Slashdot Mirror
Bagle/Beagle Variant Includes Source Code
NASAdude writes "Sunday brought a lot of fireworks... and the release of two new Bagle/Beagle variants. One of the variants includes a copy of its source code as an attachment as it spreads via email. It is expected the inclusion of the source will result in numerous variants.
It's been dubbed Beagle.Y and Beagle.Z by Symantec and Bagle.ad and Bagle.ae by McAfee.
ZDNet ran a story that covers these new variants."
And it will be come to be known as beagle.painintheass
Evolution or ID?
beagle.sourceforge.net doesn't have it :(
The Slashdot Paradox: "100% Overrated"
any news on beagle.mars?
epic
"Im drowning here, and you're describing the water!"
....to say that 'open source' is bad?. In all seriousness - what is the end to all this?
Humans have such a good sense of humor!
Reading title fast, I thought that NASA had released some source code... *sigh*
I live in Soviet Canuckistan you insensitive clod!
that could hurt, now every kiddy scripter can get a copy of the code. how many (in reason) letters can we put at the end of the virus name to declare a new variant? watch out for Beagle.zzzzzzzzzzzzzz comming this July to an inbox near you.
Can someone please make a variant that makes users regret not patching their systems? Like, overwrite the BIOS, turn ones into twos in all spreadsheet documents, delete all JPGs, MP3s and AVIs, send a resignation to boss@yourdomain.com and a log of your online banking transactions to the FCC, donate 10 bucks each to the KKK and THEN put up a screen which lists all that.
How long until SCO sues Bagle's author for copyright infringement....
Rich
Funny.
If you try to google Bagle assembler "source code"
you'll get
Microsoft shares source code with students - ZDNet UK News
VBscript or WSH which is inherently Open Source on Windows?
<nitpick>Open-source is a type of licensing; VBScript is a language, and WSH a technology, not licensing regimes. Typically the source-code for a VBScript app is distributed with the application, but not necessarily - it might be obfuscated - but might well be subject to proprietary licensing restrictions.
Just because you can see the source code doesn't make it open source. Open source implies certain freedoms that are additional to being able to see the code: the right to modify and redistribute the code, for example.
</nitpick>
This is where the serious fun begins.
So far you could spot a viurs author by the "evidence" that he had the source code of the virus on his PC. Now everybody has the source. I guess we need bigger jails soon.
Seem Familiar?
In all seriousness, having the source code can't be a bad thing, since this way, it'll be easier to stop if we understand how it works.
And at least if we all get a virus, there is a good programmer behind it, and it's less likely to crash on all of us.
Normally I'd consider virus writers the scum of the earth, but this one is talented enough to be a professional hacker, from my limited experience with assembly language (512 byte boot sector on a FD). Not that I endorse email worms, but this guy has talent.
This is so boring. Soon we'll have Bagle.zzz.
What license is it released under?
/^([Ss]ame [Bb]at (time, |channel.)){2}$/
This just brings to mind an idea I've had for a long time now. And it's in no way an unique idea, I know that for a fact.
So here's the idea: Write a variant of one of these viruses. And he's what it does. When it infects a machine, it sends out copies of itself to every person in the address book. After that, it forces the machine to download some sort of Anti-Virus software. PC-Cillin or NOD32 are favorites of mine. It installs them, then forces a Windows Update.
Sounds good, right? But read on. My second idea is better.
Here it is:
Viral Anti-Virus Software.
Most virus recognition is based on Pattern Recognition, from what I have garnered from my research. Create a virus that spreads like wildfire -- kind of like Melissa and Code Red spread all crazy-fast -- except this little bit of code contains Virus Recognition software in it. It invades unprotected boxen and then starts a continuous scan for Viruses.
You know how most people click 'Yes!' to anything that pops up, a la Gator?
Have this little golden nugget of Illegal Do-Gooding pop up a small dialog saying, "File.Extention is infected with a virus (XX% Probability). Do you wish to delete? Y/N?"
And just to hold with custom:
Step One: Create Virus.
Step Two: JAIL!
Step Three: PROFIT!
Edward@Tomato - /home/Edward/ man woman
man: no entry for woman in the manual.
"Qua!?"
All it means is that there are still clueless people using computers. I already know that. Sometimes I think it's a damn shame viruses can't do the kind of real, permanent damage that shocks a clue into people -- if there is such a thing. For once I'm actually wishing for a SCO story.
Please, please, please, I know I'm preaching to the choir here, but please, for crying out loud, please if anyone ever asks you about buying a new computer, just point them towards the nearest Apple authorised reseller. If they complain about the price, point out that the inherent usability and security designed into Mac OS X from the ground up will more than pay for itself in terms of not cursing and screaming at the damn thing every time you boot it up. If that doesn't work, mention that Macs are prettier. If that still doesn't work, give them six months tops before you're saying "I told you so".
Windows may be popular but that doesn't make it any good.
Je fume. Tu fumes. Nous fûmes!
I'm so glad my entire network is running Linux. :) I swear there is some major virus every goddamn week. Linux has it's own problems, but I am glad I can do something about them. I wonder how long it will take for businesses to realize that running around chasing exploits and viruses isn't a good way to make use of your technical support staff time.
-Mind
And what about a copyright notice on Virii in future? Could MacAfee be sued for reverse-engineering a virus?
-grin-
One of the variants includes a copy of its source code as an attachment as it spreads via email.
;)
Just what we need. An Open Source Virus. And if it is somehow GPLed, we'll *really* have viral licensing.
Take-off every
Its a resume!
"I went on a diet, swore off drinking and heavy eating. And in fourteen days, I had lost exactly two weeks. Joe E. Lewis
If someone wanted to really cause problems, they'd modify that thing to use port 80 to spread itself, and disguise the packets as /. traffic. What admin would notice if it was a virus, or just some new story on /.?
D'OH!
stuff |
"Only wimps use tape backup. Real men just include their important stuff in a Windows worm and let the rest of the world mirror it."
Where is the source?
I don't know, but the Department of Homeland Security, the FBI, and the CIA are looking for them also.
The truth shall set you free!
Isn't it a felony to own the source code of malware?
I doubt it(IANAL). It's only a felony if you own the source code of malware with the intention of using it to damage or access an unauthorized computer. Otherwise people who write antivirus products would spend their entire life in jail.
"As a writer / novelist you might want to spellcheck your sig.
Oh wait, there are a dozen in my inbox already. God you guys are quick, thanks ;)
Actually.. i know its been tried before, i think it was code red/nimda ?, where someone made a patch spreading in same manner, but instead it patched the systems.
.
:)
About time to try that concept again ?
I know its gonna generate some traffic, but 1 new variant amongst 50+ new others isnt much.
Consider pro/cons
+ you could patch most of the vulnerable systems by including the official M$ patch
+ inform the user that the pc is victim of a virus and lead him/her to a virusscan.
+ remove the original virus, or some of the variants.
+ save bandwidth/spam for each pc fixed [1]
-generate more traffic [1] nothing compared to the current amount of net traffic and spam it generates.
-would be illegal
Worth to consider imho, if you write it properly and not suffer from same flaws as the codered one did. Im sure you could do far more good than harm
beagle.sourceforge.net might not be the proper place for it though
I have often heard people say that Linux and OS X are more secure due to obscurity. I was just wodering if one can, perhaps, look at the situation from a different perspective. Geeks have hated MS for a long time, and they are the ones who have the technical skills to exploit Windows vulneribilities. The internet has finally given them a way to attack MS with their limited resources.
One is often made to believe that Windows viruses and trojans are primarily the work of scrip kiddies and that windows is simply targetted becuase it is the dominant platform. Is it possible that we are seeing the beginning of something more incideous than this. Perhaps a large percentage of these attacks are the work of people who simply want to hard Windows public image.
I know some of this may sound obvious (a "no shit sherlock" situation). However, I have never really seen the problem discussed from this perspective. I know that most responsible Geeks on this forum condemn computer viruses. However, there are a lot of pissed off people out there and this is the easiest way to hit MS. It just takes a bit of decent code (in the evil sense) and you can cause the loss of countless millions to the customers of MS.
I think that if this is the case, then Windows will eventually fall. Nobody will be able to create an OS that can withstand the combined wrath of the world Geeks. Just food for thought.
*sigh* Please don't release another anti-virus-virus. The last one was at least as much a pain as the one it was supposed to cure.
The McAfee virus info page says that the source code is encrypted. Assuming the author used something sound like PGP, we'll probably never see the source code.
If it's encrypted, how did they find out it's source code? They must have already cracked it.
"Why Subscribe?" Good question...
"Don't you suppose the right to redistribute is granted pretty much automatically for a virus?"
How amusing if it weren't. Maybe the authors could be prosecuted for circumventing a protection device *on their own property*. The sound of mental fuses popping would be deafening.
Indeed it was, but it sure also had some flaws. Learning by the mistakes of it, and write a smarter anti-virus-virus, im sure you could generally benefit from it. Personally i prefer to see a little log entry in my firewall, than 500 pieces of spam in my inbox. No doubt its an unusual approach, but what other (working) methods do you suggest to wipe out 50 new variants ?
Unless the author is dumb enough to reveal himself by suing you for copyright infringement, it's public domain.
The shareholder is always right.
If it's encrypted, how did they find out it's source code? They must have already cracked it.
And the author has already filed his DMCA suit against them for cracking his encryption.
Johnkoerner.com
That approach, while fine twenty years ago, isn't at all realistic today. Today PCs are sold as something which is easy to use and useful for everyone. And they should be. The fact that they aren't is the problem of the people who designed/implemented things badly in the first place.
Given that all most people want a PC for is web browsing and email, why the f*ck haven't Microsoft come up with an OS which can do that, and just that, without any security risks at all? This puzzles me somewhat.
Regardless, the problem mostly lies with the laughable state of Windows, not with the users. Sure, they could be more careful -- but on a fresh Windows install you need to be more than careful, you need to be damn good to keep it secure.
that the killer worm hasn't come yet.
:( :( :( :( :(
Seriously.
Not that I'm looking forward to that day, as it means that I'll spend a WHOLE lot of time fixing other people's computers
But all the 'I Told You Sos' might be worth it.
Given that these worms are getting to be pretty sophisticated in how they spread (IIS server exploit ->IE activeX exploit), and given that although MS does a 90% good job in patching them, the poor rate of patch (what? patch my computer? but it works fine), and total reluctance to switch to non-MS products (The VP of our company refused to switch from MS, even after the CERT warning. "Why would I want Mozilla or something? MS just released a patch for that problem you are talking about"), I'm STUNNED that someone hasn't gone nuts, and torched the Windows World(TM).
No terrorist group, no crazy psychotic hackers, no insane foreign governments.
No Russian organized crime group holding a corporation hostage.
Nothing. Nada. Zilch.
Strange.
I still think its coming. Perhaps I'm just a pessismist, but I think that 'cyberwar' may still be on our horizon, and even if you, Ms. Super-Smart-Geek is able to protect your system, 90% of the windows world will not be able to.
And instead of spam, we'll see permanent bios corruption, or something else, that will simply f*ck their computers.
I'm scared of it, anyways. I only hope that it happens far enough in the future that I can earnestly say, "I can't fix that, I using Windows back in the 2000-era, I don't know anything about your XP-SE, your Longhorn, etc. . . "
I spend too much of my time on service calls as it is, for my parents, for my officemates, for my relatives, and for my friends.
I try to 'train' them on how to manage a system properly, but its honestly hopeless.
I'm pretty savy, but back in the day when I ran them, my Windows systems STILL got screwed up sometimes (not often, but occasionally).
I can totally understand (but not sympathize) when my sister comes back to me and her laptop has got a bazillion pop-up-ware things installed.
I'll feel bad for her when/if her laptop gets trashed by a virus, but.... I told her to get a mac.....
Oh well, ce la vie.
I'll live through the storm, anyways, and so will my backups of the company data.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
*sigh* Please don't release another anti-virus-virus. The last one was at least as much a pain as the one it was supposed to cure.
Also many of the mass mailers do stop and try to disarm other mass mailers. This is not uncommon becuase it prevents the virus from being detected if someone doesn't update their AV until they find one that is old enough to be in the signature files.
Such an Anti-virus-virus, would just be another of these viruses. No more or less.
LedgerSMB: Open source Accounting/ERP