Slashdot Mirror
Netsky Worm Variant Attacks P2P Services
ee_moss points out this Washington Post article (via Yahoo!), excerpting "The latest variant of the Netsky worm directing infected computers to launch Web-based attacks against music- and file-trading Web services such as Kazaa, taking down at least one company's Web sites in the process. The worm, the 19th version of a bug that made its debut in February, is also targeting some Web sites that offer computer programs designed to illegally break or bypass copyright controls on software programs."
Anyway, I know this sounds painfully obvious, but why don't folks take the simple step of running an antivirus program? I have McAfee VirusScan and I also have AdWatch running full time. Between the two, I feel fairly well protected from viruses and adware/spyware.
And then you have folks that click on just about any attachment - from the article:
The experts advised people not to click on strange attachments in e-mail, which can activate the worm, and to update their antivirus software frequently to ward off new threats.
I have an agreement with family and friends to embedd a codeword in any document that contains a file attachment. It is usually a fairly esoteric work not likely to come up in casual conversation. However, I have damn near been fooled by a few emails because they seemd very legitimate. Oh, well.
Anyway, I am preaching to the choir....and ranting a bit.
Happy Trails!
Erick
http://www.busyweather.com/
Another virus. Run in circle. Shout. Panic.
The experts advised people not to click on strange attachments in e-mail, which can activate the worm...
Of course, until you can teach people to be intelligent, these types of viruses will continue to circulate through the net.
Wireless News www.DailyWireless
I have a couple relatives who are extremely nontechnical. Their windows installation has already been plagued by 2 worm viruses this year. When they think virus in windows, they think virus in computers. Basically these viruses are giving computers in general a bad reputation.
I have suggested they try linux. But they are nearly at the point of no return. They fear computer, they fear the hassle, virus scans, repair etc. What's the world coming to.
Was the worm written by...
A: The RIAA, to try to take down the P2P services.
B: A disgruntled artist, who blames the P2P apps for why they can't get paid.
C: The owner of unaffected P2P app trying to take down the competition.
D: A random hacker, who doesn't have any interest in the music industry, but just wants to ruin people's fun.
E: SCO. Because they're associated with anything Slashdot hates.
F: Microsoft. Because they're associated with anything Slashdot hates.
G: CowboyNeal, because he's a suspect on all Slashdot polls.
I don't really understand this virus, or more precisely, the people who wrote it. Although I can not speak from experience, I would have to imagine that spreading virii over P2P networks is like shooting fish in a barrel (hotpr0n.mpg.exe would probably take down half the computers on kazaa). So why are they trying to spread it through e-mail? I would think that since there is no challenge involved in spreading it that they would be moralists (like the people who disguise a program that reports people's ip address as warez) but they are not doing it over the networks themselves so they would have a potential for "collateral damage". Is the writer just a random skript kiddie or am I missing something?
_____
Thank you.
Soulseek's been down all day, for example, even though I haven't seen any information specifically saying that this new Netsky targets said network (Kazaa and Edonkey are the two that I frequently see cited, as in the linked article). It's an odd choice of target--it's far smaller than Kazaa/FastTrack--but then again, Edonkey's not too high on the usual radar, either. Some bittorrent sites are also especially wobbly today, but that could be coincidence.
.pif" strategy, but someone must be clicking on these things (verizon seems particularly affected, as every other Netsky spam I get seems to be from that domain).
Fascinatingly, I've also been getting absolute tons of emails infected with this variant of Netsky, many of which pretend to have been scanned for viruses and are "clean." This seems particularly lame as an "innovative" get-the-dupes-to-click-on-"document.doc
Ahh well. Hopefully, this particularly-obnoxious variant will be short lived (so we can, of course, begin the cycle anew in a few weeks' time with a new SoBig or...heck, I dunno, Klez? What letter are they up to there?)
It can't be long before e-mail becomes so suspect that self-mailing viruses simply won't spread because everybody is so afraid of their inbox. It will be interesting to see where viruses go then. IM would be my first bet, as well as P2P networks, vulnerabilities in certain *cough* OSes we've already seen, and network shares but there has got to be other methods I'm not thinking of. This could be really interesting to watch. I've never taken the hard line view towards viruses that I see here, I see them as massive experiments with data and as kind of a spectator sport. Of course that could be because I've never really had a problem with them...
The post doesn't say it, but it definitely insinuates that the nefarious RIAA and possibly the BSA is behind this latest worm.
The post insinuates nothing of the sort, it just states what the trojan does. You jumped to that conclusion all by yourself.
Unfortunately, that kind of knee-jerk reaction is counterproductive to finding the real virus spreaders.
As is assuming that respectable business organisations are beyond suspicion. Especially when one of these organisations is on record as wanting immunity from prosecution if it does use such tactics. But then again you were just trolling weren't you.
I think it's more likely to be the mp3 scene itself. And by mp3 scene I mean the releasing groups, couriers, and ftp site ops. They don't like their work getting to P2P networks; they rip music to have something to offer to sites they upload to, in exchange for whatever they want, be it wares or porn or whatever. If their product is not exclusive (e.g. available on P2P), they lose leverage. Ask any "scener" and they'll tell you they think P2P is bad for business.
I switched P2P networks long ago. I have no silly business of fake files, or dial tones in my songs. There are viruses, but they are fairly obvious as they are often disguised as keymakers. The only thing I have to worry about is french movies not being labeled properly. At least they are the right movie. If only I could translate french on the fly...
Only grandmothers and 10-year olds use KazAA. The unkempt geeks switched networks a while back.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
So, when the virus attacked SCO, all the reporters gleefully reported that it was probably an attack from "the Linux Community." What are the odds that those reporters will automatically jump to the conclusion that the RIAA wrote this virus, and then publish that opinion.
My guess, is that these writers won't be quite so eager to jump to conclusions this time. But it might be worthwhile for those of us who were annoyed by those writers to point that fact out to them.
Remember how quick the media was to turn on the linux community when a worm appeared to be targeted at SCO.
Let's show we are a couple notches above the media here and give this some time, maybe we can take this thing apart and make sure of it's TRUE intended victim. Not to say I'd put it past the RIAA, but we should make sure before flinging accusations.
Is it sooo improbable that this was somehow sponsored by the RIAA ? (or similar)
...
On one hand i dont see it as too likely, on the other, lately my capacity for surprise has been worn down by strange lawsuits and laws (Can-Spam).
and RIAA was, after all, seeking to make their hacking P2P-ers legal
I think things would only change if default setups of Windows were secure against this sort of thing.
Maybe someone wrote this virus so we'd think the RIAA did it. Or maybe the RIAA wrote it so we'd think that someone wrote it to pin the blame on the RIAA. Or maybe someone wrote it so we'd think RIAA wrote it to make us think that someone wrote it to pin the blame on the RIAA. Or maybe the RIAA wrote it so we'd think that someone wrote it to make us think the RIAA wrote it so we'd think that someone wrote it to pin the blame on the RIAA. Or maybe...
Because they're paranoid.
:)
I've run XP for over a year and every once in a while, just for kicks, I install AVG and AdAware.
Last time I ran AdAware 6 with the latest definitions, out of 90000+ items scanned, it found ONE registry key.
And AVG has not once turned up an infection of any kind.
So I ask the other windows users, what the hell are you doing to require this. And I ask all the self-righteous linux users to kindly keep your smart-ass comments to yourselves
Previous versions of NetSky copies itself to any folder containing the word "shared" in it. As in "My Shared Folder." To spread itself via Kazaa and other file sharing programs.
I cant tell you how many computers I've cleaned when people get PIF email attachments and open them thinking they were PDF's.
They will pay me to remove the virus, but they wont buy a email scanning antivirus program, or even figure out that if the icon is the windows logo (double meaning here) Its probably not a good thing!!
Back to the article, With all of the spyware, IE plugins, and other memory hogging garbage associated with these P2P programs, alot of users wont even notice a few extra viri thrown into the mix, they'll just run to techies faster.
MOVE!!! (shameless Nick Burns Reference)
Easy:
Worm = Requires security vunerability in the computer's OS or some running software program to infect said computer.
Virus = Requires security vunerability between the chair and keyboard to infect said computer.
... to just millions of people, a computer is just a TV set with a lot of on demand "channels". That is exactly how they treat it, and why security isn't anything they should do, the "computer" should do it.. and really, it mostly SHOULD "do that".
And there's no reason anymore for new computers to go out the door in any shop without those types of programs installed if they are going to use MS.
shame on MS and shame on the box vendors
And there's even less reason to let MS skate on this issue. They should have been class actioned all the way to the supreme court long ago on useability and security and internet interoperability issues.
That EULA is an abomination. Maybe 20 years ago when desktop computing was really getting going they needed some time to get up to speed on coding, but not today, nope, EULAs that absolve the *seller* of all normal consumer warranty and protection should be stricken down. once and for all.
If ACME front door and lock company made a product that consistantly over the years was shown to A not open or shut correctly and could be counted on to fall off the hinges and needed to be re hung every 6 months, B-which had no credible locking mechanism, and C-caused the purchasers to be invaded in their homes and robbed and inconvenienced for years and years because of A and B, they would have been put out of business.
It's time to REALLY consider this EULA get out of any responsibility card they are allowed to use and profit from. It's absurd.
Methinks a lot more proactive coding on their part over the years might have cost them X-billions more, but they got 50 bill in the bank now, they could have most likely made it a lot more secure and functional and still had many many billions in the bank. There's no excuse anymore beyond pure GREED on their part. I would agree with the assessment nothing can be coded perfect, but really.. there's ways to go about this, they just never did it,not near enough, they were AWARE of the issues just they didn't CARE about the issues enough because it would have cut into "profits". Not eliminate them, it just would have reduced them some. Big deal. they profit, everyone else has to jump through hoops and suffer over their inaction.
They could have had BOTH, profitability plus more secure and functional design, they chose NOT TO. It was high level executive decision making that caused that, it was done on purpose. It wasn't that important to them as long as they could bully their way into mass acceptance and get away with it.
Class action suit, I am surprised it has never happened yet.
And one of whose Congressional proteges', Orrin Hatch, is now on record stating that remotely destroying a copyright infringer's computer system should be a legitimate tactic for a respectable business organization. Huh. And I used to think he was okay as Congressrodents go. In any event, I think the key word here is respectable.
The higher the technology, the sharper that two-edged sword.
Oh you have, noticed that have you?
The fact that you don't worry about that is going to be your downfall.
Linux viri exist, and there doesn't seem to be anything in any Unix system that makes it inherently immune to viri. It wasn't long ago that the first Linux bugs came out, and I expect to see more and more. Plus you have to worry about script kiddies, and they're more numerous than viri and worms these days.
Unix isn't immune, and we need something to come along that will actually solve that problem, lest we have to switch operating systems every 5 years to stay ahead of the malicious programs. Systrace is a great start, but it's not ideal, and not automatic. A little improvement could make it a great wall against all unknown viri/worms/kiddies, but it's important that somebody actually works on that, instead of assuming there's nothing to worry about.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Well, there are uses for running a virtual machine ala Virtual PC or VMWare.
You can take your downloaded keygen or whatever and run it completely seperated "in a bottle" so to speak, so you can use it without any fear that it will wreak havok on you. Disable networking support, COM ports, and any shared access to harddisks and you're safe.
Very handy.
N.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
So I ask the other windows users, what the hell are you doing to require this. And I ask all the self-righteous linux users to kindly keep your smart-ass comments to yourselves :)
Well here are some of the answers I received after cleaning up systems that were infected:
1. I just wanted to install a game (about 18 spyware programs found)
2. I thought the email was from the IT department (bagle ZIP encrypted virus)
3. Internet Explorer prompted me to install something, I said yes (spyware, again..)
4. I don't know (spyware, viruses, you name it..)
5. Someone else used the computer..
Needless to say, spyware and viruses are such a large problem that for most people, they are unable to determine where it comes from or how to prevent it from getting on their systems without something protecting them (antivirus, antispyware programs).
Annoying, definitely, preventable with a little bit of knowledge? definitely.
I hate Norton and Mcafee because they each run like 6 different processes when the system boots up. Who needs a virus when they have an anti-virus utility that causes more load and overhead than everything else combined. Not to mention their scare tactics to get people to spend more money. I think AVG and AVPE are fine solutions, just most people don't know they exist.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
What truely surprises me is the fact that this is the 19th incarnation of the Netsky virus, and the can be really quite revealing about how much "Joe and Jane Blow" really try to protect their computer, even after all the repeated assaults from multiple virii in recent times. I am sure some blinded, elitist geeks out there will point out that 'Joe and Jane Blow are too stupid so they get loads of virii instead of moving to Linux' before moving to the next discussion whih can sprout a pro-Linux, anti-Microsoft thread. Believe me, I do know a lot of Joe and Jane Blows, and if you do not then simply forget about your elitist argument, because for the most part they are not simple or stupid. They want to surf the Internet, check their e-mail, play some games and perhaps download music -- they do not want to program a database engine, do not own a Linux box for a hobby, do not start counting lists from '0' and think anyone who thinks learning Pi should perhaps see a doctor.
So, they ask you for help because they think they have a virus or are feeling a slowdown. You do everything they should have done, that is install Ad-Aware, update it, scan for spyware -- and find some truckload of the bloatware eating up disk and registry space (and I'm not going to start on the RAM). That done, you download AVG Grisoft, update it, scan for virii -- and find several hundred files contaminated by virii, and that is quite a lot to clean up. Finally, you install a firewall -- preferably ZoneAlarm or Kerio Personal Firewall -- and set it up for them, so no more Blasters et al sneaking through some obscure system ports. The best option, on the long term at least, is to be sure to install a firewall with preconfigured program access rights (and I think Kerio Personal Firewall has this feature), and I shall tell you why: it may seem simple for any of us to simply check a checkbox for the firewall to remember to allow Half-Life Launcher to attack the Internet, and I truely thought this was the case for anybody -- after all, all the firewall does is ask a simple question, at least what seems like a simple question for most of us. Then, my grandma, who has barely touched a computer all her life, tried the new one she had bought to have a pastime during her six weeks' inability to walk. And the result was pretty surprising, to say the least. A new icon on the desktop, or even a pop-up, can get her panicking. So can you imagine this kind of non-techie, new user getting a firewall pop-up every minute for every program this user launches? This is why a preconfigured program access rights list is something good to have.
Of course, anyone can go without an antivirus by simply installing a firewall and knowing what comes in their e-mail -- or, for those who grasp the technology a bit more, just block the ports manually; but Joe and Jane Blow have much more simple needs and don't want to have to learn loads of techniques simply to avoid virii and spyware, malware which they do not notice most of the time. In my opinion, the best way to prepare Mr. and Mrs. Blow against all this malware is to set up their software so at best, they can surf around and write emails totally unconscious of this protection, since in this case the software updates itself and does its job automatically. You can also give the user further tools against malware, such as replacing their browser and e-mail clients with Mozilla/Firefox and Eudora or Thunderbird. You should also set them simple guidelines, such as to always refuse anything whatsoever from a source they do not trust. Try and get them to buy commercial software (Norton Internet Security or McAfee Internet Security) as in general it offers better protection and a bit more tools that shall make everyone a happy bunny. Joe and Jane Blow want to know that they are protected against virii and spyware, but do not want to know how, and you'd be rather stubborn to get, what in their opinion is an extra worry, on the
"Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect" -- Linus Torval
Great explanation of just how irresponsible certain software manfacturers are being.
Are lot of the reply's you're getting are in the vein of:
"But you don't have to agree to the EULA"
and "What about OSS"
Okay guys, here's the difference:
A MS EULA is like me going out, buying a house, and after closing on the house I come home to find a big sticker on the door that says,
"by breaking this seal you agree to the following terms:
-You do not really own this house, you're actually leasing it from us.
-We are not responsible if this house turns out to have numerous major problems that we didn't tell you about.
-You may only use this house for purposes X, Y and Z, any other use is strictly prohibited.
-etc, etc, etc
It's clearly stupid and not a legally binding contract. I can rip that sticker of my door without a worry in the world. The same needs to be true for software.
A good example is disclaiming any and all warranty:
This needs to be done BEFORE I give you my money.
It's like a car manufacturer trying to sell a new car with absolutely no warranty by sticking a note in the glovebox when you're driving it off the lot.
The deal is already done. The note means nothing. The manufacturer is still responsible for all normal, implied warranties.
Now what about OSS?
First off, I'm going to talk only about the GPL. (Other liscenses are typically very similar.)
Now the key thing is that there are some very big differences with GPL'ed software:
1) It's free. Free things are typically not legally required or assumed to carry warranties. There also don't seem to be many laws about disclaiming liability when I give you something for free. There's nothing that says the item must be provided in any form other than "as-is", unlike commercial/retail sales. I can give you a car with rusted out brakes for free and not have to fix them for you. If I was a car dealer, charging you money, I might have to fix those brakes (unless there was some agreement made about them at time of sale).
2) The GPL is not a EULA. You do not have to agree to the GPL to use a GPL'ed program. A lot of people have trouble understanding this one. There are even programmers who make the GPL pop up when you run their program and force you the check "I agree". These people are all wrong. The GPL only governs redistribution. As such, it's not trying to get rid of any rights that you would normally have. In order to gain a right that you wouldn't normally have (redistribution of someone else's copyrighted work), you must agree that this new right is subject to a set of conditions. If you do not agree, you do not get those rights, not because to GPL says you don't, but because copyright law says you may not redistribute other's work without their permission.
Life is too short to proofread.