Slashdot Mirror


First JPEG Virus Posted To Usenet

Shawn writes "This could possibly be the worst viruses yet! Earlier this month Microsoft announced a problem in their GDI driver that processes the way JPEG images are displayed. Someone has finally posted an exploit to Usenet. Easynews, a premium Usenet provider, found the virus Sunday afternoon. Up-to-date information about how we found it and what it does is located at www.easynews.com/virus.txt. When this picture is viewed it installs remote management software (winvnc and radmin) and will connect to irc."

8 of 694 comments (clear)

  1. Time to lock down the one Windoze machine by Cybertect · · Score: 0, Flamebait

    I run at work.

    The joys of running a mac shop :)

    1. Re:Time to lock down the one Windoze machine by Sir+Haxa1ot · · Score: -1, Flamebait
      The joys of running a mac shop

      yeah, outside of having no customers, no revenues and no interoperability with an outside world a Mac shop is not that bad

  2. Re:That's pretty amazing. by MasterDater · · Score: 0, Flamebait

    Linux had a similar security hole a week or so ago, bigmouth. Of course, you won't see THAT on the slashdot front page.

  3. I suggest you all hold your tongues. by ZuperDee · · Score: 0, Flamebait

    I suggest you people hold your tongues, and think before you blindly bash Microsoft all the time. Yes, there *ARE* OTHER good reasons to hate Microsoft, but that's beside the point, and I'd rather not get into that right now.

    For the purposes of this discussion, suffice it to say that I think *BOTH* the Microsoft and open source communities have their fair share of exploits to deal with. For example, the Mozilla people have had to patch things like this before, too. In fact, need I also point out that a very similar potential exploit was also found recently in GdkPixBuf. So it ISN'T just Microsoft.

    Before now, many of you were saying "we don't have as many exploits as Microsoft." Then finally, when similar exploits are found in open source, you people start rationalizing, and saying "Oh, okay, but our side still fixes things faster." That's what in logic we call "rationalization," and "shifting your reasons." I also bet that some of these same people also think our President is doing this on the reasons for invading Iraq (though please note I still support the President, though that's also beside the point.)

    Saying "but open source allows people to see them more quickly, too" is also no argument. Certainly, one could say open source allows for greater transparency in the process, but on the other hand, I could also legitimately argue that allowing everyone to look for possible exploits in my code is like posting the blueprints for all my locks right out in the open, so every burglar can then look for ways to try to pick them or break them.

    My point is basically this: I wish people would stop going to extremes, bashing Microsoft when any kind of security flaw hits, then trying to rationalize and talk down every similar flaw that is found in their favorite open source project.

  4. Re:That's pretty amazing. by Anonymous Coward · · Score: -1, Flamebait
    Really, how much new useful functionality has MS provided in the last 5 years? It takes just as long to load apps now as it did 10 years ago, even though machines are 10 times faster with 100 times more memory. Functionality increases at best in a linear fashion, while system requirements increase at a geometric rate. Software eats more of your computer and offers less in return.
    How much has the open source movement? It takes longer to load Firefox on Linux than on Windows. KDE eats RAM and CPU like hell. It takes 10 times longer to compile a program in gcc than any compiler from 10 years ago. GTK isn't exactly light when it comes to resource usage.
    Remember when MS supposedly shut down for a month to work on security issues? That was about 4 years ago. Not only did the problems not go away, but the occurance of gaping new exploits increased significantly.
    Stuff happens, period. It happens in the open source world too. It happens in the Apple world. It will happen forever. What happened with GDI, however, was developers redistributing the DLL without permission. Hooray for piracy.
    Maybe they should shut down for a year. Take all the gigabyte-gobbling shit they've written for the last 10 years and turn it into useful code with no new functionality. Returning with the same stuff they have now, but with little or no security issues would win them more customers than their current monopolistic policies and FUD spreading ever will.
    Believe me, I don't like Windows. I think it's a Fisher Price toy. But Linux and Apple have the exact same problems just on a smaller scale since they are not as popular. Yes, popularity does affect security. As Linux is gaining popularity, the bugs found in software related to it are increasing.
    Really, what else could they possibly do besides introduce a bunch of bloated new technologies for doing the same damn thing we all wrote for ourselves years ago, but without all the MS lock in and huge learning curve?
    Yeah, most Linux distros have far more bloat than Windows. KDE and GNOME are extremely bloated. And everything has a learning curve, it just depends on who you are.
    I have to ask, what has MS done that is actually useful since Windows 2000?
    What has the open source community done that is useful since... ever? Linux was and is nothing new. A clone of an operating system from 70s, whose user interfaces were punch cards, switches, and teletype machines. Linux hasn't improved upon that.
  5. I hope this destroys the damn platform by GrahamCox · · Score: 0, Flamebait

    Much as I despise virus writers, frankly after having been forced to use Windows for the last few days, I hope this destroys the damn platform. I normally try and keep a neutral attitude to platform wars, but these last few days have really opened my eyes to just how bad Windows is. It sucks so bad, I simply cannot fathom why it is so popular. I normally use OS X, but idiosyncracies aside, Windows designers truly seem to have no clue about what makes the difference between a productivity aid and a productivity hindrance. At every step some "feature" of Windows either doesn't work, or else does too much, requiring further steps to undo some of what it did. It cannot lay text out properly half the time. Its character mapping is totally broken, with different fonts having different character mappings. I could rant on....
    Frankly, these viruses are great news for those of us who just want a bit more balance in the marketplace. I'm fed up with having to apologise for being a minority Mac user - fuck it, Macs let me get my work done, no fuss, no frustration, no stress, and no bad temper which makes me post rants to slashdot!! Windows users - piss off and call me back when your platform of "choice" is fixed. That's all.

  6. Sucks to be a shemale-fan by Jugalator · · Score: 0, Flamebait

    So the virus first showed up here:

    Newsgroups: alt.binaries.multimedia.erotica.transsexuals,alt.b inaries.pictures.erotica.transexual,alt.binaries.p ictures.erotica.transexual.action,alt.binaries.pic tures.erotica.transsexual
    Subject: (Shemale-loves it up the ass.jpg (1/1)] [1/1] - Shemale loves it up the ass

    Serves the shemale-lovers right... :-)

    --
    Beware: In C++, your friends can see your privates!
  7. Re:I don't see why this is a problem by HeghmoH · · Score: 0, Flamebait

    Think bigger. Think to the future. "Don't log in as root/Don't be an administrator." is NOT an answer. Mac OS 9 and below operated by default in a single-user mode without *any* authentication necessary to make changes and I can list the successful viruses/exploits (especially remote exploits) by hand on a single sheet of paper.

    So you're saying that the best way to stop these exploits is to make the OS completely useless? Don't get me wrong, I'm a total Mac-head, but OS 9 and under were crap, and the only reason they didn't have any remote exploits is because the OS wasn't capable of any remote operation whatsoever.

    --
    Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!