Slashdot Mirror
PhatBot Trojan Spreading Rapidly On Windows PCs
prostoalex writes "The Washington Post alerts Windows users about a new peer-to-peer backdoor client that is installed maliciously on broadband-connected computers around Asia and the United States. The client is then used for distributed DOS attacks and sending out large amounts of spam. Phatbot, according to government sources, is installed on hundreds of thousands machines already. Phatbot snoops for passwords on infected computers and tries to disable firewall and antivirus software, albeit it is detectable by antivirus packages." An anonymous reader submits a link to this description of the beast.
... or does this sound dirty to you too??
a new peer-to-peer backdoor client that is installed maliciously
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
Since when did Snoop Dogg start writing code? Shizzle, dawg, dis virizzle be PHAT!
# Has the ability to polymorph on install in an attempt to evade antivirus signatures as it spreads from system to system :)."
# Checks to see if it is allowed to send mail to AOL, for spamming purposes
# Can steal Windows Product Keys
# Can run an IDENT server on demand
# Starts an FTP server to deliver the trojan binary to exploited hosts - ends the FTP session with the message "221 Goodbye, have a good infection
# Can run a socks, HTTP or HTTPS proxy on demand
# Can start a redirection service for GRE or TCP protocols
# Can scan for and use the following exploits to spread itself to new victims: * DCOM * DCOM2 * MyDoom backdoor * DameWare * Locator Service * Shares with weak passwords * WebDav * WKS - Windows Workstation Service
# Attempts to kill instances of MSBlast, Welchia and Sobig.F
# Can sniff IRC network traffic looking for logins to other botnets and IRC operator passwords
# Can sniff FTP network traffic for usernames and passwords
# Can sniff HTTP network traffic for Paypal cookies
# Contains a list of nearly 600 processes to kill if found on an infected system.Some are antivirus software, others are competing viruses/trojans
# Tests the available bandwidth by posting large amounts of data to the following websites:
* www.st.lib.keio.ac.jp
* www.lib.nthu.edu.tw
* www.stanford.edu
* www.xo.net
* www.utwente.nl
* www.schlund.net
# Can steal AOL account logins and passwords
# Can steal CD Keys for several popular games
# Can harvest emails from the web for spam purposes
# Can harvest emails from the local system for spam purposes
How long before someone bootstraps a distributed Artificial life simulator to their virus and then we all watch in amazement as the first AI evolves and owns all our computers. This could never happen though...right?
Slashrank
...nothing.
windows users shouldn't be surprised at new viruses; it's not like they're getting worse, or like users are getting any smarter. generally speaking, if you're not an idiot, you won't get a virus. if you're not an idiot and you do, you can get rid of it easily--they really only seem to hurt people who are already pretty ignorant.
When a virus attempts to disable anti-virus and firewalls, there needs to be a better way to keep those programs operational and "clean". What if a virus altered your norton or mcafee to make it appear as though it is working(and not finding any viruses) when in fact it is not working at all?
What if anti-virus, firewalls, and other critical software could somehow run in read-only memory space, which would have a physical barrier so that no bugs in software could be exploited to alter this space?
What if we could "burn" memory space of a program to a CD rom so that a proper working, unaltered anti-virus and firewall could run without fear of being disabled?
But I'm getting so tired of these virus 'alerts' constantly bombarding me day in and day out!
It's as bad as spam! It's EVERYWHERE!!
I frequent a couple other message boards (damn, I almost said BBS'), and every few days, we get the same ol' thread...'VIRUS ALERT!!!!!!!'
We live in the information age. The information has been disseminated that Windows users are:
A) Prone to constant viral and security intrusions.
B) In desperate need to constantly update their AV software.
The SysAdmins who aren't keeping their servers locked down is another thing entirely...*grumble*
But really, ABC, NBC, CBS, all these guys have done several stories on system security...EVERYONE's got a nephew that 'knows a lot 'bout dem 'puters'...
I really don't understand why we're still being subjected to this crap. Virus news isn't news. It's spam.
(See! A whole post about viruses and I never mentioned the fact that I run OS X and Yellow Dog Linux exclusively!!! Not once have I mentioned that I've never had to worry about a virus at all!!!)
Yay me.
Don't park drunk, accidents cause people.
Just once, JUST ONCE, I'd like our knee-jerking media to actually provide details to the public on how to combat a virus, or trojan horse, or whatever, in the text of their article. I understand the unwashed masses read Yahoo News and Washington Post, but maybe if we started to inform the public on how to find out if you're infected, and how to remove the offending virus, more people would actually check to see if they are infected, and might re-think their surfing & downloading habits.
/end rant
I understand the average user can't use Registry Editor, but maybe provide a simple link or website to get a tool to remove the Phatbot thing a ma jig.
Happy St. Paddy's Day everyone, btw.
Check out the best P2P sharing website: MEDIACHEST.COM
Joe Stewart, a researcher at the Chicago-based security firm Lurhq, has catalogued Phatbot's many capabilities in an online posting. Those capabilities include: the "ability to polymorph on install in an attempt to evade antivirus signatures as it spreads from system to system"; "steal AOL account logins and passwords"; "harvest emails from the web for spam purposes" and "sniff [Internet] network traffic for Paypal cookies."
aol, go for it... emails from the web are already public, go for it... paypal cookies? now that's just plain wrong, the feds are going to love that one.
Runnin' On Empty
I can't find out how the gory details of backdooring a computer. Oh well, I guess I'll have to settle for the more traditional form of pr0n.
-- PhoneBoy
The views expressed herein are not necessarily those of anyone, including the poster.
A friend of mine recently sent me a funny email he had received, it indicated that Yahoo was bouncing back some emails to him because the receiver couldn't be found. Well, he didn't send any of these messages, but someone had spoofed there REAL NAME into the TO: field. His virus protection software was up-to-date, he didn't know what was going on, then he noticed in outlook the "save password" button no longer worked. Finally today, it's all starting to make sense. Don't know how he got the virus though, he's behind a firewall (NAT router), he doesn't go through much email. I have to guess it's all the porn he surfs.. Anyone else getting bounce backs?
Mod +5 Drunk
PhatBot Trojan would be a good name for a hip-hop group?
### fictional code comment snipet ### "The PhatBot team would like to shout a big thanks to the US Department of Infrastructure for their help in beta testing PhatBot!"
It's hard to believe these kind of trojans are not in any way related to spammers.
Just take a look at the feature list, it probably has more bells and whistles than most of the software out there.
Is there a way to trace back the master of these trojans and do something about it? Surely these trojans need to do something for their masters at some stage, probably waiting for commands somewhere.
Rock that crushes, Paper & Scissors that don't matter.
The authors are getting better at designing control networks, but all it will take is one grayhat with an infected node to watch a command being executed and use that information to take out the entire botnet.
Too bad it would be both grossly illegal and probably disruptive, because it would be a great favor to the rest of the net, to counter these botnets and squish-them into oblivion (at least this generation, until the attackers learn how to do authentication of commands correctly).
Test your net with Netalyzr
From the article:
R un \Generic Service Processe rsion\Run Services\Generic Service Process
"Manual Removal
Look for the following registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\
HKLM\Software\Microsoft\Windows\CurrentV
The associated binary may be srvhost.exe, svrhost.exe or a variation of the same. Kill the associated process in the Task Manager, then remove the "Generic Service Process" registry key. Remove the executable from the Windows system directory."
No it doesn't. WTH are you talking about? All it merely does it combine attacks against all known security flaws into a single package. It is also a trojan horse meaning that it uses user idiocy to get itself installed.
Hmm... I suppose user idiocy is a flaw that Windows has that Linux doesn't.
Okay, I see your point.
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
google cash
Has anyone come across a removal tool and/or removal instructions? They would be helpful for future reference.
Here is a helpful site. It provides instructions on how to get rid of windows viruses forever. Even ones not yet invented.
1) Extract Windows product keys
2) ???^H^H^H Email software keys to software@bsa.net and tell them that you think your employer is not running legitimate software. Include a paypal link for the reward
3) Profit
This bot looks NASTY.
-B
This is also known as the "Agobot"
http://news.yahoo.com/fc?tmpl=fc&cid=34&in=tech& ca t=hackers_and_crackers
http://www.f-secure.com/v-descs/agobot_fo.shtml
Detailed Description
First of all, this new variant has 'Phatbot3' identifier and there are a few 'phat' string in its body. This may indicate that this version was not made by the original Agobot backdoor author, who calls himself TheAgo, but by a different person/group who got the source code of this backdoor.
The backdoor's file is a PE executable 115738 bytes long compressed with PE-Diminisher file compressor. The unpacked file's size is over 245 kilobytes.
Installation to system
The Agobot.FO backdoor copies itself as NVCHIP4.EXE file to Windows System folder and creates startup keys for this file in System Registry:
[HKLM\Software\Microsoft\Windows\Curren tVersion\Ru n]
"nVidia Chip4" = "nvchip4.exe"
[HKLM\Software\Microsoft\Windows\Cu rrentVersion\Ru nServices]
"nVidia Chip4" = "nvchip4.exe"
This allows the backdoor's file to start with every Windows session. On Windows NT-based systems the backdoor can start as a service.
Scanning for vulnerable computers
The backdoor can scan subnets for exploitable computers and send a list of their IPs to the bot operator. The scan is performed on ports 80, 135 and 445 for RPC/DCOM (MS03-026), RPC/Locator (MS03-001) and WebDAV (MS03-007) vulnerabilities. The backdoor can also scan for computers infected with MyDoom worm (port 3127), Bagle worm (port 2745) and also for computers where DameWare remote system management software is installed (port 6129).
Performing a DDoS attack
The backdoor can perform the following types of DDoS (Distributed Denial of Service) attacks:
* HTTP flood * SYN flood * UDP flood * ICMP flood
When performing a DDoS attack, the backdoor uses 33 unique client identifiers including Mozilla, Wget, Scooter, Webcrawler and Google bot.
The backdoor sends 256000 bytes of random data to the following websites and checks the response times:
www.schlund.net
www.utwente.nl
www.xo.net
www.stanford.edu
www.lib.nthu.edu.tw
www.st.lib.keio.ac.jp
Collecting e-mail addresses
The bot can harvest e-mail addresses. It has the functionality to read user's Address Book and send the list of e-mail addresses to the bot operator.
Obtainint Registry info
The backdoor has the functionality to obtain System Registry info from an infected computer. This is a new feature for Agobot backdoor. Information obtained from the Registry can give a hacker a full overview of an infected system.
Spreading to local network
Agobot backdoor can scan computers on local network and copy itself there. The scan is initiated by a remote hacker. When spreading to local network, Agobot.FO probes the following shares:
admin$ c$ d$ e$ print$ c
Agobot.FO tries to connect using the following account names:
(SEE LINKS AT TOP FOR INFORMATION)
When connecting, Agobot.FO uses the following passwords:
(SEE LINKS AT TOP FOR DETAILS)
If the worm succeeds connecting to the above listed shares, it copies itself to a remote share and attempts to start that file as a service. The alternative way of infecting a remote host is to create a scheduled task on a remote computer that will start the backdoor's file.
Teminating processes of security and anti-virus programs
Agobot.FO has a huge list of process file names hardcoded in its body. The backdoor tries to terminate processes that have the following names:
(NAMES REMOVED SO POST WOULD WORK, FOLLOW LINKS AT TOP)
This functionality allows the backdoor to successfully disable anti-virus and security software that can not detect this backdoor before it's file is started. In most cases special tools are required to clean a computer infected with this backdoor.
Additionally the
Mod +5 Drunk
is installed maliciously on broadband-connected computers...
who knew that dial up internet was a form of virus protection? I dont feel so bad anymore!
WoW: Scheod 70 orc warlock on Shadowmoon
I see where you're coming from here. However, there's other considerations. Some of us must operate Windows boxes, so we must deal with it.
:)
Obviously the "security-by-news-alert" method of keeping your systems secure is stupid. We must still update our AVs and Spy cleaners and run them regularly. If we do that, we'll get almost every virus and spyware and never have to worry.
But some of like to know what the virus writers are doing. Trends in the virus business, as they evolve.
Some of us may have firewalls that we might wish to alter based on major recent virus activity. I'm sure the Blaster variants caused several admins to alter the RPC port configuration of their firewalls.
Isn't it better to be proactive rather than reacting to a virus-based DOS?
I agree, of course, that people shouldn't email their buddies "OMG VIRUS ALERT!!!111one!!11" as we are able to keep up on virus news ourselves. We don't need these emails.
The value of Slashdot posting a breaking story about a virus is early-warning in the event that we're sitting around reading Slashdot instead of doing our jobs and monitoring the other virus news systems.
# Erik
Here's an alternate link I am looking for removal instructions. BRB.
Indefinitely Detained US Citizen
I have a client who sends out an aviation newsletter, with a list size in the tens of thousands. They have their own dedicated mail server, running RH Linux that I set up for them. Email is virus filtered with MailScanner and f-prot.
No complaints for months. And then, I add a new account to the mail server and restart sendmail.
Within a few hours, I got complaints that the volume of email had at least tripled, and that *all* of the increase were viruses, being caught by McAffee! So bad it was difficult to simply empty out the inbox from all the popup notices of virus detection!
Turns out when I restarted sendmail, I didn't restart MailScanner, so it was not running, letting everything through.
Very sobering, to realize how bad viruses online have gotten...
I have no problem with your religion until you decide it's reason to deprive others of the truth.
...giving the RIAA another 1 to 2 million people to sue for--something...it is P2P after all;)
How long before someone bootstraps a distributed Artificial life simulator to their virus and then we all watch in amazement as the first AI evolves and owns all our computers. This could never happen though...right?
For a mainframe version of the story see _The Adolescence of P1_.
(I'd dig up an Amazon link but I'm busy right now.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
NANOG this past week has had to deal with "h4r 3y3 j4m an 3fnet p4ck3tm0nk3y" bs. What I don't understand is how some people download and install something without checking exactly what it is. Look at the spyware situation: "Click here for a free weather clock" It should be obvious that there is no such thing as free. Everything has some form of price. What I find most alarming, is that most corporations - Symantec, Network Associates, and the major Windows based antivirus makers including Microsoft who has not got there act togeter - unleash errata of mass destruction. "Buy this patch/firewall/antivirus foo foo foo product to protect you now!" Why not release some Macromedia Flash like tutorial along with their products to educate users about the dangers of downloading unnecessary 'tools/products/virtuagirls/etc' and how to protect themselves from these thing... I'm willing to bet if some company did something like this, most of these annoyances would drop big time
MoFscker
http://www.joestewart.org/phatbot.html
-Joe
http://ahmonra.port5.com/phatbot.html
I am Bennett Haselton! I am Bennett Haselton!
I find it interesting that I submitted this story shortly after 0900 EST in an effort to get the word out to /. readers, but it was rejected.
/. as an effective way to communicate issues like this to the technical community, or am I just bitching because my story was rejected?
Was I wrong to consider using
Good luck everyone out there who should be checking/cleaning your systems -
If the Government becomes a lawbreaker, it breeds contempt for law;
I've checked McAfee, Symantec, Sophos, and F-Secure.
F-Secure (an 'expert' in the article) has no listing for Phatbot.
On the positive side, it looks like this thing whacks any competing virus it finds on your computer. So if you have a bunch of sneaky little programs on your computer, all you have to do is "install" this program, then remove it. It's like letting a wild cat loose in a house full of mice, then catching the cat.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
How about a virus that does nothing but try to spread as far and wide as possible without doing anything malicious. Then, after a pre-determined ammount of time it would announce its presence to the luser and provide both instructions for its removal and common sense advice on how to avoid being infected by viri in the first place.
Viruses spread due to stupidity, ignorance, and laziness on the part of users. A virus like this MIGHT help with the ignorance part.
Now please don't think I'm advising anyone to go out and write such a thing, I'm only saying that I think the idea would be interesting.
I think it would also be interesting to hunt down the creators of malicious viruses and have them drawn and quartered, preferably on live TV. Next their parents should be beat within an inch of their lives for not raising them right in the first place.
Lee
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
Maybe they got the name from Fatbot on Futurama episodes Mars U and Crimes of the Hot.
This guy is way out there
One line blog. I hear that they're called Twitters now.
A quick search on McAfee and Symantec websites yielded no result for "phatbot" on Symantec, and a 18 months old virus on McAfee...
If the US government is announcing this publically, and the virus has already infected "hundreds of thousands of computers already", wouldn't the anti-virus companies *know* that?!?
After 3 days without programming, life becomes meaningless
- The Tao of Programming
Assuming that list is correct, with all the features, what are the chances the virus author actually coded them all? I'm guessing some extensive customization probably had to go into whatever code was used. Possibly it was created using open source libraries for certain components?
Also, this strikes me as the first truly bloatware virus... how big is this thing anyway??
What the hell happened to them? You know, when you used to download a program off of FTP or Firstclass, forgot to scan it for viruses, installed it, had your harddrive wiped clean. And then you had to reinstall from your backup floppies, and had no one to blame but your own stupid self?
Now its not your fault, and it hurts you as well as everyone else!
Manual Removal
Look for the following registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \Generic Service Processn Services\Generic Service Process
HKLM\Software\Microsoft\Windows\CurrentVersion\Ru
The associated binary may be srvhost.exe, svrhost.exe or a variation of the same. Kill the associated process in the Task Manager, then remove the "Generic Service Process" registry key. Remove the executable from the Windows system directory.
Snort Signatures
Here are some Snort signatures to detect Phatbot on a network:
alert tcp any any -> any any (msg:"Agobot/Phatbot Infection Successful"; flow:established; content:"221 Goodbye, have a good infection |3a 29 2e 0d 0a|"; dsize:40; classtype:trojan-activity; reference:url,www.lurhq.com/phatbot.html; sid:1000075; rev:1;)
alert tcp any any -> any any (msg:"Phatbot P2P Control Connection"; flow:established; content:"Wonk-"; content:"|00|#waste|00|"; within:15; classtype:trojan-activity; reference:url,www.lurhq.com/phatbot.html; sid:1000076; rev:1;)
Here is a problem I had never thought about with open source initiatives. What happens when someone steals your source without obeying GPL or anything and turns it into a monster? It would have ben *MUCH* harder for the PhatBot authors to code their own Waste-like clustering P2P system. Perhaps they might not have even been able to do so. Instead they grab an open source app and use it to create something ilegal, and in this case even dangerous.
These are the same problems faced in the emulation field. Many open source emu programmers do not allow any game from the past 2-3 years to be played, mainly to appease the corporations that still make arcade titles (SNK etc). But people open up their source and release renegade versions of their own apps without their permission and in violation of GPL and everything, often packaging them with illegal arcade ROMs.
www.mandrake.com
follow the links to download the ISO's and simply follow the steps after rebooting from disc 1.
you will now be 100% immune from any current and future microsoft compatable virus.
It's not a trojan - the article uses the wrong word. It's really a worm since it spreads through use of security exploits, not through user intervention.
-insert a witty something-
I AGREE!
I've was recently berated by some talking head (in writing) for insulting a clients "menstrual abilities", and making "inflammible remarks".
My boss read the letter to me, and asked me what I said to piss them off. He shit himself laughing when I told him I called the girl a halfwit.
"Problem lies between Keyboard and Chair".
At work we say "It was a Layer 8 problem". You can say that in front of non-geeks without them catching on.
Trolling is a art,
If linux were as popular as windows, I'm sure someone would exploit one of the widely published security holes in key linux software such as the kernel or other server software written in C. Just monitor the appropriate mailinglists if you are interested in the latest identified buffer overflows. Of course those running the latest patches would hardly be affected but we all know that world + dog doesn't update their linux software just like their windows counterparts don't update their windows software. However, worms and viruses need something linux cannot (yet) provide: substantial market penetration. Linux software has many known issues and many organizations are very reluctant to upgrade their software (redhat 6.2 is still found in the wild even though red hat has long since stopped supporting it, aside from really critical updates). However, deployed linux configurations tend to be very dissimilar so you are unlikely to find a security hole that affects more than a few percent of users (of which the total population is 1 or 2 percent of pc users according to the most optimistic estimates). Because of this linux viruses and worms cannot propagate. A good mailvirus needs an addressbook full of potential victims. A hypothetical pine worm would not find many potential victims in the average pine user's addressbook (is there such a thing in pine?).
:-).
:-).
This security is no inherent quality of the software but just a consequence of very few people using the same version of linux. Linux security is essentially security by obscurity. By using software that nobody else uses you avoid being targeted by viruses and worms that depend on mainstream adoption for propagation. Just like in nature, monocultures are vulnerable to viruses. I'm not saying that linux is insecure, I'm just saying that many people confuse the lack of attacks on linux with its alledged security.
If you want security, install BSD. Even less people use it and many BSD users suffer from severe paranoia (resulting in increased awareness with respect to security issues) so you are unlikely to be ever affected by the latent security holes that are waiting to be discovered. Even MS uses BSD software to keep the scriptkiddies out
Ironically, Microsoft's biggest security problem is that people are buying and using their products. I'm sure that is something they don't want to fix. Upgrading is another issue, MS is actively pushing their customers to upgrade (though not necessarily to protect them
Jilles
They use GPL'd code from WASTE but haven't released the whole source code! They're in a world of legal hurt now.
Want to run MS Flight Sim? It must be done as an administrator, even on XP. How many other games are like that?
I recently installed some financial software. Of course I had to do that as admin. It wouldn't run when I switched to my user acct. The vendor help desk's advice? It's designed to be accessed by one user. Read the EULA! Uninstall it and reinstall it from the user account. Oh, you can't do that? I guess you have a problem....
They also informed me that "we don't support firewalls", you have to disconnect that if you want help.
Hi Everyone
As many people have pointed out there is an utter lack of response by the top three anti-virus companies to this threat. I find this disturbing and also, unlikely. Why would the Department of Homeland Defense have better intelligence on a clearly US based threat (Phat is not an international phrase by any means) than the people who make their lively hood based on threat detection and elimination?
This has to me the markings of a hoax. The list of *features* as one poster put it is indeed staggering. That, coupled with the silence coming from Symantec, McAfee et al. makes it look fishy. A google search shows one recent post and a bunch of older hits (possibly the same as in the McAfee search ).
So that leaves me with 3 questions:
1 - Is it real
2 - How do we detect it
3 - How do we kill it.
--KS
Here is a problem I had never thought about with open source initiatives. What happens when someone steals your source without obeying GPL or anything and turns it into a monster? It would have ben *MUCH* harder for the PhatBot authors to code their own Waste-like clustering P2P system.
The same thing you do when someone buys a hammer and then uses it to kill someone. You just deal with it.
Once you distribute something, be it a physical object like a hammer, or source code, you loose a certain amount of control over it. It's just a fact of life.
Sure you could try and make your hammer harder to kill someone with, or make it stupidly difficult to buy a hammer in the first place, but all you really end up doing is hurting people who need your hammer for legitimate purposes.
Life is too short to proofread.
What happens when someone steals your source without obeying GPL or anything and turns it into a monster?
That's what Dr. Frankenstein said when he took the corpses for his creature. But he showed them, didn't he! They all thought he was crazy! Bbbut whooss teH CRzy onE now, HAH? You fooLS, YOU ALL LAUGHED, BUT IL HAV THE LAAST LAUHG!
MWAHAHAHAHAHA!
That would appear to be the case:
The author(s) of Phatbot chose to abandon Agobot's IRC and P2P implementations altogether and replaced them with code from WASTE, a project created by AOL's Nullsoft division (and subsequently canceled by AOL).
There is much cruelty in the universe, John.
Yeah, we seem to have the tour map.
Well, I suppose it's a lost cause (as with the "hacker" term), but I it can't hurt to point out that it really doesn't make much sense to call this program a "trojan".
The article suggests that this is a "trojan" because it lets attackers stealthily take control of your computer. But that was not what was remarkable about the historical Trojan horse. What was remarkable about it is that it was presented as a gift. The distinguishing characteric of a trojan is that it has a friendly outward appearance but contains a deadly payload. That's certainly not the case with Phatbot.
Rather, I'd say that Phatbot is a virus, because a) it is malicious and b) it doesn't rely on deception to spread itself. This is, again, subtly different from a worm, which generally aren't malicious, just annoying.
Of course it's water under the bridge at this point.
Actually, if you run a program like PView, that tells you a listing of all running processes, and the location of the file, you'll be able to see which are valid and virus versions.
I've never had a story accepted either, and on a number of occassions I've submitted stories hours, days or weeks before the topic appeared on Slashdot. It's pretty common; I wouldn't make anything out of it. It's quite possible that someone submitted the story before you did even earlier in the morning and the editors put that one in the queue to go up at 2:43PM. They pre-scheduled the various stories that go up hours (and sometimes even days?) in advance. Or perhaps they decided it was a worthy story after they saw the 27th submission of it.
I realized one day that we could essentially have a user-contributed, user-moderated article queue of sorts using the journaling system here. I've dedicated my journal to it. I haven't figured out how to draw larger traffic to it without making this a part-time job, but you're welcome to contribute to it and I welcome suggestions.
--LP
Have it grep the HD for pr0n keywords, and mail the results to Outlook's Adressbook. After that, nobody would think little of viruses ever again...
(here in double-moral country, that is)
Anybody remember the slot machine virus that
would store the disk's file allocation table in
memory, wipe it off the disk, and give you 3 tries to win it back?
Could an emulator like VMWare be useful? You could run a second Windows installation in a "sandbox" to use the old programs.
It is impossible to enjoy idling thoroughly unless one has plenty of work to do.
- Jerome Klapka Jerome