First JPEG Virus Posted To Usenet
Shawn writes "This could possibly be the worst viruses yet! Earlier this month Microsoft announced a problem in their GDI driver that processes the way JPEG images are displayed. Someone has finally posted an exploit to Usenet. Easynews, a premium Usenet provider, found the virus Sunday afternoon. Up-to-date information about how we found it and what it does is located at www.easynews.com/virus.txt. When this picture is viewed it installs remote management software (winvnc and radmin) and will connect to irc."
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
your neighbors open accesspoint, a copy of Airpwn and a suitably infected jpeg. Sounds like a pretty nasty situation in the making to me.
www.linux-skunkworks.com
If you read through the actual posting, it is apparent that this while may be the first GDI/JPEG-based worm, but it is certainly not going to be the worst. First of all, unless I missed it- this code does not even self-replicate (i.e.- it doesnt mail itself to others, or post itself to usenet, or otherwise exploit vulnerable systems) I would expect to see some script kiddies combine this proof of concept trojan with some social engineering type email worms, and then t**THAT** will be a nasty worm.
Absolutely nothing. The file is only 8KB in size, and doesn't appear to contain any actual image data. Loading it up in GraphicConverter v4.9 over here (and Preview, and a number of other tools) just reports that the image file is corrupt.
Yaz.
Our university campus has a huge problem with viruses and this is another exciting addition to our collection. I'm sure I'll start seeing on plenty of guy's asking for help getting this removed, after finding out pornstars aren't virus free after all.
Thankfully, though, this shouldn't cause as much trouble as our current crop of worms. I'm shocked at how dumb our users are, as a whole. We're still having people infected with blaster, over a year after Microsoft patched that vulnerability! Sasser is absolutely rampant. The school even purchased a blanket liscence of Norton, but I would bet less than half of the students have installed it. We have a T3 line providing our outside connection, and it's currently averaging about 7 Mbps combined up/down, because the internal network, which is mostly linked from buidling to building by gigabit fiber, is saturated by virus crap. Although this virus may have a really effective way of spreading, it scares me very little.
At the risk of being kicked off Slashdot for being a devil's advocate...
Why shouldn't I be able to run as an administrator on my own machine? It's my computer... I paid for it... I'm the only one using it. If the system is insecure, isn't that the system's fault? Am I to be blamed for operating my computer in a fashion that (*gasp*) allows me to make changes to it when I want without it bitching to me any further?
Think bigger. Think to the future. "Don't log in as root/Don't be an administrator." is NOT an answer. Mac OS 9 and below operated by default in a single-user mode without *any* authentication necessary to make changes and I can list the successful viruses/exploits (especially remote exploits) by hand on a single sheet of paper.
Artificial permission models (where "artificial" means "not needed by the environment") are not panaceas and aren't excuses for poor OS design.
Hire a Linux system administrator, systems engineer,
Just out of curiosity, does anyone know if x86 no-execute protection(the NX bit, aka the XD bit, aka Data Execution Protection) prevents against this? With the release of SP2 and DEP support, it would seem that this would be a good test to see if DEP is all its cracked up to be.
In my day, an article like this would have been a downright joke. Seriously, this is such a milestone that I'm filing the article in my permanent news archives.
In retrospect I don't know why we thought such a thing was impossible for so long? After all, buffer overflows or other coding problems can result in malicious code executing. I guess what we didn't expect "back then" was that computers primarily engaged in networking activities would be running vital parsers - HTML, ActiveX, images etc - within the operating system itself, with administrator level privileges.
Wouldn't it make sense to limit the scope of any kind of modular parser/crypto using privilege isolation, so that even if malicious code starts running it is utterly incapable of affecting anything else?
i.e. shouldn't all such modules - crypto, image, parser run within some kind of privilege jails and communicate with the involved application using something like a socket? Hell, couldn't Windows do just that and wrap it up so API users don't notice? What am I missing here? I'm not picking on Windows here, same thing could be done on *NIX.
The real kicker was when I switched to Outlook 2003 from Outlook Express. From a usability point of view, it was a pretty good improvement, especially the spam handling, but with a fairly large message store, it took at least an order of magnitude longer to access folders, etc, in O2k3 than OE. It was absurd. Oh, yeah, and the fact that an O2k3 data store can't be bigger than about 1GB to 1.5GB before it starts losing messages (I couldn't believe this at first but it was confirmed by two people with much more MS experience than me). I switched to Thunderbird around 0.5 and haven't given it a second thought.
Now here's a case where the MS software really was well-designed and easy to use (from a UI standpoint), but the grotesque slowness of the app killed it for me.
In 1994, I had a 50MHz 486SX... I didn't buy a Pentium 100 until '96, so you're right. Clock speed is more like 40 - 60 times faster (and thanks to wonders of CISC, performance is more than that). And disk space has increased for me by 3 orders of magnitude.
I seem to recall MicroCenter or CompUSA having a "Buck-a-Meg" sale and I bought a 340MB drive for $340, bringing my total to a whopping 580MB. Now I've got about 600GB over about 4 machines, maybe more since each box is crammed full of old drives ranging from 7GB to 250GB etc in addition to a few bigger drives.
I used to hate how my Amiga took like 3 minutes to boot back in the late 80's. Windows 2000 on a machine that was 100 times faster took around the same time. XP is much better, but still, there are times when I have a lot of apps loaded and it just seems to go out to lunch for several seconds before anything responds. And don't get me started on the launch time for Word 2003...
You are in a maze of twisty little passages, all alike.
For the record, I bought my first Mac (a 12" PowerBook G4) this past spring based in significant part on all the good things I had read about Apple's latest offerings here on /. .
Yaz.