Slashdot Mirror
New IM Worm On The Loose
elfarto writes "Techweb is
reporting that a new worm that spreads via Microsoft's instant messaging client
began badgering users Monday, several security firms said.
Dubbed Funner, the worm propagates by sending itself to all the contacts listed
in the user's copy of MSN Messenger, Microsoft's IM client.
There is an analysis on
Symantec Security Response Site; apparently the worm tries to download stuff
from www.78p.com and adds entries to the hosts
file pointing to more that 400 Chinese porn sites. The worm also sends itself to
the whole contact list as funny.exe so it requires the user interaction to
actually execute it. "
I saw him post this live on G4TechTV! They have very nice interface to weed out and post the news to the site.
BTW, it was posted via a Mac.
Fourty-two million users worldwide verses far more for AIM. The impact shouldn't be too big, although one has to wonder why people blindly accept and run files in the first place. It boggles the mind.
US businesses that currently accept chip and PIN/signature
Other than that, not much info there, except it points out the obvious, that osX users are not affected, since this appears to be a Visual Basic bug.
If nothing else, the listing of some 940-odd asian porn sites on the Symantec page will be useful to someone...
I reloaded twice before seeing it hit the frontpage. Now mind you I have a subscription so I'm counting before it goes "live." -Yazz
Technically it is a virus and not a worm. Virii (physical and electronic) cannot spread by themselves; they need someone else to help them spread. Worms, on the other hand, can spread and multiply without anyone else's help.
Since this virus requires human interaction, it is a virus and not a worm.
I'm watching the show too... "cache" is a bit of a misnomer, I mean, pretty much every chunk of data in Slash is cached, but basically we just post stories n minutes ahead of time. During that time (for n < 20) they are visible to subscribers -- and then they go live for the rest of the world whenever we've scheduled them to.
The problem with Windows and these worms is that you do not explicitly have to give execute permission to the file in question. It's just recognized as an '.exe' file by Windows and treated as an executable.
The kind of people who would execute this file, are the same kind of people who wouldn't know how to give some file execute permissions if they were running a Unix-based workstation (probably even OS X).
Does any of you know if this worm might be the cause for the sporadic outage in MSN messenger service yesterday and today? At first I thought it was my Trillian (yay!) client being blocked, MSN's own client was unable to log in as well.
Almost all of my contact list confirmed having the same problem.
No sig
The show will air in rerun tomorrow at 12:00pm EDT/9:00am PDT. (They eliminated the midnight eastern run)
Keep in mind that the show is a shadow of what it used to be. The new host (Alex) isn't near as knowledgable as the host he replaced, though he does seem to be getting better. Also, they put tons of commercial plugs into the show now in the name of "give-a-ways." Ever since Comcast bought it, cancelled half the shows, then integrated TechTV into G4, the show hasn't been the same, though it is getting better. They are also in deperate need for more intelligent callers with questions. So call an hour before the show at about 6pm ET/3pm PT to 1-800-839-7880 with your insightful questions.
Switching to GAIM wouldn't help here. All the worm is using MSN Messenger for is as a carrier for the file; there's no particular security hole involved. It's no different from sending a virus attached to an email.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
Informative? Funny, I can see. Insightful, maybe. Troll, at a stretch. But WhoTF modded this "Informative"?!
Not necessarily, but it is a nice reason to move away from Microsoft Windows.
Linux Anyone?
SuSE (Novell)
Red Hat
Mandrake
GenToo
Slackware
And get others from Distrowatch
Video Production Support
actually gaim handles AOL, MSN, ICQ, Yahoo!, IRC, and Jabber.
Snowden and Manning are heroes.
As does Trillian, actually.
I mod down anyone who uses M$ in their posts. I like to live on the edge.
Knowing that the China gov is kidna tight on pron sites recently, this is a nice way to spread. :)
However it would be even better if the worm would simply redirect those some 400 Chinese pron sites to 127.0.0.1.
Then it would be a SP instead, except for the spreading part.
You got it back words. In general, switching to Gaim won't help, cause it isn't any vulnerability in particular being spread. However in this case it would help, because if you set your little sister up with Gaim and she ran the funny.exe one could assume it wouldn't be able to spread itself further (funny.exe not familiar with Gaim).
Even better, set your little sister up with Linux and not have to worry about all the other crap funny.exe will do.
Linux isn't the only desktop alternative
FreeBSD
OpenBSD
NetBSD
DragonFlyBSD
Music is everybody's possession.
It's only publishers who think that people own it.
Fuck Beta
~John Lenno
It's an internal IP address, ie to be found on a LAN behind your firewall to the big bad world outside.
let's see ... perhaps because the executable bit is set, and in the console it's displayed in bright yellow and with an asterik next to it. Same goes for shell scripts, which can be as risky as an executable.
.EXEs or ROMs for video game emulators, but that is only because you call the interpreter and pass the file to the interpreter, so the OS has no way of knowing it is an executable.
This doesn't apply to files that require an interpreter or emulator, like
First of all, a "user friendly" program for getting a file off the net would certainly turn on the execute bit if it thought the resulting file should have it. So I don't think it's going to offer any protection as long as doofuses are writing the software.
Second, this "feature" is not there for any high-brow security reason. Back when Unix was first written reading disks was *very* slow. And the path tended to contain "." and people tended to pile many files into the current directory. When you typed "blah" at the shell it had to quickly locate the executable called "blah" that was first in the path. The only efficient way to do this was to read all the directories in the path and store the results in memory so you could jump straight to the file rather than read every directory before it in the path (the "rehash" command would re-read the directories if you changed them). Memory was also very expensive, so it was best to get that list as small as possible by eliminating all the files that were not executable. The only fast way to do this was to add a bit to the inode (which had to be checked for access permissions anyway), reading the first block of the file was out of the question. So that is why the execute bit is there, not for any security reason. If it was for a security reason you would need some special permission to turn it on that was different than creation permission.
Actually, you might just be on to something. The XUL framework seems to be perfect for developement of a cross platform multi-protocol IM client. Gaim is nice and all, I use it and love it, but the gtk requirement (esp on Windows) is quite a put-off. The reason I'm still sticking to gaim and haven't gone back to miranda is the lack of unicode support in miranda. Now if someone developes a XUL based multi-IM client (maybe a plugin architecture to standalone chatzillas?) that would be perfect.
1.0.0.0/8 is actually reserved by IANA for no particular use (so I guess you're simply not supposed to use those addresses, indeed also not for private networks).
Donate free food here
There are 2 reasons why this doesn't work at the moment.
1) non-power-user don't even know what I limited-user account is (or that it even exists).
2) power-user usually use other OSes for day-to-day tasks, but keep Windows handy for gaming. However, 95% of the games won't work in limited-user mode... not because the game developpers are lousy and can't make a game that runs in limited-user -- I've been in the industry, most game could very well run in limited-user -- it's only the whole copy-protection thigny (or shall I say paranoia) that requires administrator account (because it has to play with a bunch of registers and hidden "system" files).
So even power-users sometimes have to run as administrator to do non-administrative tasks on their computer.
After 3 days without programming, life becomes meaningless
- The Tao of Programming