Slashdot Mirror
Netsky Worm Variant Attacks P2P Services
ee_moss points out this Washington Post article (via Yahoo!), excerpting "The latest variant of the Netsky worm directing infected computers to launch Web-based attacks against music- and file-trading Web services such as Kazaa, taking down at least one company's Web sites in the process. The worm, the 19th version of a bug that made its debut in February, is also targeting some Web sites that offer computer programs designed to illegally break or bypass copyright controls on software programs."
Anyway, I know this sounds painfully obvious, but why don't folks take the simple step of running an antivirus program? I have McAfee VirusScan and I also have AdWatch running full time. Between the two, I feel fairly well protected from viruses and adware/spyware.
And then you have folks that click on just about any attachment - from the article:
The experts advised people not to click on strange attachments in e-mail, which can activate the worm, and to update their antivirus software frequently to ward off new threats.
I have an agreement with family and friends to embedd a codeword in any document that contains a file attachment. It is usually a fairly esoteric work not likely to come up in casual conversation. However, I have damn near been fooled by a few emails because they seemd very legitimate. Oh, well.
Anyway, I am preaching to the choir....and ranting a bit.
Happy Trails!
Erick
http://www.busyweather.com/
The experts advised people not to click on strange attachments in e-mail, which can activate the worm...
Of course, until you can teach people to be intelligent, these types of viruses will continue to circulate through the net.
Wireless News www.DailyWireless
The post doesn't say it, but it definitely insinuates that the nefarious RIAA and possibly the BSA is behind this latest worm. Unfortunately, that kind of knee-jerk reaction is counterproductive to finding the real virus spreaders.
Someone is obviously trying to implicate the content monopolists in this by targetting the sharing networks. It is highly unlikely that the monopolists are doing this themselves because they have too much to lose by carrying out such an attack.
Someone in the computer community is doing this and is hurting everyone in the process. Sometimes the geek community is its own worst enemy.
I have been pwned because my
I've noticed more and more windows users, have to install nearly 1/2 a dozen or so programs th protect thier pc's. Between Ad-aware, Spybot S&D, Norton/AVG/McAfee and a host of others, I ask... Why Bother? It's the reason I went 100% linux at home, no worries about such crap.
Ubuntu- Linux for human beings.
I don't really understand this virus, or more precisely, the people who wrote it. Although I can not speak from experience, I would have to imagine that spreading virii over P2P networks is like shooting fish in a barrel (hotpr0n.mpg.exe would probably take down half the computers on kazaa). So why are they trying to spread it through e-mail? I would think that since there is no challenge involved in spreading it that they would be moralists (like the people who disguise a program that reports people's ip address as warez) but they are not doing it over the networks themselves so they would have a potential for "collateral damage". Is the writer just a random skript kiddie or am I missing something?
_____
Thank you.
It can't be long before e-mail becomes so suspect that self-mailing viruses simply won't spread because everybody is so afraid of their inbox. It will be interesting to see where viruses go then. IM would be my first bet, as well as P2P networks, vulnerabilities in certain *cough* OSes we've already seen, and network shares but there has got to be other methods I'm not thinking of. This could be really interesting to watch. I've never taken the hard line view towards viruses that I see here, I see them as massive experiments with data and as kind of a spectator sport. Of course that could be because I've never really had a problem with them...
I have suggested they try linux. But they are nearly at the point of no return. They fear computer, they fear the hassle, virus scans, repair etc. What's the world coming to.
If they are not dependant on any Windows-only software (that won't run in Wine) then why not offer to set up Linux for them. Give them Gnome or KDE with icons for everything they need on their desktop and in their "start menu." (And no other icons)
And tell them that you will set it up so the only things they have to look at are the things they need.
Then ssh into their computers anytime an update is necessary.
I would imagine they would be pretty happy with a computer that was less prone to virus attacks.
Have you tried Linux yet?
An antivirus program only finds known viruses, or variants of known viruses that trigger some common rule. They are useless against new viruses, particularly rapidly spreading new viruses.
Remember how quick the media was to turn on the linux community when a worm appeared to be targeted at SCO.
Let's show we are a couple notches above the media here and give this some time, maybe we can take this thing apart and make sure of it's TRUE intended victim. Not to say I'd put it past the RIAA, but we should make sure before flinging accusations.
Buy Steampunk Clothing Online!
Probably why it was setup as such, whoever wrote it was hoping the **AA cartels would be blamed.
OSS has nothing to do with this...
Little programs, like worms, can be analyzed at the most basic level (asm code) by a competent programmer with some common tools. What they do can then be changed by adding or replacing code.
This doesn't work for huge, complicated programs, but it certainly does for things like viruses and worms.
DJ kRYPT's Free MP3s!
The geeks may have jumped ship - High schoolers & students at humanities schools still use it... it has an easy to use interface, and there's a lot of files available on it. My sister, a freshmen in college, made a comment to me yesterday [talking about the chances of getting caught d/l music and movies] - "Well I downloaded a movie, but I deleted it afterwards so they couldn't catch me or know I downloaded it". Most of her friends have similar logic... It's not just grandmothers :)
I think it's because most virus writers don't have criminal inclinations. More like pranksters.
Oh, and if a virus does `real' damage, then they can forget about getting off the hook if they're caught. Someone will throw a book at'em if they're really nasty (and aren't just kidding).
"If anything can go wrong, it will." - Murphy
Public Linux servers have been hacked, to be sure. But this is a much different thing from discovering a new worm every week floating around the Windows world.
To hack into the Gentoo, Gnome, Debian and GNU servers, the crackers had to sit down and work at it. It didn't come for free. But write a new worm variant and several million p2p and outlook users will deliver it to your victims for free.
Think of your home's security. Anyone with a sledgehammer can break into your home, regardless of the quality of your deadbolts. That's what happened to those servers. But in the windows world we get a bunch of houses with hollow veneer front door with a brass flip latch for a lock, and no back door at all, just a wide open portal.
Even with a steel door and twenty deadbolts, eardrum destroying alarm, and a pair of Rottweilers, you could still get broken into. But that's no reason to encourage the burglars with cardboard doors and a lawn sign that says "if it's not too much trouble, could you please not break into my home tonight".
Don't blame me, I didn't vote for either of them!
Ya, but what do you do when all of the Windows machines they've failed to keep virus free start clogging your core routers with virus traffic?
how many people have jobs because of spammers and computer infections?
The Kruger Dunning explains most post on
Learn to get things right, not all software/innovation/ideas come from America[1].
:-)
1) Kazaa was made and designed in Australia. the RIAA can't do shit here
2) ARIA (Australian Recording Industry Association) *IS* in Australia and they have their teeth on this bone.
[1] This is just a point, i'm quite aware it could have been a slip of the mind or you just didn't know.
Life is like a box of chocolates, you never know when your gonna get food poisoning.
Because someone who didn't know better opened the attachment.
I've been getting delivery failure e-mails over the last few days because my e-mail addy is in their address book. And believe you me, I checked every conceivable virus scanner on the web.
The specific worm in question is Worm.SomeFool.Gen-2 , according to the last dozen or so messages.
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
AV is essential on a Winbox - but that doesn't mean that it should make the machine run like a dog! And these are pretty damn fast machines we're talking here. The difference (with/without) is pronounced.
At the risk of being pedantic, Mr. "Evil Viper,"
IT'S "VIRUSES."
Not "viri," "virii," "viriii," or "viriosi." In this house we respect the rules of English pluralization. I'm not even aware of a Latin plural of the form "virii."
"and there doesn't seem to be anything in any Unix system that makes it inherently immune to viri [sic]..."
Except fundamentally good design decisions and a willingness to CHANGE the architecture if a flaw is discovered. Do you have any idea how many thousands of viruSES would be eliminated if MS decided to tighten things up a little?
+4 Insightful, my ass.
That EULA is an abomination.
I'm going to play devil's advocate here for a moment and tell you that although the EULA may be terrible, it's not Microsoft's responsibility to sign a good contract. If I wrote up a contract stipulating that you are required to give me 90% of your disposable income in exchange for me enlightening you, it certainly wouldn't be a fair contract. But if I were able to get you to sign, it would still be a binding contract, albeit a bad one.
I am not a lawyer but I know that Microsoft does not engage in any sort of coersion to force its users to agree to their EULA. I usually try to block Windows Installations out of my memory with binge drinking, but I'm pretty sure you are actually forced to "read" the entire EULA before the "Accept" button becomes available.
At the end of the day, bad contracts are legal. The problem is stupid assholes who don't read them before signing or agreeing to them. If you walked into the bank and your teller said "Sign this contract" wouldn't you want to read it first?
It all comes down to that great axiom of libertarianism: If you don't want to [agree to Microsoft's EULA], you don't have to. The onus is on the non-MS community to get the word out and inform people that it might be time to start reading and understanding those EULAs before clicking "Accept".
--
...Whether my Maker is prepared for the great ordeal of meeting me is another matter.
Churchill
There have been some pretty bad remote-root Linux holes. If 90% of the world's desktops had been running Linux, you can bet there would be worms exploiting them. In fact, back when the internet was mostly Unix, this very thing happened with the Morris worm.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Great explanation of just how irresponsible certain software manfacturers are being.
Are lot of the reply's you're getting are in the vein of:
"But you don't have to agree to the EULA"
and "What about OSS"
Okay guys, here's the difference:
A MS EULA is like me going out, buying a house, and after closing on the house I come home to find a big sticker on the door that says,
"by breaking this seal you agree to the following terms:
-You do not really own this house, you're actually leasing it from us.
-We are not responsible if this house turns out to have numerous major problems that we didn't tell you about.
-You may only use this house for purposes X, Y and Z, any other use is strictly prohibited.
-etc, etc, etc
It's clearly stupid and not a legally binding contract. I can rip that sticker of my door without a worry in the world. The same needs to be true for software.
A good example is disclaiming any and all warranty:
This needs to be done BEFORE I give you my money.
It's like a car manufacturer trying to sell a new car with absolutely no warranty by sticking a note in the glovebox when you're driving it off the lot.
The deal is already done. The note means nothing. The manufacturer is still responsible for all normal, implied warranties.
Now what about OSS?
First off, I'm going to talk only about the GPL. (Other liscenses are typically very similar.)
Now the key thing is that there are some very big differences with GPL'ed software:
1) It's free. Free things are typically not legally required or assumed to carry warranties. There also don't seem to be many laws about disclaiming liability when I give you something for free. There's nothing that says the item must be provided in any form other than "as-is", unlike commercial/retail sales. I can give you a car with rusted out brakes for free and not have to fix them for you. If I was a car dealer, charging you money, I might have to fix those brakes (unless there was some agreement made about them at time of sale).
2) The GPL is not a EULA. You do not have to agree to the GPL to use a GPL'ed program. A lot of people have trouble understanding this one. There are even programmers who make the GPL pop up when you run their program and force you the check "I agree". These people are all wrong. The GPL only governs redistribution. As such, it's not trying to get rid of any rights that you would normally have. In order to gain a right that you wouldn't normally have (redistribution of someone else's copyrighted work), you must agree that this new right is subject to a set of conditions. If you do not agree, you do not get those rights, not because to GPL says you don't, but because copyright law says you may not redistribute other's work without their permission.
Life is too short to proofread.
I am not a lawyer but I know that Microsoft does not engage in any sort of coersion to force its users to agree to their EULA.
Sure they do.
I go into Best Buy. I pay cash for a copy of Windows XP. I walk out of the store.
(At this point I have all the legal rights necessary to run Windows XP.)
I take the software home, go to install it and it tells me that I must agree to (XXX, YYY, and ZZZ) BEFORE I can acutally use my legally purchased RIGHT to run that software.
They're bullying you because you already have the right to run Windows XP, but they're forcing you to give up some of those rights that you had when you walked out of Best Buy in order to run software that you legally already have the right to run.
The box in Best Buy said "Windows XP" not "Windows XP installer program with supplemental EULA for windows XP". When I hand the clerk in Best Buy money, I've just bought the right to use that copy of Windows XP. If Microsoft wants me to agree to some sort of restricted license, they need to present that license at the time of sale, not afterwards.
The key thing it that you're not legally required to agree to somebody's EULA (assuming you bought their software as a box in a store), and they're "coercing" you into agreeing by writing the software in such a way that you cannot use it (which you legally already have the right to do) unless you check "I agree".
Life is too short to proofread.
Then ssh into their computers anytime an update is necessary.
... especially since they would be getting ongoing technical support for free.
I'm sure your solution would work well for the relatives
Now, I'm not suggesting that one should be a prick and never help out others, but there is a limit to what one can do. What if you have 5 sets of relatives who need this help? Would you offer to help all of them in the same way? What about throwing in a few friends as well?
At some point you have to cut them loose to fend for themselves. Realize that if they are unwilling to learn to maintain a computer system sufficiently well or to pay to have it done for them, then perhaps they would be better off without it.
You turn off their port on the managed switch they're plugged into. You are using managed switches, aren't you?
where if I buy a house from anyone else, all of the major retailers won't sell me plumbing, fixtures, or even dishes and none of the handymen know how to fix anything.
Yeah, sure, the EULA is a contract I chose to sign. As opposed to all of the other choices I have out there.
In fact, this is getting fixed. For many advanced users, Linux is perfectly capable of providing anything they need. But someone shouldn't be forced to "sign" a crazy contract because they're not a computer expert.
That's ignoring the fact that there are legal restrictions on what rights you can sign away in a contract.
And also ignoring the fact that a EULA ISN'T A CONTRACT. I didn't sign anything - I clicked a button after I already bought a non-refundable item. Some choice.