Slashdot Mirror
Windows Users Fear Korgo Virus
An anonymous reader writes "A new virus is on the prowl that can infect your Windows XP/2K system and record every key you hit on your keyboard. The keys are then sent back to the virus creator where he/she can steal your passwords and credit card information. The virus named, Korgo, started showing up in the last week of May but it now has at least six different variants. To protect yourself from this nasty virus, Microsoft is urging all users to download the KB835732 Security Update. As with the Sasser worm, you'll get the Korgo virus without even knowing it. It does not arrive by email, but simply by being connected to a network or to the Internet without having a patched machine or a properly configured firewall."
"A new virus is on the prowl that can infect your Windows XP/2K system and record every key you hit on your keyboard. The keys are then sent back to the virus creator where he/she can steal your passwords and credit card information.
If it is sent back to the creator, wouldn't that make it easy to find the creator? It doesn't sound like the brightest idea.
Not everything is analogous to cars. Car analogies rarely work.
I wish that, just once, a lot of people will get ripped off. The credit card companies will cover any losses (they have to by law), and people will actually realise that yes, keeping up to date with patches is a good idea.
The link was updated MAY 4, and this is June 4. Any reason it took a MONTH to figure it out???
Though the listed viruses may be new, the actual update was released over a month ago and those of us here should already know better. This is the kind of "timely" information I get from Comcast support.
Yes and then people fail to understand why it takes some time to patch up all machines.
At work we do the releases in steps, first the IT dept, then the superusers. And then we take the rest in steps to prevent too much trouble.
But it just not install the patch on 2000 machines as soon it comes out.
This is hardly the bottom 5% of the internet. Most regular Joe Users that I've talked to don't even realize they have to update their machines. So there are probably a lot of people that don't even have the Blaster patch...
How can people NOT know. God, they click "yes" on enough spyware/malware/whatever email crap, but when windows update comes up to tell them there's a new patch for a bad virus, they're clicking no?
Are people really this daft?
Let's not forget that most users (which wouldn't be reading /.) don't have any idea about this stuff. This confuse virus scanners with firewall, and think patching is something you do with clothes. So no, they don't really deserve it.
Like it or not, they want their PC to work like their television. As much as you or I don't like it, they are the people that are keeping Windows suppport folks employed.
I can't say how many times I've helped with someone's machine, and they've had multiple virus infections, spyware and general crap on their machine because they don't know any better. It's a fact of life that Microsoft is going to have to own up to if they want to stay on top. They raised the beast, now they need to teach it the rules.
It's 11PM, do you know where your pants are?
Despite the default config of 2k/XP to inform you that updates are available, we've been fixing hundreds of machines infected with Sasser, and even Blaster. Users simply ignore the update warning, or outright refuse to run it. One user mentioned "Why would I need to run that?"
Even Microsoft can't prevent ignorance.
The patch is six weeks old. At what point does it cease to be Microsoft's problem and become the PC owner's?
It is not Microsoft's responsibility to make sure you have installed the latest patches and are exercising proper precautions.
"Ask not what your country can do for you." --John F. Kennedy
Security through obscurity!!!.... Or at least old age...
Murphy was an optimist.
As much as I hate to say it, IMHO, they almost deserve it...
I help my father keep up to date with patches on his laptop. Last time he was here I ran Windows Update only to find that three patches REFUSED TO INSTALL. He was in a hurry so I couldn't start trying to track down the individual patches and see if downloading those would magically work better (why would they?!)
I've installed Tiny Personal Firewall (with a fix for the known exploit) and I hope that will be enough to shield him against the worms, which are much more critical than IE and/or Outlook exploits.
Fucking crap.
Belief is the currency of delusion.
It is possible for a virus like this (though i doubt this one) to infect your user account in linux. It might even be possible for it to then capture your root password when you "su". I think you would have to run an infected program though.
Somebody that knows please let me know, as much as i would like to believe it, linux is not invulnerable to virii.
Burn Bright or Fade Away
113: auth
3067: unknown
The first two, at least, are service ports (Why else would something exploit them) So the question is really, "why are they open by default?"
I expect this will be fixed in XP SP2.
The next time I boot into windows, I reckon I'm gonna be destroyed... I haven't updated in ages, so anything that zonealarm misses is heading straight for me.
im in ur
It's easy for us to say that, we're computer users who (presumably) know what we're doing. But if one is to condemn non-patchers in that way - I assume you also change your oil every 3000 miles, go to the dentist every 6 months, floss daily, get an annual physical, clean the lint filter in your dryer after every load, eat 6 daily servings of vegetables, rotate your tires every 20,000 miles, have all your car's factory recalls done, change the air filters in your heater monthly, and perform all the other mindless routine maintenance you're supposed to do.
The bottom line is, no one on earth outside the most anal retentive person alive does all that stuff. Not doing any of them could have consequences, but people simply don't have time to do all this shit.
So yes, I do blame microsoft. One shouldn't have to constantly check symantec's web page just to keep your computer usable. Computers are appliances now. They should just work, dammit.
on 99% of users there's no reason for the ports to be open and having services on them ripe for exploitation.
actually, if they advertise it as idiot proof and secure(even for idiots) it kind of becomes their problem.
world was created 5 seconds before this post as it is.
It is not Microsoft's responsibility to make sure you have installed the latest patches and are exercising proper precautions.
/. people (esp folks who work in frontline tech support) would ease up on M$.
This is a red herring. It is their responsibility to manufacture a product that, if used by an average person, can be maintained by an average person. There is absolutely nothing intuitve about the Windows patching regimen. If they simply pulled themselves out of the cave on this one issue, many
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
The obvious answer is
1) wait until SP2 comes out
2) download SP2 while running linux/*BSD/(whatever != Windows)
3) save it to a FAT(32) partition that can be read by XP
4) Disconnect your machine from the network
5) Reboot into XP and apply the service pack
6) ???
7) Profit!
What a surprise it wasn't mentioned that this was patched months ago, right?
This vulnerability is the LSASS Buffer Overrun Vulnerability, already patched way back on April 13. Slashdot probably had at least two or three articles on it back then as well if you wanna do a search for "sasser."
If you haven't patched after two months, you're just the same as all those people who got hit with Blaster, which was also already patched beforehand. Linux distros issue security patches for their vulnerabilities weekly and nobody complains, but when Microsoft releases a patch, suddenly it's this huge issue to run a tiny executable that plugs security flaws, and then people bitch at Windows two months later when a virus comes out to exploit it...
Just saying. How can one criticize their security if they won't apply their security patches? Almost all major software is gonna require a patch eventually. I don't get this steadfast need to avoid patching Windows boxes while freely recompiling Linux kernels on a whim for production servers when a minor point release comes out.
"Sufferin' succotash."
It's a fact of life that Microsoft is going to have to own up to if they want to stay on top. They raised the beast, now they need to teach it the rules.
Which is why the Windows Update configuration prompt absolutely will not go away until you tell it what you want Windows to do about Critical Updates. I've seen Slashdotters complain about how XP "nags" you about things when you first run it, but it's the smartest thing to do. And if you tell it not to download any patches or not even tell you about them...you know where the fault lies. One can rightfully criticize Microsoft for missing the flaw in their original software testing, but at some point, personal responsibility comes into play. This was patched way back on April 13th!
Installing security patches is just a fact of life for absolutely any major operating system, Linux included. Distros release security advisories all the time. This isn't a criticism of any specific company. You know where the real blame lies--on the mouthbreather morons who think it's cool to dick with people's computers to begin with.
"Sufferin' succotash."
Most people who have computers use them as one tool among many. They don't have to maintain their phone weekly or even monthly, or their hammers, or their sofas. Smoke alarms are supposed to be tested once a month, but who does that?
I have a lot of relatives who used to use computers but have mostly given up on them. What with spam, and viruses, and worms, and trojans, and spyware, I can't blame them. Unless they give you a whole lot in return, they're not worth the hassle.
Damn, so if I go rip off my neighbor's Pontiac should I be pissed off when the steering column catches on fire because I couldn't take it back to the dealer during the recall? This issue looks like a common sense to me.
Committing theft takes away your right to be upset about such things, IMHO.
IIRC, you can get the patches separately from their website anyway... SP2 is convenient because it rolls them up into one installation process and adds some functionality (especially to that lame-ass firewall), but you don't need SP2 to be current with regard to security fixes.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
Oh, that's right, this place has a complete anti-Microsoft agenda, despite security holes buffer overruns in Linux distributions announced weekly.
So what you're proposing, and please, correct me if I am mistaken, is that one should gather all one's sensitive pieces of data: credit card numbers, passwords, and the like, and compile them all into a plaintext set of firewall or IDS rules? Where would one store this treasure trove of sensitive information, conveniently gathered into one place for ease of use? Perhaps I have missed a critical component of your plan, which I'm sure isn't nearly as patently insane as it sounds.
"These people look deep within my soul and assign me a number based on the order in which I joined" --Homer re:
While Linux does have a lot of security holes if you don't know how to use it, Windows is obviously a larger target to hit and to complain about, because it is the main operating system that people use.
The more popular you are, the larger a target you will be. If/when Linux does become a very high end,, and popular desktop OS, then it will come under a higher security inspection.
Yes, it should be able to block off most worms. This is because of how NAT works. If a remote machine was try connecting on a certain port, and the port is not "port fowarded", then the router will simply dump the data because it doesn't know where to foward it to.
With NAT routers being so inexpensive, I believe that everyone should have one of these. Even if it is simply 1 box connecting to the internet.
-Grump
Is it true that more people vote for the winner of American Idol, than vote for the president? -Ali G.
Not me man, I wade right into that shit hip deep. My bosses have laid down the law here and insist that I get everyone patched ASAP. I've tried to explain about the balance between being safe and being sure but they don't want to hear any of that so the way I see it "Fuck em".
Now granted I've got closer to 500 machines (But I'd do the same thing if they gave me 2000, or even 20,000) but I still patch every single one of them the moment Microsoft spits it out.
One day, one fine day Microsoft is going to release that "Broke the whole damned thing" patch. When they do I'm going to savor the look on my particular PHB's face as it dawns on him what he's ordered me to do.
Appended to the end of comments you post. 120 chars.
Good of you to propagate this idea, except it doesn't hold water. May I draw your attention to the Apache web server vs. IIS.
Windows is indeed a larger target, but the fact that Windows gets hit more often is its the easier of the two, virus writers are just like the rest of us, lazy. These flaws in Linux differ from those in Windows in that its so much easer to exploit the Windows ones.
Windows has a larger attack area, but whomever is the first to successfully attack and damage Linux in the same way is going to go down in history, whereas who cares about who writes these, there's no skill involved.
"I use a Mac because I'm just better than you are."
They seem to code better and faster than Microsofts own people. Plus they know something about security, which seems to be lacking in Redmond.
If SP2 does not fix these holes like Microsoft claims it will then they should be libel for the money that business lose due to badly written software. Microsoft needs to change the way it updates its software. Instead of releasing a service pack and charging for it when it does come out they should step to releases every month or two, like the way OS X does.
As a matter of fact Microsoft seems to be in the same state Apple was in before Jobs came back. Lost and clueless developing products that they were not good at and had a directionless system software development. This far into WindowsXP MS should have had nearly all of the framework for longhorn laid out and most of the coding done, yet we hear of announced features being dropped because it won't meet their deadline which is two years off. Something is wrong in Redmond and now is the time for Linux and OS X take advantage of it, if they don't do it now they may not have another chance. Unless of course longhorn is the worst mistake they have ever made.
Not exactly. Any system administrator (which I assume he is -- . . .
Why on earth would you assume that? The guy was helping a relative, not some user at work, reinstall Windows.
He didn't do that, he didn't run a firewall... he didn't take any sensible protection.
If I were visiting my relatives, a thousand miles from my home, and had to reinstall Windows on one of their computers, I'd have to take the chance since there wouldn't be much choice. It would be the same advice you'd get from MS tech support: reinstall Windows and download the updates.
Would you install RedHat 5.0 (out around the same time) and put it out on the web immediately, expecting not to get hit by worms before patching (yes, they exist for Linux)?
No, I'd be running Mandrake and have the firewall put up during the installation before downloading the updates, and I wouldn't be concerned about it. Done it before.
I rest my case.
Get a better lawyer, and stop trying to blame users for Windows' shortcomings.
>>the 011 patch also killed about 5% of the machines it was installed on before the May 4 update
Where'd you get that number
Good of you to propagate this idea, except it doesn't hold water. May I draw your attention to the Apache web server vs. IIS.
This is most likely a specious argument. Apache runs on a wide variety of platforms. Malicious code that runs on a Sparc system will not run on a x86 system. Nor will it run on a MIPS system. Keep repeating for every platform Apache runs on. Also there's two major code paths for Apache. A vulnerability may exist in one version but not the other. Then there's the myraid of different operating systems it runs on. Taking that one step further there's a myraid of different distributions that contain a myraid of different versions. It quickly becomes clear that while Apache may out number IIS by a significant margin that doesn't mean that one specific version (i.e. platform, OS, and version) out numbers the single version (i.e. IIS on Windows 2000) of IIS.
In order for your argument to be valid one single version of Apache would have to out number IIS. Can you demonstrate this?
Solid numbers, unfortunately no, but we can draw some conclusions. That harbinger of doom Netcraft, in the May 2004 internet survey has 33,892,817 sites running Apache, 67% of surveyed sites, with IIS at 10,858,168, or 21%. If we assume that the Apache sites are nicely split between Apache 1 and 2, thats still 33.5% for each putting both ahead of IIS, which also assumes that there is only one version of IIS deployed, which would be incorrect since 2k has IIS 5 and 2003 IIS 6. Now from what I've heard, Apache 2 is probably deployed less then 1, but either way you slice it, Apache has more sites then any single version of IIS.
Now while an exploit that runs on Sparc wont run on MIPS or x86, the flaw itself is there, and thanks to cross compilers, it wouldn't be much of a problem to recompile a tool to take advantage of any problem.
"I use a Mac because I'm just better than you are."
Only if you compare those two in a vacuum - ie: forget every other machine out there that *isn't* running Apache or IIS - which is, at best, disingenuous.
Windows has a larger attack area, but whomever is the first to successfully attack and damage Linux in the same way [...]
There's been no shortage of buffer-overflow style attacks against Linux. The difference is a) there's far fewer machines out there to target and b) the users of those machines are far more likely to either have taken preventative measures or know how to identify and fix exploited machines.
Windows machines are inherently more likely to be targeted because a) there's so many more of them and b) most of the people using them have no idea how to take preventative or reperative action.
There's a couple of flaws in your thinking. First, you're assuming that the majority of people don't try to stay near the most recent version, but are perfectly evenly spread. Second, Apache releases a new version when an exploit is found. Patches are not generally released -- an exploit is a sufficiently large problem for a totally new release of the software. In other words, the release numbers you've listed are basically the sum total of serious exploits for Apache 1.3 since 2000! Microsoft doesn't increment a minor version number for something as "minor" as a serious exploit. (If it did, we'd be up to IIS 5.9032123129322421). Therefore, you're comparing apples and oranges. Microsoft has a few versions that get patched without incrementing the version numbers fifteen bazillion times, while Apache merely ratchets up the minor release level. (This also makes it kinda tough to count the number of exploits that IIS has in comparison to Apache. Gee. Wonder why they'd do that.)
Besides, the sheer variety of locations that Apache can run on is a strength. That's not putting all your eggs in one basket. That's the way Linux (and most open source code) is -- so the fact that Open Source code is available on so many systems -- and that people actually take advantage of that -- simply reduces the number of vulnerable systems (as you correctly argue) but doesn't decrease the TOTAL number of systems that are running the software.
Your original argument was that Windows only had more attacks because it was more prevalent. Since Apache clearly has more targets (actually, about THREE TIMES as many!) than Windows in the exposed, Internet aware world, your arguments about availability of targets doesn't work, either -- thus rendering your entire argument null and moot.