Slashdot Mirror
Bagle/Beagle Variant Includes Source Code
NASAdude writes "Sunday brought a lot of fireworks... and the release of two new Bagle/Beagle variants. One of the variants includes a copy of its source code as an attachment as it spreads via email. It is expected the inclusion of the source will result in numerous variants.
It's been dubbed Beagle.Y and Beagle.Z by Symantec and Bagle.ad and Bagle.ae by McAfee.
ZDNet ran a story that covers these new variants."
A much better solution would be to turn the computer into a spam zombie that only spams itself. After a few thousand spam messages from themselves cloud their inbox, they might actually realise, "Oh, This IS annoying!"
May the Maths Be with you!
Bots in particular have sky rocketed. In the last few months alone we have seen names jump from two letter varients (bot.ay) up to 4! (bot. wrzq) Do the math, its an insane number.
One of the major contributing factors are virus generators! Yes there are programs out there that will write the bot for you!
On the other hand, because they are all variants of the same family, they are fairly easy to keep the AV software up to date to catch even the latest variants early.
Seem Familiar?
In all seriousness, having the source code can't be a bad thing, since this way, it'll be easier to stop if we understand how it works.
And at least if we all get a virus, there is a good programmer behind it, and it's less likely to crash on all of us.
Normally I'd consider virus writers the scum of the earth, but this one is talented enough to be a professional hacker, from my limited experience with assembly language (512 byte boot sector on a FD). Not that I endorse email worms, but this guy has talent.
This just brings to mind an idea I've had for a long time now. And it's in no way an unique idea, I know that for a fact.
So here's the idea: Write a variant of one of these viruses. And he's what it does. When it infects a machine, it sends out copies of itself to every person in the address book. After that, it forces the machine to download some sort of Anti-Virus software. PC-Cillin or NOD32 are favorites of mine. It installs them, then forces a Windows Update.
Sounds good, right? But read on. My second idea is better.
Here it is:
Viral Anti-Virus Software.
Most virus recognition is based on Pattern Recognition, from what I have garnered from my research. Create a virus that spreads like wildfire -- kind of like Melissa and Code Red spread all crazy-fast -- except this little bit of code contains Virus Recognition software in it. It invades unprotected boxen and then starts a continuous scan for Viruses.
You know how most people click 'Yes!' to anything that pops up, a la Gator?
Have this little golden nugget of Illegal Do-Gooding pop up a small dialog saying, "File.Extention is infected with a virus (XX% Probability). Do you wish to delete? Y/N?"
And just to hold with custom:
Step One: Create Virus.
Step Two: JAIL!
Step Three: PROFIT!
Edward@Tomato - /home/Edward/ man woman
man: no entry for woman in the manual.
"Qua!?"
Actually.. i know its been tried before, i think it was code red/nimda ?, where someone made a patch spreading in same manner, but instead it patched the systems.
.
:)
About time to try that concept again ?
I know its gonna generate some traffic, but 1 new variant amongst 50+ new others isnt much.
Consider pro/cons
+ you could patch most of the vulnerable systems by including the official M$ patch
+ inform the user that the pc is victim of a virus and lead him/her to a virusscan.
+ remove the original virus, or some of the variants.
+ save bandwidth/spam for each pc fixed [1]
-generate more traffic [1] nothing compared to the current amount of net traffic and spam it generates.
-would be illegal
Worth to consider imho, if you write it properly and not suffer from same flaws as the codered one did. Im sure you could do far more good than harm
beagle.sourceforge.net might not be the proper place for it though