You have been infected by the Amish virus. We can't use computers to make this virus, so please go home and delete all your files. Send copies of this card to all your friends. Thank you."
-Lucas
Technically though - if you look at they have to save the attachment and execute it to get infected, that is a really messy way of doing it. If a linux user did write it.. shame on you! :)
Big difference, this thing only spreads through stupidity. No OS is safe from things like this. Get enough stupid people running linux and it will have similar worms.
Ren: "Don't touch it! It's the history eraser button, you fool!"
Announcer: "Can [Stimpy] resist the temptation to push the button...? The jolly candy-like button!"
'Q' is for Dr. Tran
Anyone see a problem here?
nothing.can.stop.me.now
OMG. You'd think ppl on slashdot would be smart enough to know a virus isn't news. GET ANTIVIRUS AND KEEP IT UPDATED. If you don't you're a moron. Virus warning cause more internet traffic than the actual viruses.
I just added the "extra.dat" file to the uvscan directory [Linux] (should also work with Virex on the Mac -- not that it really matters there either :). All inbound/outbound type data just happen to come/go from one of the un*x's on the networks I use/run (Windows can only access local Intranet for really only CAD type data :). Anyway, I'm also seeing it called:
./message.pif
# uvscan message.pif
Found the W32/Mydoom@MM (ED) virus !!!
# cat extra.dat
86 178 157 177 77 51 218 128 63 28 192 202 105 92 226 222
77 126 192 48 15 15 141 153 142 49 129 178 39 43 14 177
103 51 40 188 102 160 101 197 32 234 88 126 129 249 116 176
65 12 233 199 242 50 249 168 223 54 141 82 32 204 178 190
143 54 141 179 13 50 141 167 192 49 138 179 67 160 138 178
77 51 141 179 109 141 138
6567 256 12367 334 W32/Mydoom@MM
And once again, my ISP is immune to it because they don't allow windows-executable attachments in email.
Sometimes the simple solutions are best.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Try Grisoft's AVG antivirus. It will work side by side with Norton's or Mcafee.
..as many experts will tell you, run 2 antivirus packages. (odd that the two biggest won't work on teh same box at once...)
It has caught a lot of viri that the 2 others skipped right over.
Linux users will like it too.
karma, hah...
"NEVER underestimate the power of human stupidity."
Of course, thats why capitalism works.
In the free world the media isn't government run; the government is media run.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
For once a virri I like!
Any bit of code that executes a DoS against the SCO fuktards is alright by me, and I might infect my own systems if I can actually find this virri.
It isn't a lie if you belive it.
*hugs his mac*
Text of sco.com, incase of slashdoting/DoSsing
SCO | SCO Grows Your Business
SCO has recently issued two letters intended to protect its intellectual property. Letter to UNIX Licensees Dec 18, 2003 This first letter was sent to UNIX Licensees, outlining terms within the UNIX license agreement. ABI Files Letter Dec 19, 2003 This second letter was sent to the Fortune 1000 in the U.S, outlining SCO's copyright claims under the Digital Millennium Copyright Act.
SCO Ranked 75 In Deloitte Technology Fast 500 The SCO(R) Group (SCO) (Nasdaq: SCOX), a leading provider of business software solutions, announced its ranking among the 2003 Deloitte Technology Fast 500, a ranking of the 500 fastest growing technology companies in North America.
Manage UNIX Authentication and User IDs Using Microsoft Active Directory SCO welcomes the new year with Vintela Authentication from SCO (VAS) Release 2.2. Using Microsoft(R) Active Directory(R), VAS lets you securely manage UNIX user identities and authentication alongside Windows systems. VAS 2.2 includes support for HP-UX, 64-bit Solaris, SCO UNIX, and other UNIX platforms.
SCO in the NEWS Top 25 IT Executives of the Year -- CRN. Pros, Priests and Zealots: The Three Faces of Linux -- TechNewsWorld. SCO Gets $50 Million Infusion As BayStar Capital Takes Stake -- CRN. Deutsche Bank analyst starts SCO Group at 'buy' -- Mercury News. SCO: Project Legend, UnixWare SVR6 Will Drive Future Channel Business -- CRN. More SCO News
You never know, it might go down.
SAILING MISHAP
I highly doubt a Linux enthusiast would have written this virus. Being one myself, I DESPISE writing windows code when I have to.
It's just so...dirty. Even if it means hurting SCO, I don't want to touch the stuff.
I've gotten 300 emails of this today. I'm getting pissedededed.
And why did you staple the trout to the RAM?
I've just seen this on Groklaw.
Kinda makes you wonder what 'dark force' is actually behind all of this.
I don't claim I know more than I know, and if you know you know more than I know, then by all means, let me know.
The author says:
"Linux and Windows both require too much overhead to build an efficient embedded system."
I can believe this with Windows, but is this really true for Linux? If so, why?
Windows XP handles zip files nativly, unlike earlier versions that required using a third-party application like winzip. This virus and the many incantations of mimail prey on this. If you are running an older version of window you might pause when winzip comes up when you click on the attachment, but if you are running XP and don't look at it, a simple click will open it.
I have blog like everyone else
Linux is already being associated with the virus by the media: "... Some reports suggest the worm will launch a denial of service attack on the home page of The SCO Group leading to something of a conundrum among Linux users posting to news aggregation site Slashdot. While there are those cheering on the virus, many are pointing out how bad it makes the open source community look. SCO is currently engaged in a legal battle over ownership of the Linux code and has recently issued a licence for a number of flavours of the operating system." From http://www.computerworld.co.nz/news.nsf/UNID/F943A AEBA6929F93CC256E280009D549?OpenDocument
Tricky 'MyDoom' e-mail worm spreading quickly
.pif, .zip and .csr. It also uses an attachment icon similar to one used for Windows text messages. All of this, security experts warn, was succeeding in tricking people into thinking the e-mail was legitimate.
... back from vacation and they've started pushing out their creations," Gullotto warned.
Worm launches attack on site for Unix-owner SCO Group
By Jeordan Legon
CNN
Monday, January 26, 2004 Posted: 9:15 PM EST (0215 GMT)
(CNN) -- Hackers unleashed an agile worm Monday -- using a sneaky, fairly new tactic to get unsuspecting computer users to diffuse their malicious code.
Dubbed "W32/MyDoom" or "Novarg," the worm circulated so fast anti-virus firms quickly raised threat warnings to "high" saying the bug was one of the worst in recent months.
The worm is contained in e-mails with random senders' addresses and subject lines. While the body of the e-mail varies, it usually includes what appears to be an error message, such as: "The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment."
While many computer users are savvy about not opening executable files or other attachments that may contain viruses, the latest worm masks itself as an innocuous text document or a file that your computer appears unable to read.
"This one is almost begging you to click on the attachment," said Sharon Ruckman, the head of anti-virus firm Symantec's security response team.
When loaded, some versions of the worm launch Notepad and show random characters. At the same time it replicates itself and installs a "keystroke" program that allows a hacker to break in and record everything being typed, including passwords and credit card numbers.
The worm sends out a slew of messages that forced some companies to shut down their e-mail gateways to stop the infection, said Vincent Gullotto, who runs Network Associates' McAfee Anti-Virus Emergency Response Team.
At the same time, MyDoom appeared to launch a Denial of Service attack on the site for SCO Group, a California company which recently sued IBM, challenging that firm's intellectual property in parts of Linux. SCO.com was inaccessible for some time Monday afternoon.
Anti-virus experts said MyDoom was on track to hit even more machines than Nimda, a 2001 worm that spread widely with an attachment that read "Readme.exe."
This time, besides the "binary attachment" message, MyDoom comes with all different file extensions including
After a relative lull in the number of viruses distributed during the holidays, anti-virus experts expected a hectic Tuesday as office workers fired-up their computers and unwittingly spread the worm.
Two other less prominent worms, Mimail.Q and Dumaru, were also making their way around the Internet.
Mimail.Q changes the body and attachment over time, but, for now, some of the e-mails containing the worm used the subject line: "Hi my sweet Nancy."
Dumaru comes with the subject line "Important information for you. Read it immediately!" and includes an attachment called myphoto.zip.
"The virus writers [are]
The social engineering on this one isn't half bad.
.zip file was "readme.txt%20%20%20%2020%20%20%2020%20%20%20.scr" , which shows as "readme.txt" in the Windows GUI.
The first one I got looked like a bounce message, with text saying there were some non-7bit characters so the full message would be in an attachment.
The payload inside the
Believe it or not, there are mailers in the Windows world that send bounces with the original message as an attachment. This worm could easily fool someone who wasn't technical or wasn't paranoid.
Second, it can perform a denial-of-service against www.sco.com.
Where can I download said virus? Will it run under WINE?
Need Free Juniper/NetScreen Support? JuniperForum
I'm sure i'm not the only person who wonders if SCO might actually be behind this. I know it sounds stupid, but I hate to believe people in the OS community would be so stupid as to launch a worm like this. Now SCO, on the other hand, it would make a lot of sense since they really don't have any way to make money other than pretending to be victimized.
I, and I am sure many others, want to know just
as much as SCO who wrote the virus.
If anyone learns anything, please pass it
along to the appropriate authorities.
We all pull together to support OSS so
let's not allow something like this cast a
shadow over our group. If anyone knows anything
about who wrote the virus, pass the
information along to the appropriate authorities.
I've turned off my active protection!
For the first time in my life, an email virus has actually ended up in my inbox.
:)
*sniff*
Im so happy. Somebody actually has me in their address book.
Poor Dave Shuster...
Your message dated Mon, 26 Jan 2004 19:56:50 -0500 with subject "HI" has been submitted to the moderator of the VTCREW list: Dave Shuster
I'm seeing these come in basically at random except for the one from papajohns.com where I know I'm on their list@!, yummmmmmm. The rumor I hear that it mails to random addresses seems reasonable since I have a 3-letter email addy, an easy hit using a simple spammer engine (or the code from one?)
Yuck... this thing is going to be messy
"Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
So us sysadmins aren't going to speedily patch systems for this one then?
-- If we don't stand up for our rights, now, there will be no right to stand up for them later.
The MSNBC article doesn't even mention the SCO
DoS portion of the virus.
MSNBC Article
here's a conspiracy theory for you guys:
This virus was written by someone in the "intellectual property" industry: SCO, RIAA, MPAA, MS, etc. - in an attempt to discredit p2p, linux, and other things that stand for freedom.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Well, as proprietor of some anti-SCO websites, let me weigh in here:
/., and what do I see? A virus attacking SCO!
.pif, .scr, .zip file extensions.
.pif or .scr. Until the antivirus
companies release the definition files to detect this new virus, we are
banning the .zip extension also.
As soon as our vendors update the definition files, we will remove
the ban on the .zip extension.
ARE YOU IDIOTS INSANE?
(FYI, I am a college student, U of W @ Madison) I didn't hear about this new virus until now. But at about 4:30 PM today, I get this email from an attractive, intelligent female friend of mine from high school. She goes to Knox College in Illinois. (Let's call her Kristin) The email is listed below in it's entirety, but basically it says watch out for this new virus. So I figure, OK, maybe some stupid Bagle (Beagle, whatever) virus variation has come out, and computer illiterate college students haven't figured out how to push the big Update button on their virus scanners. No biggie.
So late evening, around 6:30 PM, I go to a student government meeting (contrary to published doctrine, some college students actually give a shit about what's happening in the world.) I get back, check
Now, I think everyone here knows I dislike SCO. I own websites that are anti-them (Check my sig, the scolawsuit.com link above, and Litigiousbastards.com linking campaign. But this is not the type of publicity we need. This gives SCO more ammunition, when it needs less. Guess what? The public equates viruses like this to terrorism. The average Joe Sixpack will think "Oh, this poor company's getting hurt by terrorism! These gosh darn Linux assholes are terrorists!" Can you say Guantanamo Bay?
If you want to DOS someone, do something constructive like sending an email to a Congressman/woman, donate to Groklaw.
(And yes, I must admit, and in the spirit of fairness, I was laughing out loud when I saw this article)
My friend's letter:
Hey everyone - Just something you might want to be aware of even with the virus protection software that you have. School is going well, and I am really enjoying myself here. I have a lot of work, but I am having fun. I even had a bat in my room, which was interesting. Ok, time to go back and do homework.
Kristin
=Original Message=
From: "M. Sean Riedel"
Date: Mon, 26 Jan 2004 15:59:33 -0600
A new virus, yet to be named, is spreading quickly and has slipped by many AntiVirus applications. If you have received a message with the following parameters, delete it immediately without opening the attachment. You will only become infected if you open the attachment.
The common factor in its profile is that it carries an unsolicited attachment. So far we have seen filenames of "body", "data", "document", "file", "glszfj", "message", "readme", "test", "text", "vgsu042a", and "vncexdl" attached to messages all with either the
We already ban extensions of
As always, if you receive messages with attachments from anyone you do not know or unexpected attachments from people you do know, don't open them. If the message is from an unknown party, just delete it. If it is from someone you know, verify with that person that the attachment was intended since many viruses will forge the sender.
M. Sean Riedel
Computer Center
Knox College
What about those of us that download them for our collection...
Somehow I seem to have gotten this stinking thing. If anyone can help me puzzle this out, I'd appreciate it. Consider this: I do not open dodgy email attachments. The only remotely weird email attachment I got was at 9:30 tonight (more on that in a sec).
.scr attachment to them. This email was plain text, no attachment. So I think "whoa, sounds like I got a worm, how did that happen!?"
.pif. I knew better than to just open that thing. I opened Notetab and dragged the file onto it. Binary file, yada yada.
.pif? And even if it did, why did I get the "you sent us a virus, dimwit" automated email from somebody else four hours earlier?
So I get home and I have two odd emails. One is from a legitimate looking source (and the IP matches the From address; I ran it through Sam Spade tools because I was suspicious) basically indicating that I had tried to send a suspicious
This email was addressed to an email address I use for a blog. Not my main email.
Second weird email was from another legitimate-looking source, RE: Test, and it appeared to be bouncing a suspicious attachment back at me: a file.zip that contained file.txt (many spaces)
So how did I get this thing without ever opening a suspicious attachment? Possible exception of what I dragged into Notetab, but surely that wouldn't execute a
Is there a way to get this thing without opening an email attachment?
SCO gets what they deserve!!
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
## drop all Novarg/MyDoom virii
* ^AFAmSgBAA/2yaZosEAT0JegBAE
{
LOG="$NL Novarg/MyDoom Virus$NL"
Novarg.txt
}
No guarantees - Haven't had much time to test it. Not the most efficient either (should probably check the file size first and rule out small messages first) but it should get the job done on most "average traffic" mail servers.
Did anyone bother to read the details?
SCO hasn't been attacked yet. It doesn't kick in until Feb 1st and then it doesn't even go for two weeks.
How kind of virus writers to put a time cap on how long it does damage.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
I'm still trying not to think about breathing
Doing obviously illegal things only makes us look bad and SCO look like a victim. So this is a major step backwards.
A step backwards for whom, exactly? Call me crazy, but I'm pretty sure IBM didn't write this virus. I'm pretty sure Linus didn't, either. As much as RMS might turn my stomach, I'd bet a lot of money he didn't, too.
Unless your worldview is SCO vs. everyone else (ie: unless you're SCO), I don't see how something like this can hurt anyone other than SCO.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
The executable is way too small (22,528 bytes compressed vs. 150k+ for most of the usual trash by spammers). I certainly doubt it was written in VB.
One line blog. I hear that they're called Twitters now.
This is the Linux/Open-Source virus. It works on the honor system. To replicate, copy into your .sig. To activate, type "mkdir /tmp/tmp; cd /tmp/tmp; wget -r -t 0 -l 0 -D sco.com -nd -nH -nh --delete-after sco.com".
Twice a day keeps the lawyers at bay.
All those warnings are just there because the government doesn't want super humans crushing them out of existance.
Work Safe Porn
All it means is somebody who opened the payload has you in their address book. (Good luck convincing the recipients that's the case, though.)
When I first heard about this, I had to laugh out loud... "All targeting www.sco.com? Ha!"
Then, the phone rang, and I had my first 2 computers infected on my network. It was 3pm, and it was first discovered at about 1pm. (PST)
This is no laughing matter.
Who ever wrote this was quite the skilled assasin: Works on 95 thru XP machines? Transports by Mail with its own SNMP deamon? Spreads over Kazaa? This is very well planned.
The thought that a Pro-Linux activist did this discusts me. There is no way this can be good for linux's fight against SCO. Hopefully it can be proved to originate from somewhere, because if it comes from a linux user, the linux comunity will damn him. If it comes from anywhere else, then the extra leverage on the SCO vs. Linux suit will be lifted.
Then we have the consperancy therorists: SCO wrote it themselves! Now that's funny... unless it turns out to be true.
I've even heard a guy who claimed that the anti-virus companies' employees write the viruses... eather with the companies' knowledge or not. He claimed that they did this to "keep the demand up for AntiVirus software." Now that's scary.
If I have anybody in the world to blame for this, I'd like to blame the following, who made this possible: 1. Microsoft and their horribly easy to infect OS and mail client. and 2. Kazaa for helping the comunity spread filth.
And SCO: I dissagree with your suit against Linux and Co., but you do not deserve this attack. The rest of the world also does not deserve to help clean up this mess which you are the obvious target.
*Sigh*... I'll be up late getting ready for tomarrow's onslaugt of computers to disinfect.
Pathway
My friend got some emails with the subject "hello" an attachment with the extension .scr(can't remember file name) and the message body was full of non-alphanumeric garbage. One of the emails came from feedback@something.whatever.com(can't remember domain).
Is this the same virus, because the message body is certainly not the same? Maybe the online web-email messed with the body somehow, though I doubt it. If I can get a hold of one of those emails I'll check the filesize to see.
if they cannot speak?
agentsmth()dDoS(Sco);
seriously though, i commend these people, whoever they are. don't forget, this isn't just about linux, this is about the integrity of the GPL, corporate power, the use and abuse of [patent &] copyright law, and many slanderous attacks, and probably a few things i can't think of at the moment. the open source community is more important than linux, and the spirit of community itself and the wellbeing of it's members(upheld by a union of closed and open source interests) is more important than the open source community...and microsoft definitely threatens this, and they are using SCO as a proxy means to this end. not to mention the PR damage allready done by 'playing fair' and letting darl and crew get away with the hell they have been.
SCO is playing dirty, and they started playing dirty. what did they expect? and really, this is just inevidible concerning for-profit unions of people as a whole... and this is an attack on them, believe me...therefor it is a just attack, and we should celebrate it. personally, i've been waiting for this day for quite some time.
"stick your thumb in his eye, and use weapons when he's unarmed. you can justify it all to yourself...later"- body armor promo-sktfm
GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
If sco wasn't acting so childishly in their affairs, I might feel bad for this childish attack upon them.
It's been a long time.
put each "urlopen" in it's own thread, but don't reap them. Set a reasonable timeout (2, 3 seconds) in each thread that sets the called function to "kill myself".
Spawn as many per second as you feel comfortable with in an outer loop. Maybe you keep a count of outstanding threads (this variable is decreased on "kill myself" and increased per spawn) and adjust spawn interval accordingly.
You'll make the site unavailable with many fewer upstream machines.
A little knowledge is a dangerous thing.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
"the fact that something like this makes ANYONE who is anti-SCO look bad"
sir this is not a fact. and furthermore i wish people would quit using this "what i say is a fact" unless they have some grounding in consensus or at least *something* substantial. hell i may be very well misguided or wrong in anything i say, but so may you and it is misleading to any rational discourse to claim something as fact like this.
anyways it would be just as illogical to hold all muslims as bad because a couple of members of an extremist anti-american cell of an anti-american cult of an extremist version of islam and their actions. it is to small a sample size. it is to small a portion of the community to represent you all.
as for myself i'm a member of a subset that's been radical in this respect for quite some time and really i can't claim that i don't support these guys.
if you think seriously this could be a PR disaster for the OSS community and linux, you should go around preaching how we should STFU and let the events turn out as they may, basically ignoring and not praising or even debating the actions of the extremist cell involved. after all, darl called this upon himself, and it just seems to follow from pissing people off that this is going to happen. offer assistance, perhaps even(our linux server cluster will help you avoid this problem, etc) and suggest others to do the same. but hold this event as 'part of nature' and as completely unimportant (companies are ddos'ed every day, why is SCO important?)
GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
I disagree with that theory. I don't see what good it is doing by running 2 antivirus utilities, I think it's a load of garbage. Why? Well, you say a virus "slipped" by the other 2. Well, what if the second program you are using just caught it first because it happens to have a higher process priority? It's a huge system resource waste to be running to programs to accomplish the same thing. Just properly configure your one antivirus program, and make sure you download the dat files everyday early in the morning
virus for us everyday..
I've got it right here. The message body reads:
"The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment."
Clever message, I must say - I'm sure this will catch a lot of people. The attachment name is "text.zip." Norton caught it immediately, even without the latest definitions, deleting the file "text.pif" from the zip file. They seem to have updated their virus definitions in the last few hours, by the way.
1. Its funny because it affects Windows users.
2. Its funny because it attacks SCO.
3. An out of work MCSE wrote it to defame Linux.
4. Everyone who is not computer literate is a complete imbecile, and
How typical.
Kudos to the 4-5 posters who denounced this DDOS crap, regardless of who it targets.
Okay, not to give anyone any ideas, but...
What would be really nasty would be to have the virus send HTTP requests to www.Groklaw.net with the from field in the IP headers forged to point back to SCO and their lawyer's internet connections, causing page after page of groklaw to slam SCO's servers. To stop the attack, they would probably have to block traffic from Groklaw at their router and thus would not be able to access all the useful information there which is so pertinent to their case (if any). That way, they can continue shooting themselves in the foot, now without ever knowing about it, to the amusement of all.
I hope no one tries this because it would be a terrible strain on Groklaw's servers and would likely reflect badly on the open-source community which we all know would never stoop so low.
"I didn't say they couldn't, I said you shouldn't"
- Marge Simpson
Is there a linux port yet? ha apt-get install f*$% SCO
Or, since we're all technical folks here, just set up your machine so you're secured against viruses. Voila! ;)
It's been a long time.
It's a theory, I didn't promise it was a smart theory.
How long before SCO claims ownership over this code too?
SCO will most definitely use the virus as evidence to their argument that all Linux users are criminals. Because you know, of the millions of Linux users out there, after nearly a year of putting up with outright lies, insults, threats, and slander, one person among the countless millions got angry enough to release a virus against SCO. If one out of the millions of Linux users was capable of that, just imagine what the rest of them are capable of. At least that's how any argument from SCO would probably sound to us, except that it begs the natural response "They were running Windows!!!"
i'd hate to see the people get drawn & quarterred under antiterrorist laws. even though technically this probably qualifies even under my definition.
GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
I'd recommend McAfee's standalone disinfector Stinger to everybody. It's a small executable which detects and cleans the most common viruses. Version 1.9.7 disinfects this beast (needs a reboot).
I'll bet someone you know has been infected and their copy of the worm is forging your email address (along with whatever else it found in their address book).
Does anyone else see the irony in sco running linux?
o .c om
http://uptime.netcraft.com/up/graph?site=www.sc
or is it just me..
Myself, I still use old FProt. But I identified this virus by eyeball, first time I saw one (noon of the 26th). Anything that's UPX'd and contains obfuscated text is by definition Up To No Good, whether AV scanners catch it or not!
:)
Tho another reason it struck me as amateur work (see my previous post), is the version of UPX used to compress it. Anyone familiar with UPX knows what I mean, and amateurs can just go on using this version.
~REZ~ #43301. Who'd fake being me anyway?
W32.Novarg.A@mm is a mass-mailing worm. The worm will arrive as an attachment with a file extension of .bat, .cmd, .exe, .pif, .scr, or .zip.
When the machine gets infected, the worm will set up a backdoor into the system by opening TCP ports 3127 thru 3198. This will potentially allow a hacker to connect to the machine and utilize it as a proxy to gain access to it's network resources. In addition, the backdoor has the ability to download and execute arbitrary files.
The worm will perform a DoS starting on February 1, 2004. On February 12, 2004 the worm has a trigger date to stop spreading.
SCOX doesn't "manufacter" SCO Unix; they copy it, and sell those copies. SCO Unix/Unixware hasn't changed much since Caldera purchased it from the Santa Cruz Operations (now Tarentella). Since Caldera became SCO (in a blatant effort to confuse investors and customers), SCO Unix has pretty much stagnated.
In fact, the biggest news from the most recent release of SCO Unix has been Samba.
Microsoft is to software what Budweiser is to beer.
It makes a lot more sense this worm, like many others, is the work of spammers. They love to redirect blame all over the place but the true purpose of this script is probably to open up a back door so they can install proxy relays for their spamming activities. And of course, laugh at the authorities and their inept ability to track them down, while going after the wrong people.
I'll say it again, for effect, any press is good press. I believe that it open up the public to more information on the subject. Perhaps SCO will start to lose it's stock value. Sure they will blame "Linux users" for the problem, but maybe the press will start showing stories on why they are so hated by the community. I guess that we'll see over the next couple of days...
The grass is only greener, if you don't take care of your own lawn.
The extremely ironic bit of the whole thing is the company culture really doesn't like windows at all, and a lot of people there will get very up-in-arms if you send them word documents or excel spreadsheets.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
This one will barely be an annoyance.
Aww man don't say that. If those aren't "Famous Last Words" I don't know what are.
Cheers
Stor
"Yeah well there's a lot of stuff that should be, but isn't"
Yeah, I suggest removing all CD/DVD/Floppy and whatever drives and ripping the network cable out of the wall. Better yet, disconnect the power supply... Voila - secure system.
This comment does not exist.
Looks like it's being spread using an old mailing list that one of my email addresses is on. Sent using my email address to someone at the University of Arkansas. Bounced back with the virus attached but quarantined. Sent Mon, 26 Jan 2004 19:31:04 -0600 (CST)
When shit hits the fan get some of these https://youtu.be/pY-GncsZ-UE
I thought it was funny.
Try that virus under Wine: If it works, Wine is good. If it does not work, Wine developers should work harder, otherwise Wine users wont be able to get "the right eXPerience". :)
hany
Perhaps the same reason as *why cant ms make an good OS compared to Linux and gnu etc*... If users have paid us, why bother? If we dont have any competition, why bother? if *** why bother?
Capitalism - Profit at all costs.
---
If the virus writer developed the code and released it under the GPL then you know its a linux user, but I doubt that is the case. The source was not distrobuted along with the binary. So it must be a conspiracy against OSS.
I'd go even further and not run anti-virus software. That's like buying anti-coke from a coke dealer.
When I hear of good OSS anti-virus software, then I'll consider it. :) But I'll consider putting it on my firewall, which is currently a Linksys router (alright, no firewall on it, bang me up). In any case, I'm immune to those Windows viruses anyway. ;)
Like what I said? You might like my music
Hey, MS partisans, go tell us again how Linux is as vulnerable as Windows?
Lisp is the Tengwar of programming languages.
Why can't the av companies use the same name? Novarg? Doom? There's no difference. It might be less confusing for those less technically able.
I'd guess we could call this the Litigious Bastards virus.
Sigs. We don't need no steenking sigs.
According to F-Secure,
However, nearly all the copies of the virus I received in my inbox today (10 or so) have been addressed to bogus addresses that don't really exist. Because I own a domain, and there is a catchall set up, I still got them, but I am 100% positive noone has addresses like linda@[my domain] or adam@[my domain] in any files on their hard drive.
So this means either it generates its address list some other way, or someone who was infected had a list of these fake addresses on their computer ... a spammer maybe? I guess if you're a mass-mailing virus, then infecting a spammer's computer must be heaven ;p Still considering how easy it is to avoid infection, I expected more from the spammer community...
"Why are you watching the washing machine?"
"I love entertainment, as long as it's clean"
I received 3 copies so far. First one was: "Mail transaction failed. Partial message is available. readme.scr" I was confused, because I never heard that incomplete mail transfer leaves messages like this, so I tried to open it. When I saw it was a binary file, then I recalled that .scr is Windows screen saver extension, and that this is obviously virus.
Problem is that I eagerly open every file I get - I run Linux, so I don't wory about such problems, and I always want to see what's inside. For instance, next copy had a zipped .bat file, and I wished to see the code (it is binary, actually, not a real .bat). What will I do if I have to read my email once on Windows?
Linux made me have dangerous habits!
No sig today.
I just has a though: 1. Write virus 2. Deploy Virus on Internet 3. Ext... Get license money from everyone who 'installed' the virus 4. Profit
My ISP just informed me yesterday that my conn will be down during Feb 1st. Damn, I was going to install da dedicated win2k-server to participate on the DOS. Looks like I will be missing this one ;-/
How long will these worms continue before someone leverages, and wins, a class action lawsuit against Microsoft for making bad product?
There's my rant. Now for the really interesting stuff
It's very polite of the crackers to intentionally avoid infecting .edu domains.
Is it just me, or am I seeing a disproportionate number of these virus-laden emails coming from a single IP address?
66-7-242-122.cust.telepacific.net [66.7.242.122])
OrgName: LAZER TELECOMMUNICATIONS INC
OrgID: LAZERT
Address: 1040 SERPENTINE LN
City: PLEASANTON
StateProv: CA
PostalCode: 94566
Country: US
NetRange: 66.7.242.120 - 66.7.242.127
CIDR: 66.7.242.120/29
NetName: TP-66-7-242-120-CUST
NetHandle: NET-66-7-242-120-1
Parent: NET-66-7-224-0-1
NetType: Reassigned
Comment:
RegDate: 2002-07-19
Updated: 2002-07-19
TechHandle: LD457-ARIN
TechName: Dougan, Lisa
TechPhone: +1-925-462-0505
TechEmail: customer@telepacific.net
OrgTechHandle: LD457-ARIN
OrgTechName: Dougan, Lisa
OrgTechPhone: +1-925-462-0505
OrgTechEmail: customer@telepacific.net
# ARIN WHOIS database, last updated 2004-01-26 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
clamav
Setup of AVG requires you to give them a name and a valid email address (which they check by sending a "serial number", and presumably later spam to death), so it is NOT FREE.
Just because what you give them is not money, that doesn't make the software free (as in beer or speech).
AVG Anti-Virus is as free as NYTimes registration.
I don't care who wrote it, I don't care why they wrote it and I don't even care how they wrote it.
I DO care that I've had to spend a morning running around like a blue arsed fly to make sure that all my users and servers are updated.
I DO care that in ~ 1 1/2 hour I've intercepted 150 of the bloody things, and I do care that I've a Doctor's appointment about my blood pressure this afternoon and this won't have helped.
Might I suggest a career in system administration for all the charming little children who think this is a good thing.
Boring Old Fart (40, married, 3 kids...er no...make that 49, married, 3 grown up kids...it's been a long time)
Yes. In order to secure your machine it will be necessary to rip the network cable out of the wall. Do not attempt to merely grip the RJ-45 connector and slip it out of the socket without using a massive ammount of force. Me, I recommend setting fire to the network cable first. It is imperative that the network connection is damaged beyond repair when performing these security measures...
oh.. wait..
Harald
>8")
i have, for that 3 posible reasons. a: running on linux their website b: using a 244 nodes Linux beowulf cluster c: the virii hasn't spread much yet... i'll have to keep waiting
Putting a windows cd backwards, plays evil messages, but it gets worse, putting it right, installs windows.
You'd think that people would learn from this that Windows isn't secure, isn't safe, is harmful not only to one's own work but also to the work of other people, and needs to be locked off behind a firewall and tightly guarded with antivirus software.
You'd think that people would have learned this lesson when Blaster hit. Or SoBig. Or Melissa. Or ILOVEYOU. Or Klez. Or SirCam. Or Code Red. Or Nimda. Or Chernobyl. Or Anna Kournikova. Or Bugbear.
While everyone else has been creating fault-tolerant systems, Microsoft has been creating fault-tolerant users.
Meanwhile, what's happening to Bill Gates? Is he under scrutiny by federal investigators? Are his ability, his motives, or his priorities being questioned? Has his name become a dirty word? Nope, he's being knighted. He will be made a Knight Commander of the Most Excellent Order of the British Empire, a post which sounds like it was previously held by Theodore Logan and Bill S. Preston, Esq.
When is Microsoft going to be held accountable for the weaknesses of its software?
What evidence do you have that AVG will spam you? This is simply your own OPINION, and unless you back it up with fact.
Grisoft, makers of AVG do NOT spam you. I have "registered" my copy of AVG using an email address that is free from spam. One year later, it it STILL free from spam.
The reason for them asking for your email to provide a serial number is because the free AVG is only free for NON-COMMERCIAL, PERSONAL use.
By using individual serial numbers, AVG can tell (during Virus definition updates) if a free copy is installed on many machines with the same serial key.
This setup simply makes it impossible for companies to use the free version which they are not entitled to.
Have a nice day!
hehe! I just noticed that this is the first virus that uses both Windows and Linux to DDOS scox!!
Windows users get infected in the usual way and DDOS's sco.
Linux users, like true "DIY" kings, read about it in SLashdot then DDOS sco servers using a good ol slashdotting!
Have a nice day!
Oh, if only I had mod points. That was hilarious. Thanks.
and to ad insult to the inury a reply
from MS Expert Christopher Budd:
From the press:
Christopher Budd, a security program manager
with Microsoft, said the worm does not appear to
take advantage of any Microsoft product
vulnerability."
Squeeze me?
Baking powder?
Where does the adress books(key ingredient
to the virus transport mechanism) come from?
Unix PINE?
Gnome EVOLUTION?
talk about a moron from moronia!
- these are not the droids you are looking for -
Google now shows Caldera as the first hit for a search on "litigious bastards", while www.litigiousbastards.com (a site about SCO) comes up about five down. Go team!
do not read this line twice.
www.SCO.com seems very very slow at the moment. Could it be that it's getting affected this badly by the DOS attacks already already? Or is it just getting /. by others as curious as me? :)
That sample message page is blocked by our web filter!
Since BellSouth.net is about to block port 135. It seems systems will never actually get patched. ISPs will simply block more ports. When they get to port 80, its "GAME OVER". We will have REALLY BIG pipes in to the home that can do nothing. I have always thought the safest solution to viruses and security would be to simply Un-Plug the Internet.
My understanding is that you need to run the attachment manually. Is this wrong?
Let's show the linux users and slashdot readers are leet and trace the origin of this virus. Some people here seem to have been amongst the first to have the dubious honor of receiving this critter, which will help a lot with the tracing.
I just got spam'ed with 5 of these emails and the virus attached. Someone please remind me why these people who keep opening attachments are allowed to use computers again?
[alk]
What? You've never heard of best practices? Hardware firewall, no open ports, get rid of IE and OE(because you could patch and tweak them all day, but why not just use something that isn't targetted in the first place?), don't stick just any herpes infected, slime covered disk into your drives, don't use p2p, and if you have to(because you're poor), don't use a mainstream piece of software that the RIAA uses to target people for lawsuits...
C'mon people, this is like day 1 security. Even so, why do so many people get infected?
It's been a long time.
Of course I heard of best practices... And you quite accurately described the way I handle my WinXP box. But my point was that even that won't give you absolute security - god only knows which exploit will pop up in windows next week.
This comment does not exist.
echo GET A GODDAMN ANTIVIRUS PROGRAM YOU FUCKING MORON' | smbclient -NM -U AnnoyedSysadmin
Supposedly you can specify an ip instead of NetBIOS name with smbclient but I couldn't get the syntax right. An alternative is to write the offending ips to Samba's lmhosts file the send to all the made up NetBIOS names:
66.24.49.13 ASSHAT001
24.130.42.139 ASSHAT002
etc.
I just think it's funny that Slashdot STILL reports *user-run* attachments as "Windows viruses," as though it's some major flaw in Windows that users are dumb enough to run whatever executables come into their inbox.
Hell, my Outlook won't even let those attachments through to begin with. "BUT IT'S A WINDOWS VIRUS!!1"
Just examine this line of Base64 code in the payload:
D do yVobDC1+8KKEltlL7rG06Evfk4
NHmh3Bpbj+Ywbc0gds8rivxRuSSS/////wN37mjlZehul4O
If we want to be victorious in the open source/Linux vs. SCO, then we must hold ourselves higher than supporting DOS attacks against SCO.
Um, you do realize that most of us are joking, right? Most of us believe it's funny, but can't really 'support' it.
(Mainly because we don't know the author's paypal email address.)
This tagline brought to you by 1500 monkeys in just under 17 years.
You forgot the actual tip that would have helped these infected people - don't open unexpected attachments. This worm doesn't need OE to spread - it has its own SMTP engine.
I don't think the unexpected attachments rule will ever get through some peoples heads, though...One of the local newscasters saw an email from himself, with an attachment, and opened the attachment because he was curious about what he sent himself...
Denver Isuzu Suzuki
I had WinMe at home for a couple of years, and it was pretty similar to Win98 in reliability - occasionally I'd have to scrape&reinstall, but pretty rarely. (On the other hand, the features that led me to by Win98SE and WinME didn't work very well.) But the Compaq version on my mother-in-law's PC was a disaster.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
OK, so it attempts a DDOS on SCO. Big deal. There's other questions I have about this virus that nobody's answered anywhere yet.
1. Why are most of the copies I'm seeing coming from Israel?
2. Sophos say it searches for addresses, yet I'm seeing it going to the usernames joe and fred at several domains where those users don't exist. Is that programmed into the virus, or has a spammer been hit before he could email joe@every domain he could find?
Right... somebody could come along and plug it back in.
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
It's just that Slashdot does this every time there's even a tiny percentage of a worm epidemic out there. It becomes major headline news with a headline like like "Yet Another Windows Worm." "Today's Windows Virus." It's obvious flamebait.
If Paul Thurrot's Wininformant.com had been posting articles entitled "Yet Another Linux Worm" and "Today's Linux Virus," you'd see what I mean.
DDoSsing SCO is not a good thing [tm] It will only give them more ammunition to throw at the open source community and will strongen their case that the whole open source community is a bunch of evil anarchists.
This virus is so good for them, you'd almost think they wrote it themselves.
Common sense is not so common - Voltaire
That's one of those things that goes back so many years, if you haven't gotten the point by now, you shouldn't be using comptuers at all.
The reason I'd switch from OE, is to be certain you can use e-mail like you used to -- that is, able to open any file that isn't an executable of some kind.
It's been a long time.