Slashdot Mirror


Microsoft Mail Worms Gang War?

cuzality writes "The media is now beginning to suggest that this recent onslaught of new viruses (with new versions of major-impact viruses being found daily) the result of a virus gang turf war, kinda like the India/Pakistan virus conflict, in which official Pakistani sites were savaged by such infamous groups as Indian Snakes and Indian Hackers Club. The gangs are shooting fast and loose: variations of the big ones are being discovered daily (as of March 4, we are up to MyDoom.H, Netsky.F, and Beagle.K), and in the space of three hours on Wednesday morning, five variants of these three were first discovered. Typically these viruses (or more correctly, worms) do little damage to the infected computer, intent mostly on spreading far and wide, and sometimes inflicting DoS on some poor evil empire."

21 of 609 comments (clear)

  1. How is this an "ask slashdot"? by epsalon · · Score: 4, Insightful

    Where's the question?

  2. It was bound to happen... by Pig+Hogger · · Score: 5, Insightful

    It was bound to happen, given that more and more worms are written for criminal spammers. And since spammers AND criminals are stupid, they will fight each others.

  3. Yeah, it's a gang war alright... by oldosadmin · · Score: 5, Insightful
    and the bullets are the stupidity of most windows users. No matter how much we tell people "don't open attachments unless you know the person!" they still won't listen.

    I mean, seriously, how hard is it to write malicious code if you can get the person to run any program. Heck, here's my virus:
    @echo off
    c:\windows\command\deltree /y c:\windows
    @echo You've been 0wn3d!


    This is NOT hacking... it's taking advantage of stupid people...
    --
    Jay | http://oldos.org
    1. Re:Yeah, it's a gang war alright... by S.Lemmon · · Score: 5, Insightful

      Well, many of these viruses *do* appear to come from people they know, so your advise may be contributing to the problem. Anymore they shouldn't trust any attachment they weren't specifically expecting.

      The only other thing is to never run an executable attachment, but there's so many way to obfuscate this (especially using outlook) that most normal users really can't be expected to tell what's safe from what's not.

      One simple thing average users can do is to give people they communicate with some special keyword they should always add to messages they send you with an attachment. It doesn't have to be anything special - even a company name would do. The idea is no mass-mailing worm would know to include it.

      Heck you could even use a procmail recipe to only allow attachments with the keyword in the subject - much more accurate than trying to filter out all the "bad" subject lines these viruses use.

  4. Wild, wild west by Rick+the+Red · · Score: 5, Insightful

    In the late 1800's in the American west there was a boom in illegal activities (Billy the Kid, Butch and Sundance, etc.). The citizenry had enough and banded together (i.e., paid taxes) to fight back (i.e., hired police). Cyberspace is in the equivalent of the late 1800's in terms of working out who controls what. Now we, the citizenry, must decide if we want to hire the Pinkertons or establish a proper police force. Just remember, the Pinkertons were often as dirty-dealing as the crooks they were after, and the Sheriff was usually a former badguy with a badge.

    --
    If all this should have a reason, we would be the last to know.
  5. Of course these viruses are for posturing by krog · · Score: 4, Insightful

    The only reason anyone writes a virus these days is to do it. Even when there's an added payload (like a DDOS to www.sco.com), the virus is out there solely to be out there. The fact that it's due to rivaling gangs makes perfect sense.

    If someone were to write a truly destructive virus (you open it, it sends itself to everyone in your inbox, then promptly writes random data over your hard drive) then we'd really see people start to take viruses seriously.

    Even the most "destructive" viruses in recent history have wimped out in some way -- just consider Michelangelo, which was hard-coded to become destructive at a much later date, long after it would be discovered and patches written.

  6. Re:I would like to point out... by captainstupid · · Score: 4, Insightful

    Yeah, the article poster mentioned that they did "little damage". I don't think destroying .sav files with 95% probability on local and remote drives constitutes little damage.

    --
    "Anyway, long story short... is a phrase whose origins are complicated and rambling...." - Abraham Simpson
  7. Maybe...maybe not by FunWithHeadlines · · Score: 5, Insightful
    Remember the first MyDoom variant had programmer comments in them and people were speculating that it was an attack on SCO because of the DDoS that was set in motion. Later we found out more details and it seemed that the DDoS was just the misdirect designed to fool the media. It worked, and all the media stories faithfully reported the SCO angle. But the real purpose of MyDoom is to create zombie machines for spamming. That angle was mostly overlooked, but is the most important part of the story. Investigation seemed to point to Russia as an origin point, and possibly organized crime behind it all.

    With that in mind, those programmer comments being reported now, although they do seem to show a gang war, may just be more misdirection and once again the media fell for it. If it really is the spammers behind it all, and criminal elements doing it (yeah, I know, "spammers" and "criminal elements" are redundant), this gang war idea may just be more cover.

    Meanwhile there are millions of zombie Windows boxes around the world with clueless owners not realizing they are 0wn3d. That's the real story the media should be following up on.

  8. Is anyone else seeing this and thinking by Anonymous Coward · · Score: 5, Insightful

    Of Neal Stephenson's thing about how in the future when you go outside you'll have to breathe through a hankerchief, a la 19th-century london, because the air will be filled with millions of malicious nanobots, and millions of helpful nanobots neatly neutralizing the malicious ones, and millions of meta-malicious nanobots that only exist to disable the neutralizers... just one big no-net-effect hacker arms race.

    I wonder how long it will be and how much futher adoption of windows server operating systems we'll have to see before internet traffic starts to look like that.

  9. So move to a better neighborhood by Daniel+Dvorkin · · Score: 4, Insightful

    If being the victim of a Microsoft worm is like being caught in the crossfire of a gang war, there's a simple solution: stay out of the line of fire. If you had a choice between one house in a safe neighborhood, and another house of roughly the same price in a neighborhood where bullets from the local crack dealers were coming through your walls at three in the morning, where would you choose to live?

    --
    The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
  10. Viruses? by ThisIsFred · · Score: 4, Insightful

    Are these really viruses? Only two are actually mass-mailing worms that don't rely on Outlook's address book to send themselves. All of them rely on the user to open and run the malware program. Some of the MyDoom variants I'm seeing don't even make a feeble attempt at social engeering. Apparently most users are just downloading and executing attachments without even thinking. This despite all the warnings and hype surrounding e-mail containing "viruses".

    Imagine if e-mail was just plain old ASCII text with no attachment support. *sigh*

    --
    Fred

    "A fool and his freedom are soon parted"
    -RMS
  11. Instead of a pissing contest by spidergoat2 · · Score: 5, Insightful

    Why don't these "hackers" use their skills to do something productive. With the time and effort they're putting into this programming, they probably could have written some utility software that would have earned them bags of money. But where's the fun in that.

  12. What good are the top 10 lists? by LostCluster · · Score: 4, Insightful

    TechTV's The Screen Savers last night suggested that one of the motivations of competitive virus writers is because the anti-virus companies put out rank-order lists such as the one shown on SARC's homepage. Maybe those lists should be discontinued to at least knock down some of the motivation?

  13. "Microsoft" mail worms? by Temporal · · Score: 4, Insightful

    Did Microsoft create them? No.

    Do they exploit any vulnerability that Microsoft is responsible for creating? No. (They spread by tricking users into running the attached executables.)

    I know it's fun to pretend that everything bad is Microsoft's fault (and I'm no fan of Microsoft myself), but come on... how does it make any sense to prefix something with "Microsoft" when Microsoft had absolutely nothing to do with it? What's next? "Microsoft OpenSSL vulnerability discovered"? "Microsoft recording industry sues 12-year-old kid"? "Microsoft PATRIOT act renewed"? "Hacker charged with violating the Microsoft DMCA"?

    1. Re:"Microsoft" mail worms? by happyfrogcow · · Score: 4, Insightful

      And who let users run arbitrary code through email, by simply "clicking" on it? And who lets users think they are opening mundane jpg's, doc's or other file types when in fact they are not?

      Microsoft might be one name that comes to mind, if not the largest, most widespread software developer in the known universe.

  14. Re:Warnings... by jfengel · · Score: 4, Insightful

    I've gotten this one to two of my domains. It's actually comparatively persuasive. I went so far as to open the zip file, though I certainly didn't run the .exe. Mine accuses me of sending spam from my mail server, which I suppose isn't entirely impossible, since I've been accused of sending spam before once or twice. (I send out announcements to a small set of people, and on occasion people who have fallen out of the group get irate when I haven't removed their names.)

    It came directly to my mail server; it hadn't been relayed. That makes sense: anybody may contact my mail server to send mail, as long as it's to me.

    But this makes a lousy worm, since most people don't own their own domains. This will 0wn only a fairly limited set of computers, compared to the bazillions of zombies you can get by fooling people who use a major ISP but don't own their own domains.

    This one doesn't even really require worm-ness. It goes out only to registered mail servers, which is small enough to connect to individually by one or two dedicated computers with broadband connections.

    I wasn't in the mood to trace down who was responsible for it,but I hope somebody does.

  15. Re:Warnings... by sTalking_Goat · · Score: 4, Insightful
    I'm going to write a worm that sends ppl emails that say "I am a worm. Don't open my attachment."

    It will be the fastest spreading worm in history...

    The human race never ceases to amaze and disapoint me.

    --

    My days of not taking you seriously are certainly coming to a middle...

  16. Good bit of social engineering by YrWrstNtmr · · Score: 4, Insightful

    This is only a Microsoft worm/virus/trojan in the sense that it runs a Windows exe. This is NOT a failing with Outlook or Outlook Express. This code can be run from ANY client that allows attachments

    [paraphrased email text below]
    "Hi, I'm the admin from [YourEmailServer]. We've been getting complaints about your account, and we think you have a virus. Please open the attachment, and run the file. Password is 12345
    Cheers, [YourEmailServer]

    Haven't we been asking the ISP's to get on top of the virus problem? Well...here comes an email, supposedly doing just that!

    "We think you have a problem, and here's how to fix it"

    This exact same thing could have been targeted to the OSX environment, or a *nix script.
    "Hi, due to the traffic we've noticed, we think your Mac/Linux box has been compromised. Please run this script to identify and fix the problem."

    Now...most *nix users are a bit more clueful and suspicious. But, more than a few would be caught out.

    (and if you, the writer(s) of these things are out there reading this...this is NOT a compliment. You are not cute, nor are you inventive. You are merely a fool. And one that will be caught. Hopefully for you, by the authorities. They will be much easier on you than we will be...we won't be using vaseline)

  17. Re:suing Microsoft by rsmith-mac · · Score: 4, Insightful

    Seriously guys, who moderated this up? The latest round of worms take advantage of exactly 0 security exploits in Windows or assorted applications; they're all social engineering. Even if Microsoft is loaded with cash, you can't seriously expect them to pay out for what is fundamentally a problem with the users. Your second idea(go after the users) makes sense, but you can't sue someone just because their users are morons, it makes no sense.

  18. Re:I would like to point out... by clare-ents · · Score: 4, Insightful


    "Of course it doesn't help that people we've helped in the past by emailing them fixes, solutions, and patches..."

    There's nothing like convincing people to open random excutable attachments to keep your job safe.

    --
    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. (Einstein)
  19. Re:Insightful? by Tango42 · · Score: 4, Insightful

    No. He meant redundant. A redundant question is one that doesn't need to be asked, a rhetorical question is one that doesn't need to be answered. Big difference.