Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netsky Worm Variant Attacks P2P Services

Posted by timothy on from the lack-of-attention-syndrome dept.

ee_moss points out this Washington Post article (via Yahoo!), excerpting "The latest variant of the Netsky worm directing infected computers to launch Web-based attacks against music- and file-trading Web services such as Kazaa, taking down at least one company's Web sites in the process. The worm, the 19th version of a bug that made its debut in February, is also targeting some Web sites that offer computer programs designed to illegally break or bypass copyright controls on software programs."

3 of 472 comments (clear)

  1. Wider than just Kazaa and Edonkey, methinks by jwlidtnet · · Score: 5, Informative

    Soulseek's been down all day, for example, even though I haven't seen any information specifically saying that this new Netsky targets said network (Kazaa and Edonkey are the two that I frequently see cited, as in the linked article). It's an odd choice of target--it's far smaller than Kazaa/FastTrack--but then again, Edonkey's not too high on the usual radar, either. Some bittorrent sites are also especially wobbly today, but that could be coincidence.

    Fascinatingly, I've also been getting absolute tons of emails infected with this variant of Netsky, many of which pretend to have been scanned for viruses and are "clean." This seems particularly lame as an "innovative" get-the-dupes-to-click-on-"document.doc .pif" strategy, but someone must be clicking on these things (verizon seems particularly affected, as every other Netsky spam I get seems to be from that domain).

    Ahh well. Hopefully, this particularly-obnoxious variant will be short lived (so we can, of course, begin the cycle anew in a few weeks' time with a new SoBig or...heck, I dunno, Klez? What letter are they up to there?)

  2. Re:Bad reputation by Anonymous Coward · · Score: 5, Informative

    If they MUST run windows, this is all you have to do:

    * Install Mozilla (Firefox and Thunderbird).
    * Install Ad-Aware. Pay for the pro version that also has Ad-Watch.
    * Install Spybot Destroyer.
    * Install a cheap linksys router.
    * Install Grisoft/AVG antivirus - or somethign equally as good.

    Now, nothing is going to get IN that shouldn't and probably won't get OUT. Even if they're wreckless and download/install everything they ever run across, Spybot Destroyer lets you prevent the installation of *hundreds* of known activex applications and other troublesome installers, lock your hosts file, prevent changing the MSIE start page, etc. And if they're stupid enough to install something after Ad-Watch/Ad-Aware and/or their antivirus software warns them about it, then they deserve what they get.

    Additionally:

    * Don't give them administrator accounts!
    * Set them up with a DynDNS address. This way you can connect to them remotely using VNC when necessary to do administrative tasks.
    * Setup regular user accounts for them. Or better - setup limited user accounts so they can't even install any software themselves. Tell them to come up with lists of things they need installed and to call you. Then you can VNC in, fire up the admin account and install them in a few minutes.

    It will lock them down, but shouldn't prevent them from doing most things they want to do and will save you a shitload of headache. And if they don't like it, then it should hopefully be enough reason for them to start actually LEARNING about the machine they're using rather than treating it like a god damn TV and then they can assume the responsibility.

  3. Re:It's not that surprising . . . by void* · · Score: 5, Informative

    Actually, viruses do install themselves.

    These 'email viruses' that require a user to click on them aren't really viruses, they're trojans. They don't have a means to copy themselves into another program, they just send off a bunch of mails and hope somebody activates them. They have a propogation mechanism that depends on human stupidity. I would call them 'self replicating' but they have a rather uninteresting replication mechanism.

    A real virus ... you run an infected program (note: not the virus itself, an otherwise useful program that happens to be infected) and it installs itself in other program or you boot off an infected floppy, it infects your hard disk boot sector, and then starts infecting more floppys. These actions (running a program, or booting your machine) are entirely normal things to do, you do them because you can't get anything done with a computer without doing them.

    Which brings us to worms, which are self replicating, but actively break into other machines and directly cause copies of themselves to start executing.

    As far as viruses go, people install and run infected programs because they want the functionality of an uninfected program and do not know the infection (the 'undesired behavior') is there. Hence the need to scan for viruses before you install any program.

    --


    Code or be coded.