Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netsky Worm Variant Attacks P2P Services

Posted by timothy on from the lack-of-attention-syndrome dept.

ee_moss points out this Washington Post article (via Yahoo!), excerpting "The latest variant of the Netsky worm directing infected computers to launch Web-based attacks against music- and file-trading Web services such as Kazaa, taking down at least one company's Web sites in the process. The worm, the 19th version of a bug that made its debut in February, is also targeting some Web sites that offer computer programs designed to illegally break or bypass copyright controls on software programs."

23 of 472 comments (clear)

  1. Oh hum. by Anonymous Coward · · Score: 5, Funny

    Another virus. Run in circle. Shout. Panic.

    1. Re:Oh hum. by Brandybuck · · Score: 5, Funny

      I always know when another virus or worm has been found "out in the wild". All of the MCSE's at my company start running around with flailing arms bemoaning the inhumanity of it all. I'm not running Windows at work, so I just sit back and enjoy the panic. Just like Ricky in "The Burbs".

      --
      Don't blame me, I didn't vote for either of them!
    2. Re:Oh hum. by Emperor+Tiberius · · Score: 5, Insightful

      Ya, but what do you do when all of the Windows machines they've failed to keep virus free start clogging your core routers with virus traffic?

  2. Human stupidity by mindless4210 · · Score: 5, Insightful

    The experts advised people not to click on strange attachments in e-mail, which can activate the worm...

    Of course, until you can teach people to be intelligent, these types of viruses will continue to circulate through the net.

    --
    Wireless News www.DailyWireless
    1. Re:Human stupidity by Amiga+Lover · · Score: 5, Insightful

      I think it's not always a matter of intelligence, but apathy. People get a virus and... ...so what? I've cleaned relatives machines with dozens of viruses. They kept working for the most part, they worked before and they worked afterwards. A few resources were consumed, but consumer machines now are in the multi GHz speed range. Most viruses just don't affect the user enough for them to really give a shit about them. For an example, when mydoom hit so massively earlier this year it... made their machine one of hundreds of thousands targeting sco.com.

      Again, apathetic users, they don't notice and don't care. Until a virus comes along with the spreading power of mydoom, but sits and waits for a couple of weeks until it throws up gay porn onscreen and shouts out "HEY EVERYONE I'M WATCHING GAY PORN" while proceeding to delete EVERY SINGLE DAMNED FILE USERS HAVE... they're going to keep on not giving a damn about viruses.

      The general public sees viruses as something computers just get, and is as innocuous as a sniffle. If a few viruses came along and did the equivalent of schizophrenia, lung cancer and whole body pus filled sores to their computer, THEN they will take notice.

  3. Bad reputation by superpulpsicle · · Score: 5, Interesting

    I have a couple relatives who are extremely nontechnical. Their windows installation has already been plagued by 2 worm viruses this year. When they think virus in windows, they think virus in computers. Basically these viruses are giving computers in general a bad reputation.

    I have suggested they try linux. But they are nearly at the point of no return. They fear computer, they fear the hassle, virus scans, repair etc. What's the world coming to.

    1. Re:Bad reputation by Anonymous Coward · · Score: 5, Informative

      If they MUST run windows, this is all you have to do:

      * Install Mozilla (Firefox and Thunderbird).
      * Install Ad-Aware. Pay for the pro version that also has Ad-Watch.
      * Install Spybot Destroyer.
      * Install a cheap linksys router.
      * Install Grisoft/AVG antivirus - or somethign equally as good.

      Now, nothing is going to get IN that shouldn't and probably won't get OUT. Even if they're wreckless and download/install everything they ever run across, Spybot Destroyer lets you prevent the installation of *hundreds* of known activex applications and other troublesome installers, lock your hosts file, prevent changing the MSIE start page, etc. And if they're stupid enough to install something after Ad-Watch/Ad-Aware and/or their antivirus software warns them about it, then they deserve what they get.

      Additionally:

      * Don't give them administrator accounts!
      * Set them up with a DynDNS address. This way you can connect to them remotely using VNC when necessary to do administrative tasks.
      * Setup regular user accounts for them. Or better - setup limited user accounts so they can't even install any software themselves. Tell them to come up with lists of things they need installed and to call you. Then you can VNC in, fire up the admin account and install them in a few minutes.

      It will lock them down, but shouldn't prevent them from doing most things they want to do and will save you a shitload of headache. And if they don't like it, then it should hopefully be enough reason for them to start actually LEARNING about the machine they're using rather than treating it like a god damn TV and then they can assume the responsibility.

    2. Re:Bad reputation by Brandybuck · · Score: 5, Insightful

      Public Linux servers have been hacked, to be sure. But this is a much different thing from discovering a new worm every week floating around the Windows world.

      To hack into the Gentoo, Gnome, Debian and GNU servers, the crackers had to sit down and work at it. It didn't come for free. But write a new worm variant and several million p2p and outlook users will deliver it to your victims for free.

      Think of your home's security. Anyone with a sledgehammer can break into your home, regardless of the quality of your deadbolts. That's what happened to those servers. But in the windows world we get a bunch of houses with hollow veneer front door with a brass flip latch for a lock, and no back door at all, just a wide open portal.

      Even with a steel door and twenty deadbolts, eardrum destroying alarm, and a pair of Rottweilers, you could still get broken into. But that's no reason to encourage the burglars with cardboard doors and a lawn sign that says "if it's not too much trouble, could you please not break into my home tonight".

      --
      Don't blame me, I didn't vote for either of them!
  4. Re:It's not that surprising . . . by Dr+Reducto · · Score: 5, Funny

    There is a term for this tye of thing: PEBCAK

    Problem Exists Between Chair And Keyboard

  5. Re:It's not that surprising . . . by Bz3rk · · Score: 5, Insightful

    OK put on your tin foil hats... the conspiracy theory is that these worms that target P2P are produced by or for the RIAA. They already flood the networks with fake or corrupt files, why wouldn't they take this next step? They have already shown they have no respect for the law anyway.

  6. Spin the wheel of motivations... by LostCluster · · Score: 5, Funny

    Was the worm written by...

    A: The RIAA, to try to take down the P2P services.
    B: A disgruntled artist, who blames the P2P apps for why they can't get paid.
    C: The owner of unaffected P2P app trying to take down the competition.
    D: A random hacker, who doesn't have any interest in the music industry, but just wants to ruin people's fun.
    E: SCO. Because they're associated with anything Slashdot hates.
    F: Microsoft. Because they're associated with anything Slashdot hates.
    G: CowboyNeal, because he's a suspect on all Slashdot polls.

  7. Netsky by The_Mystic_For_Real · · Score: 5, Insightful

    I don't really understand this virus, or more precisely, the people who wrote it. Although I can not speak from experience, I would have to imagine that spreading virii over P2P networks is like shooting fish in a barrel (hotpr0n.mpg.exe would probably take down half the computers on kazaa). So why are they trying to spread it through e-mail? I would think that since there is no challenge involved in spreading it that they would be moralists (like the people who disguise a program that reports people's ip address as warez) but they are not doing it over the networks themselves so they would have a potential for "collateral damage". Is the writer just a random skript kiddie or am I missing something?

    --

    _____

    Thank you.

  8. Re:It's not that surprising . . . by Marvelicious · · Score: 5, Insightful

    I have been wondering this for years myself! Why don't more people run antivirus programs? www.grisoft.com has a free version of avg antivirus. Free! I figure, if you use the internet, you have no good excuse not to use one! Did I mention its free. Granted, its a little clumsy and short on features, but it seems to work!

    --
    Send whiskey and fresh horses!
  9. Re:It's not that surprising . . . by The+Third+Goat · · Score: 5, Funny

    Anyway, I know this sounds painfully obvious, but why don't folks take the simple step of running an antivirus program?

    Waste of money, IMHO. I've been using Windows for years without a virus scanner, and not once have I found a virus infecting my computer.

  10. Wider than just Kazaa and Edonkey, methinks by jwlidtnet · · Score: 5, Informative

    Soulseek's been down all day, for example, even though I haven't seen any information specifically saying that this new Netsky targets said network (Kazaa and Edonkey are the two that I frequently see cited, as in the linked article). It's an odd choice of target--it's far smaller than Kazaa/FastTrack--but then again, Edonkey's not too high on the usual radar, either. Some bittorrent sites are also especially wobbly today, but that could be coincidence.

    Fascinatingly, I've also been getting absolute tons of emails infected with this variant of Netsky, many of which pretend to have been scanned for viruses and are "clean." This seems particularly lame as an "innovative" get-the-dupes-to-click-on-"document.doc .pif" strategy, but someone must be clicking on these things (verizon seems particularly affected, as every other Netsky spam I get seems to be from that domain).

    Ahh well. Hopefully, this particularly-obnoxious variant will be short lived (so we can, of course, begin the cycle anew in a few weeks' time with a new SoBig or...heck, I dunno, Klez? What letter are they up to there?)

  11. New Virus Avenues by MrNonchalant · · Score: 5, Insightful

    It can't be long before e-mail becomes so suspect that self-mailing viruses simply won't spread because everybody is so afraid of their inbox. It will be interesting to see where viruses go then. IM would be my first bet, as well as P2P networks, vulnerabilities in certain *cough* OSes we've already seen, and network shares but there has got to be other methods I'm not thinking of. This could be really interesting to watch. I've never taken the hard line view towards viruses that I see here, I see them as massive experiments with data and as kind of a spectator sport. Of course that could be because I've never really had a problem with them...

  12. Equal Time? by Can · · Score: 5, Interesting

    So, when the virus attacked SCO, all the reporters gleefully reported that it was probably an attack from "the Linux Community." What are the odds that those reporters will automatically jump to the conclusion that the RIAA wrote this virus, and then publish that opinion.

    My guess, is that these writers won't be quite so eager to jump to conclusions this time. But it might be worthwhile for those of us who were annoyed by those writers to point that fact out to them.

  13. Stop the presses by shaitand · · Score: 5, Insightful

    Remember how quick the media was to turn on the linux community when a worm appeared to be targeted at SCO.

    Let's show we are a couple notches above the media here and give this some time, maybe we can take this thing apart and make sure of it's TRUE intended victim. Not to say I'd put it past the RIAA, but we should make sure before flinging accusations.

  14. People just don't seem to learn. by enosys · · Score: 5, Interesting
    Oh come on, they've been around long enough and they're still spreading like wildfire. E-mail is just too important and I can't imagine that it would be abandoned. Also people don't seem to even fear attachments. These sort of viruses have been around for a while and there are still lots of people who run the attachments and install viruses on their computers.

    I think things would only change if default setups of Windows were secure against this sort of thing.

  15. PIF - PDF by nevek · · Score: 5, Interesting

    I cant tell you how many computers I've cleaned when people get PIF email attachments and open them thinking they were PDF's.

    They will pay me to remove the virus, but they wont buy a email scanning antivirus program, or even figure out that if the icon is the windows logo (double meaning here) Its probably not a good thing!!

    Back to the article, With all of the spyware, IE plugins, and other memory hogging garbage associated with these P2P programs, alot of users wont even notice a few extra viri thrown into the mix, they'll just run to techies faster.

    MOVE!!! (shameless Nick Burns Reference)

  16. I think you nailed it... by zogger · · Score: 5, Interesting

    ... to just millions of people, a computer is just a TV set with a lot of on demand "channels". That is exactly how they treat it, and why security isn't anything they should do, the "computer" should do it.. and really, it mostly SHOULD "do that".

    And there's no reason anymore for new computers to go out the door in any shop without those types of programs installed if they are going to use MS.

    shame on MS and shame on the box vendors

    And there's even less reason to let MS skate on this issue. They should have been class actioned all the way to the supreme court long ago on useability and security and internet interoperability issues.

    That EULA is an abomination. Maybe 20 years ago when desktop computing was really getting going they needed some time to get up to speed on coding, but not today, nope, EULAs that absolve the *seller* of all normal consumer warranty and protection should be stricken down. once and for all.

    If ACME front door and lock company made a product that consistantly over the years was shown to A not open or shut correctly and could be counted on to fall off the hinges and needed to be re hung every 6 months, B-which had no credible locking mechanism, and C-caused the purchasers to be invaded in their homes and robbed and inconvenienced for years and years because of A and B, they would have been put out of business.

    It's time to REALLY consider this EULA get out of any responsibility card they are allowed to use and profit from. It's absurd.

    Methinks a lot more proactive coding on their part over the years might have cost them X-billions more, but they got 50 bill in the bank now, they could have most likely made it a lot more secure and functional and still had many many billions in the bank. There's no excuse anymore beyond pure GREED on their part. I would agree with the assessment nothing can be coded perfect, but really.. there's ways to go about this, they just never did it,not near enough, they were AWARE of the issues just they didn't CARE about the issues enough because it would have cut into "profits". Not eliminate them, it just would have reduced them some. Big deal. they profit, everyone else has to jump through hoops and suffer over their inaction.

    They could have had BOTH, profitability plus more secure and functional design, they chose NOT TO. It was high level executive decision making that caused that, it was done on purpose. It wasn't that important to them as long as they could bully their way into mass acceptance and get away with it.

    Class action suit, I am surprised it has never happened yet.

  17. Re:It's not that surprising . . . by void* · · Score: 5, Informative

    Actually, viruses do install themselves.

    These 'email viruses' that require a user to click on them aren't really viruses, they're trojans. They don't have a means to copy themselves into another program, they just send off a bunch of mails and hope somebody activates them. They have a propogation mechanism that depends on human stupidity. I would call them 'self replicating' but they have a rather uninteresting replication mechanism.

    A real virus ... you run an infected program (note: not the virus itself, an otherwise useful program that happens to be infected) and it installs itself in other program or you boot off an infected floppy, it infects your hard disk boot sector, and then starts infecting more floppys. These actions (running a program, or booting your machine) are entirely normal things to do, you do them because you can't get anything done with a computer without doing them.

    Which brings us to worms, which are self replicating, but actively break into other machines and directly cause copies of themselves to start executing.

    As far as viruses go, people install and run infected programs because they want the functionality of an uninfected program and do not know the infection (the 'undesired behavior') is there. Hence the need to scan for viruses before you install any program.

    --


    Code or be coded.
  18. Norton sucks! by JPriest · · Score: 5, Interesting

    I hate Norton and Mcafee because they each run like 6 different processes when the system boots up. Who needs a virus when they have an anti-virus utility that causes more load and overhead than everything else combined. Not to mention their scare tactics to get people to spend more money. I think AVG and AVPE are fine solutions, just most people don't know they exist.

    --
    Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.