Slashdot Mirror
First JPEG Virus Posted To Usenet
Shawn writes "This could possibly be the worst viruses yet! Earlier this month Microsoft announced a problem in their GDI driver that processes the way JPEG images are displayed. Someone has finally posted an exploit to Usenet. Easynews, a premium Usenet provider, found the virus Sunday afternoon. Up-to-date information about how we found it and what it does is located at www.easynews.com/virus.txt. When this picture is viewed it installs remote management software (winvnc and radmin) and will connect to irc."
Virus writers should be dragged out in the street and... well, whatever.
The only reason we need security for this crap is because the viruses exist. Which means that we only have security when the need arises. If the vulnerability exists but is never exploited, it tends to sit open and unpatched. As soon as this pops up, we see vendors frantically patching systems.
I usually call it like I see it - which means defending the bad guys when they deserve it. But in this case, there's no doubt that open source has major advantages. The vulnerability has been identified, people are complaining that it's not being fixed... I bet it takes a virus to get MS (and others) moving to fix it.
If you aren't running as an administrator, which you shouldn't be, it can't install itself. It's the same as Linux or any other OS with a basic user system.
Interested in open source engine management for your Subaru?
"Can't arrest someone for merely writing a piece of code."
coughcoughpatriotactcoughcough
This reminds me of my first thought when I saw Windows 95 message "It is now safe to turn off your computer."
Which was, "However it is no longer safe to turn on your computer."
Quality freefall.
Really, how much new useful functionality has MS provided in the last 5 years? It takes just as long to load apps now as it did 10 years ago, even though machines are 10 times faster with 100 times more memory. Functionality increases at best in a linear fashion, while system requirements increase at a geometric rate. Software eats more of your computer and offers less in return.
Remember when MS supposedly shut down for a month to work on security issues? That was about 4 years ago. Not only did the problems not go away, but the occurance of gaping new exploits increased significantly.
Maybe they should shut down for a year. Take all the gigabyte-gobbling shit they've written for the last 10 years and turn it into useful code with no new functionality. Returning with the same stuff they have now, but with little or no security issues would win them more customers than their current monopolistic policies and FUD spreading ever will.
Really, what else could they possibly do besides introduce a bunch of bloated new technologies for doing the same damn thing we all wrote for ourselves years ago, but without all the MS lock in and huge learning curve?
I have to ask, what has MS done that is actually useful since Windows 2000?
You are in a maze of twisty little passages, all alike.
...in JAPAN! But in the US, you probably can be.
Forget thrust, drag, lift and weight. Airplanes fly because of money.
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
I'm glad I'm not the only one who noticed this. btw cpu's are way faster than 10x faster. In 1994 I could only afford a 386sx at 16Mhz. Not only is the clock speed faster but the chip has gone through several major revisions. Yet I think that 386sx booted up faster and ran Lotus and Wordperfect under DOS just as fast as anything out there on Windows today. Of course there are some advantages to windows but speed sure isn't one of them!
Liberals call everyone Nazis yet they are the closest thing to it.
"The pervs grab the jpeg, load it, and it quietly calls home to the FBI, where a dot matrix printer prints out another warrant for a judge's signature . . ."
Not exactly. Because either:
1. The FBI's infected JPEG is a kiddie porn photo, in which case the FBI is breaking the law itself, or
2. The infected JPEG is a legal photo, in which case the "alleged perv" has broken no law, and there is no basis for the warrant.
So what happens when someone hacks the ad server that cnn or google uses, and puts this jpeg up?
Millions of instant zombies.
Thats f*cking scarry....
It was Bug Month, not security, though that's related. It was in 2002. The shortest month, February.
... "It's time to get the garage cleaned out."
"We are not coding new code as of today for the next month," Richard Purcell, director of the Microsoft's corporate computing office
Which I thought was straight PR, and if there were any acutal deferrals of project waypoints, this time would be spent dealing with personal inbox overloads.
But I did get contacted by a Microsoft engineer during that time, re a software failure I'd detailed online. {Nothing's been fixed, mind you.}
"Quality freefall"? Not really. They've always produced third tier code. This is normal. The only difference right now is they're feeling more heat about it because programs can do more, and they've got competition they can't kill in Open Source. The profitability of their poor quality of approach is falling against these two rising variable. Quality itself has been steady state.
Just had a nasty thought... the latest round of IM programs have user-settable "buddy icons" which IIRC can be JPEGs. A worm that used buddy icons to spread could have half the internet infected in 15 minutes, and do it via existing social networks. I hope the MSN and AIM servers are scanning buddy icons to prevent this being used...
If the FBI is allowed to trade drugs to get to drug dealers then I'm pretty sure they're allowed to trade kiddie porn pics to get to pervs.
http://www.archive.org/details/ThePowerOfNightmares
Interesting that this virus, which has been in the wings and known of by select groups for years now, should at this time be given lots of promotion, (a few virus releases and big, loud press attention like a freekin' summer movie advertising run), right when the most important US election in the history of mankind is gearing up.
Having people scared out of the public places so that they can't discuss the events which are about to unfold. . ?
And some dorks still laugh at me and say I'm a paranoid conspiracy nut.
--Goodness! Well, if conspiracies don't exist, why are there laws like, 'Conspiracy to commit _____' on the books? And who but the lying psychos in government are better suited to pulling such stunts? Only a nut would actually lower his/her guard over the next couple of months!
Count on this: If any 'terrorism' happens in the next 5 weeks, you can be sure it will have been be aided and abetted by the US and/or Israeli secret services.
Not that you'll be able to talk about it on-line, what with all the scary viruses and all!
Buckle up, kids. This stretch of road is about to get bumpy.
-FL
Apparently, the Outlook interface was useful enough that Evolution 2.0 copied it.
... would be running vital parsers - HTML, ActiveX, images etc - within the operating system itself ...
Remember, this was a LEGAL decision, not a TECHNICAL one.
Killing NS without all those messy anti-trust problems required IE to become part of the OS.
From a technical standpoint it was a moronic idea, as a lot of people said at the time.
"It is now safe to turn off your computer." ... Quality freefall.
It's related.
There is an arrogance that Microsoft knows best that is implicit in that statement. Whether or not it is actually safe to turn off the computer is very much outside of Microsoft's knowledge. In fact the safest thing to do when a system is acting bonkers is to hit reset or the power switch on old computers or pulling the power plug or removing the battery on new compouter where the power switch is no longer functional. The reasoning goes that when the system has its brains scrambled it desperately wants to write those scrambled brains to disk and thus perpetuate the scramble.
Remember when MS supposedly shut down for a month to work on security issues? That was about 4 years ago. Not only did the problems not go away, but the occurance of gaping new exploits increased significantly.
One whole month, Well golly gee! Actually one month would be enough to stop hiding stuff and never under any circumstance use or require scripts or ActiveX controls for anything remotely related to security.
[x] Hide files extension for known file types.
That by itself is enough to wreck any attempts at achieving security. The message is loud and clear. Linux worms never seem to get anywhere. People see them and react violently to anything sneaking around trying to be invisible.
Task Manager doesn't show everything. Microsoft Windows comes with a pre-installed root kit!
The ms-sql exploit spread to less than five percent of the computers in the world...
Let me guess - do you perchance use one the "blackisted" serialz for your office registration? If not then sorry, but if so - take note that WindowsUpdate verifies your reg number and feels free to behave accordingly.
Well - how many people viewed the certain hello.jpg image willingly and knowing what they are going to find? How difficult it would be for me to dupe you or someone else to load the image you mention if I find its URL?
Thing is, without NX x86 processors have no way of marking pages as non-executable. Not even on linux.
* Eye of Gnome seemed to work okay, but I got all sorts of weird redraw problems when I tried to resize the window.
* Gimp (2.1) says the JPEG is unsupported and couldn't be imported by the filter, then segfaults.
* Konqueror seems to work okay, but just shows a tall black rectangle, and its spinner is still chugging away, as if it's still busy loading something.
* Firefox 0.9.3 has no troubles at all; it just shows a nice white rectangle on a white background
These programs are not vulnerable to the the exploit in the same way that Windows machines are vulnerable. In fact, the issues you saw appear to be in no way related to the intended result of the virus. GIMP's segfault seems to be the most serious of these, and it is still a minor problem. I believe all of your results can be achieved by opening a mangled/corrupted
Nutshell: One cannot conclude that graphics-related processes/apps on Linux machines are vulnerable to this virus.
PS Conclusions posited based on "unprofessional research and wild conjectures" are likely to cause much more harm than good. Is this really necessary? (not a flame - just an observation)
I want to drag this out as long as possible. Bring me my protractor.
There's been some discussion of the problems facing "fleet operators" due to this bug. It seems that various product teams have spewed so many private versions of the .DLLs all over users' systems that the people who maintain the security-patch list in XML just gave up. SMS won't detect the need for the patch, and neither will MBSA, I'm told. Whether SUS (standalone, not the Feature Pack for SMS) will is not yet clear.
Well, that's just dandy. I've got 200 machines that need patching and no centralized tools, maybe. Oh, joy.
Now I'm wondering how I'll ever trust those tools again.
Worst. Post. Ever.
Is some freshman psychology major going to format their drive, back up all their files, and install Linux? No. Are they going to be able to use Linux? Doubtful. Is linux going to detect their generic sound cards and network adapters? Yeah, right. Are you going to have chaos and pissed off students? Yes. Are you going be the one to tell them they can't use their brand new Dell without totally fucking re-doing all of the software or are you going to tell them it's worthless and to go spend $1000 on a new Mac?
You are seriously fucking stupid. Start living in the real world.