Slashdot Mirror
Netsky Worm Variant Attacks P2P Services
ee_moss points out this Washington Post article (via Yahoo!), excerpting "The latest variant of the Netsky worm directing infected computers to launch Web-based attacks against music- and file-trading Web services such as Kazaa, taking down at least one company's Web sites in the process. The worm, the 19th version of a bug that made its debut in February, is also targeting some Web sites that offer computer programs designed to illegally break or bypass copyright controls on software programs."
I have a couple relatives who are extremely nontechnical. Their windows installation has already been plagued by 2 worm viruses this year. When they think virus in windows, they think virus in computers. Basically these viruses are giving computers in general a bad reputation.
I have suggested they try linux. But they are nearly at the point of no return. They fear computer, they fear the hassle, virus scans, repair etc. What's the world coming to.
I have taken the simple step of not running Windows at any time. I installed Debian unstable on one computer and Testing on the other, about 2 months ago, and I haven't looked back. Once I got VLC to play itunes DRM'd files my wife was on board as well. Now if only Juk could play itunes music we would be in business.
In fact, the only microsoft products I'm using now are my MS Intellimouse w/ IntelliEye 1.0 (discontinued) and my Microsoft Internet Keyboard. Oh, and Word 97 in wine, just because my job sends me emails with RTF files attached, and they save those files with word. Leave it to microsoft to save files in an open format that can't be opened by any other product!
I switched P2P networks long ago. I have no silly business of fake files, or dial tones in my songs. There are viruses, but they are fairly obvious as they are often disguised as keymakers. The only thing I have to worry about is french movies not being labeled properly. At least they are the right movie. If only I could translate french on the fly...
Only grandmothers and 10-year olds use KazAA. The unkempt geeks switched networks a while back.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
So, when the virus attacked SCO, all the reporters gleefully reported that it was probably an attack from "the Linux Community." What are the odds that those reporters will automatically jump to the conclusion that the RIAA wrote this virus, and then publish that opinion.
My guess, is that these writers won't be quite so eager to jump to conclusions this time. But it might be worthwhile for those of us who were annoyed by those writers to point that fact out to them.
My security unaware friends continuously have their PCs infected with viruses because they refuse to install virus scanners. The most common excuse is "too expensive" (which I disagree with; the minimal price is worth it).
I give them a link to AVG Free Edition, and they still have virus problems afterwards when they refuse to install AVG. They'res no excuse for that. I guess people are just (very, very) stubborn.
My feeling is that this won't stop until the virus creators actually start causing damage to individual user's computers, not just the bandwidth hogging and (D)DOS variety of the current crop. When getting hit with one of these bugs means that Joe Luser's stuff gets deleted and his system won't let him logon, you can be sure he will raise a ruckus wherever he can. Turning his box into a spam relay or a DDOS zombie doesn't cause nearly as much visible damage to the computer, other than it being a bit slower to use, another condition with which the average computer user has become too comfortable.
The nagging question in my mind isn't "When will this happen?", it's "Why hasn't it happened yet?" Or possibly, "Will it ever happen?" And that last one makes me very sad.
Is it sooo improbable that this was somehow sponsored by the RIAA ? (or similar)
...
On one hand i dont see it as too likely, on the other, lately my capacity for surprise has been worn down by strange lawsuits and laws (Can-Spam).
and RIAA was, after all, seeking to make their hacking P2P-ers legal
I think things would only change if default setups of Windows were secure against this sort of thing.
Maybe someone wrote this virus so we'd think the RIAA did it. Or maybe the RIAA wrote it so we'd think that someone wrote it to pin the blame on the RIAA. Or maybe someone wrote it so we'd think RIAA wrote it to make us think that someone wrote it to pin the blame on the RIAA. Or maybe the RIAA wrote it so we'd think that someone wrote it to make us think the RIAA wrote it so we'd think that someone wrote it to pin the blame on the RIAA. Or maybe...
I keep wondering if there's more to all of this than merely a set of isolated viruses released into the wild.
If you want to destabilize an economy, say the West, then go after the computer networks that bind it together and which make it both different, free, and vulnerable.
There are lots of bits and pieces being assembled. What if this is part of something larger and we're only seeing the perfection of the pieces and a bit of guiding of the immune system toward another goal?
Yeah, maybe I'm not wearing my tin hat, but some things seem to be acting too well...or too badly.
Just uninstall Norton (follow the steps here) and reinstall to get another year!
I cant tell you how many computers I've cleaned when people get PIF email attachments and open them thinking they were PDF's.
They will pay me to remove the virus, but they wont buy a email scanning antivirus program, or even figure out that if the icon is the windows logo (double meaning here) Its probably not a good thing!!
Back to the article, With all of the spyware, IE plugins, and other memory hogging garbage associated with these P2P programs, alot of users wont even notice a few extra viri thrown into the mix, they'll just run to techies faster.
MOVE!!! (shameless Nick Burns Reference)
Nitpick: Worm != Virus(though I don't deny that a given virmen can be both. Worms just make dropping the viral payload easier these days).
:) It wasn't the computer equivalent of Ebola, but it kept us from playing Wolfenstein. :)
Most of what you describe can be attributed to worms. Viruses infect exsisting binaries. The big one when I was in high school was "Nov 17." When you got THAT virus, you knew it, especially if you were running Win 3.1[1]. It would infect EMM386.EXE and all of a sudden you were back to 640k of memory again.
This would make a great Poll. It would fairly accurately state what flavor of tin-hatter is in the majority here:
A: Conspiracy Theorists (Communist)
B: General Wackos (this one isn't realistic as I understand it--musician/script kiddie? That's too outlandish a secret identity)
C: Conspiracy Theorists (Capitalist)
D: ?
E: SCO Bashers
F: Microsoft Bashers (Apple and Linux)
G: Didn't read this article/loves the CowboyNeal option
Synergy is your friend
...probably a line in most virus payloads.
Funny thing is, McAfee and Norton on Windows is a bad stack.
After install you have a broken OS.
Expect your computer to crawl like a baby and/or crash often.
Actually, it would be better to do without said crapware and enjoy better performance with your spyware/virus.
... to just millions of people, a computer is just a TV set with a lot of on demand "channels". That is exactly how they treat it, and why security isn't anything they should do, the "computer" should do it.. and really, it mostly SHOULD "do that".
And there's no reason anymore for new computers to go out the door in any shop without those types of programs installed if they are going to use MS.
shame on MS and shame on the box vendors
And there's even less reason to let MS skate on this issue. They should have been class actioned all the way to the supreme court long ago on useability and security and internet interoperability issues.
That EULA is an abomination. Maybe 20 years ago when desktop computing was really getting going they needed some time to get up to speed on coding, but not today, nope, EULAs that absolve the *seller* of all normal consumer warranty and protection should be stricken down. once and for all.
If ACME front door and lock company made a product that consistantly over the years was shown to A not open or shut correctly and could be counted on to fall off the hinges and needed to be re hung every 6 months, B-which had no credible locking mechanism, and C-caused the purchasers to be invaded in their homes and robbed and inconvenienced for years and years because of A and B, they would have been put out of business.
It's time to REALLY consider this EULA get out of any responsibility card they are allowed to use and profit from. It's absurd.
Methinks a lot more proactive coding on their part over the years might have cost them X-billions more, but they got 50 bill in the bank now, they could have most likely made it a lot more secure and functional and still had many many billions in the bank. There's no excuse anymore beyond pure GREED on their part. I would agree with the assessment nothing can be coded perfect, but really.. there's ways to go about this, they just never did it,not near enough, they were AWARE of the issues just they didn't CARE about the issues enough because it would have cut into "profits". Not eliminate them, it just would have reduced them some. Big deal. they profit, everyone else has to jump through hoops and suffer over their inaction.
They could have had BOTH, profitability plus more secure and functional design, they chose NOT TO. It was high level executive decision making that caused that, it was done on purpose. It wasn't that important to them as long as they could bully their way into mass acceptance and get away with it.
Class action suit, I am surprised it has never happened yet.
And one of whose Congressional proteges', Orrin Hatch, is now on record stating that remotely destroying a copyright infringer's computer system should be a legitimate tactic for a respectable business organization. Huh. And I used to think he was okay as Congressrodents go. In any event, I think the key word here is respectable.
The higher the technology, the sharper that two-edged sword.
The Hoax:-
Dear Sirs:
It is possible that a VIRUS could be sent to you because you were registered in our Outlook's directory.
This VIRUS sends itself to all addresses registered in your Outlook's Address Book (happens also with other e-mailing programs). If you find it please resend this email to all your email addresses.
How to erase it:
This virus is not found neither by Mc Afee, Norton, or any other AntiVirus programs.
How to erase it:
1) In the Start Menu go to "Search Files", then search for jdbgmgr.exe or j*.exe
2) the Virus programs has a Teddy Bear as the Icon.
3) Once you found it, erase it.
4) go to the windows' trash can and empty it or at least open it and then erase the file with the teddy bear icon.
5) resend this email to everybody on your mailing lists.
BYE, AND SHAME ON THE VIRUS DEVELOPERS! THEY HURT ALL BUSINESS, PEOPLE, AND OTHERS.
I'm all for a resistance to things like the RIAA, companys that abuse copyright law, and absurd notions of what constitutes intellectual property.
However I feel that when people use P2P networks as the only way to fight back, but don't use things like creative commons or the the GNU than they are really hurting the resistance movement that people have created to fight back aginst abuse copyright laws, and absurd notions of intellecutal property.
IMO There has to be more reason to use P2P than "I don't have to pay for it," there has to be the desire to make a political or philosophical statement.
Anyway, I'm just preaching to the converted here...
Note: this has been posted by r.future (a person who spends way to much time on the internet!)
Is it so unbelievable that the RIAA would take action against these services which they can't legally do anything about (at least not easily?), if they are capable of fining little kids thousands of dollars for downloading the latest britney song do you not think that perhaps they are capable of procuring the know-how needed to run dos attacks on things like kazaa... its scary but the RIAA could be running a virtual guerilla war. also, jfk isnt dead, he is living with osama on mars, thats why the landers keep getting broken so they don't find his little martian sanctuary.
"The stupider people think you are, the more surprised they will be when you kill them..."
Then why would a virus writer code something to shutdown websites dealing with anti-piracy schemes? Sounds like these are *paid* viri-writers! If there is a money trail to be found, then follow it. Chances are that it will lead to the truth of this matter.
Life is not for the lazy.
Yes, but if you didn't have a virus scanner how would you know you didn't have one?
ZoneAlarm, but modern viruses don't bother to hide themselves very well, so it's not that hard. Not yet anyway.
In any case, spontaneous generation doesn't happen any more in the computer world than in the real. Understand how a virus can get into the system and you can block it. Nearly all of them now work through social engineering and the rest use bugs in faulty software that can either be blocked or replaced.
That's not gonna work for the average user though. Neither is a virus scanner, really.
You consider virus writers to be part of the "computer community"? Like rapist are part of the "dating community" and burglars are part of the "domestic community"?
Ceci n'est pas une signature
Linux viri exist
Can you name one? One that had a non-negigible infection rate on Linux machines?
I'm not saying it's impossible, but Linux users mostly don't run as root, and they don't generally use mail programs that open attachements without asking, so I really don't see how script-kiddie level virii can propagate on Linux.
Liberal (adj.): Free from bigotry; open to progress; tolerant of others.
One thing I've noticed is that as you get further up the distribution line for warez (no moralising replies, I've heard it all, thanks) is that the people become more and more snobbish and elitist. Your average IRC leecher mocks the people on kazaa, but the people in siterings actively despise them (for no apparent reason, except possibly to distance themselves from such a "n00b" crowd). I wouldn't be surprised if this were just written by someone who particularly dislikes kazaa simply to get some laughs out of the newbs' suffering.
Clumsy, no. Short on features, who cares. It uses waaaaaaaay less resources than either McAfee or Norton AV, and seems to catch more. Updated nearly every day, and has never broken a software install for me (when I was in tech support, you would not believe how many software installs were broken by Norton or McAfee sticking their noses into the process and screwing up the file writing or settings). Nice context menu option, easy integration to CLI. AVG is getting pretty close on to perfect... if it was not free, I would probably buy it. (Highest praise I can think of)
Why oh why didn't I take the purple pill?
Turn off their port. Seriously, that's what my school does.
My other car is first.
Well usually it's just laziness, cluelesness, or a false sense of invulnerability but not always.
I only started regularly running one after upgradeing a windows box to xp which came down with a msblaster within 5 minutes of going online, this when the crappy lines out here barely support 28.8. This was only the second time I've ever gotten a virus, the first I got off of a 5.25" floppy back in the early 90's.
I would rather not run one. Why? because I'm sick of programs that take over the system, lock thier processes into bootup in 5 different ways, and when you 'turn it off' all your really doing is hiding the controlls, not turning it off.
I'm running McAfee pro, and it tries to connect to home EVERY 5 MINUTES! on win9x systems it will dial out to do so if it can. If not it will pop up the connect dialog. EVERY 5 MINUES!. this is insane. And in parts of the world where you pay per minute on all phone calls can be costly. Some people have gotten huge phone bills because of this. They know it doese this but will not fix it.
And thats just one companies product. Symantec advertises 'product activation' right on the box. and others do simular things.
I'm really sick of this sort of thing. McAfee pro comes with a 2 computer license so I also installed it on My brother's computer and the wanting to dial out every 5 minutes was creating serious issues and couldn't be turned off so he had to uninstall it.
This is why some people don't install a.v. software, the software often behaves so much like a virus(that you PAID for) that they wonder what the point is.
Sorry for the rant, but AV software just isn't an unmitigated good anymore.
Mycroft
https://signup.leagueoflegends.com/?ref=4c3ed6600b6ea
I hate Norton and Mcafee because they each run like 6 different processes when the system boots up. Who needs a virus when they have an anti-virus utility that causes more load and overhead than everything else combined. Not to mention their scare tactics to get people to spend more money. I think AVG and AVPE are fine solutions, just most people don't know they exist.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
What truely surprises me is the fact that this is the 19th incarnation of the Netsky virus, and the can be really quite revealing about how much "Joe and Jane Blow" really try to protect their computer, even after all the repeated assaults from multiple virii in recent times. I am sure some blinded, elitist geeks out there will point out that 'Joe and Jane Blow are too stupid so they get loads of virii instead of moving to Linux' before moving to the next discussion whih can sprout a pro-Linux, anti-Microsoft thread. Believe me, I do know a lot of Joe and Jane Blows, and if you do not then simply forget about your elitist argument, because for the most part they are not simple or stupid. They want to surf the Internet, check their e-mail, play some games and perhaps download music -- they do not want to program a database engine, do not own a Linux box for a hobby, do not start counting lists from '0' and think anyone who thinks learning Pi should perhaps see a doctor.
So, they ask you for help because they think they have a virus or are feeling a slowdown. You do everything they should have done, that is install Ad-Aware, update it, scan for spyware -- and find some truckload of the bloatware eating up disk and registry space (and I'm not going to start on the RAM). That done, you download AVG Grisoft, update it, scan for virii -- and find several hundred files contaminated by virii, and that is quite a lot to clean up. Finally, you install a firewall -- preferably ZoneAlarm or Kerio Personal Firewall -- and set it up for them, so no more Blasters et al sneaking through some obscure system ports. The best option, on the long term at least, is to be sure to install a firewall with preconfigured program access rights (and I think Kerio Personal Firewall has this feature), and I shall tell you why: it may seem simple for any of us to simply check a checkbox for the firewall to remember to allow Half-Life Launcher to attack the Internet, and I truely thought this was the case for anybody -- after all, all the firewall does is ask a simple question, at least what seems like a simple question for most of us. Then, my grandma, who has barely touched a computer all her life, tried the new one she had bought to have a pastime during her six weeks' inability to walk. And the result was pretty surprising, to say the least. A new icon on the desktop, or even a pop-up, can get her panicking. So can you imagine this kind of non-techie, new user getting a firewall pop-up every minute for every program this user launches? This is why a preconfigured program access rights list is something good to have.
Of course, anyone can go without an antivirus by simply installing a firewall and knowing what comes in their e-mail -- or, for those who grasp the technology a bit more, just block the ports manually; but Joe and Jane Blow have much more simple needs and don't want to have to learn loads of techniques simply to avoid virii and spyware, malware which they do not notice most of the time. In my opinion, the best way to prepare Mr. and Mrs. Blow against all this malware is to set up their software so at best, they can surf around and write emails totally unconscious of this protection, since in this case the software updates itself and does its job automatically. You can also give the user further tools against malware, such as replacing their browser and e-mail clients with Mozilla/Firefox and Eudora or Thunderbird. You should also set them simple guidelines, such as to always refuse anything whatsoever from a source they do not trust. Try and get them to buy commercial software (Norton Internet Security or McAfee Internet Security) as in general it offers better protection and a bit more tools that shall make everyone a happy bunny. Joe and Jane Blow want to know that they are protected against virii and spyware, but do not want to know how, and you'd be rather stubborn to get, what in their opinion is an extra worry, on the
"Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect" -- Linus Torval
Funny, my old 1 GHz Duron with 512 MB of memory doesn't experience any noticeable slowdown when F-Prot is running... Heck, my old k6-2 300 MHz didn't experience any noticeable slowdown !
Just what kind of sneeze pump are you running your games on ?-)
I think you could achieve this with Unix/Linux runlevels. They already start/stop programs, so you'd just need to copy around config files to make those programs behave as desired.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
That is my question and one have to answer that before one start bashing clueless users. In my opinion every OS out there should be as secure as possible out of the box. I dont like how windows has every feature known to man on by default as little as i like how linux dists keep having deamons started by default. The OS should be locked down and demand user intervention to be opened up. Not that it should be difficult to start things, thats not the goal. The goal should be that the user is not supposed to secure the machine they use, it should be secure by default and then opened up by the user if that is demanded.
As linux becomes more used by newbs who hasnd any interest in locking it down it should be as secure as possible by default. That way if the box get hacked because of bad settings you can atleast put the blame on the one unsecuring it. Blaming a user who just installed it and never secured it is impossible and doesnt fly, thats why i dont listen to the people who say "they should have installed whatnot". Thats what the OS should do, provide basic services like security etc. If an OS demand an antivirus addon and adaware and things, maybe something is wrong in the OS?
I hope linux gets proactive and riddens itself of the same bad decisions as MS have done. Dont trust the user to secure things bacause we have seen in the case of MS Windows that thats not going to happen.
HTTP/1.1 400
Currently there isn't enough awareness of viruses because they don't do that much harm to the people who get infected. The network admins know about it, of course, and they go around lecturing and threatening people, but it's all way too abstract.
In order to show people the problem, I propose a vaccine virus:
It would spread using many different methods, but in the quietest way possible. Use e-mail attachments, buffer overflow exploits, everything that's being done, but keep it quiet. Don't scan a thousand machines a minute, or send out millions of e-mails. Make the e-mails look like other virus e-mails, scan slowly, etc. The idea is to get onto as many machines as possible before triggering. Once it triggers, wreak as much havoc as possible on the infected machines. Delete files, overwrite them to be sure. Target document files before OS files. Hit network shares. Wipe out partition maps. Trash the BIOS if you can.
It would be a pretty terrible virus, but I bet people would get serious about prevention after the dust settled. But is the cure worse than the disease?
(Disclaimer: I'm not actually advocating this! Please don't take me to jail. It's just some food for thought.)
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
Where is the BBC story about how RIAA is dangerous and obviously behind this "new" attack ? The mainstream media is a joke, they mostly just repeat each other, except when the BBC gets creative. Don't know if I should approve or not, but it does spice things up a little when they out and out make stuff up.