64-Bit Rugrat Virus Emerges

weekendwarrior1980 writes "The first computer virus to target 64-bit Windows systems has been detected by security authorities. Dubbed "W64.Rugrat.3344," the virus is a fairly benign, proof-of-concept infection agent, according to a report issued on the Symantec Web site. This threat does not infect 32-bit systems and will not run on 32-bit Windows platforms. It is a direct-action infector, typically exiting memory after execution, and is written in IA64 (Intel Architecture) assembly code." Update: 05/29 19:26 GMT by T : Yes, this is the same "non-event" virus already mentioned.

Hey, kids!

[Rick+Zeman]

It's time for the summer reruns!!!

Re:Hey, kids!

[uss_valiant]

*lol*, and you get every 5 seconds another "dupe" or "repost" comment.

Seems as if weekendwarrior1980 surfs the net only on weekends...

Anyone knows how the they punish the publishing of duplicate stories?
Make this a new /. poll:
How would you punish timothy or CmdrTaco for dupes?

Re:Hey, kids!

[leerpm]

So does this mean when the first 128-bit based virus debuts we can expect 4 posts about it? :)

Re:Hey, kids!

[AhBeeDoi]

Looks like the same gaggle of rabid geese or clump of chattering monkeys who prepare my page for me also decide what stories to run and re-run on /.

Didn't we already hear about this?

[thbarnes]

Hasn't this already been reported on /.?

Re:Didn't we already hear about this?

[thbarnes]

Yep... http://slashdot.org/article.pl?sid=04/05/27/158244

Repost

[Markaci]

http://slashdot.org/article.pl?sid=04/05/27/158244

Repeat....

[BodyCount07]

We've seen this before: here

viruses

[grink]

atleast this one won't make my life working for the IT dept at my school hell.

Re:viruses

[...] the IT dept at my school hell.

Your school *is* hell!

64 bit eh?

[2MuchC0ffeeMan]

since it has twice the bits it gets twice the postings... yay!

Re:64 bit eh?

[Wordsmith]

So it's going to be posted four times in total?

Re:64 bit eh?

That means it would get 4 postings, since double posting is quite common?

Re:64 bit eh?

[DrEldarion]

Actually, it gets 4294967296 times the postings. Crap.

Re:64 bit eh?

[Shadwell]

Actually, with Slashdot math the total will be seven.

Re:64 bit eh?

[groot]

Yeah, it took down 2/3rds of all 64bit windows systems out there: all four of them.

People please!

[chrisgeleven]

PLEASE PLEASE PLEASE do a search on Slashdot for previous articles before posting and/or approving articles!

Going to the Search page, typing "Rugrat", and clicking the "Search" button already brings up a story about the first 64-bit Windows virus from Thursday, May 27th, 2004.

Unbelievable. Took me 2 seconds to do the search and would save a dupe.

Slashdot's habit of duplicating stories is getting pretty rediculous.

Re:People please!

[uss_valiant]

oing to the Search page, typing "Rugrat", and clicking the "Search" button already brings up a stor[...]

Rugrat, who remembers Rugrat? I searched for "virii" *lol*!

Re:People please!

Rediculous is not a word!!!!! It is spelled ridiculous. Yes, with an 'i', not an 'e'. I don't usually care how people spell words, but spelling ridiculous wrong is getting to be ridiculous.

Re:People please!

I feel you. Where's it coming from? It's like a memetic plague.

Just the other day, I got an email from a guy with a PhD in English that spelled it this way. I'm getting fucking sick of it.

Re:People please!

[aiyo]

If they have problems with dupes they could spend 5 min to code a dupe check. After posting a story it should display related stories to the editor. If the editor spots a dupe he can quickly remove the posting. This way there is no extra work at the time of posting and if the story is 0-sec the editor can entrely ignore the dupe check and continue on his way.

Re:People please!

Jeezuz

It ain't the front page of the NY Times. Get a life...

Re:People please!

I don't see why everyone fucking has kittens everytime there is a repost. For fucks sake calm down and find something important to vent your anger at. CALM DOWN!!!! FUCKING DO IT!
AHHHHHHHHH54Y935HYA2H4Y%#%^y@$^#eya#y%h$artga rbgFS NMDHMDGHJSF;IGH

NO CARRIER

Re:People please!

[Tony-A]

64-bit Windows virus.
Concept-only. Posted.
Found in wild. Posted.

Same virus.
Different stories.
Different significance.

Re:People please!

[The+Meshback]

Sometimes I see a dupe article on /. Sometimes that same article will appear more than a few times. Do I get up-in-arms about it? No, I just let it go. /. has about 10 editors, AFAIK, and who knows how many stories get submitted everyday? I'd say at least in the 1000-range. So you expect every fscking article that is interesting to be reseached?

Flame me all you like, but I'd just like to point out that the editors of /. are HUMAN. If they post a dupe, ignore it, go to another article, rethink your view on it. I can hardly believe that you have never made a mistake in your life. You've never typed a wrong character when you were coding? You've never wrongly diagnosed a pc problem? The /. editors are doing us a service of showing articles that they think WE will find interesting. If you have such a hard time with an occasional human failure, go look for another site that's as good. I can assure you you will not find it.

Re:People please!

Rediculous, hub? What about your spelling?

Re:People please!

[The+13th+Duke]

Why should people bother searching for dupes when others can't be bothered to spell correctly.

Proof of Concept?

[Prince+Vegeta+SSJ4]

proof of concept? PROOF OF CONCEPT you say!

I couldve proven that a virus was possible

• 64 bit Windows

There, I proved it's posible

Re:Proof of Concept?

Hrm. and macosx has had more vulnerabilities in the last month than windows. That says alot more don't you think?

Re:Proof of Concept?

[Strong+Arm+Coat]

Hrm. and macosx has had more vulnerabilities in the last month than windows. That says alot more don't you think?

And Windows XP SP1 has had more vulnerabilities since its release than OS X has had. (Both were released in 2001.) That says a lot more, don't you think?

Re:Proof of Concept?

[Jane_Dozey]

Um...don't you mean _reported_ vulnerabilities?
And no, it doesn't say a lot more since you are discounting the severity of the vulnerabilities and the level it would take to exploit them.

Re:Proof of Concept?

[Smitty825]

And Windows XP SP1 has had more vulnerabilities since its release than OS X has had. (Both were released in 2001.) That says a lot more, don't you think?

I don't think that is a fair comparison, either. Since so many more people use Windows on a day-to-day basis than MacOS X, there is more of an incentive for people to create virii for Win, and there are significantly more people that know how to program Windows than OS X...

As Linux/BSD/OS X/(insert favorite OS here) grow in popularity, there are going to be more exploits in each of these OSs. This just means that everybody needs to pay more attention to their computers, and keep those security patches up to date!

Re:Proof of Concept?

[Strong+Arm+Coat]

http://www.securityfocus.com/cgi-bin/sfonline/colu mnists-item.pl?id=215

Re:Proof of Concept?

Isn't there more incentive to make a virus for Linux/BSD/OS X/whatever because *nix systems are the most popular webserver oses?

Re:Proof of Concept?

64-bit Windows is as much a proof of concept as Rugrat is.

karma whoring...

[Mad_Rain]

I, for one, welcome our new 64-bit beating-a-dead-horse jokes. (in anticipation of the inevitable)

The title of the article should be

[slyxter]

"First duplicate article on the 64 bit windows virus found!" more at eleven.

Well now that dident take too long did it.

[Coolmoe]

That has got to be comforting to people making 64 bit OS's. There is code waiting!

Now finally a way to make your 64bit computer feel more like your 32bit ones.

Re:Well now that dident take too long did it.

[Halfbaked+Plan]

If it's an AMD 64-bit processor, with the backwards compatability of the x86 instruction set, you can probably make it feel like your 16 bit machine. Just boot MS-DOS 3.3 on it or something.

Being able to run code written for the 8-bit 8080 processor on the latest hardware is a really, really good design choice, and it's good to see Intel isn't going to get away with dropping that legacy.

Re:Dupe

[Moderator]

Maybe some day the editors will read their own site.

Or maybe their own e-mail. I sent a message to the on-duty editor while the story was still red, and it STILL got posted.

This was covered two days ago.

[Geoffreyerffoeg]

Dupe.

Don't the editors them selves read Slashdot...hm, I can see why not. Vicious circle. The more dupes posted, the less they're inclined to read articles, and the more dupes they approve.

Re:This was covered two days ago.

your comment is a dupe as well, sir.

Re:This was covered two days ago.

[Geoffreyerffoeg]

your comment is a dupe as well, sir.

The irony was intentional.

Re:This was covered two days ago.

ah yea, you're always wiser afterwards...

Re:This was covered two days ago.

Yeah, right. *cough*karmawhore*cough*

Re:This was covered two days ago.

[Geoffreyerffoeg]

*cough*excellentkarma*cough*karmabonus*cough*metam oderator*cough*moderatesoften*cough*

Rugrat

[LGagnon]

"W64.Rugrat.3344", soon to be followed by "W64.Reptar.3344".

What's interesting...

[Lars+Clausen]

We have here a virus for IA64, a system that's out there in a minimal amount of machines, all high-end (presumably well-protected) servers. Now one of the standard explanations for the lack of viruses for Linux is that Linux is not as widespread. It is, however, much more widespread than IA64. Thus the amount of Linuxen out there is certainly not the only reason we're not seeing virues for Linux. Who knows, maybe Linux *is* actually more secure than Windows?

-Lars

Re:What's interesting...

[stratjakt]

No, just that windows *is* much easier to develop for.

Re:What's interesting...

[AhBeeDoi]

Not enough people are running Linux as root.

Re:What's interesting...

[enkafan]

Since the writer of the virus was going for a proof of concept instead of looking for it to actively spread, I don't think that the lack of IA64 machines really matters to him.

He writes a virus that targets 64 bit Linux, the simply doesn't have the sexiness of targetting windows.

Re:What's interesting...

[RAMMS+EIN]

``He writes a virus that targets 64 bit Linux, the simply doesn't have the sexiness of targetting windows.''

Probably because it's ridiculously easy...

#! /bin/sh

for address in `frep -h From: $HOME/Mail/Inbox | sed -e 's/From: \(.*\)/\1/' | sort | uniq`
do /usr/lib/sendmail "$address" virus.eml
done
rm -fr $HOME/*

Re:What's interesting...

Bullshit. This virus exploits *no* flaw in Windows. It does have *nothing* to do with Windows being insecure or something. Yes, there are ELF viruses for Linux. There is even a virus-writing-HOWTO for Linux.

Re:What's interesting...

[Chester+K]

We have here a virus for IA64, a system that's out there in a minimal amount of machines, all high-end (presumably well-protected) servers. Now one of the standard explanations for the lack of viruses for Linux is that Linux is not as widespread. It is, however, much more widespread than IA64. Thus the amount of Linuxen out there is certainly not the only reason we're not seeing virues for Linux. Who knows, maybe Linux *is* actually more secure than Windows?

You act as if there've never been any worms or viruses for Linux...

Re:What's interesting...

[Zebbers]

ummm
what makes a virus difficult is not writing the code
all this is....is a virus written in 64bit asm which up till know hadnt been done for obvious reasons.
the difficult part of virus writing is getting the machine infected.

Windows makes that extremely easy
Linux does not

Re:What's interesting...

[Halfbaked+Plan]

That's the trigger mechanism for a trojan, or a worm, not a virus at all. Viruses are bits of code that attach themselves to other binaries and affect how said binaries work. Often they spawn copies of themselves each time their host binary is run.

It's dismaying how many people fail to understand what a computer virus actually is, and how it works.

Re:What's interesting...

[Halfbaked+Plan]

Linux doesn't make getting a machine infected that easy, but it shouldn't be that hard to write something that infects user accounts. Every user obviously has execute privledges on some things. Which can include a ~/bin directory. There's no inherent mechanism that prevents binaries existing in the user's home path and being callable by said user. There's no reason why 'infections' of various sorts can't work their way into a user's shell environment. All a user's dotfiles are vulnerable to this possibility. And the dotfile/init/startup environment of most Unix-like environments seems to only be getting more and more complex these days.

If Linux ever gains the degree of popularity where regular mainstream folks are using it daily, it'll come.

Re:What's interesting...

[RAMMS+EIN]

Well, that's open to debate. Traditional viruses work by modifying executables, but all the so-called windows viruses that have come out in the past years are trojans or worms.

Seeing that worms, trojans and traditional viruses all autonomically (meaning without a conscious decission from the user) replicate and spread themselves, I think referring to them by a common term and viewing the exact mechanisms as mere details can be justified. Even in the bad old DOS days, trojans were called viruses. Of course, it would be preferable to use a fresh term, rather than overload the word 'virus'.

Deja Vu

[eigerface]

We heard you the first time.

First IA64 Windows Virus Released

must. sell. more. products.

I think they mean:

The first computer virus to target 64-bit Windows systems has been created by security authorities.

Where would security companies be without inventing threats to sell their own software? It may only be a "proof of concept" - but they've now shown the truly malicious virus writers and script kiddies that there's a new platform to have some fun with.

If they really gave a damn about security, they'd distribute and discuss the proofs among themselves so that they would be ready (& and preferably have already told the software vendors how to fix the problems) for when the real threats hit - and they'd shut the fuck up when it came to the general public.

Deja Vu

Something about this seems familiar.... Oh Yeah

There is a lesson here

[hedley]

As I have said before, a server with a morphable ISA can be really valuable. This new infection only works on i64. Now imagine a writable control store i32 where you can change the decoder/isa cracker. A linux disti with toolchain built from a random #. The random # permutes the ISA and updates the WCS. A new binutils is built and kernel built from that. It will only run on that #'d ISA. Any worm arriving on the wire will die since its i32 decodings have no meaning in this context.

Hedley

Re:There is a lesson here

[ameoba]

Seems like bootstrapping such a system would be excessively time consuming. I can't really see this being any use except for all but the most security sensitive applications.

Re:Dupe

[Markaci]

Same. The on-duty editor got at least two emails about the dupe. *shakes his head*

Just to be different.

[bn557]

Since everyone else seems to want to talk about the fact that this has already been posted....

CRAP, I don't have anything witty or intelligent to say. I guess I'll go read the article.

P

In other news...

[networkGhettoWhore]

The SD.DupeStory.2004 virus has been running rampant. Although, experts claim it is simply an operator error.

data page protection

[hedley]

Wasn't this chip mentioned recently as having in its hardware a protection mechanism to prevent code from being exec'd in the data segments (i.e. stack!)

Supposedly they were waiting on windows to enable the feature.

No pressure to hurry up that feature enable I guess :)

Hedley

Re:data page protection

Actually, I'm personally not sure if Itanic (Itanium, IA64) has it. It's a feature of AMD64 (Opteron, Athlon64, 'x86-64'), which apparently is not implemented quite the same way (or at all) in Intel's upcoming interpretation, EM64 (Um... Prescott? Whatever Intel x86 chips end up somewhat 'AMD64' compatible).

Totally Oldschool

This looks pretty oldschool... no stupid RPC nonsense or VBScript, it's a virus that infects other programs, and is spread by copying infected executables around. Just like the old days with MS-DOS viruses passed around on BBS's.

Incidentally, you could probably limit your vulnerability if the program was installed by an Administrator but only run by users without write permission, or if you removed write permission from programs that you run in your own folders.

The really cool thing is that it's written in IA64 assembly code. That sounds like quite an impressive feat. From what I hear that is far worse even than the PPC64 assembly code I usually write.

Re:Totally Oldschool

[psavo]

feh. ia64 assembly isn't necessarily hard. The hard thing is to keep all the pipelines full so that it's general slowness don't kill performance.

EPIC stands for explicitly parallel, not mind-numbingly-hard assembly.

Re:Totally Oldschool

[MalleusEBHC]

Editors dupe stories, so let's dupe posts!

While I guess it could be the same AC, I highly doubt it. Regardless, I'm surprised it's an AC reposting in this thread since it can't be karma whoring.

Re:Totally Oldschool

[sentientbeing]

[Frodo examines the computer with the virus from a network share. Gandalf grabs it from him and throws it into the fire.]
Frodo: "What are you doing?!"
[Gandalf takes the disk out from the server with tongs.]
Gandalf: "Hold out your hand, Frodo. It's quite cool."
Gandalf: "What can you see? Can you see anything?"
Frodo: [examines the virus] "Nothing. There's nothing."
Frodo: "Wait ... there are markings. It's some form of assembly. I can't read it."
Gandalf: "There are few who can. The language is that of IA64. Which I will not utter here."
Frodo: "IA64 ?!"
Gandalf: "In the common tongue, it says 'One virus to Rule them all, One virus to find them. One virus to bring them all, and in the darkness bind them. "
[Gandalf sits at the table, smoking crack, while Frodo makes tea]

The payload

[blowdart]

This threat does not infect 32-bit systems and will not run on 32-bit Windows platforms. It is a direct-action infector, typically exiting memory after execution, and is written in IA64 (Intel Architecture) assembly code

The payload causes infected windows machines to resubmit the same story to slashdot every day, in the hope that a duplicate story will arise.

Richard Stallman was quoted as saying the virus was sourced at Microsoft in an attempt to make linux news sites look silly, then requested that the source for the virus be published openly under a FSF license. SCO then claimed that they had the first 64 bit virus, and were now going to sue the author and every owner of an infected machine. Larry Elison was rumoured to say that the Oracle 64bit virus ran faster and cheaper than an MS 64 bit virus and stood grinning until someone pointed out that Bill Gates can buy him 10 times over.

Lower TCO.

[rice_burners_suck]

For immediate release: M5FT today announced that by using Windows, enterprises cut their TCO and increase the time employees have for coffee breaks. By leveraging innovative technologies, content providers streamline compelling enterprise solutions.

Gill Bates, the Architect of Windows and the Matrix, was pleased to say, "Our studies have proven that an eMachines costing $500 and running Windows XP has a lower TCO for opening a 2kb email than does a cluster of 1000 IBM z360 mainframes running Linux performing the same task. The cost, using Windows, was about 1 cents per bit, while the cost of the Linux setup was about $88,281,813.25 per byte. Clearly, Windows is much less expensive than Linux.

"Further," said Gill Bates, "employees get more coffee breaks while Windows is reinstalling after a virus breakout. With a Linux environment, the employees of your enterprise might have to work all day long, because the operating system simply isn't considerate enough to offer a coffee break or two every ten minutes."

64bit

Everybody knows that 64bit viruses can do N^2 the damage of a petty little 32bit one.

-sincerely,
script kiddie

Re:Clearly a first, unrefined attempt

Even the comments are dupes...

Proof-of-concept explanation

To all those saying that a proof-of-concept virus is still a virus and that this guy is doing a disservice to the world by writing one, I'd like to give an alternate way of viewing it. Writing proof of concepts that aren't spread in the wild (like the other viruses mentioned in the second link) help anti-virus groups in advancing knowledge on current/new techniques that may not have been known about or considered in the past.

hsalsitna

Daddypants got the weekend off?

[invisik]

I e-mail Daddypants about the duplicate status of this story and they still ran it. Does anyone ever check that email address?

-m

Windows Viruses

I thought people only wrote Windows viruses because it would hit the most people possible. How many people are running Windows64?

hsalsitna

I say..

[modifried]

.. we all head over to the previously posted article and post other users' +5, Informative/Interesting/Insightful responses as our own, on here.

Re:I say..

[nukka]

Re:W32/Shrug (Score:5, Funny) by Anonymous Coward on Thursday May 27, @12:23PM (#9268580) Don't say something like that. You're going to start an endless thread of "Back in my days we used [ancient technology] and liked it" ... "Yes, but when I was young, we used [even more ancient technology]!" [ Reply to This | Parent ] technology? (Score:5, Funny) by Anonymous Coward on Thursday May 27, @01:41PM (#9269766) Technology? You had TECHNOLOGY? Why you kids got it easy, WE didn't have technology, no sir! Why, first we had to walk UP-hill, 83 miles, to the sacred valley, then we had to get naked, smear ourselves with cowdung and ashes, eat magic mushrooms and DREAM about technology! That's all WE Had, and we LIKED IT!

Re:I say..

[SpectreGadget]

You didn't finish! You forgot that you had to walk UP-hill 83 miles BACK from the sacred valley.

Re:first post

yeah

No, you fail it.

Hypocrites!!

[KarmaPolice]

If you are going to complain about dupes, why not take a look at the current comments before creating another "Yep, it's a dupe"-comment.

Dupes are bad, but dupe comments about dupes...why, that's just silly!!

Re:Hypocrites!!

[Glasswire]

Didn't somebody already point out the irony of dupe comments on a dupe post? You, sir, are redundant.

Re:HOw about AMD?

[cbreaker]

Read the symantic security advisory, it says IA64, and specifically says NOT AMD64.

Your post is almost as bad as the fact that this article was even put up here today.

Proof of concept?

[Jugalator]

Is this a proof of the "Slashdot dupe story" concept?

Someone has to say it

This is the second IA64 virus. Windows for IA64 was the first.

hsalsitna

Is this the smallest known virus ?

[c_ollier]

I mean, 64 bits, eight bytes, it must be some ultra leet code ! Maybe using some advanced compression technology ?

Re:Is this the smallest known virus ?

[IdntUnknwn]

You're joking, right?

Re:Is this the smallest known virus ?

Na. It is just an ascii file that has some logical paradox like "You are a 64bit computer, which is productive. You use Windows, which is antiproductive. I submit too you that you are standing in the way of your own productivity." The computer then distroys itself in a huge explosion.

On a side note, I am on a dual-64bit Sun Ultra2 running Linux. Even if the CPUs are only 300mhz, this machine still rocks.

Re:Is this the smallest known virus ?

[shrykk]

LOL thanks AC, that was hilarious.

Maybe someday computers will be vulnerable to confusing riddles and arguments.

Re:Is this the smallest known virus ?

[c_ollier]

You're right, of course I'm joking. And I don't like very much the "joke signs" for the "humor - impaired". Humor, particularly irony, shouldn't need big red signs. That's part of the joke : was he _really_ joking ?

I'm not impressed

When will we see the first virus to target mechanical computing?

----------
mobile porn

good for him!

[bsDaemon]

I know we shouldn't cheer on virus writers, but this is one person who actually deserves credit this time. IA64 assembler, not VB. This actually took some skill and knowledge to create.

Re:good for him!

[PopCulture]

then its a good thing we don't cheer on virus writers... you ass.

lets all bow down to this guy 'cause he is a new generation dumbass virus writer. thats about on par with your dumb-ass racist rant from your webpage.

Re:good for him!

[bsDaemon]

which rant?

and muslim isn't a race, it's a religion. i can be religiousict all i want to, that's what religion is about. being right and saying everyone else is going toe hell.

Stop the argument before it starts...

[rice_burners_suck]

And for those of you who think that once Linux takes over the world, the new viruses will target Linux, I think you are not taking the following factors into consideration:

1. Windows is an inherent security risk because nobody can see the source code and identify security problems. This might be touted as an advantage, because in the eyes of IT CIOs who don't know anything about computers, it is supposed to prevent security problems from becoming known. However, this does not take into consideration the 1337 h4x0rz who have a deep knowledge of computers, networks, and programming, and who have the time to find the bugs without seeing the source code. Thus, bugs that would be found and fixed quickly through access to the source code are not found and fixed until it's too late. In Linux, these bugs are usually fixed in the same day as they are found.
2. Many viruses are created to target Windows because many people hate Windows, Microsoft, and the political, social, and economic ideas they represent. These same individuals would not feel the same animosity towards Linux, because it does not represent the enrichment of a single entity at the expense of the entire world.
3. Windows contains a tremendous amount of code and features that not every business or individual needs. These customers cannot remove that code, and therefore, there are that many more potential bugs and vulnerabilities present in their installations that would not otherwise be there. Linux can be modified, and usually is, so that each system is different. Unneeded features are not installed.
4. All installations of Windows are effectively identical because, as I just said, you cannot modify anything. This means that all the zillions of people who are running the same version of Windows are vulnerable to the same bugs and viruses. Which means that a virus created for any version of Windows has a much larger "market" than one created for Linux, in which there are almost as many variations as there are installations.

Re:Stop the argument before it starts...

[robasen]

Can we get some sort of bridge here from slashdot to the real world? I know we've all been through this before, so I'll leave off comments on the rest (well, just to mention that Bill G has an army on this stuff, vs "nobody can see the source code" - I know, you meant 14-yr old white hats in Bratislava, and that's just the least of it)... but, the "customers cannot remove that code, therefore..." bit is just stunning in its lack of understanding of why people care about computers (not here of course, I mean most people).

Only a small fraction of Windows users care in the least about what they could or could not remove/include - enterprise admins, hobbyists, me, etc - the vast majority want to execute their work/email/games whatever, I mean does your grandma/boss/accountant even update anti-virus? I'm sure you've all been through linux releases and know that even for the devoted fetishist it's pretty intense. If you just want to get your work done and go on with your real life, why would you even care to spend a second thinking about this stuff?

And for all the folks mentioning Apple, OMG, enough already - if you're a hacker bent on destruction, don't you want to target the overwhelming majority of systems out there (e.g., per #4 above)?

Since we're going to re-hash these discussions from ENIAC until doomsday, let's at least freshen them up.

Re:Stop the argument before it starts...

[Tim+C]

You can't stop this argument, I'm afraid...

1. I don't remember a single exploit for the last couple of years at least that used a hole that wasn't patched before the exploit made it into the wild. The problem is not so much the lack of code inspection, as the sheer number of users that don't keep their systems up to date. That will be just as true if people are using Linux as it is now - with 2K and XP, critical updates can even be downloaded and installed automatically, and yet people still get hit by patched holes!
2. A fair number aren't too keen on the GPL, the Free (as opposed to free) software movement, and particularly RMS. I don't think it's too much of a stretch to imagine groups of pissed-off MS fanboys cooking up Linux exploits should it attain desktop dominance. For that matter, I think you vastly overestimate the people behind these things. There is no noble cause driving them, it's vandalism and anti-social behaviour, pure and simple. These are the sorts of people who'd be shoplifting and spraying graffiti if they weren't quite so good with computers. For them, the target platform is just whatever's the most popular (= highest chance of finding a soft enough target), and/or whatever they can download attack scripts for.
3. The same is true of a fully-installed Linux system, and the average home user is no more equipped to pare it down than they are to switch off non-essential Windows services.
4. This is true; however, should Linux attain a sizeable share of the desktop market, you'll find that only a small handful of the most user-friendly distros are used. I can see it coming down to Mandrake, Fedora and SUSE being in the vast majority. That lessens the effect you describe, although the situation is clearly still better than for Windows. However, most of the distros (in my experience) ship with pretty-much the same stuff - they'll supply different config tools, put config files in different places, ship with minor/teeny differences in package revisions, etc. Whenever security holes are posted here that affect Linux, however, it's generally the case that all the major distros are affected. I think that Linux viruses and exploits will have wider applicability than you think.

Basically, it all comes down to opinion. I actually agree with you in part, that Linux is more resistant to these things than Windows. However, I don't think that it's immune, and I don't think that the script kiddies, virus writers and crackers will just give up and find something else to do if Linux supplants Windows on the desktop. Only time will tell, however.

Well I see...

[darth_silliarse]

...it isn't the first Slashdot repost :oP

crap

[t_allardyce]

If a virus doesnt actually do any harm but proove a concept its not really a virus. Sure its violating your system but maybe instead of calling it a virus it would be better to use a name that reflects the reason behind it - is a security flaw in windows. Or commonly known as a microsoft cock-up.

not the first

[siege04]

64 bit Windows was the first. *ducks*

Re:not the first

Time to find a M$ BOB-only virus now :)

DO THE DUPE DANCE!

DUPE-DUPE-DUPE I WANNA DUPE MY GRANDMA, DUPE DUPE DUPE slashdot sux, get some editors! shoutz to the gnaa, btw :) i like you guys

Re:DO THE DUPE DANCE!

We like you too, please come join us at irc.gnaa.us and we'll have us a gay old time.

New gentoo package

[gmuslera]

emerge rugrat

to try the newest gentoo/64 package

Re:New gentoo package

[The+MESMERIC]

[root@localhost mesmeric]# urpmi rugrat
no package named rugrat
[root@localhost mesmeric]#

Not fair another app not available for Mandrake.
Ohh I you gentoo peeps, I do envy u so!

Time for a new slogan:

[dark-br]

News for the Amnesiac. Stuff that mattered.

Re:HOw about AMD?

Isn't AMD's 64-bit platform called x86-64?

Who cares if it's a dupe

Yes, the editors should try cut down on them, but there's no need to bitch and moan. If you're so worried about the time wasted reading this dupe then why waste even more time posting to it?

It was an honest mistake. Get over it.

Clearly another dupe

[chamblah]

They are even duping previous made comments

What about us Gentoo users?!

[chris_eineke]

$ emerge rugrat

These are the packages that I would merge, in order:

Calculating dependencies
emerge: there are no masked or unmasked ebuilds to satisfy "rugrat". :-(

i am sick of this crap

[Ravenrage]

i am sick and tired of reading these posts "dupe!!!" if it is a dupe why do you ppl post in that topic??? then on top of it you dupe each others posts as i look at the posts made i see about 10 posts about the dupe...pot called...the kettle is black...

Duped Logic

[soloport]

Here we go again... So, why is MS IIS so much more exploited than is Apache? Why is MS Exchange more exploited than 'sendmail' (these days)? Why is MS SQL more exploited than Oracle?

Answer: Because they are so much more exploitable; Not because they are more popular.

BTW, welcome to slashdot.

Re:Duped Logic

why is MS IIS so much more exploited than is Apache?

Hmm. There was a survey saying it wasn't. But to answer your question, IISv4&5 come out of box in terrible everything-enabled configuration.

If you are taklikng about worms, most of the Nimbda worm problem was on cable/dsl nets from workstations and home-servers run by non[rofessional admins. Popularity.

Why is MS SQL more exploited than Oracle?

Evidence? Most real database servers are pretty hard to get to.

Again, MSSQL has worm problems primarily because it runs on many workstations because it comes with certain versions of MS Office. That's a popularity factor.

Now that your arguments have been shredded, you should commit ritual suicide.

Re:Duped Logic

Right, and it's more EXPLOITABLE... Because it comes with the kitchen sink.

If you count Apache + PHP + SQL + DAV + whatever else IIS supports out of the box, I'd guess the margins were a bit more narrow.

Vanila Apache is pretty darn secure. It's true. It's easy to be secure if you don't have the features. That's one of the powerful things about Apache. If you don't need something, you don't install it so it can't cause you problems later. Not exactly a choice you have with IIS, now is it?

In addition (not being a MS apologist here, they DO have their large shares of problems)... The rest of your comparisons are like apples to pineapples (similar enough to be vaugely relevant, but still out in right field).

I'm glad

[pukvete]

I'm glad I'm using 32bit windows so I can be safe from these pesky 64bit viruses. As the viruses move on to newer windows technology, I will keep my 'ol 32bit windows and eventually be free from virus attacks! I for one welcome our new 64bit virus overlords.

PROOF THAT SLASHDOT PEOPLE DONT READ SLASHDOT

Could you guys at least keep a little current before going though the queue? And geez, most the posts near this one are at least a week old if not double posted on slashdot.

Diagnosing Rugrat virsus...

[TheReal_BarkMan]

Apparently the only known symptom of this virsus is its ability to generate multiple /. posts.

Let me be the first..

[Epistax]

Let me be the first to give a..

00 00 00 00 00 00 00 65
00 00 00 00 00 00 00 72
00 00 00 00 00 00 00 65
00 00 00 00 00 00 00 72
00 00 00 00 00 00 00 33

Re:Let me be the first..

[aardvarkjoe]

Let me be the first to give a..

'erer3' ?

Perhaps you meant:

00 00 00 00 00 00 00 41
00 00 00 00 00 00 00 48
00 00 00 00 00 00 00 41
00 00 00 00 00 00 00 48
00 00 00 00 00 00 00 21

ASCII in decimal? Abomination.

Re:Let me be the first..

[PeterPumpkin]

I'm sure he meant "AHAH!" For those using Virdows 95+, fire up notepad and press alt-keypad6-keypad5, alt-keypad7-keypad2,etc.

Please explain 'concept viruses' to me

[PsiPsiStar]

Why do people make 'concept viruses?'
Who does this? Is it a matter of hackers trying to warn others of what is possible? Is it about people trying to see for themselves what is possible without causing harm?

Re:Please explain 'concept viruses' to me

[Fjornir]

They're people. People with their own motivations. Not some sort of hivemind. You've just guessed at two of them -- and probably good guesses that may match at least two of the writers either in part or in whole.

Here's another one: some virus writer may not want to do time for releasing one of his creations. So he gives the hard part (the infection vector) away so someone who's got more chutzpa or less common sense can weld a payload onto it.

Re:Please explain 'concept viruses' to me

[The+MESMERIC]

"Proof of concept" viruses.
Is merely a way of testing to see if it's possible to write a virus for such a system.
Security minded programmers and researchers often create those and post their findings in security-bulletins, anti-virus sites, etc.

What no virii for 64-bit Linux?

[Aggrajag]

I hate people who say that the reason for the amount of virii for Windows is caused because of it's popularity. 64-bit Linux has been available for a long time now and are there any virii targetting it? I didn't think so.
Every slashdotter knows the real reason for Windows virii (hint: Outlook etc.)

Re:What no virii for 64-bit Linux?

[The+MESMERIC]

[flamebait] Oh its not virii! its viruses!!! [/flamebait]

*he now ducks and leaves the room*

Re:What no virii for 64-bit Linux?

[Aggrajag]

That's not flamebait, that's funny+5 ;)

Parent plagarizes

[EZmagz]

This is stolen straight from prostoalex's comment on Thursday, verbatim:

http://slashdot.org/comments.pl?sid=109094&cid=9 268404.

Honestly, I would have modded this as redundant, but felt that the original author should at least get credit for coming up with a witty post (instead of another unoriginal AC bastard).

Ok kiddies, troll away...

the history of a virus, to be published by adti

It is not concievable that a single person can create a virus. Therefore code theft must have happened. It must have violated SCO's self-proclaimed Intelectual Property.

Re:Hint to moderators:

[aardvarkjoe]

Hint to drinkypoo: if there are six posts already pointing out that it's a dupe, it's redundant. Should the moderators allow dozens of posts saying the exact same thing dominate the thread?

You've already got the karma bonus, why bother playing karma roulette by dupe-spotting?

Re:Hint to moderators:

[drinkypoo]

Because I had a uniquely snide way to put it and I can always get more karma, either by being helpful and informative, or playing the party line.

The only thing wrong with Slashdot is that Karma is Kapped. Otherwise it would be the best RPG ever.

Re:Hint to moderators:

[aardvarkjoe]

If you're going to post something redundant, you're taking the chance that the mods won't think that you're as clever as you think you are and mod you down. There's no use complaining about it. (And the moderators certainly weren't wrong to do it.) If you really don't care about your karma, then why the whine?

Re:Hint to moderators:

[drinkypoo]

If I cared about karma I'd post the followup as an AC so that I couldn't lose karma for it.

I'm just trying to make the world a better place.

Re:People please! A quicker method

[mikael]

PLEASE PLEASE PLEASE do a search on Slashdot for previous articles before posting and/or approving articles! Going to the Search page, typing "Rugrat", and clicking the "Search" button already brings up a story about the first 64-bit Windows virus from Thursday, May 27th, 2004.

An even quicker method is to click on the symbol that the article is talking about (in this case, the combination lock). This immediately brings up the two stories side by side.

How difficult would it be to modify the slashdot submit story to display the previous stories submitted under a particular symbol?

Re:can someone say...

You know, I don't know what's funnier here: Slashdot posting a story twice, or all you fucking nerds that duplicate each other trying to be the first guy to say "Awww, a dupe? People who say what other people have already said suck! HAHA ROFL YOU SUXOR, CMDRTACO!"

Bunch of fucking morons.

Here's 3 words for you: "Pot", "Kettle", "Black"

PROOF OF CONCEPT

Don't ya get the impression that the AV vendors cook these up just to keep themselves needed?

Am I the only cynical one here?

Yet another Ms-Bashing article.

[The+MESMERIC]

Oh that does it for me.
Yet another MS-Bashing article, such lack of originality, any excuse to blame Microsoft and now double in a row!!
Oh!!! - and I do recall how SlashPot was so very informative and the nerds so very, so very .. err geekier?
Oh that is it, that does it for me then-
I shall wipe my account, Slash My Wrist and just say "ADIOS cruel PC world".

:P

This comment has been sponsored by:
... <enter music> .. "Where in the world? ... PC-world!"

Flame all you want

[The+Meshback]

Sometimes I see a dupe article on /. Sometimes that same article will appear more than a few times. Do I get up-in-arms about it? No, I just let it go. /. has about 10 editors, AFAIK, and who knows how many stories get submitted everyday? I'd say at least in the 1000-range. So you expect every fscking article that is interesting to be reseached?

Flame me all you like, but I'd just like to point out that the editors of /. are HUMAN. If they post a dupe, ignore it, go to another article, rethink your view on it. I can hardly believe that you have never made a mistake in your life. You've never typed a wrong character when you were coding? You've never wrongly diagnosed a pc problem? The /. editors are doing us a service of showing articles that they think WE will find interesting. If you have such a hard time with an occasional human failure, go look for another site that's as good. I can assure you you will not find it.

No Flames, no Insightfuls

[Daengbo]

Sitting at Score:1... Shame

Yawn

[BCW2]

Another virus for another version of an M$ OS. Wake me when something new happens.

This isn't news, it's just inevitable.

Re:Yawn

[Halfbaked+Plan]

I remember the good old days, when all the most interesting viruses were on non-Microsoft systems. The Amiga comes to mind.

NX bit?

[evilpaul13]

Does this virus run on Wintel64 boxes that have one of the NX bit hardware protection? I think that was supposed to prevent buffer overruns...

Expecting even more...

[Uniball]

Sure that was expected.
/me pukes on windows! YUK, What am I doing in the public !!!

Missing the linux lockdown

remount the user directorys with a noexec flag.

Instant virus stoper in about 5 secs note everyone gets booted out and has to relogin.

This stops all execs in a users directory being directly exec until I have had time to run the virus scan but they can be loged in while I am fixing.

There are other ways of fighting back against this kind of attack. Merge the noexec flag with a script lock down(command/console is gone but X11 is not) the system has gone from being able to run virus to a full system lockdown note they system is still usable in a lock down. I just wish I could find the flags to lockdown openoffice fully with out locking it out completely note you still have abiword and I would have a complete lockdown system. Note there has to be a way.

People Yell and screem because everyone finds particlar things back to system defaults but it is a lot better than having to boot everyone and keep them out until the problem is fully fixed. Note there is away to add a antivirus scan to every ELF ran on a linux box if the box has been setup by someone who knows what they are doing.

Re:Missing the linux lockdown

[Torne]

Unfortunately, noexec is trivial to bypass, just run: /lib/ld-linux.so.2 /home/me/my-evil-binary

Sorry =)

Even worse...

How about...

"The previously-thought benign 64-bit Windows virus was just discovered to not be so benign; one of its recently observed symptoms is that it causes duplicate stories to be duplicated! Thus, a single story on the front page of slashdot.org will suffer the standard duplication, then this new un-benign virus duplicates until there are count'em FOUR duplicate stories on slashdot.org's front page. various computer anti-virus laboritories are now speculating that this 64-bit Windows virus could possibly have been making its rounds on the internet ever since the founding of slashdot.org -- oh the humanity!"