Slashdot Mirror
Bagle/Beagle Variant Includes Source Code
NASAdude writes "Sunday brought a lot of fireworks... and the release of two new Bagle/Beagle variants. One of the variants includes a copy of its source code as an attachment as it spreads via email. It is expected the inclusion of the source will result in numerous variants.
It's been dubbed Beagle.Y and Beagle.Z by Symantec and Bagle.ad and Bagle.ae by McAfee.
ZDNet ran a story that covers these new variants."
And it will be come to be known as beagle.painintheass
Evolution or ID?
beagle.sourceforge.net doesn't have it :(
The Slashdot Paradox: "100% Overrated"
any news on beagle.mars?
epic
"Im drowning here, and you're describing the water!"
I haven't RTFA, but is it rare that you see exploit code in VBscript or WSH which is inherently Open Source on Windows?
....to say that 'open source' is bad?. In all seriousness - what is the end to all this?
Humans have such a good sense of humor!
Reading title fast, I thought that NASA had released some source code... *sigh*
I live in Soviet Canuckistan you insensitive clod!
that could hurt, now every kiddy scripter can get a copy of the code. how many (in reason) letters can we put at the end of the virus name to declare a new variant? watch out for Beagle.zzzzzzzzzzzzzz comming this July to an inbox near you.
Can someone please make a variant that makes users regret not patching their systems? Like, overwrite the BIOS, turn ones into twos in all spreadsheet documents, delete all JPGs, MP3s and AVIs, send a resignation to boss@yourdomain.com and a log of your online banking transactions to the FCC, donate 10 bucks each to the KKK and THEN put up a screen which lists all that.
How long until SCO sues Bagle's author for copyright infringement....
Rich
Funny.
If you try to google Bagle assembler "source code"
you'll get
Microsoft shares source code with students - ZDNet UK News
If a virus is OSS, MS was right when said that OSS is a virus :)
DNA in your Linux: DNALinux
So far you could spot a viurs author by the "evidence" that he had the source code of the virus on his PC. Now everybody has the source. I guess we need bigger jails soon.
Is this something we're going to start seeing more of? There are already enough variants of viruses as it is. Imagine the craziness of five thousand variants of every virus that comes along. Gaobot was already painful enough to deal with.
There it is... OS virus must be hosted on sourceforge :)..
fifteen jugglers, five believers
Seem Familiar?
In all seriousness, having the source code can't be a bad thing, since this way, it'll be easier to stop if we understand how it works.
And at least if we all get a virus, there is a good programmer behind it, and it's less likely to crash on all of us.
Normally I'd consider virus writers the scum of the earth, but this one is talented enough to be a professional hacker, from my limited experience with assembly language (512 byte boot sector on a FD). Not that I endorse email worms, but this guy has talent.
This is so boring. Soon we'll have Bagle.zzz.
What license is it released under?
/^([Ss]ame [Bb]at (time, |channel.)){2}$/
This just brings to mind an idea I've had for a long time now. And it's in no way an unique idea, I know that for a fact.
So here's the idea: Write a variant of one of these viruses. And he's what it does. When it infects a machine, it sends out copies of itself to every person in the address book. After that, it forces the machine to download some sort of Anti-Virus software. PC-Cillin or NOD32 are favorites of mine. It installs them, then forces a Windows Update.
Sounds good, right? But read on. My second idea is better.
Here it is:
Viral Anti-Virus Software.
Most virus recognition is based on Pattern Recognition, from what I have garnered from my research. Create a virus that spreads like wildfire -- kind of like Melissa and Code Red spread all crazy-fast -- except this little bit of code contains Virus Recognition software in it. It invades unprotected boxen and then starts a continuous scan for Viruses.
You know how most people click 'Yes!' to anything that pops up, a la Gator?
Have this little golden nugget of Illegal Do-Gooding pop up a small dialog saying, "File.Extention is infected with a virus (XX% Probability). Do you wish to delete? Y/N?"
And just to hold with custom:
Step One: Create Virus.
Step Two: JAIL!
Step Three: PROFIT!
Edward@Tomato - /home/Edward/ man woman
man: no entry for woman in the manual.
"Qua!?"
...or the jack ass that coded the virus will sue you for Ip infringement. I mean come on, how obvious is that?
Where is the source?
Unfortunately, it's been killing the network where I work as help-desk support. I get so many calls and e-mails about Beagle now that I just keep the Sarc page open all day so I can quote from it and send the link to people. Our server blocks the viral attachment, but we're still bogged down with how many viral messages get sent to us.
-=-=-=-=-=
I'd rather be flamed than ignored.
All it means is that there are still clueless people using computers. I already know that. Sometimes I think it's a damn shame viruses can't do the kind of real, permanent damage that shocks a clue into people -- if there is such a thing. For once I'm actually wishing for a SCO story.
Please, please, please, I know I'm preaching to the choir here, but please, for crying out loud, please if anyone ever asks you about buying a new computer, just point them towards the nearest Apple authorised reseller. If they complain about the price, point out that the inherent usability and security designed into Mac OS X from the ground up will more than pay for itself in terms of not cursing and screaming at the damn thing every time you boot it up. If that doesn't work, mention that Macs are prettier. If that still doesn't work, give them six months tops before you're saying "I told you so".
Windows may be popular but that doesn't make it any good.
Je fume. Tu fumes. Nous fûmes!
I'm so glad my entire network is running Linux. :) I swear there is some major virus every goddamn week. Linux has it's own problems, but I am glad I can do something about them. I wonder how long it will take for businesses to realize that running around chasing exploits and viruses isn't a good way to make use of your technical support staff time.
-Mind
At least it is open sourced.. Wonder if it's GPL'ed as well? :)
And what about a copyright notice on Virii in future? Could MacAfee be sued for reverse-engineering a virus?
-grin-
I've really been feeling left out lately. Does anyone know if this source code paylod has been released under the GPL? I mean, I'd really love to build this virus under Linux but only if I can compromise my OS without compromising anyone's IP.
Has SCO consented to the dissemination of this source code??
Your Computer is broadcasting an IP.
Move Sig. For great justice.
There is an effective firewall out there to block this. It's known as 'atmosphere'. If you have one of these sheilding your system, beagle.mars will be sandboxed before it can execute.
"Those who cast the votes decide nothing; those who count the votes decide everything." (attrib. Joseph Stalin)
One of the variants includes a copy of its source code as an attachment as it spreads via email.
;)
Just what we need. An Open Source Virus. And if it is somehow GPLed, we'll *really* have viral licensing.
Take-off every
Its a resume!
"I went on a diet, swore off drinking and heavy eating. And in fourteen days, I had lost exactly two weeks. Joe E. Lewis
Assembler, I laugh at you..
:D
I had "I Love You" faxed to me over a mail-to-fax gateway back in the day
Complete with VB-script sourcecode.
If someone wanted to really cause problems, they'd modify that thing to use port 80 to spread itself, and disguise the packets as /. traffic. What admin would notice if it was a virus, or just some new story on /.?
D'OH!
stuff |
"Only wimps use tape backup. Real men just include their important stuff in a Windows worm and let the rest of the world mirror it."
I think not.
bittrackker a linux distribution, install it to the harddisk, and reboot. Make it look as much like windows as possible (substitute openoffice with word links etc.), and have an automatic network settings and Documents importer. Then wait and see if anyone notices :)
So Beagle finally called home?
SHE does throw dice.
> Don't you suppose the right to redistribute is granted pretty much automatically for a virus? here, (re)distribution of computer viruses is a crime, at least intentionally, and having a modified source code pretty well shows intention.
Oh wait, there are a dozen in my inbox already. God you guys are quick, thanks ;)
Actually.. i know its been tried before, i think it was code red/nimda ?, where someone made a patch spreading in same manner, but instead it patched the systems.
.
:)
About time to try that concept again ?
I know its gonna generate some traffic, but 1 new variant amongst 50+ new others isnt much.
Consider pro/cons
+ you could patch most of the vulnerable systems by including the official M$ patch
+ inform the user that the pc is victim of a virus and lead him/her to a virusscan.
+ remove the original virus, or some of the variants.
+ save bandwidth/spam for each pc fixed [1]
-generate more traffic [1] nothing compared to the current amount of net traffic and spam it generates.
-would be illegal
Worth to consider imho, if you write it properly and not suffer from same flaws as the codered one did. Im sure you could do far more good than harm
beagle.sourceforge.net might not be the proper place for it though
The McAfee virus info page says that the source code is encrypted. Assuming the author used something sound like PGP, we'll probably never see the source code.
... of the open source paradigm. Will "many eyeballs" lead to a supervirus in an absurdly short time span? Or will it lead to the rapid evolution of anti-viral software?
Either way Microsoft will offer this as proof that those Open Source guys are all evil.
The Mongrel Dogs Who Teach
So ... what's the verdict ?? Do we get to see the source code anywhere ?? Can someone please point me to it ? :)
They tell me everything but explicitly how it spreads!!
YesI know it opens a backdoor on port 1234, I know all about what it does, and I know I need to update my virus scanner here.
How the fuck do I prevent getting it? Is it a vulnerability in Outlook specifically? or is it truely something in WinXP/2k like the virus definition page suggests. Do I have to execute the attachement to catch it, or as soon as outlook opens the email I have the virus?
Fucking BS virus defn pages don't seem to want to tell us how to prevent getting the virus... only how to remove it.
Love,
Zaq
It would be good PR for the Open Source community and those idiots at the commercial anti-virus companies wouldn't be the only ones talking to the media.
I have often heard people say that Linux and OS X are more secure due to obscurity. I was just wodering if one can, perhaps, look at the situation from a different perspective. Geeks have hated MS for a long time, and they are the ones who have the technical skills to exploit Windows vulneribilities. The internet has finally given them a way to attack MS with their limited resources.
One is often made to believe that Windows viruses and trojans are primarily the work of scrip kiddies and that windows is simply targetted becuase it is the dominant platform. Is it possible that we are seeing the beginning of something more incideous than this. Perhaps a large percentage of these attacks are the work of people who simply want to hard Windows public image.
I know some of this may sound obvious (a "no shit sherlock" situation). However, I have never really seen the problem discussed from this perspective. I know that most responsible Geeks on this forum condemn computer viruses. However, there are a lot of pissed off people out there and this is the easiest way to hit MS. It just takes a bit of decent code (in the evil sense) and you can cause the loss of countless millions to the customers of MS.
I think that if this is the case, then Windows will eventually fall. Nobody will be able to create an OS that can withstand the combined wrath of the world Geeks. Just food for thought.
Great.. Now Microsoft can legitimately say that Open Source enthusiasts write viruses and therefore Open Source is evil ...
Electronic Music Made Using Linux http://soundcloud.com/polyp
*sigh* Please don't release another anti-virus-virus. The last one was at least as much a pain as the one it was supposed to cure.
Indeed it was, but it sure also had some flaws. Learning by the mistakes of it, and write a smarter anti-virus-virus, im sure you could generally benefit from it. Personally i prefer to see a little log entry in my firewall, than 500 pieces of spam in my inbox. No doubt its an unusual approach, but what other (working) methods do you suggest to wipe out 50 new variants ?
Stop brainwashing people that using a pc is "soooo easy"... No!
Force them to spend a reasonable amount of time in "theory" and "practic" lessons first.
As a geek, I don't drive cars becuase i don't have a driving license. I know that driving a car without having a driving license is against the laws and against my own common sense becuase i can endager my life and the lives of others in the highway.
So why my grandma must be allowed to just turn her computer on and "drive" to the information highway without having anykind of protection and license to do it, causing danger for his own car (pc) and others, is beyond my comprehension.
Me, I forsee a bright future for the victim as a computer security consultant!!!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
What if someone were to create, say, an opensource virus that automatically installed Firefox, Thunderbird, etc. onto Windows and constantly asks... "Do you want to switch to Linux? Yes, Yes, Cancel"
oss+mac= os X oss+MS = virus btw i am installing freeBSD in my laptop now.
They should name them in chinese characters, in order to not to run out of alphabet too soon.
There you are, staring at me again.
It has installation instructions when you double click on it...
Why worry? Each of us is wearing an unlicensed "nucular" accelerator on his back.
Sig changed for readability by G.W.
Unless the author is dumb enough to reveal himself by suing you for copyright infringement, it's public domain.
The shareholder is always right.
Find text files and Office documents, and mutate names of people, e.g. "John Smith" -> "Shit Eater". Just needs a simple table of common names and substitutions of appropriate length so you don't need to understand the file format. Same for outgoing and incoming e-mail, address books, etc.
Once people have to explain why they send e-mail to Aunt Cock Gobble and referred to their boss as Goat Felch, they might consider keeping their virus definitions up to date or even switching OS.
(Or would that be an anti-virus virus? Crap, I phail eet.)
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
They have been whining all the while about the Viral nature of GPL. Now they get proof!
The antivirus companies want you to get infected. That way, if you have their software, it tells you it found the virus and you see that your purchase was justified; if you don't have their software, you get hit by the virus and start thinking that maybe you should buy some antivirus software.
If antivirus vendors told everyone how to avoid getting the virus without using antivirus software, they'd be reducing demand for their own products.
Eventually, as *nix based machines become more wide spread, these idiots will spend more time looking for holes...
True it wont be as many as windows currently does, but they will be there..
And you cant discount the trojans that dont need anything other then the user behind the keyboard to cause local profile damage, and spread..
---- Booth was a patriot ----
At last, a virus I can run on my 100% pure Debian system. I've been feeling left out.
that the killer worm hasn't come yet.
:( :( :( :( :(
Seriously.
Not that I'm looking forward to that day, as it means that I'll spend a WHOLE lot of time fixing other people's computers
But all the 'I Told You Sos' might be worth it.
Given that these worms are getting to be pretty sophisticated in how they spread (IIS server exploit ->IE activeX exploit), and given that although MS does a 90% good job in patching them, the poor rate of patch (what? patch my computer? but it works fine), and total reluctance to switch to non-MS products (The VP of our company refused to switch from MS, even after the CERT warning. "Why would I want Mozilla or something? MS just released a patch for that problem you are talking about"), I'm STUNNED that someone hasn't gone nuts, and torched the Windows World(TM).
No terrorist group, no crazy psychotic hackers, no insane foreign governments.
No Russian organized crime group holding a corporation hostage.
Nothing. Nada. Zilch.
Strange.
I still think its coming. Perhaps I'm just a pessismist, but I think that 'cyberwar' may still be on our horizon, and even if you, Ms. Super-Smart-Geek is able to protect your system, 90% of the windows world will not be able to.
And instead of spam, we'll see permanent bios corruption, or something else, that will simply f*ck their computers.
I'm scared of it, anyways. I only hope that it happens far enough in the future that I can earnestly say, "I can't fix that, I using Windows back in the 2000-era, I don't know anything about your XP-SE, your Longhorn, etc. . . "
I spend too much of my time on service calls as it is, for my parents, for my officemates, for my relatives, and for my friends.
I try to 'train' them on how to manage a system properly, but its honestly hopeless.
I'm pretty savy, but back in the day when I ran them, my Windows systems STILL got screwed up sometimes (not often, but occasionally).
I can totally understand (but not sympathize) when my sister comes back to me and her laptop has got a bazillion pop-up-ware things installed.
I'll feel bad for her when/if her laptop gets trashed by a virus, but.... I told her to get a mac.....
Oh well, ce la vie.
I'll live through the storm, anyways, and so will my backups of the company data.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
You have to execute the attachment to get this particular variant of Bagle. It doesn't require Outlook.
Is that you reach the critical mass of users necessary to make writing a virus for Mac's worthwhile. If you have 10 people that see each other every few weeks/months spread over a large island and one gets an infection that can be airborn, it's not likely that the others will get it. If the island is tightly packed with thousands of people interacting with each other every day, many of them will get sick, and many more will be kept busy because of the sick. Computers are not all that different, you need a host and potential hosts that the virus can be spread to before it is "killed".
When comparing the 3 biggies, Windows is a 10 acre field packed tight with pigs (many of them constantly sick because they don't take care of themselves), one of them gets a new cold and it spreads easilly (faster or slower depending on virulence). Linux is a 10 acre field that while not empty it isn't exactly packed tight with fowl, and there are many different species of fowl so if one does get sick the others near it don't catch it and help prevent its spread. Mac's are a 10 acre field with several peacocks.
You pack in enough peacocks and there's going to be a lot of sick cocks.
I am not a *blank*, but I did stay at a Holiday Inn Express last night.
Get Linux.
*sigh* Please don't release another anti-virus-virus. The last one was at least as much a pain as the one it was supposed to cure.
Also many of the mass mailers do stop and try to disarm other mass mailers. This is not uncommon becuase it prevents the virus from being detected if someone doesn't update their AV until they find one that is old enough to be in the signature files.
Such an Anti-virus-virus, would just be another of these viruses. No more or less.
LedgerSMB: Open source Accounting/ERP
Yes, North America could change standard paper sizes as well as measurement standards. But that could screw up many formated documents, paper holders, etc. All so you didn't have to learn that there are 12 inches in a foot. And if you think that is bad, expand that problem beyond paper. Construction supplies (say goodbye to those 2x4s), speed limits (not only would they have to be adjusted, but most cars have speedometers that display as the primary measure), mile markers (there are probably thousands of those littering the land), hell anything that has to do with some sort of measurement would have to be changed. Not just those tables in school books.
Mathematics is made of 50 percent formulas, 50 percent proofs, and 50 percent imagination.
1cm = 10mm genius.
Why don't you learn the metric system before you tell the rest of us to change.
Mathematics is made of 50 percent formulas, 50 percent proofs, and 50 percent imagination.
Recall the little incident a little while involving a mere 800 MB of Cisco IOS source being leaked to some dimwit Russians.
The information in this post is the end result of many months of thought and software development. If you find the information below has merit, please, by all means take advantage of it and use it. This will be the only post of the actual information by me. All future posts of this material will consist of the URL pointer to this post. Should this post be accidentally or intentionally deleted, I will repost it in its entirety again and link to it as needed as explained above.
The information in this post, if widely used, will effectively make spam and malware infestation of computer systems running Microsoft Windows impossible.
Thank you for your consideration,
Bryan Taylor
iamcf13@hotpop.com
SpamByte code: 7 (see below)
------- Begin information Below -------
From http://www.cf13.com/
CF13-SMTP(TM) / CF13-POP3(TM) Slashdot-Friendly Page
What are they?
A Shareware RFC821/RFC1939 compatible SMTP/POP3 server program for Microsoft(R) Windows.
It was written in Microsoft(R) Visual C++. The UPX-compressed executable file
containing the complete program is 130,048 bytes in size. A Freeware RFC1939 POP3 client
program created in the above manner is 75,264 bytes in size.
Who wrote them? Bryan Taylor, author of the MS-DOS/TURBO PASCAL program FILE-IT.
Why were they written? To solve the twin problems of email spam and email malware.
How does CF13-SMTP(TM) / CF13-POP3(TM) work?
1) It is an all-in-one SMTP/POP3 email transport solution.
2) It is simple to use and fast.
3) It is extremely reliable when operating under nominal conditions.
4) It is hostile to spammers and computer crackers.
How does CF13-POP3(TM) work?
1) It is hostile to spammers and computer crackers.
2) It is simple to use and fast.
3) It is extremely reliable when operating under nominal conditions.
When are they available? They are available now. See next question for availability.
Where are they available?
CF13-SMTP(TM) / CF13-POP3(TM) is available here. CF13-POP3(TM) is available here.
Original site is here. Mirror site is here.
The ideas inside these two software computer programs are hereby declared patent
free. These two software computer programs are publication of said ideas and thus
said ideas become 'prior art' and are unpatentable either in whole or in part.
Copyright 2004 Bryan Taylor -- All Rights Reserved -- http://www.cf13.com/
Last Update: Tuesday, July 06, 2004, 11:19 Universal Coordinated Time
-- SpamByte information below is used by both programs above to identify and filter out spam and malware --
Startup banner from:
http://www.cf13.com/cf13pop3.exe
CF13-POP3(TM)
Copyright 2004 Bryan Taylor -- All Rights Reserved
http://www.cf13.com/
Last Update: Tuesday, July 06, 2004, 11:19 Universal Coordinated Time
LICENSE: FREEWARE! SHARE & ENJOY!
PLEASE VIRUS CHECK THIS PROGRAM BEFORE MAKING COPIES FOR OTHERS.
DISCLAIMER: USE THIS PROGRAM SOLELY AT YOUR OWN RISK!
ABSOLUTELY NO WARRANTIES WHATSOEVER!
Note: Your use of this program rewards the creators of the SMTP/POP3 protocols.
Your purchase and use of CF13-SMTP(TM) / CF13-POP3(TM) will reward the
author for making that program available for use at http://www.cf13.com/
and reduce Internet email abuse.
Software should help people, bring people together, make stuff easier to do.
-- Henrik S. Hansen
usage: cf13pop3 svr port login pw SpamByte wantspam
svr - server
Sir, I am fascinated by this "flesh tone" view of sexually-marketed, techno-remixed pop music, and wish to subscribe to your newsletter.
Since this virus clearly links with proprietary code, it cannot be licensed under the GPL.
I urge Windows users to migrate to a GPL kernel, where all kernel-level malware must be open source.
I work in the anti-virus industry. While that does not grant me any special information above and beyond what you can easily find on the net. I do see this day in and day out. To date, the majority of 'intentions to infect' are for a gain greater than the destruction of the infected system.
Just like viruses in the physical world, If one is created as a 'super-virus' it will not last long. A virus needs to to co-exsist with its host long enough to spread itself. If it 'kills' the host too soon, it can not spread effectively.
Granted, an electronic virus has the benefit and ability to spread and destroy in seconds, even so, the virus will do itself no good to kill the host too quickly. Holding off the time to self destruct just gives the AV companies time to protect against it.
Cat and mouse? definitely. It is a highly reactionary industry. Someone has to be the first to get infected, just like in the physical world. Does that mean that doctors create viruses to keep themselves in business? (slightly off-tangent)
Will there be a let up in the future? yes (for viruses, trojans , and worms). I forsee when anything electronic that gets introduced to your computer will get placed into a virtual system, where it is executed and checked before getting passed along to the main system (like sandboxing, only better and more inclusive)
The only other main problem is with system exploits. Blocking exploits will always depend on the company that created the OS. Even if you can protect against every virus, worm, or trojan, an exploit will always go in through a 'yet unkonwn' back door.
Will there be a let up in the future? yes (for viruses, trojans , and worms). I forsee when anything electronic that gets introduced to your computer will get placed into a virtual system, where it is executed and checked before getting passed along to the main system (like sandboxing, only better and more inclusive)
That would be swell, but the industry is moving away from such common-sense solutions like Java or Netscape provided to all-controlling remotely trusted and executed code, aka ActiveX.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I think welchia was partly a "solution" to msblast wasn't it?
Founder & COO, Hayai India (hayai.in) / USA (hayaibroadband.com)