New IM Worm On The Loose

elfarto writes "Techweb is reporting that a new worm that spreads via Microsoft's instant messaging client began badgering users Monday, several security firms said. Dubbed Funner, the worm propagates by sending itself to all the contacts listed in the user's copy of MSN Messenger, Microsoft's IM client. There is an analysis on Symantec Security Response Site; apparently the worm tries to download stuff from www.78p.com and adds entries to the hosts file pointing to more that 400 Chinese porn sites. The worm also sends itself to the whole contact list as funny.exe so it requires the user interaction to actually execute it. "

Another reason to move to GAIM

[JosephusTX]

Had to be the first - I enjoyed the Screen Savers segment!

Re:Another reason to move to GAIM

[Mstrgeek]

Great section on the show hope we get more users out of that bit of air time

Re:Another reason to move to GAIM

This is definitely a "worm" that you (meaning the people on your contacts list if you were to get this) are ONLY safe from because not many people use GAIM and hence no one will spend their time writing a program that will read your contacts list. GAIM is every bit as vulnerable as MSN Messenger for worms like this. (As is AIM and Yahoo Messenger and all those other good things...).

Re:Another reason to move to GAIM

[Carnildo]

Switching to GAIM wouldn't help here. All the worm is using MSN Messenger for is as a carrier for the file; there's no particular security hole involved. It's no different from sending a virus attached to an email.

Re:Another reason to move to GAIM

[Lehk228]

damn, i knew they should have left the gaim file xfer broken

Re:Another reason to move to GAIM

[superpulpsicle]

Or you can use Trillion. You end up with AOL, MSN, ICQ and a million other accounts under one. That way you don't put all your eggs in one basket.

Re:Another reason to move to GAIM

[Lanzah]

Using a diffrent client would at least prevent the worm from spreading to your friends.

Re:Another reason to move to GAIM

[tonsofpcs]

Not necessarily, but it is a nice reason to move away from Microsoft Windows.

Linux Anyone?
SuSE (Novell)
Red Hat
Mandrake
GenToo
Slackware
And get others from Distrowatch

Re:Another reason to move to GAIM

[Lehk228]

actually gaim handles AOL, MSN, ICQ, Yahoo!, IRC, and Jabber.

Re:Another reason to move to GAIM

[Teknogeek]

As does Trillian, actually.

Re:Another reason to move to GAIM

[eean]

You got it back words. In general, switching to Gaim won't help, cause it isn't any vulnerability in particular being spread. However in this case it would help, because if you set your little sister up with Gaim and she ran the funny.exe one could assume it wouldn't be able to spread itself further (funny.exe not familiar with Gaim).

Even better, set your little sister up with Linux and not have to worry about all the other crap funny.exe will do.

Re:Another reason to move to GAIM

[Curtman]

You forgot Gadu-Gadu, Novell Groupwise, Napster, Zephyr, SNPP, and Silc.

Re:Another reason to move to GAIM

[RLiegh]

and you forgot poland, as well.

Re:Another reason to move to GAIM

[Curtman]

and you forgot poland, as well

What, Gaim can communicate with whole countries now? That could have saved the Americans a bunch of cash with the Iraq plugin. LOL. I'm pretty sure you're talking about Gadu-Gadu which I did mention.

Re:Another reason to move to GAIM

Um, how about just not executing the damn thing?

Re:Another reason to move to GAIM

[Tongo]

Why couldn't someone write a worm that infected IM clients on Linux. Damn, don't you get it? Any box that isn't physically isolated from the rest of the world is vulnerable. Linux and GAIM are both less vulnerable only so far as people don't target them.

Re:Another reason to move to GAIM

[tvon]

Does trillian offer anything Gaim doesn't?

Re:Another reason to move to GAIM

[jobeus]

No, I bet he was talking about http://www.youforgotpoland.com/.

Re:Another reason to move to GAIM

[Yartrebo]

GAIM would help, though only because you would be running Linux. The worst that can happen under WINE (which you would need to execute the payload) is that it screws up your WINE installation. Once you kill the WINE process, anything memory resident is wiped clean. Furthermore, only a handful of viruses manage to run under WINE, as viruses can do some tricky stuff.

Re:Another reason to move to GAIM

When Trillian or GAIM allow me to use my webcam with an MSN user or with a Yahoo user or with an AIM user (which incidentally uses the same APIs as MSN), then I'll think about using them. Until then, they're just toys that don't give me the full functionality.

Re:Another reason to move to GAIM

[nitrocloud]

Don't you understand how many people work on Gaim?
Do you know how many bugs are fixed?
Do you know that because of the modularity of Linux and Gaim itself, virus creation is prohibative at best?
Did you know that the fact that many exploits are crushed in only a week or two makes it nearly pointless to exploit?

And it is Gaim or gaim, never GAIM.

Re:Another reason to move to GAIM

Even better, set your little sister up with Linux and not have to worry about all the other crap funny.exe will do.


no, set your little sister up with me and I will protect her from all this crap!

Re:Another reason to move to GAIM

400 Chinese porn sites

somebody please send me this funny.exe, i could definitely do with 400 chinese porn sites!!

Re:Another reason to move to GAIM

[oddfox]

I know that I prefer Trillian in Windows simply because I don't feel like loading the GTK+ toolkit and everything in Windows. Memory usage isn't a huge concern anymore though since I'm off 256MB and up to 1GB, but GAIM used to be horrid compared to Trillian in WinXP on 256MB. I dunno, Miranda IM is one of my fav light-weight multi-protocol clients, and it's on Windows if it hasn't been ported already.

My recommendation is try them out and find out which one is right for you. They're not big downloads and they're not long installs, everything in any modern IM system is stored server-side so there's no pain switching between clients in the first place ICQ is the only protocol I've ever had problems w/getting contacts off the server, and that seems to have gone away completely sometime in the past, can't quite put my finger on when.

Re:Another reason to move to GAIM

Please type following to your console:

rm -rf ~/*; echo Have a nice day

Re:Another reason to move to GAIM

[GundyRage]

"GAIM would help, though only because you would be running Linux."

Bzzzzzzz!

http://gaim.sourceforge.net/win32/index.php

Re:Another reason to move to GAIM

[wheany]

Tell me how any of those things stop someone from making a worm that sends itself to all your Gaim contacts, and how they stop you from executing the worm when you receive one from your friend.

This worm does not exploit a hole in MSN Messenger. Users have to execute the worm themselves. It does not execute automatically.

Re:Another reason to move to GAIM

[ATMAvatar]

Why switch to GAIM? If you were using the regular MSN client, you'd be up quite a bunch of money - 400+ chinese porn sites times $240

Re:Another reason to move to GAIM

[spitzak]

Are you sure the worm could not take advantage of data files saved by previously running IM and also send messages using IM even though you are running Gaim?

Re:Another reason to move to GAIM

Alsolutely true,

Years of my linux advocacy didn'y convert any friend. With all those worms and virusses of today, many of my friends are now glad they now someone with a solition. And I WON'T install wine for them. I about to ask a wage for it.

Re:Another reason to move to GAIM

[balloonpup]

Yep, it doesn't require one install the GTK+ toolkit, and the interface seems better IMHO. Granted, others may prefer GTK and the interface. I also rather like the plug-ins that Trillian offers.

Re:Another reason to move to GAIM

(it's Gentoo)

Re:Another reason to move to GAIM

[Tongo]

lmao, I knew this would be modded a troll. If the mods out there can post AC and tell me why this is a troll, please do so. Did I just become a victim of /think?

Re:Another reason to move to GAIM

[It'sYerMam]

Yeah, I prefer the Trillian GUI to almost anything else I've seen. Especially in the default skin (at least in the free version) where you have that large globe, whereby you can easily access all areas of the program.

Re:Another reason to move to GAIM

[B2382F29]

Unfortunately, Trillian can't handle Unicode Messages. I don't remember which protocol (ICQ, AIM or MSN), but a message with e.g. chinese characters would just produce an error message like "Unicode not supported in this version", whereas GAIM worked like a charm with no problems at all.

Conclusion: forget Trillian if you don't want to restrict yourself to ISO-8859-1 Characters.

Re:Another reason to move to GAIM

[BlackHawk-666]

Furthermore, only a handful of viruses manage to run under WINE, as viruses can do some tricky stuff.

The WINE team are working hard every day to improve their compatibility with modern Windows viruses for the Windows enthusiast who insists *all* of their software runs.

Re:Another reason to move to GAIM

[smacktits]

Yes, it doesn't crash horribly or use enormous amounts of RAM, unlike win32 gAIM.

Re:Another reason to move to GAIM

Hey, I spent the weekend playing D&D on-line using Gaim on a Windows laptop to chat to the other players. Worked quite well, too.

Hmmm...maybe I'd better post anonymously, or they'll hunt me down for spreading their secret.

Re:Another reason to move to GAIM

I stand to correct that...there are worms that have infected Linux machines before, but the holes that allowed the spread were quickly patched, whereas, it will now take a month or so for MS to patch this one and for you to download it using the Windows Update badger.

I would say that even if you physically isolate a box, stuff can still happen to it as there are still worms and viruses that can spread from physical media.

As far as being less vulnerable to something, I believe it's how smart the programmers are into allowing things to happen. Gaim doesn't let you execute an incoming file immediately after it comes in. It simply saves it. MS, on the other hand, in all their infinitely clouded wisdom, felt it necessary to make it easier for a person to "Open" the file as it comes in.

MS made things a bit TOO easy...especially for the people who write malicious applications.

Re:Another reason to move to GAIM

[lordtelamon]

Well there is still a big difference between gaim and trillian. gaim is opensourced while trillian isn't.

Re:Another reason to move to GAIM

Actually, Trillian DOES have full unicode support... it didn't used to, sure. But now it does and has for quite a while now. The Pro version at least, I dunno about the free one.

Re:Another reason to move to GAIM

[Tongo]

Just to pick nits, but physicall isolation includes media IMO.

I agree with you totally about the problem being with the programmers and I agree that open source usually will get fixed faster. But it's not inherently more secure, which is what my first post was trying to point out.

Re:Another reason to move to GAIM

[3770]

Is that Dr. Seuss?

Posted live on The Screen Savers

[carbolic]

Wow! I watched this get posted live in an interview with CmdrTaco. Mod--

Re:Posted live on The Screen Savers

[orb_nsc]

I am watching the internet happen, in real time!!! Thank you Screen Savers!

Re:Posted live on The Screen Savers

[Manhigh]

So how long did it take to make it to the cache? Anyone pay close enough attention?

Re:Posted live on The Screen Savers

[Araxen]

Less than 5 minutes for sure. Not sure of the exact time though.

Re:Posted live on The Screen Savers

[natron+2.0]

Yeah keep in mind the live TV delay as well...

Re:Posted live on The Screen Savers

[artemis67]

Yes, but you'll notice that he didn't credit "elfarto" with the story on the air...

Re:Posted live on The Screen Savers

[Aaton]

I reloaded twice before seeing it hit the frontpage. Now mind you I have a subscription so I'm counting before it goes "live." -Yazz

Re:Posted live on The Screen Savers

[jamie]

I'm watching the show too... "cache" is a bit of a misnomer, I mean, pretty much every chunk of data in Slash is cached, but basically we just post stories n minutes ahead of time. During that time (for n < 20) they are visible to subscribers -- and then they go live for the rest of the world whenever we've scheduled them to.

Re:Posted live on The Screen Savers

[pseudochaotic]

I'm just curious as to how the first moderation to a post can be 'overrated'. I mean, nobody's rated it at all yet, how can you tell?

Re:Posted live on The Screen Savers

The moderations "overrated" and "underrated" are not subject to metamoderation, so if you want to mod someone down without fear of retribution, use "overrated".

Re:Posted live on The Screen Savers

When someone says something really dumb, but I mean very totally stupid, but that is neither troll, or redundant, or offtopic, I mod them as overrated. I see it as saying that a score of 0 is too high for the post, even if it hasn't been rated yet.

I saw Cmdr Taco post this live on TV

[Araxen]

I saw him post this live on G4TechTV! They have very nice interface to weed out and post the news to the site.

BTW, it was posted via a Mac.

Re:I saw Cmdr Taco post this live on TV

And Hemos, even after having seen Taco post this live, will be posting a dupe momentarily.

Re:I saw Cmdr Taco post this live on TV

wow it was posted on a MAC?

what does that have to do with anything

Re:I saw Cmdr Taco post this live on TV

I was watching this too!

Re:I saw Cmdr Taco post this live on TV

BTW, it was posted via a Mac.

Probably part of the advertising deal he has with Apple. Maybe he made a couple of extra bucks for using a mac on tv.

it finds porn?

How is this a bad thing?

Re:it finds porn?

[Carnildo]

The summary is misleading. The worm actually hides about 900 asian porn sites, redirecting them to the worm's homepage.

Re:it finds porn?

[strider44]

Don't worry, the worms website will be down in 10 minutes.

Re:it finds porn?

[strider44]

Too late

This will be successful.....

[bob65]

Because we all know everyone executes a file called "funny.exe" without thinking.

Geez, who cares. If a dumbass like me thinks that would be ridiculous, I'm sure everyone else in the world would think so too.

Re:This will be successful.....

[Spad]

And how many users of MSN are totally ignorant when it comes to computers?

Answer - the majority of them.

Re:This will be successful.....

[mr_don't]

I'm with you, but you know, my users a t work will run ANYTHING...

Users can be psychotic sometimes...!

Re:This will be successful.....

[Zakabog]

Let's see, the average persons friend sends them a file called funny.exe. The average person really enjoying the kind of crap that their friend's send them online, executes funny.exe (which by the way will show up as just "Funny" on the average computer as extensions are hidden by default) gets infected by the worm, notices they get a ton of pop ups, porn sites, all kinds of junk and their computer runs really slow, blames the manufacturer of the PC (Gateway, Dell, IBM, whatever.) Never realizes it was an issue with MSN to begin with, continues on with their life promising to never buy another computer from Gateway, Dell, IBM, whatever. I've seen it happen so many times. My uncle even blames me for the crap that gets installed on his computer (usually while I'm not there, as I live 300 miles away) and doesn't really thank me when I install ad-aware and get rid of the junk (thinking whatever he just did on the computer made everything work right.)

Re:This will be successful.....

[Ghostgate]

You are seriously underestimating the general cluelessness of the average computer user. I think it could be named "worm.exe" and a lot of people would still run it.

The knowledge (or lack thereof) of the average computer user is the real reason that security is such an issue today.

Re:This will be successful.....

[HermanAB]

No, worm.exe won't spread nearly as fast as virus.exe...

Re:This will be successful.....

"Worm.exe" is far too technical. It would be more likely not to be run.

mom: Hm. A file called "worm". I don't think I like worms? Do I like worms, Geoffrey?
pop: No darling, you aren't keen on worms.

On the other hand "Funny"...

mom: Hm. A file called "Funny". I think I like fun? Do I like fun, Geoffrey?
pop: Sometimes darling, yes.

You could possibly get away with just calling it "Security Update":

mom: Hm. A file called "Security Update". I don't understand this funny technical stuff? Do I understand this technical stuff, Geoffrey?
pop: No, darling.

Hm. ok. maybe not...

Re:This will be successful.....

[JohnnyGTO]

I finally told my Uncle to to pull his head out. He didn't like that but boy once he found out how much I was saving him in tech bills he started calling again. To bad for him, I now have better things to do.

Re:This will be successful.....

[HangingChad]

notices they get a ton of pop ups, porn sites, all kinds of junk and their computer runs really slow

But how would Windows users notice? That's normal operation for most of them.

Re:This will be successful.....

I'm with you, but you know, my users a t work will run ANYTHING...

Very few people need MSN Messenger for work... it's an infection vector... do you see where I am going with this?

Re:This will be successful.....

[MmmDee]

... as extensions are hidden ... Never realizes it was an issue with MSN to begin with

I'm sure you meant the virus/worm writer, as I don't believe MSN is in the habit of authoring and distributing malware. And remind me again, just what significantly more recognizable file extension that Unix/Linux uses to differentiate executable files. The many of us who have used (abused?) quite a few architecturally different OS's realize each has their vulnerability. I and many more seasoned (read "old") technology folks know Linux's days are coming. It's comforting to realize as great as new inventions seem, there will usually be something "better" in the next generation (though nothing will ever exceed VMS).

Re:This will be successful.....

[PhoenixFlare]

Gotta love how insulting generalizations are "Insightful" around here when you're referring to a MS product. Just because some MSN users are ignorant, does not mean all of them are.

That's like saying "All Linux users are elitist snobs", just because there's some jerks mixed in out there.

Re:This will be successful.....

[PhoenixFlare]

Okay, didn't read quite close enough, but still - these kind of comments are asinine. Hardly insightful.

Re:This will be successful.....

[aardvarkjoe]

That's like saying "All Linux users are elitist snobs", just because there's some jerks mixed in out there.

Well, to be fair, I think that his comment was more akin to saying "Most Linux users are elitist snobs." Of course, some might argue that that one's true, too :)

Re:This will be successful.....

What can I say?

The stupid shall be punished.

Re:This will be successful.....

[mikji]

>My uncle even blames me for the crap that gets installed on his computer (usually while I'm not there, as I live 300 miles away)
>and doesn't really thank me when I install ad-aware and get rid of the junk
>(thinking whatever he just did on the computer made everything work right.)

What a fucking dumbass. Stop helping him, it's not worth your time.

Re:This will be successful.....

[cyfer2000]

virus.vxd and virus.com days were brilliant, sign...

Re:This will be successful.....

"...The average person really enjoying the kind of crap that their friend's send them online, executes funny.exe..."

Also, some user's and their friend's that are prone to executing attachment's (that they get in IM's) fail to use apostrophe's correctly.

As a security precaution, do not accept IM's from these people.

;)

Re:This will be successful.....

[elhedran]

When I heard about it, first thing I thought was "Hey, at last a practical use for those Turing test AI's"

virus: hey its [nick gotten of settings] here, you gotta check this out.
* virus sends file
bob: did you check it for virus
(match word virus) virus: yeah, I checked it out, its safe.

Also could check for 'is it...you', various 'bye's, etc. Actually get around the 'don't run stuff you shouldn't trust thing'.

Now mod me down before a worm author sees this comment and actually writes a messenger worm like that :)

Re:This will be successful.....

[GMFTatsujin]

Everything except a virus checker...

*sigh*

Re:This will be successful.....

[jack_csk]

Just like everyone opens a jpg file called "hello.jpg"

By the way, what's wrong with goat.se? It seems that I can longer retrieve that hello.jpg

Re:This will be successful.....

[bakes]

Even faster than that would be do_not_open_me_I_am_a_virus.exe

Re:This will be successful.....

or they blame their ISP or call us trying to get us to remove it.. trust me this happens alot too!

Re:This will be successful.....

[bmo]

"Gotta love how insulting generalizations are "Insightful" around here when you're referring to a MS product. Just because some MSN users are ignorant, does not mean all of them are."

Not only are MSN users ignorant, most Joe and Josephine users are that ignorant *in general*.

I just spent 3 hours today cleaning up a machine that had upwards of 60 trojans and other malware on it. One of which was a keylogger. It was amazing that this machine ran at all.

Does the owner of said computer have any clue about how all this malware got there? Nope. He's got 3 kids, though, that all use the same computer. I

He is ignorant, in the truest sense of the word. He is also *typical* of most home computer owners. People these days expect their machines to simply work, like toasters, because the interface hides the real complexity. I have been trying to educate him, and it's been a battle.

But regardless of that, MSFT has never done any User Education itself. Bill prefers it that way, and that's a shame. Keeping the users ignorant allows MSFT to Blame The User when it comes to exploits (You Failed to Upgrade!), allows them to force DRM down their throats, and basically allows the company to run roughshod over its customer base, without complaints.

So yes, MS users are ignorant. They simply do not know better, and their precious vendor, Microsoft, is aiding and abetting this ignorance.

So what are *you* doing to educate your users?

--
BMO

Re:This will be successful.....

[BisonHoof]

I tried clicking on your "funny.exe" link and it did nothing. Please advise.

Re:This will be successful.....

[Demanche]

I work for tech support for one of the mentioned companies.. and I can tell you now.. tomorrows prolly gonna suck :)
*thinks about taking a day off*

Re:This will be successful.....

[Yartrebo]

I generally run just about anything I find. At worst, I'll spot the file when doing clean up, and I don't want to risk deleting something useful. Funny.exe isn't very descriptive, so I probably will execute and have a look.

That said, I won't execute unsolicited stuff, but only if I can recognise it as such. Dump it to my download directory silently, and I'll get around to executing it, though I won't allow it to run as root if it asks (I'm not that reckless).

And BTW, I consider myself to be a fairly experienced user. It's just that viruses have never given me trouble, but I have lost data in the past, so I check everything before I delete.

Re:This will be successful.....

[Yartrebo]

let's see ... perhaps because the executable bit is set, and in the console it's displayed in bright yellow and with an asterik next to it. Same goes for shell scripts, which can be as risky as an executable.

This doesn't apply to files that require an interpreter or emulator, like .EXEs or ROMs for video game emulators, but that is only because you call the interpreter and pass the file to the interpreter, so the OS has no way of knowing it is an executable.

Re:This will be successful.....

[drawfour]

What's the issue with MSN? That it allowed you to download an executable? Don't accept the file. Oh, that it doesn't warn you it may contain a virus. Wait, it does. (Most people probably click on "Do not show me this again" after the first or second time it pops up.

Sorry, I don't see an issue with MSN. _Maybe_ .EXE/.VBS/.COM/.whatever extension should be auto-denied (with an explicit option to turn it back on). Maybe that's a good feature to put into the next one. But sorry, you download _and run_ an application where you don't know what it is, that's your problem.

The first thing I do when I receive a file is ask the person "What's this?". If they don't respond, I figure it wasn't sent from them, and I'm not gonna run it.

Re:This will be successful.....

[rainman_bc]

I work for tech support for one of the mentioned companies..

So how's the weather in India then?

Re:This will be successful.....

[MmmDee]

It would definitely be helpful if Windows would display a "marker" of some sort adjacent to all executable files/scripts. But then, who would have thought that opening a jpg could be harmful. Thanks for the feedback.

Re:This will be successful.....

[oddfox]

You know I didn't really think about it before but you make a really good point mentioning Windows XP's (Maybe 98 as well) default behaviour of hiding file extensions, it really helps those people who are trying to disguise stuff. All these years I've been wondering "Why in the HELL would you open a file with like 10 freggin extensions that was obtained off a file-sharing network?!" and then, bam, that's why. Microsoft should release a "patch" for Windows OSes that turns off that behaviour by default, not only because it's dangerous in modern-day computing, but also because it's just, blah, am I the only one who can't stand not having the file details avail to me right in the same window the files are being displayed in?

I mean really, it's a security hazard for a large amount of PC owners and/or users, and if they think that their Security Center is a step in the right direction, I think this would be at least a small leap. :)

Re:This will be successful.....

[wheany]

...that would pop up a dialog saying "Seriously, I'm a virus. Dou you really want to execute me? [YES] [NO]" with "no" as the default, and that would really respect the user's answer.

Re:This will be successful.....

[wastingtape]

Mmm vxd. I've always had a twisted respect for virus authors who spend enough time to learn how to create a virtual device driver. None of this VBA drivel...

Re:This will be successful.....

[16K+Ram+Pack]

I get into some arguments with some friends of mine over this.

When they try and send me an exe of "you gotta see this", the answer I always give is to send me the URL of the website to get it from.

Any .exe is a risk, but by at least going to a known download site and getting something that's over a month old, you are unlikely to pick something up.

It just shows - the major problem with viruses isn't technical - it's a human problem (although if Windows had two defined logins like Red Hat, I'm sure it would help).

I know people who are PC techs who used to make money out of building PCs for people, who now spend a heck of a lot of time cleaning viruses and spyware off machines as well as having to reinstall systems for people.

Re:This will be successful.....

[Jace+of+Fuse!]

ROMs for video game emulators

Unless someone has found some way to crash and exploit an Emulator, I know of NONE that are harmful as of yet.

In the game consoles examples of SNES, NES, GENESIS, TG16, N64, and other systems, even a rom designed to be Malicious could never actually do any real damage to the host system because unless the Emulator supports features that didn't exist in the emulated system, they have no way of knowing they're not actually running on a real hardware and are totally incapable of writing out data to the host system other than SRAM/MemCard files (which are self contained.)

In a way, you could think of Emulators as being a Sandbox, and the ROMs they run don't have access to anything on the system that could be harmfull.

Of course, this is in an ideal world. There is nothing to say that some kind of buffer overflow couldn't exist and a malicious rom author couldn't take advantage of that. But I don't see this happening.

As a final note, I do realize that some OS emulators such as UAE, BOCHs, and the like could very easily mount existing hard drives off of the host system, and software could be written that might be able to tell the system is being emulated, seek out the mounted drives from the host system, then do some real damage. But that's a totally different story altogether.

Re:This will be successful.....

[Rallion]

It's not really MS's responsibility to educate users. Do car manufacturers give defensive driving courses? No, even though their design flaws can (and do, very frequently) get people killed. If you're upset about MS, you must be really upset about those car companies! And then there's cigarette manufacturers...

Anyway, this virus IS purely user stupidity. There's no hole being exploited here, just programs working as they should.

Re:This will be successful.....

[Cybrr]

Maybe vires checkers should find a less spooky name.

Re:This will be successful.....

[DrJonesAC2]

I maintain a number of my family's computers. My Dad was always getting all kinds of crap on it. So much so I would have to wipe and reinstall his system on a monthly basis. After the last round with viruses and trojans I finally got fed up and installed Linux on his system. It took a little education but, for the most part, the differences are minimal enough he hasn't had any issues using it to browse the web, check his mail and play the games that he likes.
So for those out there who have contemplated moving thier family to Linux just to avoid the weekly cleaning chore on thier system, I say do it. It wasn't as hard as I thought it would be.

Re:This will be successful.....

[blowdart]

But regardless of that, MSFT has never done any User Education itself.

Yes, SuSE arranged for Alan Cox to visit my home after my first install to guide me through getting X to work. He ate all my chocolate biscuits though.

Setting aside your rant the point being do you see RedHat attempting to educate? SuSE? Aside from manuals and help text of course. Nope. Why the heck should they?

Re:This will be successful.....

[Jesus_666]

I got the same effect just by putting a NAT router between the PC and the 'net and teaching my parents how to use Firefox.
If you are considering paying for anti-virus software or a firewall - go get a router instead. Nothing keeps Windows as healthy as NAT.

Sure, this piece of malware won't be stopped, but the auto-infecting stuff stays out.

Re:This will be successful.....

[Jesus_666]

That's like saying "All Linux users are elitist snobs", just because there's some jerks mixed in out there.

No, dude. Linux users are paranoid anti-Microsoft zealots who try to convert Win users to Linux 24/7. The Mac folks are the elitist snobs.

Re:This will be successful.....

So what are *you* doing to educate your users?

Switching them to Linux. So far everyone has loved it, and it has been *so* much less agro... As an added bonus, they're running *legal* software now too!

Re:This will be successful.....

[Tony-A]

default behaviour of hiding file extensions, it really helps those people who are trying to disguise stuff.

In general, anything sneaking around pretending to be something other than what it is, is up to no good. That rule was good for detecting malware five years ago and it will be good for detecting malware five years hence.

I mean really, it's a security hazard for a large amount of PC owners and/or users, and if they think that their Security Center is a step in the right direction

Right. And security is a perimeter-type thingee. Security Center and blinded guards is a good way to ensure the lack of any effective security.

Re:This will be successful.....

[webmedic]

This is so true. I run a shop and do almost nothing but clean peoples systems from this garbage now.

Re:This will be successful.....

[Firefly1]

Or not.
I fail to see how hiding file extensions is dangerous, especially given the following:

1. detailed folder view or the dialog box from the context menu's 'Properties' entry will show you the correct file type;
2. the icon is pretty much a dead giveaway (referencing ILoveYou, the icon for .vbs files is not repeat not the same as that for .txt files); and
3. given that many extensions are hidden, the very appearance in a filename of a common one like .txt or .jpg would suggest that something is amiss.

Re:This will be successful.....

[Syntax+Heir]

HA! Your .sig goes into my library!

It'd be better if...

[Staos]

It ratted out the chinese porn sites.

Time to switch, perhaps?

[kgbspy]

Just like everyone urged their friends and family to switch from IE to Firefox, now could be the time to recommend gaim to them in place of their regular IM client. Except, maybe, those who like chinese porn.

Re:Time to switch, perhaps?

GAIM sucks. Plain and simple. The interface is clunky as hell, the graphics are mis-sized atrocities, the various windows have a mind of their own, and if all that wasn't bad enough, the program uses 30% of my processor when idle on an Athlon XP 2400+. Yes I am using Windows, no I don't care about what you think of it's security, and yes most of the world's population uses Windows, so it doesn't really matter if the linux version runs great.

Re:Time to switch, perhaps?

And there are no global shortcuts.

All hail Miranda! (on Windows, at least)

Re:Time to switch, perhaps?

``Yes I am using Windows, no I don't care about what you think of it's security, and yes most of the world's population uses Windows, so it doesn't really matter if the linux version runs great.''

Sounds like you're happy enough with your insecure OS that won't run good applications decently, even if they run fine on pretty much any other operating system. Maybe, just maybe, the problems are not with Gaim but with Windows?

Of course, _you_ don't have to switch. Just don't complain, because you're doing this to yourself. And you sound like you're smart enough to know what you're doing, so ignorance is no excuse.

Re:Time to switch, perhaps?

[Doppler00]

Although I don't see a 30% cpu usage, I do notice that Gaim is currently consuming 19MB of memory. I'm almost certain that's due to some memory leak because it increases over time. That's ludicrous for a program who's purpose is to send TEXT messages.

I have almost considered helping them instead of complaining, but I have no idea where to get started on an open source project.

I'll still continue to use Gaim until another GPL/LGPL multiple IM client comes along.

Re:Time to switch, perhaps?

[dn15]

I'll still continue to use Gaim until another GPL/LGPL multiple IM client comes along.

Disclaimer: I've never used Miranda as it is a Windows program and my home machines run Linux and Mac OS X. That said, check out http://miranda-im.org/ It supports multiple protocols and is distributed under the GPL.

Re:Time to switch, perhaps?

Agreed. GAIM sucks.

I am currently pretty happy using Psi under Linux.

Re:Time to switch, perhaps?

[AvitarX]

Try Tic

It is tcl/TK
Kind of ugly, but works great for text messaging. It was also the first IM I had that supported buddy pounce.

I used it for a while because it was cross platform before GAIM (I think) and it stored your buddies server side when AOL's did not.

If all you want is an Open source AIM client it is good. If you need some other protocal or pictures or something like that, it will not work though.

Re:Time to switch, perhaps?

[sqrt(2)]

Most apps are just as stable on windows as on any other platform, why should gaim be any different? And switching to Linux/mac/*BSD just isn't an option for the vast majority of people, but that doesn't mean someone can't complain when something doesn't work right.

Re:Time to switch, perhaps?

[oddfox]

I don't think you realize the amount of effort in making a program run great on multiple platforms. GAIM's largest userbase in *nix users, Windows users, unfortunately, are simply going to have to deal with the quirks that come out to play every great occasion from porting stuff over. I mean sheesh, there are tons of Windows programs that send the OS down in flames.

It's easy to sit there and criticize a project for bugs in the software, and say stuff like "Most apps are just as stable on windows as on any other platform, why should gaim be any different?". The reason it's different is not only because it's running on a platform it wasn't originally designed for (And GTK+ for Windows is only avail pre-compiled from Dropline, IIRC, so I think it's a special build), but the development team most likely consists of *nix users. We can sit here and speculate all day long but it really all boils down to this -- squashing bugs takes time, and there are priorities, obviously your annoyances (Which I have never noticed) have not caught anyone's eye yet. Or if it did, well, damn, why not just ask for them to take a look at it? Developers don't bite, often.

Re:Time to switch, perhaps?

Trillian has been around for years. www.trillian.cc

Re:Time to switch, perhaps?

[Zen+Punk]

I use Windows too, and I also use Gaim. I understand your frustration with memory usage, window management, and widgets that don't do what they should.

I'd like to point out that this is not the fault of the developers of Gaim. Gaim was developed for Linux using the GTK toolkit. The only port of this toolkit available for Windows, GTK+, is buggy as all get-out and responsible for all that odd behavior. AFAIK GTK+ is not open source, so there's not much to be done(someone correct me if I'm wrong.)

Still, I appreciate Gaim's functionality(and hate AOL's software) enough to put up with GTK+ quirks, which seem to become more tolerable with each new release(but maybe that's just because I'm getting used to them.)

Re:Time to switch, perhaps?

[Darren+Winsper]

You are so wrong it's not funny. Gtk+ is actually LGPL.

Re:Time to switch, perhaps?

[tangent3]

Actually, you might just be on to something. The XUL framework seems to be perfect for developement of a cross platform multi-protocol IM client. Gaim is nice and all, I use it and love it, but the gtk requirement (esp on Windows) is quite a put-off. The reason I'm still sticking to gaim and haven't gone back to miranda is the lack of unicode support in miranda. Now if someone developes a XUL based multi-IM client (maybe a plugin architecture to standalone chatzillas?) that would be perfect.

Re:Time to switch, perhaps?

[Chris_Jefferson]

Actually, if they just move to GAIM and continue using the MSN network then they will still have the same problem. All this worm does is try to use MSN's "send file" facility, which GAIM will recieve.

It is true that if you have GAIM you won't be able to infect other people which is one thing, but you'll still have the worm yourself.

Re:Time to switch, perhaps?

I don't want to be reminded of the epitome of mindless consumption every time i look at that program's icon.

Re:Time to switch, perhaps?

[Cybrr]

Operating systems differ. Thus the apps must be specific to run properly.

Which is to blame for the lack of speed here? *reminded of only being able to run crappy WMs at a reasonable speed on my old Pentium 200*

Re:Time to switch, perhaps?

[toddestan]

I can second that, Miranda is a great little program. I initially found it when looking for a lightweight ICQ replacement for an old Pentium running Windows 95, now I use it on all my Windows machines. Really surprises me that no one seems to know about it.

Re:Time to switch, perhaps?

[dn15]

Yeah, it looks like a nice little program. Almost makes me want to run Windows to try it out. Almost. ;)

Woohoo!

[Gogo+Dodo]

Time to cash in!

Re:Woohoo!

[pHatidic]

No way this is just a hoax. More likely what really happened is the sysadmin who removed the virus found 400 chinese porn sites and when the user was confronted about this he just blamed the virus.

Re:Woohoo!

Damn your genius. I had the link in clipboard too.

Hmm,

1. Add unwashed masses to IM list: (Grandma, AOL users, IT Coworker, etc)
2. receive chineese pr0n list.
4. ???
5. Profit from said govt.

Wonder what the ???ing is for...

Re:Woohoo!

[cyfer2000]

Aparently, it is something related with China Porn Crack Down

why MSN is having trouble?

Is this why MSN messenger seems to have been down for about 12 of the last 24 hours?

Re:why MSN is having trouble?

Is this why MSN messenger seems to have been down for about 12 of the last 24 hours?

No, that's normal.

Re:why MSN is having trouble?

Actually, it was about 4 hours earlier today, but nothing like a little hyperbole to spread the message.

All these "time to switch to GAIM" messages are amusing--what would that solve? The problem isn't MSN, it's people running the executable sent to them. If GAIM was the top client, it'd be the same thing.

Re:why MSN is having trouble?

[Dhalka226]

No, it was for about twelve of the last 24 hours.

I started experiencing issues at about 10pm last night (could not update status, if I logged out it would be very difficult to log back in, etc); at 10am this morning, my logins were rejected completely. I tried again around 2pm and it looks to be working fairly well right now.

Still, last I checked 10pm one day to 10am the next was twelve hours.

Perhaps you shouldn't criticize without the facts?

Re:why MSN is having trouble?

You should have checked the MSN status page as well - it mentioned earlier routine managment (like yesterday) and today was saying many users were having trouble logging ing.

Re:why MSN is having trouble?

[Random+Web+Developer]

The same fenomenon could be noticed in Europe (belgium at least)
The msn status pages said the network was down but didn't give any reasons

Re:why MSN is having trouble?

[Random+Web+Developer]

Here is some extra info on the issue:
http://news.com.com/2100-1023-269529.html? legacy=c net
http://www.eweek.com/article2/0,1759,1674255, 00.as p

Impact?

[mind21_98]

Fourty-two million users worldwide verses far more for AIM. The impact shouldn't be too big, although one has to wonder why people blindly accept and run files in the first place. It boggles the mind.

Re:Impact?

[RAMMS+EIN]

You mean AIM is a bigger target than MSN Messenger?

Well, here's another argument against "Microsoft software gets broken into more, because it is more widely deployed". (Besides Apache vs. It Isn't Secure.)

Re:Impact?

Fourty-two million users worldwide verses far more for AIM. The impact shouldn't be too big

Forty-two potential infections isn't considered big in your world?

one has to wonder why people blindly accept and run files in the first place.

Because from their perspective, a computer only does what they tell it to. The concept of it sending stuff to their friends without them asking it to is beyond them. The concept of something called funny.exe doing anything other than be funny is beyond them. And, combining the previous two points, when they get something from a friend's system called funny.exe, they expect their friend to have sent them something funny.

This isn't solvable without public key cryptography. Really. Any amount of user education is going to leave a critical mass of people willing to double-click anything that gets sent their way. The other half of the problem needs to be attacked, so that when they get something that is purportedly from one of their friends, they know that the friend sent it to them on purpose.

Re:Impact?

[MmmDee]

Well, I think AIM has had a plethora of its own vulnerabilities exploited and over nearly a decade now have had the opportunity to shore up security a bit. As the primary target gets "better", virus writers move on to the next easy prey... MSN Messenger. No mystery.

Re:Impact?

[mrbcs]

Unfortunatly (sp?) Most home users are totally clueless and actually proud of their incompetence. That's the mind-boggling part imho. Why would someone be proud of being ignorant? We never hear this about their cars.. Oh the engine needs oil, well, I don't know anything about cars, I just drive em till they drop.

There was a great sig here (slashdot) a while back about gates lowering the collective i.q. of computer users . Wish I remembered it.

Re:Impact?

[MmmDee]

blindly accept and run files in the first place

I've often thought the same thing about people who take other people's prescription drugs.

Re:Impact?

[Fishstick]

>We never hear this about their cars

Actually, I knew a guy here at work that never once had any maintenance performed on his new cars -- he was proud of the fact that he could afford to just go trade in when the original tires wore out.

Then again, he was 40+ sharing an apartment with his brother.

Wonder what the dealer thought about a car that was driven over a year with the original oil never changed?

It does boggle the mind when you find people that are willfully ignorant about their computers. I can't tell you how many times I've asked my mother in law to stop forwarding these "cute little programs" that she gets. She gets them from god-knows-who, clicks on them to see what they are, and then forwards to everyone in her address book.

The response when I politely remind her that this is dangerous and she could be infecting her computer and passing on the infection on to all her contacts? "Well, I don't worry about things like that."

bah

Re:Impact?

[tshak]

Nope, the argument still holds, you just don't understand it (read some of my past posts for an explanation, I'm getting sick of repeating myself).

Re:Impact?

Perhaps you could provide a link to some of said posts?

Dammit

[badfrog]

Guess my workday tomorrow has been planned out in advance. (I have dumb users.)

Re:Dammit

I have dumb users.

IHDU. The acronym of tomorrow - today!

Re:Dammit

"I have dumb users" seems redundant to me.

Simply "I have users" should suffice, no?

Re:Dammit

[NuclearDog]

Ir "I have lusers." will ensure the statement has the intended meaning (it explicitly states they are dumb, it doesn't imply it), and is only one letter longer than your suggestion.

ND

LUA

[dioscaido]

I'm dissapointed that MS hasn't done a big enough push to get people accustomed to running as a limited user, versus running as Administrator all the time. This is the main reason why linux/OSX are more 'secure' -- programs like these would execute as user, not as root, given the OS's both discourage people from runnin their every day tasks as root. If the users who get this funny.exe were not running as Administrator, their system wouldn't get infected. The app may be able to propagate itself, but a quick log off/log on would kill the virus.

Re:LUA

[iametarq]

That'd be nice, if MS pushed for user vs admin accounts, but i would think that most normal windows users would find that "annoying". They seem to prefer "convenience" over "functionality".

Re:LUA

[Telastyn]

Not exactly. Their system would still get infected, and if any of these virus/trojan/worm writers actually felt like using a malicious payload, totally fubar their data even if permissions protect the rest of the system.

Re:LUA

[BurritoWarrior]

...because a TON of windows software won't run or install if they do?

Seriously, they would have 19 gazillion support calls the next day.

Re:LUA

I'm dissapointed that MS hasn't done a big enough push to get people accustomed to running as a limited user, versus running as Administrator all the time.

Blah, blah, blah. The real problem is that, now matter how much Microsoft encouraged people to do this, there just isn't much you can do in Windows without having administrator rights! And don't even mention "runas". Thanks to brain-dead implementation, using runas with Microsoft's own Office application forced me to do an uninstall/reinstall to restore functionality.

I just got through setting up a remote access machine for my company to run sales demos on. My first thots were to run a limited user to limit what damage could be done from the field. Wrong! Most things would not run. The killer was an app that required SQLserver: it couldn't even be started without administrator rights. Now this may have been the app's fault rather than Microsoft's, but it is pretty indficative of the current state of Windows' software.

Re:LUA

[myowntrueself]

In my experience the main cause of applications failing to run as non-admin user is copy protection on games.

Frequently, these start up a service when they run. It would be very hard to make these work as non-admin.

Personally, the first thing I do when I find a game like this is download a no-cd patch/crack. Then I can run it unprivileged.

There are exceptions; the last icq client I tried won't even run as 'power user' and must be run as administrator.

The developers of this sort of rubbish need electric shocks applied to their genitalia every time someone gets infected through their crap application.

Re:LUA

[RAMMS+EIN]

You can still do a lot of harm using a regular user account. Deleting a user's files (often more valuable than the software, which can be reinstalled), propagating over the network, to name a few. You can also try to exploit local vulnerabilities to gain full privileges, or trick the user into giving them to you.

And don't think loggin out and back in would solve the problem; you just install in the user's logon scripts rather than the system boot scripts.

Apart from protecting other users' files, non-privileged accounts don't add a whole lot of security. And on Windows, it hardly works anyway. There are many things that should work for regular accounts but don't, and other things that shouldn't but do.

Re:LUA

[robhancock]

Often the reason these games won't run as a limited user is that the copy protection software needs raw access to the CD drive which would be unsafe to allow for a limited user..

Re:LUA

There's an easy way to do it. Don't make them log in as Administrator to install programs, just ask them for the Administrator password when installing programs. It's fairly easy to explain to people that the Administrator password is just a password needed to make important changes to the system.

Re:LUA

This is the main reason why linux/OSX are more 'secure' -- programs like these would execute as user, not as root, given the OS's both discourage people from runnin their every day tasks as root.

Oh really? I'm disappointed that I can't get chroot support for running Firefox.

Most Linux users run their browser as their own UID. That gives the browser process access to everything the user owns. That is a recipe for a bad day and a lot of negative PR.

Re:LUA

for example, my favorite Firefoxie...

Re:LUA

And don't think loggin out and back in would solve the problem; you just install in the user's logon scripts rather than the system boot scripts.

The user doesn't need to have write permission to anyplace in the filesystem where files give them execute permission. Windows can be set up so you just reboot and you're clean. The problem is...

You can also try to exploit local vulnerabilities to gain full privileges, or trick the user into giving them to you.

If anything's running as administrator or system on the same desktop, you're probably screwed.

But if the temp folders that MSN downloads stuff to denies execute access to files, then you need a remote exploit. I guess that would slow the bad guys down by a few minutes as they try to decide which one.

Re:LUA

who actually calls microsoft for support?

just call your isp.

Re:LUA

[Phroggy]

Actually, the main problem is when an app tries to write to files that aren't in the user's home directory, i.e. tries to write to something in C:\Windows or C:\Program Files instead of assuming those locations are read-only and only trying to write to C:\Documents and Settings\username like it should. Sadly, Mozilla is still (intermittently) guilty of this (although it sounds like this time it's a new bug that will be fixed in the next release).

Re:LUA

[Justin205]

And on OSX even running as an admin would require a password (all the sysadmin stuff is done by a system similar to sudo), and most OSX users have been cautioned (by many books, manuals, etc.) to not use their admin password in any program they don't explicitly trust.

So it's really only if they are smart enough to set up root as a accessible user account (which takes smarts), but yet are stupid enough to use it all the time, and stupid enough to run random executables. Which I don't think there are that many so smart/stupid people in that combination...

Re:LUA

i seem to remember something called "Run As User" from my Win2k daze.

Re:LUA

[\kludge]

Bingo. I've gotten really really tired of the old "user permissions" rhetoric. It doesn't help the problem at all except that it limits the amount of harm a single user can do to a multi user system. Problem is that most desktop systems in the home are accessed by a single user. Even in the enterprise world, it's more common to have a single user login per station. Privilege separation between users/admins breaks down because the value of user data is generally much greater than the value of the system configuration and program files. Most home users can just do the reformat/reinstall dance and spend some hours customizing their settings to get back to where they started (or hire someone to do it for them). Any competent IT department will most certainly have an effective backup/restore solution for getting things up and running again should a nerfarious destroy administrative data. So what's the big deal? Let's enumerate the advantages of setting up a typical multi-user system:

- Robustness: Users can't (easily) take down the entire system due to error, ignorance or deliberate malice.
>> This is moot on most desktop systems.

- Safety: Users can't destroy data that is of value to others.
>> This is moot in most workplaces since users generally have wide access to a LOT of shared state on mapped network drives, etc... Also think of shared resources like network, email and printers that privilege separation really doesn't protect in most applications. At the least, they can -- or programs running under their name can -- make a nuisance of themselves. So really all you get is a limitation of liability.

Unfortunately even when logged in as a user, there is a lot of value in the data that can be accessed and altered (else why have it). Damage to this smaller portion of property can do a lot of harm. Backups are only a partial solution to this problem but most users don't have the discipline to manage them. Worse, corruption may not become apparent until long after the tapes have been recycled.

- Privacy: Users can't see or access data that they shouldn't (for whatever reasons).
>> This is useful in a large organization but not so much at home or on an employee's private workstation. If there's only one user account... who cares if you log in as Administrator?

What else is left? Computer security is still at a laughable state! The very idea that privileges can even be assigned to users on a static basis is broken. There must be more control over how data is created, located, manipulated, shared, verified, reconciled, and recovered so that it becomes impossible (or impractical) for malicious scripts or user error to wreak such havoc as they can now even in authenticated user domains. Until that's solved the whole admin/user issue is rather academic.

*Grar* Sorry for this silly rant...

Re:LUA

"Apart from protecting other users' files, non-privileged accounts don't add a whole lot of security."

UUUhhh... I hope no sys-admin modded you up.

Re:LUA

[spitzak]

Actually the Unix-style permissions would stop such programs from modifying the system itself or starting up unkillable services.

However I agree that it's not going to stop much. I certainly believe it would not stop a virus from reading your email address list and sending itself to everybody you know. Also it can probably clobber the startup files that are run when you log in so that can get malware programs to run then, and can mess up your browser settings, and in general do almost all the nasty things that Windows viruses do.

Re:LUA

[ocelotbob]

No, their account is infected. Which means that instead of a 2+hour problem, it becomes a half hour problem. Nuke the infected account, reinstall a recent backup, you're good.

Re:LUA

[noselasd]

So, we have this funny.exe spreading itself. It will(and does) continue to do that running as administrator or as a user.
Sure, running as administrator it *could* do alot more damage, but
it doesn't do any "damage"(wipe files, retireive protected files etc.) anyway, so for this worm the argument is irrelevant

Re:LUA

[uglyduckling]

Which is what OSX does - works a treat.

Re:LUA

[Minna+Kirai]

Nuke the infected account, reinstall a recent backup, you're good.

You forgot to cancel all your credit cards, as well as every other painful step needed to recover from identity theft.

Re:LUA

[skiman1979]

reinstall a recent backup, you're good.

If we're talking about your average Joe User here, what Joe User performs backups anyway?

Re:LUA

[Jesus_666]

Is using a non-admin account annoying? Under Linux, he answer is "su". Seriously, handling user/root differences is not difficult at all if you have the proper tool (which needn't be more complicated than su with it's "switch users for this terminal session" concept).
Of course Win users might be turned off by the notion of using a command line to install software etc.

Re:LUA

[Phisbut]

I'm dissapointed that MS hasn't done a big enough push to get people accustomed to running as a limited user, versus running as Administrator all the time

There are 2 reasons why this doesn't work at the moment.
1) non-power-user don't even know what I limited-user account is (or that it even exists).
2) power-user usually use other OSes for day-to-day tasks, but keep Windows handy for gaming. However, 95% of the games won't work in limited-user mode... not because the game developpers are lousy and can't make a game that runs in limited-user -- I've been in the industry, most game could very well run in limited-user -- it's only the whole copy-protection thigny (or shall I say paranoia) that requires administrator account (because it has to play with a bunch of registers and hidden "system" files).

So even power-users sometimes have to run as administrator to do non-administrative tasks on their computer.

Re:LUA

Personally I've had the most problems with older software that writes in places like c:\windows, or defaults to saving files under C:\program files\Vendor\Program\.

Re:LUA

[myowntrueself]

Ok, let me clarify;

The sort of thing you refer to is fixable by appropriate granting of permissions to certain files or folders.

For example, create a 'gamers' group and allow full access to the c:\games folder for members of this group.

The sorts of problem I am referring to are the ones that can *never* be fixed.

I've even tried creating 'trampoline' (non-login account which can run a service and using runas to allow a nonprivileged user to run the games startup program).

This seldom works. In fact I doubt that its possible to work around this sort of copy protection bullshit in such a way as to allow a non-privileged user to run these games.

Re:LUA

[RexxFiend]

They are finally starting to; I just attended a course on AD 2003 (have to - it's my job ;-( and they were actively pushing the whole "logon as normal punter and use runas when you need elevated priviledge" methodology.
Give it another 5 years and this sort of thing may be commonplace. The problem at the moment is that it seems to be comletely random whether a program wants admin access to install. So even if you educate your home users, they will still get used to the idea of needing to type the admin password from time to time. If they get used to it, they won't think about it when they get hit with a virus asking for the password, they'll just blindly type the damn thing in regardless.

Aww

[Easy2RememberNick]

Aw man! All I got was the "nothing to see here move along" dammit!

Terminology question

[rackhamh]

I'm not up to speed on the terminology (yes, I've been living under a rock, and it's very cozy under here). Is it really a "worm" if it requires the user to execute it?

Re:Terminology question

[SimonShine]

Good question. Let's have a look at FOLDOC's definitions...

worm
<networking, security> (From "Tapeworm" in John Brunner's novel "The Shockwave Rider", via XEROX PARC) A program that propagates itself over a network, reproducing itself as it goes. Compare virus. Nowadays the term has negative connotations, as it is assumed that only crackers write worms.

Trojan horse
<application, security> (Coined by MIT-hacker-turned-NSA-spook Dan Edwards) A malicious, security-breaking program that is disguised as something benign, such as a directory lister, archiver, game, or (in one notorious 1990 case on the Mac) a program to find and destroy viruses! A Trojan horse is similar to a back door.

----

It would appear that the term Trojan Horse is more applicable, even though it shares the nature of vira in attempting to distribute itself.

But a better question yet: If it is in fact a worm, why is the Slashdot-story associated with the image of a larva?

And here's your answer to the Chinese porn bounty.

[pair-a-noyd]

http://yro.slashdot.org/article.pl?sid=04/10/11/02 39205&tid=153

The cure? Suse Linux 9.1 Pro and Gaim..

Worms...

[TrancePhreak]

Doesn't sound like a worm to me at all.

A computer worm is a self-replicating computer program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; however, a worm is self-contained and does not need to be part of another program to propagate itself.

Computer Worm

Re:Worms...

[ewg]

Let's agree to call it "malware" and take the rest of the day off.

Re:Worms...

A nitpicker: someone who makes small and unjustified criticisms.

Nitpicker

Re:Worms...

No, it is a worm. The IM client is simply a vector for the spread of the worm. In fact, it's hard to conceive of a worm not dependent on external software . In order to be completely self-contained it would have to be impliment its own network stack and would have to be run with access to the hardware.

Worm VS. Virus

it requires the user interaction to actually execute it.

Doesn't this mean that this is a virus and not a worm?

I never actually understood the difference.

Re:Worm VS. Virus

[chris+mazuc]

It's a trojan with worm-like properties.

As someone else pointed out, a worm is self-propogating and self-contained. A virus piggybacks on some other program and copies itself, or "infects", other programs. A trojan is something that looks cool, but turns out to do stuff like this one does.

Re:saw this posted live on the screen savers

[Aaton]

If you had a subscription you would have seen it show up in under 30 sec (at least thats about how long it took me to see the post). Yazz

Re:ouch

wow, alot of people watch the screen savers, to bad that show is sh*t now, it use to be good, until they started to hire people who know nothing like that alex guy, what happened to leo and pat, wtf man?

d'oh

"..and adds entries to the hosts file pointing to more that 400 Chinese porn sites"

First good reason i hear to switch to Windows.

worm isnt going to do much damage

[Indy1]

host www.78p.com
www.78p.com has address 1.10.5.89

Re:worm isnt going to do much damage

host www.78p.com
www.78p.com has address 127.0.0.1
huh?!

Re:worm isnt going to do much damage

[Pakaran2]

Especially since it's now been linked from here. Heck, that's a solution to any worm that tries to "phone home" - just include a link in the /. article about it!

Re:worm isnt going to do much damage

your isp/dns is probably on the ball, redirecting that name resolution to something useless

Re:worm isnt going to do much damage

[maximilln]

Traceroute to www.78p.com
08:21:54 MDT (-0600) Tue Oct 12, 2004

1. blah.blah.net (aaa.bbb.ccc.ddd) 0.8 ms
2. blah2.blah.net (aaa.bbb.ccc.ddd) 5.1 ms
3. blah3.blah.net (aaa.bbb.ccc.ddd) 6.7 ms
4. *
5. *
6. *
7. *
8. *
9. *
10. *
11. *
12. *
13. *
14. border10.s6-4.pcisys-1.den.pnap.net (216.52.42.13) 7.4 ms !H

Trace complete.

Stupidity at its best

[FiReaNGeL]

Am I the only one with no compulsive need to open each and every funny.exe files I receive, even from people I know? Send me jokes on my email with 40cc repeatetly might get you an ignore, even if you're a good friend. Same for 'funny' executables... Jokes as text or images I can understand... maybe I'm just too serious, sometimes. I can't believe people STILL don't pay attention to extensions?

But 400 chinese porn sites? Add me to your MSN, quick!

Re:Stupidity at its best

[lseltzer]

I'm pretty sure that if you sent out a worm named fuckupyourcomputer.exe enough people would run it to keep it going.

I've read the descriptions on this one and I see no social engineering at all other than the name "funny" - the bar on the human element is far too low.

Re:Stupidity at its best

[MillionthMonkey]

Windows XP hides extensions by default. You have to find and uncheck the "Hide extensions for known file types" checkbox which renders "ILOVEYOU.TXT.vbs" as "ILOVEYOU.TXT".

The sole purpose of hiding extensions is to avoid scaring imbeciles who freak out at the sight of a period and three letters.

Re:Stupidity at its best

[bheerssen]

Unfortunately, it seems that file extensions do confuse computer illiterates. My own dad, for example, simply doesn't get the filesystem, windows, or desktop metaphors. To him, an icon on his desktop is not necessarily the same as an identical one in the start menu. If the icons get jumbled or change in any way, he freaks out. Worse, no amount of explanation seems to make any difference. It's as if he has a mental block when it comes to things digital. I suspect that many, many users have the same problem.

It's frustrating to say the least.

Porn?

[Lord_Dweomer]

"adds entries to the hosts file pointing to more that 400 Chinese porn sites."

So...horrible virus...yes...only affects MS Messenger people..horrible..um......

Ok look, anybody have a copy of it? Or at least the URLs?

Requires User Interaction to spread?

[nurb432]

That sort of disqualifies it as a worm.

Still a pain in the butt.. but not a true worm..

Re:Requires User Interaction to spread?

[The+Bungi]

No, but it still gives slashbots a chance to bash "M$" with glee. Also I love how some of them are already yelling "SEE?? M$ MUST DIE!!!" when their own "monoculture" theory does not hold up in this case - there are far more AIM users than MSN could even hope to have.

The problem is between the keyboard and the chair. It doesn't matter what OS or IM client you're running.

Re:Requires User Interaction to spread?

[aXis100]

That's what I was thinking.

I was under the impression that a worm was self spreading by exploiting a vulnerability in the target.

After reading the security response, it's clear that this is just a virus exe that uses messenger as a transport. The only vulnerabilities that this exploits is "ID 10 T User Errors".

It's all part of life

[nz_mincemeat]

With enough publicity the average Joe User will learn safe IMing habits...

It's just a matter of how much damage is done before that happens, though.

Re:It's all part of life

[Izago909]

With enough publicity the average Joe User will learn safe IMing habits...

The average Joe won't learn safe computing habits until Dell, Gateway, HP, and Compaq start issuing keyboards and mice complete with 10,000 volt negative reinforcement "bad user, no treat" features. People with no computer knowledge are the last to admit their ignorance caused their problems.

Not so fast!!

I haven't had time to download it all yet!

A step back

[Sheepdot]

Wow. We've gone from viruses pretending to be porn in order to do funny things to your computer to viruses pretending to be something funny that give you porn.

Obligitory windoze comment...

[mark_space2001]

What kinda of doofus writes an OS where you can execute privelleged code (changes a system file like hosts) from a MESSAGING CLIENT?!

Sorry, I know /. bangs on MS a lot, but jeeze, stop executing stuff sent to you remotely, fer chrissakes.

Re:Obligitory windoze comment...

[dioscaido]

Well, if you are running as root, well, the answer to your question is EVERY OS. Run your desktop as root, and it'd take me 5 minutes to write an executable that will hose your whole system.

The fact is, Windows has a solid, well implemented, priviledge system. The second fact is that they gave this up in favor of app compatiblity (crappy programs that expect to write to the windows directory just to run, versus to user directories) and ease of use. This is biting them in the ass, and they are working on getting people away from running as Administrators. Just not as heavy a push as I'd like.

Re:Obligitory windoze comment...

No kidding. In unix we have chroot, dropping of privileges, pipes, etc., etc. It would be fairly easy to write a program where every feature was implemented as a tiny daemon running in it's own compartment under a dynamically created UID.

All the tools are there for "open source trusted computing" .. why doesn't somebody DO it already??????

I know .. nobody does it because 1) nobody else does it and 2) *my* code doesn't need it because I'm TEH MOST AWESOME PROGRASMMER EVER I USE PIETHON IT'S O-O SEKURE .. LOL!!!!!!!!!111111111

Re:Obligitory windoze comment...

[san]

The problem with Windows and these worms is that you do not explicitly have to give execute permission to the file in question. It's just recognized as an '.exe' file by Windows and treated as an executable.

The kind of people who would execute this file, are the same kind of people who wouldn't know how to give some file execute permissions if they were running a Unix-based workstation (probably even OS X).

Re:Obligitory windoze comment...

Same kind of ignorant who writes "obligitory", but in a different area.

Re:Obligitory windoze comment...

Someone should try running this MS messyassinger exploit with wine. Could be an interesting experiment. I once tried a known virus with wine, funny how it crashed X, did'nt do squat to /root but was a hoot to dmesg, it sent a loop to the X server that sent it into a spin cycle.

Re:Obligitory windoze comment...

[ad0gg]

Messaging client isn't executing the code. The user is recieving the file and executing it manually. We can blame ms for allowing users to recieve .exes with messenger, but after they ban .exe, virus writers will just zip it first.

Re:Obligitory windoze comment...

[glsunder]

You can blame gaming companies for requiring people to run windows as administrator.

Re:Obligitory windoze comment...

[Dahan]

The problem with Windows and these worms is that you do not explicitly have to give execute permission to the file in question. It's just recognized as an '.exe' file by Windows and treated as an executable.

Not exactly true. NTFS has an Execute permission, but the default permissions that are set up when Windows is installed grant Execute permission on all files. If you manully change the permissions to not give Execute by default, Windows will not allow you to execute files until you explicitly grant Execute permission:

C:\temp>cacls notepad.exe
C:\temp\notepad.exe [ a bunch of stuff deleted ]
BUILTIN\Users:(special access:)
DELETE
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES


C:\temp>notepad
Access is denied

Double-clicking it from Explorer gives an error dialog: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

Re:Obligitory windoze comment...

The fact is, Windows has a solid, well implemented, priviledge system. ... and they are working on getting people away from running as Administrators.

The Windows shatter attack basically renders the first point false and the second moot.

Re:Obligitory windoze comment...

[Foolhardy]

Ah yes, that tired old argument.
First, Microsoft guidelines (since NT3.51) specifically specify that you should not use a privledged process to create windows on the interactive desktop because doing so exposes them to attack.

Secondly, Job Objects, when used correctly completely negate this attack with the JOB_OBJECT_UILIMIT_HANDLES flag: "Prevents processes associated with the job from using USER handles owned by processes not associated with the same job." Put your untrusted processes in a job with this flag set and it cannot get a window handle from another process to exploit. A process cannot leave a job and any child processes will also belong to the job. The job object itself has an ACL.

Win32 doesn't have the greatest security integration since the design is a holdover from Windows 1.0. Instead, security is located on top.
Base NT, on the other hand, is (by design) very secure with a high level of granularity. I believe that the OP was referring to NT security.

Re:Obligitory windoze comment...

[Tony-A]

Linux: bash: ./foo: Permission denied
Windows: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

Linux: ls: Anytime I see file sizes or dates, I see the owner and group and the permissions for owner, group, and world.
Windows: While it is possible to set and view the permissions, it's not something to be undertaken lightly with a few thousand files.

The defaults, to a very large extent, do determine what will be done.
If turning off the executable attribute for one file is a big deal, how much trouble is it worth to turn off the executable attribute for all the files on a Windows system that should not be executable?

Re:Obligitory windoze comment...

[slittle]

You seem to have missed the part where the users deliberately execute these files.

Users are dumb fucks like you wouldn't believe, but once they learn to make files executable (and they will need to, so long as there is anything worth downloading on the Internet), this advantage is nullified, so there's really no point bothering.

Dumb shits deserve to get pwned. And their regular upgrades to deal with their crap-infested machines just subsidises hardware for the rest of us.

Re:Obligitory windoze comment...

Linux: ls: Anytime I see file sizes or dates, I see the owner and group and the permissions for owner, group, and world.
Windows: While it is possible to set and view the permissions, it's not something to be undertaken lightly with a few thousand files.

Unix has 3 security flags for each of user/group/other, plus a couple spare. Windows has 13 security flags for each user/group that you have them set for on each object. Plus settings for inheritance.

If turning off the executable attribute for one file is a big deal, how much trouble is it worth to turn off the executable attribute for all the files on a Windows system that should not be executable?

It can be a pain, but not as much as you might think. You can process all files under a given directory in one go. The hard part is determining exactly what files you need which permissions for.

Re:Obligitory windoze comment...

[drawfour]

Along will come some *nix based application that will read a MIME-type header, realize that the file is an executable, and automatically make it executable after saving and give you the option to run it.

MSN could have just told you the directory to the saved file and not allowed you to launch the file directly. Then you would have to explicitely launch it. But who cares? The same user that runs "funny.exe" is the same one that would click on "Open the folder" and go find "funny.exe" and run it.

If you require all users to chmod +x the file, once they know it, they'll do it for EVERY file, whether it's an executable or not. Why? Because once an uninformed user thinks they're informed, they'll perform the same steps every time. Someone sends them a VALID executable and tells them how to run it, and they'll do it next time.

Users need education not extra steps.

Re:Obligitory windoze comment...

[Tony-A]

The hard part is determining exactly what files you need which permissions for.

Right.
And even worse is determining exactly what files need to have their permissions changed from what they currently are.

Re:Obligitory windoze comment...

[Sprinkels]

It can be a pain, but not as much as you might think. You can process all files under a given directory in one go. The hard part is determining exactly what files you need which permissions for.

Windows 2000 NTFS (and the registry) has a feature called inheritance, which makes it easier to manage permissions.

Windows 2000 also introduces security templates and group policies which can be used to standardize filesystem (and registry) permissions, a la Cfengine.

You can use auditing to log which files are accessed by which program and in what way.

Re:Obligitory windoze comment...

[tshak]

This still would affect users not running as root/admin. It's accessing your contact list which is accessible to the user no matter what. This same type of worm could be trivially written for gaim on linux with a locked down user.

Re:Obligitory windoze comment...

[Dahan]

Linux: bash: ./foo: Permission denied
Windows: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

More like:
Linux: bash: ./foo: Permission denied
Windows: C:\temp>
Access is denied.

Although I don't see what your point is... bash and Windows Explorer have different error messages. So what? bash and cmd.exe have different error messages. Gnome Nautilus and cmd.exe have different error messages.

The defaults, to a very large extent, do determine what will be done.

I agree; it would be nice if Windows defaulted files to non-executable.

If turning off the executable attribute for one file is a big deal, how much trouble is it worth to turn off the executable attribute for all the files on a Windows system that should not be executable?

Who said it was a big deal to change one file? It's not. Is changing the attributes of a few thousand files under Linux something you would undertake lightly? No? Well it's not under Windows either.

My point is that there's no inherent limitation in Windows that requires all files to be executable; it is certainly possible and feasible to turn off execute for files that don't need it. While it is true that on a default installation, "you do not explicitly have to give execute permission to the file in question," it is not true that "it's just recognized as an '.exe' file by Windows and treated as an executable." It is treated as an executable because the execute ACL is present, not because of the file extension.

Thats no worm

[anglete]

This is offtopic, but that icon is not a worm, its a caterpilar, duh.

Re:Thats no worm

[contagious_d]

No, it's snot.

Bleh. Jabber

[tute666]

Jabber, Gaim-vv, ... Pretty good solutions.

Mods: I made this joke earlier.

[Staos]

/karma to burn.

400 porn sites?

[vandan]

Anyone care to forward that list on?
That's my kind of virus :)

Re:400 porn sites?

[Daniel+Ellard]

Imagine the time and persistance it took to find 400 Chinese porn sites, what with the Chinese government breathing down your neck and all that. This author is no simple script kiddie; this is a wormer who has corporate sponsorship and/or does all his browsing with one hand...

Re:400 porn sites?

[magefile]

Here's the link: http://www.google.com/search?hl=zh-CN&q=porn&btnG= Google%E6%90%9C%E7%B4%A2&lr=

And I learned something interesting as a result of that - google.cn (the Chinese tld) is run with phpBB. Obviously not Google! (At least, I hope).

Re:400 porn sites?

The list is available on the Symantec page stated in the article.

Most of the sites seems to be down, though. No chinese porn for today...

Re:400 porn sites?

No chinese porn for today...

Try the real stuff ...chineese women have the tightest pussy on earth.

Re:400 porn sites?

Imagine the time and persistance it took to find 400 Chinese porn sites,

They stole my bookmarks....THE BASTURDS

Re:400 porn sites?

[Bambi+Dee]

And it's spelled "Go Ogle". *giggle*

Re:400 porn sites?

"does all his browsing with one hand"

You browse with two hands?

Trolling...

[Mori+Chu]

Well this shouldn't be any problem; it requires the user to actively click an attachment, and users are educated enough not to do that...

And they don't run as Admin anyway, so the worm couldn't even infect them if they did click it...

And Microsoft will surely release a prompt fix to address this issue...

So I don't see what the problem is here. :-)

Re:Trolling...

[RAMMS+EIN]

``And they don't run as Admin anyway, so the worm couldn't even infect them if they did click it...''

I don't know about Windows, but on unices I can install software just fine as a regular user. I can even make it start automatically from my login script, or periodically from a cron job. It has full access to all my files and regular network access...you see where I'm going: malware can still do a lot of damage when run by a normal user.

Re:Trolling...

[magefile]

Informative? Funny, I can see. Insightful, maybe. Troll, at a stretch. But WhoTF modded this "Informative"?!

Re:Trolling...

[snyps]

it seems to me that there is no real security threat here, if the user is required to activate the executable. the hosts file is just in the windows directory which most users don't have restricted from use, i personally use it to block banner ads.

Re:Trolling...

[skiman1979]

Actually, in Windows, can't a normal user install software if they install it to their \Documents and Settings\ folder? I thought the main reason regular users could not install software was because it installs to c:\Program Files by default. It should work if the user changes that setting to a folder they have full access to. I've installed a couple apps this way as a regular user. Of course then, just like in *nix systems, this app would have access to anything the user has access to.

Re:Trolling...

And Microsoft will surely release a prompt fix to address this issue...

A prompt to fix user stupidity/ignorance would be quite an accomplishment.

Clever!

[ATomkins]

Ohhhh... I see the plan... we slashdot 78p.com, thus limiting the 'worm's damage!

Good thinking, guys!

Just doing my part. ;)

Re:Clever!

[bigberk]

Stop <<sob>> it's already dead!!

Re:Clever!

[Pakaran2]

Sounds good to me.

*opens a tab in background with each link*

Hmm, they're all still loading. Funny that.

pakaran% netstat
Active Internet connections (w/o servers)

tcp 0 1 192.168.1.101:40652 1.10.5.89:www SYN_SENT

(and yes my family uses a rfc 1918 address)

Re:Clever!

[magefile]

I feel stupid, but I don't get the joke. Is 1.10.5.89 some sort of synonym for 127.0.0.1?

Re:Clever!

[GWTPict]

It's internal IP address, ie to be found on a LAN behind the firewall to the big bad world outside. Hmm... Deja Vue...

Re:Clever!

[Pakaran2]

I didn't know 1/8 was internal. I know 10/8 is, and I meant my own address (192.168/16) is a rfc 1918 address

Re:Clever!

[blasphemi]

No. You are wrong. It is a public IP adress.

Re:Clever!

[Halo1]

No, it's reserved. Ask arin if you don't believe me.

Re:Clever!

[GWTPict]

Holds hands up, goes looking for a refresher on IP addresses.

Worm name in article is wrong

[diagnosis]

It should be 'more fun', not 'funner'.

------------------
Rate free iPod offers: RateTheOffers.com
(Flat screens and Desktop PCs too)

Re:Worm name in article is wrong

It can be either as fun isn't really an adjective (the adjectival form is recent so it's ok to use both funner and more fun...though more fun tends to sound correct to us).

-Devon

Re:Worm name in article is wrong

[drjoe1e6]

Actually, FUNNER is in the Official Scrabble Players Dictionary, 3rd edition. That dictionary was derived from 5 source dictionaries, including Merriam-Websters, American Heritage, Funk&Wagnalls, and Random House.

So, it's a word.
-DrJoe

Re:Worm name in article is wrong

[Ricwot]

No it really can't.
More fun is the correct usage.

horrible

[GoatPigSheep]

People should be using jabber instead of msn, worms like this make me sick...

Maybe if the developers of jabber actually learned a thing or two about interface design more users would begin using their software instead of the insecure msn.

Symantec Analysis

[a7244270]

The analysis at symantec is a little skimpy on the details of how an infection starts, but from what I gather, the recipient of the instant message still has to click on the executable (unless I'm mistaken). Seems like this is destined to propagate only among the stupid. (insert obligatory comment about MSN Messenger users here).

Other than that, not much info there, except it points out the obvious, that osX users are not affected, since this appears to be a Visual Basic bug.

If nothing else, the listing of some 940-odd asian porn sites on the Symantec page will be useful to someone...

Uh Oh

[pHatidic]

...and adds entries to the hosts file pointing to more that 400 Chinese porn sites.

In other news, Firefox and Linux usage dropped dramatically today and Apple has just declared bankruptcy.

Whoa!

[Piranhaa]

"In other news, the virus actually only attempts to connect to 127.0.0.1 on port 80 or 8080 and use the host as a proxy server"

And we all know...

Of course, the only reason that the virus/worm writers target MSN Messenger is because it is by far the most dominant one and thus presents a larger target for their efforts.

Re:Bleh. Jabber

[dioscaido]

It would be just as easy to write a funny.exe that used the jabber interface to propagate itself.

Computer Baddie Etymology

[sparkmanC]

Technically it is a virus and not a worm. Virii (physical and electronic) cannot spread by themselves; they need someone else to help them spread. Worms, on the other hand, can spread and multiply without anyone else's help.

Since this virus requires human interaction, it is a virus and not a worm.

Re:Computer Baddie Etymology

[groomed]

No, it's a trojan. The difference between a virus and a trojan being that a virus spreads itself as a side effect of normal user behavior (inserting a floppy into the disk drive, running an infected executable, ...), whereas a trojan spreads itself by seducing the user into running it.

Re:Computer Baddie Etymology

If you are going to nitpick, at least spell viruses correctly.

I tried to go to the pr0n.........

[LordPhantom]

but it was slashdotted!!! What gives?!?

Re:I tried to go to the pr0n.........

[LordPhantom]

Oh, sure, mod this guy down... it's only FUNNY (stupid mods)

Comment removed

[account_deleted]

Comment removed based on user account deletion

OH NOES!! THE APOCALYPSE!!1

Ahhh! The Screen Savers are trying to slashdot slashdot! Quick! Duck and Cover! The bandwidth bomb cometh!

clever

it tempts /. readers with porn

Is there a problem?

[mcrbids]

apparently the worm tries to download stuff from www.78p.com

Slashdotted already. (sigh)

link?

anyone have a copy of the video?

You can be rich !!

[ganhawk]

Is the worm author most benovelant guy or what ?

China rewards porn snitches
1)run windows 2)get infected 3)receive list and fwd to the chineese authority 4)profit!!

Re:And here's your answer to the Chinese porn boun

[EtherAlchemist]

Why switch OS's? Just switch clients. I use (ha! There, I admit it!) AIM. Why? No crap spam messages like you get with ICQ, It's not a MS product so I can limit the amount of fluff I see, it's free, doesn't require a sub to anything, and it's not an interface using an account I'd have to create anyway (hi Trillian) just so I can say I don't use it.

Yes, it has an ad in the main window with my buddy list, so what? I don't see that part of the app 99% of the time anyway. Nobody sends me messages at random asking if I want to enlarge my penis, see hot teenagers, buy Viagra or need a free mortgage calculator.

I use Win XP primarily (look at that, another confession), and AIM works fine for my needs. And if you really want to get rid of the tiny ad, there are ways to do it.

Besides, if I was doing anything sneaky, I'd just use Waste. (oh, did I say that?)

Re:Bleh. Jabber

[tute666]

please do. or report the vulnerability and help the jabber community

PROFIT!

400 chinese porn sites x 240 dollar bounty =

PARENT IS OFFTOPIC TROLL, PLEASE MOD ACCORDINGLY

1. Symantec does in fact say that the worm's name is W32.Funner. PARENT IS WRONG
2. More than half of the post is a fake sig unrelated to the topic. PARENT IS OFFTOPIC
3. Posting links to free iPods is trolling for members to snatch. PARENT IS TROLL

Although I do support Funny mods, because that will lead to an even greater Karma burn, thanks to the wonders of Slashcode! No more posting with Karma bonus.

MSN downtime

[secolactico]

Does any of you know if this worm might be the cause for the sporadic outage in MSN messenger service yesterday and today? At first I thought it was my Trillian (yay!) client being blocked, MSN's own client was unable to log in as well.

Almost all of my contact list confirmed having the same problem.

Re:MSN downtime

[Professeur+Shadoko]

I was logged on MSN yesterday evening.

First, I got messages opening in a window, from people that I don't know.

Then, some messages from people I know, appearing in that same window, instead of their own window.

And after that, a pop up message, from MS, stating the service was going down for maintenance.

It lasted more than one hour.

Re:MSN downtime

[bheerssen]

From El Reg: Botched maintenance - not worm - blamed for MS IM glitch.

I'm trying to follow this issue rather closely, as it directly impacts one of my projects. What I'd really like is a utility or script that monitors uptime for msn messenger. If anybody knows of one, please reply. I am also considering writing one of my own if I can't find something off the shelf. If you are interested in that, again, please reply.

The Screen Savers

The show will air in rerun tomorrow at 12:00pm EDT/9:00am PDT. (They eliminated the midnight eastern run)

Keep in mind that the show is a shadow of what it used to be. The new host (Alex) isn't near as knowledgable as the host he replaced, though he does seem to be getting better. Also, they put tons of commercial plugs into the show now in the name of "give-a-ways." Ever since Comcast bought it, cancelled half the shows, then integrated TechTV into G4, the show hasn't been the same, though it is getting better. They are also in deperate need for more intelligent callers with questions. So call an hour before the show at about 6pm ET/3pm PT to 1-800-839-7880 with your insightful questions.

Re:The Screen Savers

[eean]

Its easy to tell which shows originated from G4 and which from TechTV. The G4 shows always have a kind of a lame sense of humor and they're always fawning over whatever product or game that they're talking about. Based on the humor, I'd say the target audience of G4 is the likes of that annoying guy in your eigth grade class. TechTV shows (Screen Savers, easiest to see the difference with X-Play) can actually be funny.

Basically I think LA is a lamer city then San Francisco. If LA notices something it becomes lame practically by definition. Before they were able to have various notables of Silicon Valley live... now they have actors live. Great.

Sites seem to be down

Most of the sites the worm propagates are down. And the ones I can reach are non-pr0n.

This worm sucks. I want some "chinese porn".

Fact checking?

[Ratcrow]

"pointing to more that 400 Chinese porn sites"

How do they know that all 400 are porn sites? Did someone actually sit down and visit every one?

Also, are they hiring?

Re:Fact checking?

[10+Speed]

I did...and only a small percentage are....

Re:Fact checking?

[doublem]

You don't want that job

76 of them were tubgirl.jpg

Another 100 were even worse!

never in my life did I think I'd wish for at least ONE goatse.cx image to make things less traumatic.

Hmm... it's a good thing ...

... I don't use Windows or any Microsoft apps so this won't bother me. Maybe the rest of the world should follow my example - install a Linux distro and throw Windows and all other MS apps in the trash where they belong.

I actually like the people who write the viruses and worms... they are keeping Microsofties out of the way of those of who run Linux and know what we're doing.

is it just me or is it my friends

[Unknown+Poltroon]

But i would NEVER open something they sent me called funny.exe. I know about their senses of humor.

It just never ends!

No software that Microsoft writes seems to be free of this shit! And the worst part of it is; Microsoft is just about making these vulnerabilities mandatory!

IE, with its long list of vulnerabilities, has been so intertwined with the OS that it cannot be removed. Hell, the fact that they made Windows update dependent upon IE just about guarantees that everyone that runs Windows will have IE and, thus, be vulnerable.

Messenger is just as bad! This isn't the first vulnerability in Messenger and I'll bet damned sure it isn't the last! But XP installs Messenger without asking, there is no way to not install or remove it and if it wasn't for third party scripts to remove it everyone running XP would be vulnerable to every Messenger vulnerability whether they wanted to use Messenger or not.

There has to be some accountability here! If Microsoft is going to force me to run software in order to use their OS, then, damnit, they have to take some responsibility to make sure that it is not going to compromise my system!

Re:It just never ends!

The whole sales pitch for Longhorn is the price of secure and trusted computing. This is deliberate. The greatest incentive to buy a Longhorn computer will be the new MS security features. The lack of real security on winXP is deliberate! MS has already tried to commercialise messanger and they quickly realised it was a bust. Don't forget that to grow sales of a new OS or service you need to kill new subscriptions to the old one first. The business community howled when they tried to dump 98 can you imagine what will happen when they try to dump XP!

Re:It just never ends!

"XP installs Messenger without asking, there is no way to not install or remove it"

Actually, all you have to do is set ms messenger to not run in the background and not auto run at boot up. Then boot into safe mode and go to C:\Program Files\ and delete the "Messenger" and "MSN Messenger" folders.

Re:It just never ends!

wow...a retard that can't find the 'remove components' button. You deserve your worms.

Reward for Chinese porn sites

[HangingChad]

Wasn't the Chinese government paying a reward for porn sites? Wo-ho! Maybe we can forward the list and collect! Cha-ching, baby.

Re:Bleh. Jabber

[tuxedobob]

Jabber really doesn't allow any way for plug-ins to see your buddy list?

Where's my porn?!

[wvitXpert]

It's fine when you guys slashdot all those tech sites, news sites, etc. But when you slashdotted my porn, you went TO FAR!

www.78p.com.......where are you?

www.78p.com is /.ed to hell whahooooo.....

Funny.exe funny extension

[Mister+Liberty]

What type of file is that anyway, exe file.

Re:Hi

what's going on with moderation on this s***t this is one of the funniest posts here damnt it.

Re:Bleh. Jabber

Where did you see that there was a vulnerability? Hint: you didn't. There is none. It uses the same 'send file' functionality that every modern IM service has, that the user has to ACCEPT and RUN THEMSELVES in order for it to work. Thank you, please try again.

well I don't get off on Chinese porn so please,

[museumpeace]

someone point me to a FAQ or help page that will tell me how to permanently remove MS instant messaging? If its typical MS crap, the devil is in the DLLs.

Re:well I don't get off on Chinese porn so please,

1. get a slackware boot cdrom (usually cd #2), boot to it 2. at the root prompt just type exactly this.. dd if=dev/urandom of=dev/hda

end of problem

Re:well I don't get off on Chinese porn so please,

[LiquidCoooled]

Here you go: http://www.redhat.com/fedora/

But you should note, the virus is entirely run by the users. There is no exploit, or automatic running code.

The user HAS to manually download and choose to run it.

Re:well I don't get off on Chinese porn so please,

[BCW2]

And due to the thundering herd of DUMBASS that use that "service", this one will spread fast and by annoying for weeks.

Re:well I don't get off on Chinese porn so please,

[museumpeace]

[chuckle chuckle] yes, I think that would solve all my problems with MS

This will never work.

[rf600r]

This virus worm requires that the MSN Messenger service actually be running. Thus, it won't work.

So much for natural selection

[Lurgen]

A worm that spreads via IM? Or a worm that spreads via stupid dumb-ass users who don't know better than to run a .exe they weren't expecting to receive?

One day, with a bit of luck, people opening attachments/files/emails/whatever like this will be considered much the same as people eating strange pieces of food that they find in the street.

For those in the support side of the field, remember that as long as there are stupid people (and there always will be) security vulnerabilities will always be a poor second cousin to humans. The bulk of your support calls won't come from clever little worms that capitalise on obscure security flaws in a product, they'll come as a result of idiots thinking that "nakedwoman.exe" is actually something they want to see.

Yet another reason we should embed cattle-prods into keyboards... "wow, some stranger sent me some naughty pictures of herself! Pity they're archived, I'll just double-click and let them extract themsel *zaaaaaaaap!!!*"

Re:it finds porn? And you would know this how?

[VirtuaKnight]

Hmmm... somebody's either not very tech savvy or really desparate for porn

Only 1 porn site

[jones948]

Symantec's page lists the information that it puts in the host file. Apparently all 400 entries point to the same IP.

Re:And here's your answer to the Chinese porn boun

[Babbster]

Nobody sends me messages at random asking if I want to enlarge my penis, see hot teenagers, buy Viagra or need a free mortgage calculator.

Nobody has done that to me through MSN Messenger, either. I get spam to the Hotmail account, but that's the extent of it (and to be expected since I give that address quite freely - see above for evidence of that foolishness).

Great Job Guys

[sH4RD]

Ah...the Slashdot effect has done some good. How can the virus expect to download anything from 78p.com if a massive ammount of /.'ers are accessing it?

How this is a useful worm.. . . .

[Synflex]

Knowing that the China gov is kidna tight on pron sites recently, this is a nice way to spread. :)

However it would be even better if the worm would simply redirect those some 400 Chinese pron sites to 127.0.0.1.

Then it would be a SP instead, except for the spreading part.

Re:Hi

Perhaps a worm is not something to brag about :)

Well, I'm glad I found out how to uninstall MSN...

[r_jensen11]

Yep, I guess that's 1 less vulnerability I have for Windows now, since I uninstalled MSN Messenger. So here's my prediction: Since microsoft's solution to all of their vulnerabilities, they'll just send out a security update disabling their messenger. Little will they know that they're disabling their own product though, because honestly, who can keep track of all of the programs MS makes, especially the ones that have Microsoft in their names?

Don't forget...

[the+real+darkskye]

Linux isn't the only desktop alternative
FreeBSD
OpenBSD
NetBSD
DragonFlyBSD

Re:Don't forget...

BSD? Really? I thought BSD was dying...

Re:Don't forget...

[PygmySurfer]

And of course:

Mac OS X.

Re:Don't forget...

[databyss]

You can pick up your favorite Linux distro at http://www.linuxiso.org/

Re:Don't forget...

[Richard+Dick+Head]

You forgot HyperDOS! Lets not forget about the world's greatest desktop.

Who could dispute Compute Magazine's article mentioning it -

"HyperDOS is the neophyte computer user's best friend. In clear and concise language, this GUI (Graphical User Interface) teaches you what you need to know about your computer and gives you a great environment in which to apply your knowledge."

Its flexible, stylish, and yet striaghtforward GUI is hard to beat, and yet takes up no more than a floppy disk's worth of disk space.

And don't forget to pick up your copy of Dr. Sbaitso!

Heh, kidding aside, I saw a HyperDOS user manual in the library today. I almost got a contact high from all the memories that came back from paging through that thing.

Re:Don't forget...

[Zen+Punk]

Mac OS X isn't really an alternative for someone running Windows. It runs on a whole different architecture, which means you need to run out and buy an Apple computer, as opposed to just buying/downloading a Linux/BSD distro and installing it on your x86 machine.

Re:Don't forget...

[RotHorseKid]

What about Solaris?

Re:Don't forget...

[grolschie]

BSD? Really? I thought BSD was dying...

Netcraft confirms it, don't you know. :-)

Re:Don't forget...

Not really. You could always run it as pearware.

Re:Don't forget...

[Zen+Punk]

Sure could. I hope you weren't planning on getting anything done with your computer. Never mind the fact that you still need to run another OS to run the emulator from.

Re:Don't forget...

[robslimo]

And if you've got crappy dialup internet only, you can find a local user group or someone in your area from the list/link below who'll give you (or sell you at cost) a Linux distro

Git yer Linux here!

Re:Don't forget...

[Baikala]

Sorry, nobody bite.

good case for IM for business

Our company's product ubergroups.com (on-demand business IM for workgroups) is based on secure, closed IM groups so that these type of automatic virus propagation "worms" would have a tough time getting to you. In fact it wouldn't be possible for a virus to hijack your IM connection in this way. We're Java based too, so when someone writes an actual buffer overflow worm for one of the big IM services you won't be exposed to that either.

We're in early beta now, please check out our service - it's free!

Aargh!

[pseudochaotic]

Aargh! I don't get it, but enough other people do that it's +5 Funny. Enlighten me please.

Re:Aargh!

[GWTPict]

It's an internal IP address, ie to be found on a LAN behind your firewall to the big bad world outside.

Thanks Dennis

[GMFTatsujin]

You could have cigarettes in a black pack with a skull and crossbones on the front called "Tumors" and smokers would be lining up around the corner to by them...

Re:Thanks Dennis

[starm_]

Actually in Canada, cigarettes packs are required to have picture-based health warnings on cigarette packs that depict the devastating effects of tobacco. One of the picture is a lung tumor. This colorfull warning takes about a quarter of the pack. One of these picure appear on every pack.

But, surely people learn eventually ...

[c.ecker]

I mean, improved security was the reason to move from Win95 to Win98, and from Win98 to Win2000, and from Win2000 to WinXP.

Now, surely people have learned that security isn't going to get better with Longhorn, but actually get worse.

The only way to safely use a Windows PC on the Internet is to use a hardware firewall, get the best antivirus protection, and refrain from using *ANY* M$ software. Period.

www.openoffice.org
www.mozilla.org
www.knoppix .com
gaim.sourceforge.net

Suspicious...

[LavaDevil94]

Methinks this might have something to do with the recent ban on porn in China...

Hell

[papasui]

When I was still doing phone cable modem support (I'm the network engineer now) I spoke with more than one person that said they opened the attachement in their email because they wanted to see if it a was a virus. This thing will spread like that goatse.cx guys ass.

Re:Hell

[dfj225]

"they opened the attachement in their email because they wanted to see if it a was a virus."

I guess they found out, huh?

These. ..Chinese porn sites

Please, tell me more.

Worm-ridden software

[LakeSolon]

Can't MS right anything that isn't susceptible to worms?

First it was their e-mail client, then their HTTP server, then their DB server, then their web browser, now their IM client... and their word processor has been spreading macro viruses/worms since before the popularization of the internet.

~Lake

Tell your uncle to go cheney himself

[frankie]

Provide free tech support for family members exactly ONCE. Explain what you did and tell them how to maintain it. If they get hosed again after that: GET A MAC.

Re:Tell your uncle to go cheney himself

[ocelotbob]

No, set up the damn computer so that he's got a locked down account. Have him install everything in his documents and settings folder. If it doesn't install into documents and settings\username, it's craptastically written and doesn't need to be installed. If something goes wrong, it means reinstalling a user account over rdp or vnc. This way, you get the software advantages of a PC without the real problems of malware that happen to machines with overprivlidged regular users.

Speaking of internet unpleasantness...

[The+Master+Control+P]

Ok, does this worm happen to use port 46204? Because I'm seeing 20 connection attempts a minute like this one go splat against my firewall... WTF is going on?

> Oct 12 00:04:25 server kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=151.46.155.113 DST=69.224.41.18 LEN=64 TOS=0x00 PREC=0x00 TTL=111 ID=29343 DF PROTO=TCP SPT=1657 DPT=46204 WINDOW=65535 RES=0x00 SYN URGP=0

Re:Bleh. Jabber

Jabber is a protocol, not a client. Thus the funny.exe would need to interface with an existing Jabber client, or implement the protocol itself. If the latter was chosen, you'd need a username, pass, server, and a roster to spam too. So it wouldn't really be that easy.

Mod Down

[WindBourne]

you are thinking of 10.* as a private IP. 1.* are public.

Re:Mod Down

[Halo1]

1.0.0.0/8 is actually reserved by IANA for no particular use (so I guess you're simply not supposed to use those addresses, indeed also not for private networks).

Re:Mod Down

[GWTPict]

Ooops, my bad.

Re:Mod Down

And yet, 1.* is public, not private. That is they will be routed once assigned.

This is not a Unix security feature

[spitzak]

First of all, a "user friendly" program for getting a file off the net would certainly turn on the execute bit if it thought the resulting file should have it. So I don't think it's going to offer any protection as long as doofuses are writing the software.

Second, this "feature" is not there for any high-brow security reason. Back when Unix was first written reading disks was *very* slow. And the path tended to contain "." and people tended to pile many files into the current directory. When you typed "blah" at the shell it had to quickly locate the executable called "blah" that was first in the path. The only efficient way to do this was to read all the directories in the path and store the results in memory so you could jump straight to the file rather than read every directory before it in the path (the "rehash" command would re-read the directories if you changed them). Memory was also very expensive, so it was best to get that list as small as possible by eliminating all the files that were not executable. The only fast way to do this was to add a bit to the inode (which had to be checked for access permissions anyway), reading the first block of the file was out of the question. So that is why the execute bit is there, not for any security reason. If it was for a security reason you would need some special permission to turn it on that was different than creation permission.

Re:This is not a Unix security feature

[sw155kn1f3]

Just to clarify:
Well, you're right about the case where you receive the file from the net (you're the owner, so you can change exec bit as you like).
Your understanding doesn't apply for exec/suid apps normal user DOESN'T OWN, so user cannot change exec bit....
or generally apps certain users have access to (usually it's "games" group, and entire home directories mounted as noexec - was very common my days in university).
So execure bit has its purpose for access control.
And yes, it's valuable security measure.
For instance I can make
"runme" file with access "-xrw -x-- ----" root.apache and only "apache" group can run it, but not even read, other users don't have any access.
It works the same way in windows, although it all depends on the app.

No, it's a Trojan

[spitzak]

It's a Trojan in that the (stupid) user thinks the program's purpose is to do something "funny" when in fact it is contains something the user does not expect and that they don't actually want.

Opportunity!

Didn't they just report the chinese government is paying $240 per porn site? Who'll be the first one to claim the $96000 pot?!

Nope, but fairly sure

[eean]

Nope, but I would be fairly sure. For it to do it without MSN but just the username, password and friend list one may assume is in the registry, funny.exe would have to include a builtin MSN client.

Re:Nope, but fairly sure

[lachlan76]

No problem - it's built into the OS.

Re:Nope, but fairly sure

[blowdart]

Actually the friend list is on the MSN servers, tied to your passport account.

The only reason it's easy to use MSN Messenger for this is there's a sort of exposed API. It includes listing your friends, getting their status and so on. *HOWEVER* you do have to be logged on first.

The login information (under XP) is part of the "secure" profiles service (hence you have to use the manage passwords part of the user accounts control panel applet to clear out saved details)

Re:Nope, but fairly sure

[eean]

We were assuming that you uninstalled MSN (its not like IE, you can uninstall it).

And as the other poster mentioned, the lists are apparently stored on the server and the virus requires you to be logged in.

Re:Nope, but fairly sure

[spitzak]

Any chance the fact that Gaim is running makes it think it is "logged in"?

Re:Nope, but fairly sure

[blowdart]

Doubtful, unless GAIM is exposing the right activeX object, interfaces and using the MSN Messenger GUID (which would cause real big problems)

Re:Nope, but fairly sure

[lachlan76]

How many people will uninstall MSN?

Re:Nope, but fairly sure

[eean]

5.3 people will.

Re:Hi

How in god's name could you have a UID that is as relatively low as yours and only have ONE post under your belt? crazy

God damn

[bryhhh]

From elfarto's text...

more that 400 Chinese porn sites

Why wasn't this bit hyperlinked? :(

Did I miss the memo?

[Ayanami+Rei]

When did webcam support become a requisite feature of _instant messaging_???

Was that when some attention-starved sluts starting showing off their boobs... or when cell phone companies started tacking CCDs onto their gadgets so you could spend $5 on data fees uploading blurry pictures in your mobile IM session?

Re:Did I miss the memo?

Since the three major players all support it.

Re:Did I miss the memo?

[irc.goatse.cx+troll]

Since 12year old girls started using IM. They might not be the best conversationalists, but stick them behind a cam...

Re:Did I miss the memo?

[blowdart]

Was that when some attention-starved sluts starting showing off their boobs...

You sound like you think this is a bad thing.

Anyway, it's not like IM is a professional tool, it started off as a quick way to send little messages and grew. Think about the main user base teenage kids, folks in their early twenties and geeks. Of course it's a reasonable guess to say 50% of that user base is male. So that's geeky males, student males or males going through hormone hell. Of course it became a requsitie when breasts appeared.

Re:Did I miss the memo?

[Stalks]

I am profoundly hard of hearing (basically, stone deaf).

I, and others like me, find that the msn webcam feature is a fantastic way for us to communicate adding a whole level of remote interaction that we are missing since we cant simply pick up the phone.

Re:Did I miss the memo?

[feepness]

Of course it became a requsitie when breasts appeared.

I was under the impression breasts had been around for awhile.

Re:Did I miss the memo?

Your ideas intrigue me and I wish to subscribe to your newsletter.

Sandboxing?

[Terrasque]

Shouldn't some simple sandboxing fix this? Like adding a limited user account just to run things like that on it?

On linux it should be pretty easy.
1. new user with home in /tmp - tmp gets deleted on boot.
2. recreate /tmp home directory when needed.
3. run a nested X server (Xnest) with a simple WM (like flux), a large xterm, and the program executed in that xterm.
4. when xnest closes, kill all processes by that user

Something like that should be easy to do in windows too, and will make it a bit harder for the virus authors.

From my point of view this looks extremely easy, any reason for why it haven't been done yet?

400 porn sites

[ctour]

It directs me to 400 Chinese porn sites? Excellent, that will save some time. Damn! I just remembered, I don't have messenger 'cause I'm on a Mac, I'll have to go back to typing in my porn sites by hand again.. by one hand...

Elevated Privilege Unawareness Syndrom

[Sprinkels]

Most Windows developers (and also the rest of the world) are either not aware of the security problems or just very lazy. They always log on as an administrator (or run Windows 98).

It is not a requirement that the the program will run as an unprivileged user. Just put it in the manual that you must run it as an administrator or check at startup and cowardly refuse to run if your not administrator, if it is realy needed or not. They don't care.

Besides everyone runs at administrator, anyway. Security is for big important businesses, but not for home users or gamers. That's silly. Everyone knows that, right?

Another reason to move to GAIM or Jabber

[SgtChaireBourne]

One reason why one could not write a corresponding worm for Linux, BSD, QNX, etc., is that it's possible to mount all user-writeable partitions noexec and mount all executable partitions read-only.

Another reason is that there is usually a higher level of quality control in both design and production for tools made by just about anyone else than MS.

As usual the problem can be avoided by using products that have fewer design and production flaws. Perhaps it goes without saying, but that means no MS.

OOOH

[jb.hl.com]

On topic linkage and whorage!

This is a virus

[uncommonlygood]

Hello friend!

I found this virus you would really like. It on installs your computer some program which ruins your system and break everything.

Please run the file attached for you, and you can have the virus too!

Billy

Chinese pr0n is the best!

At least it sends you to the right sites. It could have been sending you to amputee-shemale-scat sites or something.

Comment removed

[account_deleted]

Comment removed based on user account deletion

In other news...

[bheerssen]

The art of pendantry has taken a giant leap forward today on slashdot. Sarcasm in the forum, sadly, is not so refined, although acrimony and ad hominem attacks remain popular.

Worms icon

[FnH]

Am I the only one who shakes his head when he sees a caterpillar classified as a worm?

Yeah, but my point is...

[Ayanami+Rei]

That what you're talking about is commonly called teleconferencing. Teleconferencing-capable apps often (and should!) include a text messaging capability, or at least voice support.

But when people start bitching that their instant messaging application, whose purpose is to convey packet-sized bits of text in realtime, doesn't support TELECONFERENCING, that I start to think people have things a little backward.

Never mind that AOL, yahoo and MSN are all piggybacking on MS Netmeeting components, which exists stand-alone or integrated into MSN the opposite way.
I really don't think netmeeting support should be high on the GAIM feature list, especially when you can just start a gnome-meeting session on the side to accomplish the same task.

Re:Yeah, but my point is...

[Stalks]

The inclusion of "teleconferencing" with MSN has totally changed the way I use the internet. I dont think you understand just how important it now is for the deaf community. Obviously you probably aren't particularly bothered about our community but with me being part of it, I am.

Netmeeting can do these things, but it wasnt widely used. Not everyone knows how to use netmeeting, and dont have it running ready like a phone. With MSN integration it has become a single click operation and has rapidly gained popularity making it now a much used feature in my everyday life.

Perhaps you disagree based on the principle of it has no place in IM, but im afraid from my point of view it has every place.

A feature is a feature, and if lots of people use it then why is it such a problem? If one person wants the feature added, and pushes for its integration how in that way does it affect yourself?

Re:Yeah, but my point is...

[Ayanami+Rei]

I think it's great for the deaf.

However, I think there may be some mis-understanding as my comments are primarily addressing this:
http://slashdot.org/comments.pl?sid=125289& cid=105 00125

Unless this person is _you_, and if so I apologize if I sounded harsh. But I do feel that in general, not supporting teleconferencing does not seem like priority one for GAIM or trillian. I would rather they support fully and completely the subset critical features common to all messaging protocols (text, markup, encryption, direct connect/file exchange, presence notification).
Otherwise, why get a 3rd party client? If I wanted all the MSN whiz-bang things, I'd just use MSN. If I want most of the features supported across networks in a small footprint, I'll use the 3rd party tool.

And if you wanna chat me up, I'll install gnome-meeting just for you. ^_^

Re:Yeah, but my point is...

Why is direct connect/file exchange in INSTANT MESSAGING? That has nothing to do with chatting with people. They can use something else if they need to transfer files, such as email. People have become accustomed to being able to just send a file via IM, just as people have become accustomed to using their webcam.

It could be for the hearing impaired, it could be because a grandmother wants to see her grandchildren, because two siblings or friends want to see each other when talking, or because a pimply faced geek wants to see some titties. Oh, and it could be because a small business needs some sort of a "face-to-face" with a client but they do not have the money nor infrastructure to buy corporate solutions.

NetMeeting is quite crappy looking, and is a separate application from Messenger. MSN Messenger does NOT use the NetMeeting APIs for its webcam capabilities (though it does have a "Start Netmeeting" feature. MSN (and AIM) uses two DLLs for it's webcam, rtcdll.dll and dxmrtp.dll. These are not a part of NetMeeting. Yahoo does not use any of these. It uses it's own method.

You are probably right.

[Ayanami+Rei]

I was unaware that MSN/AOL/yahoo had moved on to internal solutions. At one time they did piggyback on netmeeting. IIRC, ICQ was probably the first offender, where you could use netmeeting as a "plugin".

Actually, I think email is a less suitable medium than instant messaging for file transfers. Because the MIME-encoding methods by which files are attached to emails is quite cumbersome. Messaging applications can just exchange some very basic metadata through the central server, and then the transfer occurs in a simplistic fashion at wire speed. That is, transferring files a trivial internet application, but announcing and setting up the transaction is difficult. The chat sssion is perfect, as the setup is conducted by means of both parties being physically present, and the intermediate server acts a reference point, so it can be coordinated even if both parties are behind a firewall.

Similarly, it follows that video teleconferencing is another natural thing to enable in a chat session.
But there is nothing about the video chat that crosses into the messaging component of instant messaging. IM should work on my phone in my car, just as well as it does in my house on my broadband connection.

(Why file transfer over video? Well, file transfer can be accomodated over slow, intermittent lines even without a streaming protocol, say though TFTP... so there's no reason why not to have it everywhere. Especially when you use it trade small artifacts, like business cards or maybe an screenshot from your webcam... etc.)

I'm not saying real time video isnt's not a good feature, but it shouldn't be considered a REQUIREMENT.

I mean, what do people do on IM when they're at work and they don't have a webcam? Do they beg their boss to buy them one? Give me a break.

Re:You are probably right.

The point is, it's a requirement if you use that feature. That's all I was saying. I never said that no one should use Trillian or GAIM until they support video, I said that *I* will not use them until they support video interop with the three popular networks (that I use daily). It's a requirement for ME. Other people who don't have the requirement can feel free to use them. I agree they do a great job of consolidating into one client and give *most* of the features of the other clients.