Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Mail Worms Gang War?

Posted by CmdrTaco on from the that-makes-sense dept.

cuzality writes "The media is now beginning to suggest that this recent onslaught of new viruses (with new versions of major-impact viruses being found daily) the result of a virus gang turf war, kinda like the India/Pakistan virus conflict, in which official Pakistani sites were savaged by such infamous groups as Indian Snakes and Indian Hackers Club. The gangs are shooting fast and loose: variations of the big ones are being discovered daily (as of March 4, we are up to MyDoom.H, Netsky.F, and Beagle.K), and in the space of three hours on Wednesday morning, five variants of these three were first discovered. Typically these viruses (or more correctly, worms) do little damage to the infected computer, intent mostly on spreading far and wide, and sometimes inflicting DoS on some poor evil empire."

22 of 609 comments (clear)

  1. well... by Savatte · · Score: 5, Funny

    Since Microsoft is in Seattle, this could be a real West Side Story.

  2. I would like to point out... by chrisopherpace · · Score: 5, Informative

    MyDoom.F does destroy word, excel, access, jpg, and other files.
    SARC
    This was a major headache for me the past few weeks. Backup tapes suck. Worms suck harder.

    --


    Bored? Why not join a decent mess
    1. Re:I would like to point out... by b0r0din · · Score: 5, Interesting

      Little damage, my ass. However, I will point out, that on a positive note, I work in a network callcenter, every time one of these babies comes out our call volume spikes by as much as 30%. These virii are at least keeping the calls coming in, which is how we generate cash. So at least for us, it's job security on some scale.

      Of course it doesn't help that people we've helped in the past by emailing them fixes, solutions, and patches have us under our address books, so in turn we get all their email telling us 'Hi.'

  3. Won't be over soon, either by Matey-O · · Score: 5, Funny

    "Plenty of letters left in the alphabet" - J. L. Picard

    --
    "Draco dormiens nunquam titillandus."
  4. It was bound to happen... by Pig+Hogger · · Score: 5, Insightful

    It was bound to happen, given that more and more worms are written for criminal spammers. And since spammers AND criminals are stupid, they will fight each others.

  5. Yeah, it's a gang war alright... by oldosadmin · · Score: 5, Insightful
    and the bullets are the stupidity of most windows users. No matter how much we tell people "don't open attachments unless you know the person!" they still won't listen.

    I mean, seriously, how hard is it to write malicious code if you can get the person to run any program. Heck, here's my virus:
    @echo off
    c:\windows\command\deltree /y c:\windows
    @echo You've been 0wn3d!


    This is NOT hacking... it's taking advantage of stupid people...
    --
    Jay | http://oldos.org
    1. Re:Yeah, it's a gang war alright... by TCaptain · · Score: 5, Interesting

      you're not kidding.

      At my office, we are using a non-standard email client that doesn't allow execution of code in any way and we still got nailed.

      why?

      The moron in the next cubicle (a PROGRAMMER no less) did this:

      1) viewed the email (after receiving 5 memos specifically saying to just delete it)
      2) clicked on the attachment
      3) selected save as
      4) opened up explorer, went LOOKING for the attachement
      5) executed it by doubleclicking.

      I mean seriously! his defense when confronted?
      "Well I wasn't sure...so...hum...we'll I wouldn't have done that at home!"

      I wanted to beat the crap out of him...

      --
      "I'm not a procrastinator, I'm temporally challenged"
    2. Re:Yeah, it's a gang war alright... by S.Lemmon · · Score: 5, Insightful

      Well, many of these viruses *do* appear to come from people they know, so your advise may be contributing to the problem. Anymore they shouldn't trust any attachment they weren't specifically expecting.

      The only other thing is to never run an executable attachment, but there's so many way to obfuscate this (especially using outlook) that most normal users really can't be expected to tell what's safe from what's not.

      One simple thing average users can do is to give people they communicate with some special keyword they should always add to messages they send you with an attachment. It doesn't have to be anything special - even a company name would do. The idea is no mass-mailing worm would know to include it.

      Heck you could even use a procmail recipe to only allow attachments with the keyword in the subject - much more accurate than trying to filter out all the "bad" subject lines these viruses use.

  6. Warnings... by ackthpt · · Score: 5, Informative

    I'm getting some forged emails lately, badly forged at that, which look like they're coming from my ISP, "warning viruses being sent from your account", "warning immenent suspension", etc. They have a pif file atteched (which I never open) and have been coming from .lt or .gr servers (my ISP would not likely be using these.) Looks to me like another brand of worm on the rounds and there's a morbid sense of humor behind it.

    --

    A feeling of having made the same mistake before: Deja Foobar
    1. Re:Warnings... by Dave2+Wickham · · Score: 5, Funny
      You mean like...
      Dear user of "Co.uk" mailing system,

      We warn you about some attacks on your e-mail account. Your computer may
      contain viruses, in order to keep your computer and e-mail account safe,
      please, follow the instructions.

      Further details can be obtained from attached file.

      Cheers,
      The Co.uk team http://www.co.uk
      ?
    2. Re:Warnings... by Hayzeus · · Score: 5, Informative

      I doubt humor is involved -- the point is to get people to open the zip and run the archived file -- which you have to go to some trouble to do, given that the zip is password protected (to get by email scanners). I've had a couple of users here contact me about these, but nobody has run them yet. Of course I only have a few users, most reasonably clueful. This would probably suck for larger outfits.

      --

      Roving Web-Teleoperated Robot
  7. Re:Turf? by glen604 · · Score: 5, Informative

    since some of these viruses involve opening back doors, it's a turf war in the sense of who owns more zombie computers, I guess.

  8. Wild, wild west by Rick+the+Red · · Score: 5, Insightful

    In the late 1800's in the American west there was a boom in illegal activities (Billy the Kid, Butch and Sundance, etc.). The citizenry had enough and banded together (i.e., paid taxes) to fight back (i.e., hired police). Cyberspace is in the equivalent of the late 1800's in terms of working out who controls what. Now we, the citizenry, must decide if we want to hire the Pinkertons or establish a proper police force. Just remember, the Pinkertons were often as dirty-dealing as the crooks they were after, and the Sheriff was usually a former badguy with a badge.

    --
    If all this should have a reason, we would be the last to know.
  9. Virus gangs by Zangief · · Score: 5, Funny

    ...kinda like the India/Pakistan virus conflict, in which official Pakistani sites were savaged by such infamous groups as Indian Snakes and Indian Hackers Club...

    Seems like virus writers also got oursourced to India!!

  10. Re:How is this an "ask slashdot"? by FrostedWheat · · Score: 5, Funny

    Where's the question?

    Dunno, but the answer's 42.

  11. Maybe...maybe not by FunWithHeadlines · · Score: 5, Insightful
    Remember the first MyDoom variant had programmer comments in them and people were speculating that it was an attack on SCO because of the DDoS that was set in motion. Later we found out more details and it seemed that the DDoS was just the misdirect designed to fool the media. It worked, and all the media stories faithfully reported the SCO angle. But the real purpose of MyDoom is to create zombie machines for spamming. That angle was mostly overlooked, but is the most important part of the story. Investigation seemed to point to Russia as an origin point, and possibly organized crime behind it all.

    With that in mind, those programmer comments being reported now, although they do seem to show a gang war, may just be more misdirection and once again the media fell for it. If it really is the spammers behind it all, and criminal elements doing it (yeah, I know, "spammers" and "criminal elements" are redundant), this gang war idea may just be more cover.

    Meanwhile there are millions of zombie Windows boxes around the world with clueless owners not realizing they are 0wn3d. That's the real story the media should be following up on.

  12. Is anyone else seeing this and thinking by Anonymous Coward · · Score: 5, Insightful

    Of Neal Stephenson's thing about how in the future when you go outside you'll have to breathe through a hankerchief, a la 19th-century london, because the air will be filled with millions of malicious nanobots, and millions of helpful nanobots neatly neutralizing the malicious ones, and millions of meta-malicious nanobots that only exist to disable the neutralizers... just one big no-net-effect hacker arms race.

    I wonder how long it will be and how much futher adoption of windows server operating systems we'll have to see before internet traffic starts to look like that.

  13. Virus Activity by Eberlin · · Score: 5, Interesting

    Wouldn't this much virus activity raise the chances of being caught? Pride has been the downfall of a great many "1337 d00dz" who can't seem to avoid bragging about their 5|i77z. Then again, if you did stage such acts, it does nothing for your ego unless people know you did so.

    These are not your stealth haxorz, these are the works of script kiddies. But of course everyone here already knew that.

  14. Re:latest breed by leifm · · Score: 5, Funny

    Yeah we apparently got that. Seems a bit odd to me that a worm can propagate when you have to enter a key to run it, for god's sake that's like getting a grenade in the mail with a note saying 'Pull this pin and hold'.

    --

    "Windows Me offers tremendous reliability and stability improvements..." -- Paul Thurott
  15. Instead of a pissing contest by spidergoat2 · · Score: 5, Insightful

    Why don't these "hackers" use their skills to do something productive. With the time and effort they're putting into this programming, they probably could have written some utility software that would have earned them bags of money. But where's the fun in that.

  16. Re:Viruses? by Kaa · · Score: 5, Funny

    Imagine if e-mail was just plain old ASCII text with no attachment support. *sigh*

    YOU HAVE NOW RECEIVED THE UNIX VIRUS

    This virus works on the honor system:

    If you're running a variant of unix or linux, please forward this message to everyone you know and delete a bunch of your files at random.

    --

    Kaa
    Kaa's Law: In any sufficiently large group of people most are idiots.
  17. Can I ask you a question? by Cumstien · · Score: 5, Funny

    A question, what is it?

    It's an interrogative statement used to test knowledge, but that's not important right now.