Slashdot Mirror

← Back to Stories (view on slashdot.org)

New IM Worm On The Loose

Posted by CmdrTaco on from the head-for-the-hills dept.

elfarto writes "Techweb is reporting that a new worm that spreads via Microsoft's instant messaging client began badgering users Monday, several security firms said. Dubbed Funner, the worm propagates by sending itself to all the contacts listed in the user's copy of MSN Messenger, Microsoft's IM client. There is an analysis on Symantec Security Response Site; apparently the worm tries to download stuff from www.78p.com and adds entries to the hosts file pointing to more that 400 Chinese porn sites. The worm also sends itself to the whole contact list as funny.exe so it requires the user interaction to actually execute it. "

82 of 407 comments (clear)

  1. Another reason to move to GAIM by JosephusTX · · Score: 2, Funny

    Had to be the first - I enjoyed the Screen Savers segment!

    1. Re:Another reason to move to GAIM by Carnildo · · Score: 4, Informative

      Switching to GAIM wouldn't help here. All the worm is using MSN Messenger for is as a carrier for the file; there's no particular security hole involved. It's no different from sending a virus attached to an email.

      --
      "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
    2. Re:Another reason to move to GAIM by Lehk228 · · Score: 2, Funny

      damn, i knew they should have left the gaim file xfer broken

      --
      Snowden and Manning are heroes.
    3. Re:Another reason to move to GAIM by tonsofpcs · · Score: 2, Informative

      Not necessarily, but it is a nice reason to move away from Microsoft Windows.

      Linux Anyone?
      SuSE (Novell)
      Red Hat
      Mandrake
      GenToo
      Slackware
      And get others from Distrowatch

      --
      Video Production Support
    4. Re:Another reason to move to GAIM by Lehk228 · · Score: 3, Informative

      actually gaim handles AOL, MSN, ICQ, Yahoo!, IRC, and Jabber.

      --
      Snowden and Manning are heroes.
    5. Re:Another reason to move to GAIM by Teknogeek · · Score: 2, Informative

      As does Trillian, actually.

      --
      I mod down anyone who uses M$ in their posts. I like to live on the edge.
    6. Re:Another reason to move to GAIM by eean · · Score: 4, Informative

      You got it back words. In general, switching to Gaim won't help, cause it isn't any vulnerability in particular being spread. However in this case it would help, because if you set your little sister up with Gaim and she ran the funny.exe one could assume it wouldn't be able to spread itself further (funny.exe not familiar with Gaim).

      Even better, set your little sister up with Linux and not have to worry about all the other crap funny.exe will do.

    7. Re:Another reason to move to GAIM by RLiegh · · Score: 4, Funny

      and you forgot poland, as well.

    8. Re:Another reason to move to GAIM by Tongo · · Score: 3, Insightful

      Why couldn't someone write a worm that infected IM clients on Linux. Damn, don't you get it? Any box that isn't physically isolated from the rest of the world is vulnerable. Linux and GAIM are both less vulnerable only so far as people don't target them.

    9. Re:Another reason to move to GAIM by jobeus · · Score: 2, Funny

      No, I bet he was talking about http://www.youforgotpoland.com/.

    10. Re:Another reason to move to GAIM by ATMAvatar · · Score: 4, Funny

      Why switch to GAIM? If you were using the regular MSN client, you'd be up quite a bunch of money - 400+ chinese porn sites times $240

      --
      "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
    11. Re:Another reason to move to GAIM by BlackHawk-666 · · Score: 2, Funny
      Furthermore, only a handful of viruses manage to run under WINE, as viruses can do some tricky stuff.

      The WINE team are working hard every day to improve their compatibility with modern Windows viruses for the Windows enthusiast who insists *all* of their software runs.

      --
      All those moments will be lost in time, like tears in rain.
  2. it finds porn? by Anonymous Coward · · Score: 5, Funny

    How is this a bad thing?

    1. Re:it finds porn? by strider44 · · Score: 2, Funny

      Too late

  3. This will be successful..... by bob65 · · Score: 3, Funny
    Because we all know everyone executes a file called "funny.exe" without thinking.

    Geez, who cares. If a dumbass like me thinks that would be ridiculous, I'm sure everyone else in the world would think so too.

    1. Re:This will be successful..... by mr_don't · · Score: 4, Insightful

      I'm with you, but you know, my users a t work will run ANYTHING...

      Users can be psychotic sometimes...!

    2. Re:This will be successful..... by Zakabog · · Score: 5, Insightful

      Let's see, the average persons friend sends them a file called funny.exe. The average person really enjoying the kind of crap that their friend's send them online, executes funny.exe (which by the way will show up as just "Funny" on the average computer as extensions are hidden by default) gets infected by the worm, notices they get a ton of pop ups, porn sites, all kinds of junk and their computer runs really slow, blames the manufacturer of the PC (Gateway, Dell, IBM, whatever.) Never realizes it was an issue with MSN to begin with, continues on with their life promising to never buy another computer from Gateway, Dell, IBM, whatever. I've seen it happen so many times. My uncle even blames me for the crap that gets installed on his computer (usually while I'm not there, as I live 300 miles away) and doesn't really thank me when I install ad-aware and get rid of the junk (thinking whatever he just did on the computer made everything work right.)

    3. Re:This will be successful..... by Ghostgate · · Score: 4, Interesting

      You are seriously underestimating the general cluelessness of the average computer user. I think it could be named "worm.exe" and a lot of people would still run it.

      The knowledge (or lack thereof) of the average computer user is the real reason that security is such an issue today.

    4. Re:This will be successful..... by HermanAB · · Score: 5, Funny

      No, worm.exe won't spread nearly as fast as virus.exe...

      --
      Oh well, what the hell...
    5. Re:This will be successful..... by PhoenixFlare · · Score: 4, Insightful

      Gotta love how insulting generalizations are "Insightful" around here when you're referring to a MS product. Just because some MSN users are ignorant, does not mean all of them are.

      That's like saying "All Linux users are elitist snobs", just because there's some jerks mixed in out there.

    6. Re:This will be successful..... by aardvarkjoe · · Score: 2, Interesting
      That's like saying "All Linux users are elitist snobs", just because there's some jerks mixed in out there.
      Well, to be fair, I think that his comment was more akin to saying "Most Linux users are elitist snobs." Of course, some might argue that that one's true, too :)
      --

      How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
    7. Re:This will be successful..... by elhedran · · Score: 3, Funny

      When I heard about it, first thing I thought was "Hey, at last a practical use for those Turing test AI's"

      virus: hey its [nick gotten of settings] here, you gotta check this out.
      * virus sends file
      bob: did you check it for virus
      (match word virus) virus: yeah, I checked it out, its safe.

      Also could check for 'is it...you', various 'bye's, etc. Actually get around the 'don't run stuff you shouldn't trust thing'.

      Now mod me down before a worm author sees this comment and actually writes a messenger worm like that :)

    8. Re:This will be successful..... by GMFTatsujin · · Score: 5, Funny

      Everything except a virus checker...

      *sigh*

    9. Re:This will be successful..... by bmo · · Score: 4, Insightful

      "Gotta love how insulting generalizations are "Insightful" around here when you're referring to a MS product. Just because some MSN users are ignorant, does not mean all of them are."

      Not only are MSN users ignorant, most Joe and Josephine users are that ignorant *in general*.

      I just spent 3 hours today cleaning up a machine that had upwards of 60 trojans and other malware on it. One of which was a keylogger. It was amazing that this machine ran at all.

      Does the owner of said computer have any clue about how all this malware got there? Nope. He's got 3 kids, though, that all use the same computer. I

      He is ignorant, in the truest sense of the word. He is also *typical* of most home computer owners. People these days expect their machines to simply work, like toasters, because the interface hides the real complexity. I have been trying to educate him, and it's been a battle.

      But regardless of that, MSFT has never done any User Education itself. Bill prefers it that way, and that's a shame. Keeping the users ignorant allows MSFT to Blame The User when it comes to exploits (You Failed to Upgrade!), allows them to force DRM down their throats, and basically allows the company to run roughshod over its customer base, without complaints.

      So yes, MS users are ignorant. They simply do not know better, and their precious vendor, Microsoft, is aiding and abetting this ignorance.

      So what are *you* doing to educate your users?

      --
      BMO

    10. Re:This will be successful..... by Yartrebo · · Score: 2, Informative

      let's see ... perhaps because the executable bit is set, and in the console it's displayed in bright yellow and with an asterik next to it. Same goes for shell scripts, which can be as risky as an executable.

      This doesn't apply to files that require an interpreter or emulator, like .EXEs or ROMs for video game emulators, but that is only because you call the interpreter and pass the file to the interpreter, so the OS has no way of knowing it is an executable.

    11. Re:This will be successful..... by MmmDee · · Score: 2, Insightful

      It would definitely be helpful if Windows would display a "marker" of some sort adjacent to all executable files/scripts. But then, who would have thought that opening a jpg could be harmful. Thanks for the feedback.

      --
      No man's an island, unless he's had too much to drink and wets the bed.
    12. Re:This will be successful..... by Jesus_666 · · Score: 2, Funny

      That's like saying "All Linux users are elitist snobs", just because there's some jerks mixed in out there.

      No, dude. Linux users are paranoid anti-Microsoft zealots who try to convert Win users to Linux 24/7. The Mac folks are the elitist snobs.

      --
      USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
  4. Time to switch, perhaps? by kgbspy · · Score: 5, Insightful

    Just like everyone urged their friends and family to switch from IE to Firefox, now could be the time to recommend gaim to them in place of their regular IM client. Except, maybe, those who like chinese porn.

    --
    ~
    ~
    ~
    -- INSERT --
    1. Re:Time to switch, perhaps? by Doppler00 · · Score: 2, Insightful

      Although I don't see a 30% cpu usage, I do notice that Gaim is currently consuming 19MB of memory. I'm almost certain that's due to some memory leak because it increases over time. That's ludicrous for a program who's purpose is to send TEXT messages.

      I have almost considered helping them instead of complaining, but I have no idea where to get started on an open source project.

      I'll still continue to use Gaim until another GPL/LGPL multiple IM client comes along.

    2. Re:Time to switch, perhaps? by tangent3 · · Score: 3, Informative

      Actually, you might just be on to something. The XUL framework seems to be perfect for developement of a cross platform multi-protocol IM client. Gaim is nice and all, I use it and love it, but the gtk requirement (esp on Windows) is quite a put-off. The reason I'm still sticking to gaim and haven't gone back to miranda is the lack of unicode support in miranda. Now if someone developes a XUL based multi-IM client (maybe a plugin architecture to standalone chatzillas?) that would be perfect.

  5. Woohoo! by Gogo+Dodo · · Score: 5, Funny

    Time to cash in!

    1. Re:Woohoo! by pHatidic · · Score: 4, Funny

      No way this is just a hoax. More likely what really happened is the sysadmin who removed the virus found 400 chinese porn sites and when the user was confronted about this he just blamed the virus.

  6. why MSN is having trouble? by Anonymous Coward · · Score: 4, Interesting

    Is this why MSN messenger seems to have been down for about 12 of the last 24 hours?

    1. Re:why MSN is having trouble? by Anonymous Coward · · Score: 5, Funny

      Is this why MSN messenger seems to have been down for about 12 of the last 24 hours?

      No, that's normal.

  7. Impact? by mind21_98 · · Score: 5, Informative

    Fourty-two million users worldwide verses far more for AIM. The impact shouldn't be too big, although one has to wonder why people blindly accept and run files in the first place. It boggles the mind.

    --
    US businesses that currently accept chip and PIN/signature
    1. Re:Impact? by RAMMS+EIN · · Score: 4, Interesting

      You mean AIM is a bigger target than MSN Messenger?

      Well, here's another argument against "Microsoft software gets broken into more, because it is more widely deployed". (Besides Apache vs. It Isn't Secure.)

      --
      Please correct me if I got my facts wrong.
    2. Re:Impact? by Fishstick · · Score: 2, Interesting

      >We never hear this about their cars

      Actually, I knew a guy here at work that never once had any maintenance performed on his new cars -- he was proud of the fact that he could afford to just go trade in when the original tires wore out.

      Then again, he was 40+ sharing an apartment with his brother.

      Wonder what the dealer thought about a car that was driven over a year with the original oil never changed?

      It does boggle the mind when you find people that are willfully ignorant about their computers. I can't tell you how many times I've asked my mother in law to stop forwarding these "cute little programs" that she gets. She gets them from god-knows-who, clicks on them to see what they are, and then forwards to everyone in her address book.

      The response when I politely remind her that this is dangerous and she could be infecting her computer and passing on the infection on to all her contacts? "Well, I don't worry about things like that."

      bah

      --

      There is much cruelty in the universe, John.
      Yeah, we seem to have the tour map.

  8. Dammit by badfrog · · Score: 5, Funny

    Guess my workday tomorrow has been planned out in advance. (I have dumb users.)

  9. LUA by dioscaido · · Score: 3, Insightful

    I'm dissapointed that MS hasn't done a big enough push to get people accustomed to running as a limited user, versus running as Administrator all the time. This is the main reason why linux/OSX are more 'secure' -- programs like these would execute as user, not as root, given the OS's both discourage people from runnin their every day tasks as root. If the users who get this funny.exe were not running as Administrator, their system wouldn't get infected. The app may be able to propagate itself, but a quick log off/log on would kill the virus.

    1. Re:LUA by BurritoWarrior · · Score: 4, Insightful

      ...because a TON of windows software won't run or install if they do?

      Seriously, they would have 19 gazillion support calls the next day.

    2. Re:LUA by myowntrueself · · Score: 4, Funny

      In my experience the main cause of applications failing to run as non-admin user is copy protection on games.

      Frequently, these start up a service when they run. It would be very hard to make these work as non-admin.

      Personally, the first thing I do when I find a game like this is download a no-cd patch/crack. Then I can run it unprivileged.

      There are exceptions; the last icq client I tried won't even run as 'power user' and must be run as administrator.

      The developers of this sort of rubbish need electric shocks applied to their genitalia every time someone gets infected through their crap application.

      --
      In the free world the media isn't government run; the government is media run.
    3. Re:LUA by RAMMS+EIN · · Score: 4, Insightful

      You can still do a lot of harm using a regular user account. Deleting a user's files (often more valuable than the software, which can be reinstalled), propagating over the network, to name a few. You can also try to exploit local vulnerabilities to gain full privileges, or trick the user into giving them to you.

      And don't think loggin out and back in would solve the problem; you just install in the user's logon scripts rather than the system boot scripts.

      Apart from protecting other users' files, non-privileged accounts don't add a whole lot of security. And on Windows, it hardly works anyway. There are many things that should work for regular accounts but don't, and other things that shouldn't but do.

      --
      Please correct me if I got my facts wrong.
    4. Re:LUA by Phisbut · · Score: 2, Informative
      I'm dissapointed that MS hasn't done a big enough push to get people accustomed to running as a limited user, versus running as Administrator all the time

      There are 2 reasons why this doesn't work at the moment.
      1) non-power-user don't even know what I limited-user account is (or that it even exists).
      2) power-user usually use other OSes for day-to-day tasks, but keep Windows handy for gaming. However, 95% of the games won't work in limited-user mode... not because the game developpers are lousy and can't make a game that runs in limited-user -- I've been in the industry, most game could very well run in limited-user -- it's only the whole copy-protection thigny (or shall I say paranoia) that requires administrator account (because it has to play with a bunch of registers and hidden "system" files).

      So even power-users sometimes have to run as administrator to do non-administrative tasks on their computer.

      --
      After 3 days without programming, life becomes meaningless
      - The Tao of Programming
  10. Terminology question by rackhamh · · Score: 2, Insightful

    I'm not up to speed on the terminology (yes, I've been living under a rock, and it's very cozy under here). Is it really a "worm" if it requires the user to execute it?

  11. Worms... by TrancePhreak · · Score: 4, Insightful
    Doesn't sound like a worm to me at all.
    A computer worm is a self-replicating computer program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; however, a worm is self-contained and does not need to be part of another program to propagate itself.
    Computer Worm
    --

    -]Phreak Out[-
  12. d'oh by Anonymous Coward · · Score: 5, Funny

    "..and adds entries to the hosts file pointing to more that 400 Chinese porn sites"

    First good reason i hear to switch to Windows.

  13. worm isnt going to do much damage by Indy1 · · Score: 4, Funny

    host www.78p.com
    www.78p.com has address 1.10.5.89

    --
    Lawyers, MBA's, RIAA? A jedi fears not these things!
    1. Re:worm isnt going to do much damage by maximilln · · Score: 2, Interesting

      Traceroute to www.78p.com
      08:21:54 MDT (-0600) Tue Oct 12, 2004

      1. blah.blah.net (aaa.bbb.ccc.ddd) 0.8 ms
      2. blah2.blah.net (aaa.bbb.ccc.ddd) 5.1 ms
      3. blah3.blah.net (aaa.bbb.ccc.ddd) 6.7 ms
      4. *
      5. *
      6. *
      7. *
      8. *
      9. *
      10. *
      11. *
      12. *
      13. *
      14. border10.s6-4.pcisys-1.den.pnap.net (216.52.42.13) 7.4 ms !H

      Trace complete.

      --
      +++ATHZ 99:5:80
  14. A step back by Sheepdot · · Score: 4, Funny

    Wow. We've gone from viruses pretending to be porn in order to do funny things to your computer to viruses pretending to be something funny that give you porn.

  15. Trolling... by Mori+Chu · · Score: 5, Funny
    Well this shouldn't be any problem; it requires the user to actively click an attachment, and users are educated enough not to do that...

    And they don't run as Admin anyway, so the worm couldn't even infect them if they did click it...

    And Microsoft will surely release a prompt fix to address this issue...

    So I don't see what the problem is here. :-)

    1. Re:Trolling... by magefile · · Score: 2, Informative

      Informative? Funny, I can see. Insightful, maybe. Troll, at a stretch. But WhoTF modded this "Informative"?!

  16. Clever! by ATomkins · · Score: 5, Funny

    Ohhhh... I see the plan... we slashdot 78p.com, thus limiting the 'worm's damage!

    Good thinking, guys!

    Just doing my part. ;)

  17. Worm name in article is wrong by diagnosis · · Score: 4, Funny

    It should be 'more fun', not 'funner'.

    ------------------
    Rate free iPod offers: RateTheOffers.com
    (Flat screens and Desktop PCs too)

  18. Re:Obligitory windoze comment... by dioscaido · · Score: 4, Interesting

    Well, if you are running as root, well, the answer to your question is EVERY OS. Run your desktop as root, and it'd take me 5 minutes to write an executable that will hose your whole system.

    The fact is, Windows has a solid, well implemented, priviledge system. The second fact is that they gave this up in favor of app compatiblity (crappy programs that expect to write to the windows directory just to run, versus to user directories) and ease of use. This is biting them in the ass, and they are working on getting people away from running as Administrators. Just not as heavy a push as I'd like.

  19. Re:400 porn sites? by Daniel+Ellard · · Score: 4, Funny
    Imagine the time and persistance it took to find 400 Chinese porn sites, what with the Chinese government breathing down your neck and all that. This author is no simple script kiddie; this is a wormer who has corporate sponsorship and/or does all his browsing with one hand...

    --
    Disclaimer: I work for a company, but I don't speak for them.
  20. Symantec Analysis by a7244270 · · Score: 2, Informative
    The analysis at symantec is a little skimpy on the details of how an infection starts, but from what I gather, the recipient of the instant message still has to click on the executable (unless I'm mistaken). Seems like this is destined to propagate only among the stupid. (insert obligatory comment about MSN Messenger users here).

    Other than that, not much info there, except it points out the obvious, that osX users are not affected, since this appears to be a Visual Basic bug.

    If nothing else, the listing of some 940-odd asian porn sites on the Symantec page will be useful to someone...

  21. Re:Posted live on The Screen Savers by Aaton · · Score: 2, Informative

    I reloaded twice before seeing it hit the frontpage. Now mind you I have a subscription so I'm counting before it goes "live." -Yazz

  22. Computer Baddie Etymology by sparkmanC · · Score: 2, Informative

    Technically it is a virus and not a worm. Virii (physical and electronic) cannot spread by themselves; they need someone else to help them spread. Worms, on the other hand, can spread and multiply without anyone else's help.

    Since this virus requires human interaction, it is a virus and not a worm.

    1. Re:Computer Baddie Etymology by groomed · · Score: 2, Informative

      No, it's a trojan. The difference between a virus and a trojan being that a virus spreads itself as a side effect of normal user behavior (inserting a floppy into the disk drive, running an infected executable, ...), whereas a trojan spreads itself by seducing the user into running it.

  23. Re:Posted live on The Screen Savers by jamie · · Score: 2, Informative

    I'm watching the show too... "cache" is a bit of a misnomer, I mean, pretty much every chunk of data in Slash is cached, but basically we just post stories n minutes ahead of time. During that time (for n < 20) they are visible to subscribers -- and then they go live for the rest of the world whenever we've scheduled them to.

  24. You can be rich !! by ganhawk · · Score: 5, Funny

    Is the worm author most benovelant guy or what ?

    China rewards porn snitches
    1)run windows 2)get infected 3)receive list and fwd to the chineese authority 4)profit!!

    --
    Python script to convert photos into "artsy" portraits: http://p2pbridge.sf.net/pyPortrait/
  25. Re:Obligitory windoze comment... by san · · Score: 4, Informative

    The problem with Windows and these worms is that you do not explicitly have to give execute permission to the file in question. It's just recognized as an '.exe' file by Windows and treated as an executable.

    The kind of people who would execute this file, are the same kind of people who wouldn't know how to give some file execute permissions if they were running a Unix-based workstation (probably even OS X).

  26. MSN downtime by secolactico · · Score: 2, Informative

    Does any of you know if this worm might be the cause for the sporadic outage in MSN messenger service yesterday and today? At first I thought it was my Trillian (yay!) client being blocked, MSN's own client was unable to log in as well.

    Almost all of my contact list confirmed having the same problem.

    --
    No sig
    1. Re:MSN downtime by Professeur+Shadoko · · Score: 2, Informative

      I was logged on MSN yesterday evening.

      First, I got messages opening in a window, from people that I don't know.

      Then, some messages from people I know, appearing in that same window, instead of their own window.

      And after that, a pop up message, from MS, stating the service was going down for maintenance.

      It lasted more than one hour.

  27. The Screen Savers by Anonymous Coward · · Score: 2, Informative

    The show will air in rerun tomorrow at 12:00pm EDT/9:00am PDT. (They eliminated the midnight eastern run)

    Keep in mind that the show is a shadow of what it used to be. The new host (Alex) isn't near as knowledgable as the host he replaced, though he does seem to be getting better. Also, they put tons of commercial plugs into the show now in the name of "give-a-ways." Ever since Comcast bought it, cancelled half the shows, then integrated TechTV into G4, the show hasn't been the same, though it is getting better. They are also in deperate need for more intelligent callers with questions. So call an hour before the show at about 6pm ET/3pm PT to 1-800-839-7880 with your insightful questions.

    1. Re:The Screen Savers by eean · · Score: 2, Interesting

      Its easy to tell which shows originated from G4 and which from TechTV. The G4 shows always have a kind of a lame sense of humor and they're always fawning over whatever product or game that they're talking about. Based on the humor, I'd say the target audience of G4 is the likes of that annoying guy in your eigth grade class. TechTV shows (Screen Savers, easiest to see the difference with X-Play) can actually be funny.

      Basically I think LA is a lamer city then San Francisco. If LA notices something it becomes lame practically by definition. Before they were able to have various notables of Silicon Valley live... now they have actors live. Great.

  28. Re:It's all part of life by Izago909 · · Score: 2, Funny

    With enough publicity the average Joe User will learn safe IMing habits...

    The average Joe won't learn safe computing habits until Dell, Gateway, HP, and Compaq start issuing keyboards and mice complete with 10,000 volt negative reinforcement "bad user, no treat" features. People with no computer knowledge are the last to admit their ignorance caused their problems.

  29. Fact checking? by Ratcrow · · Score: 4, Funny

    "pointing to more that 400 Chinese porn sites"

    How do they know that all 400 are porn sites? Did someone actually sit down and visit every one?

    Also, are they hiring?

    1. Re:Fact checking? by 10+Speed · · Score: 2, Funny

      I did...and only a small percentage are....

  30. is it just me or is it my friends by Unknown+Poltroon · · Score: 4, Funny

    But i would NEVER open something they sent me called funny.exe. I know about their senses of humor.

    --
    All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
  31. Funny.exe funny extension by Mister+Liberty · · Score: 2, Funny

    What type of file is that anyway, exe file.

  32. So much for natural selection by Lurgen · · Score: 5, Funny

    A worm that spreads via IM? Or a worm that spreads via stupid dumb-ass users who don't know better than to run a .exe they weren't expecting to receive?

    One day, with a bit of luck, people opening attachments/files/emails/whatever like this will be considered much the same as people eating strange pieces of food that they find in the street.

    For those in the support side of the field, remember that as long as there are stupid people (and there always will be) security vulnerabilities will always be a poor second cousin to humans. The bulk of your support calls won't come from clever little worms that capitalise on obscure security flaws in a product, they'll come as a result of idiots thinking that "nakedwoman.exe" is actually something they want to see.

    Yet another reason we should embed cattle-prods into keyboards... "wow, some stranger sent me some naughty pictures of herself! Pity they're archived, I'll just double-click and let them extract themsel *zaaaaaaaap!!!*"

  33. How this is a useful worm.. . . . by Synflex · · Score: 2, Informative

    Knowing that the China gov is kidna tight on pron sites recently, this is a nice way to spread. :)

    However it would be even better if the worm would simply redirect those some 400 Chinese pron sites to 127.0.0.1.

    Then it would be a SP instead, except for the spreading part.

  34. Well, I'm glad I found out how to uninstall MSN... by r_jensen11 · · Score: 2, Interesting

    Yep, I guess that's 1 less vulnerability I have for Windows now, since I uninstalled MSN Messenger. So here's my prediction: Since microsoft's solution to all of their vulnerabilities, they'll just send out a security update disabling their messenger. Little will they know that they're disabling their own product though, because honestly, who can keep track of all of the programs MS makes, especially the ones that have Microsoft in their names?

  35. Don't forget... by the+real+darkskye · · Score: 4, Informative

    Linux isn't the only desktop alternative
    FreeBSD
    OpenBSD
    NetBSD
    DragonFlyBSD

    --
    Music is everybody's possession.
    It's only publishers who think that people own it.
    Fuck Beta
    ~John Lenno
    1. Re:Don't forget... by PygmySurfer · · Score: 3, Informative

      And of course:

      Mac OS X.

  36. Suspicious... by LavaDevil94 · · Score: 3, Insightful

    Methinks this might have something to do with the recent ban on porn in China...

  37. Re:Aargh! by GWTPict · · Score: 2, Informative

    It's an internal IP address, ie to be found on a LAN behind your firewall to the big bad world outside.

  38. Hell by papasui · · Score: 4, Insightful

    When I was still doing phone cable modem support (I'm the network engineer now) I spoke with more than one person that said they opened the attachement in their email because they wanted to see if it a was a virus. This thing will spread like that goatse.cx guys ass.

  39. This is not a Unix security feature by spitzak · · Score: 2, Informative

    First of all, a "user friendly" program for getting a file off the net would certainly turn on the execute bit if it thought the resulting file should have it. So I don't think it's going to offer any protection as long as doofuses are writing the software.

    Second, this "feature" is not there for any high-brow security reason. Back when Unix was first written reading disks was *very* slow. And the path tended to contain "." and people tended to pile many files into the current directory. When you typed "blah" at the shell it had to quickly locate the executable called "blah" that was first in the path. The only efficient way to do this was to read all the directories in the path and store the results in memory so you could jump straight to the file rather than read every directory before it in the path (the "rehash" command would re-read the directories if you changed them). Memory was also very expensive, so it was best to get that list as small as possible by eliminating all the files that were not executable. The only fast way to do this was to add a bit to the inode (which had to be checked for access permissions anyway), reading the first block of the file was out of the question. So that is why the execute bit is there, not for any security reason. If it was for a security reason you would need some special permission to turn it on that was different than creation permission.

  40. Re:Mod Down by Halo1 · · Score: 2, Informative

    1.0.0.0/8 is actually reserved by IANA for no particular use (so I guess you're simply not supposed to use those addresses, indeed also not for private networks).

    --
    Donate free food here
  41. Re:Did I miss the memo? by blowdart · · Score: 3, Funny

    Was that when some attention-starved sluts starting showing off their boobs...

    You sound like you think this is a bad thing.

    Anyway, it's not like IM is a professional tool, it started off as a quick way to send little messages and grew. Think about the main user base teenage kids, folks in their early twenties and geeks. Of course it's a reasonable guess to say 50% of that user base is male. So that's geeky males, student males or males going through hormone hell. Of course it became a requsitie when breasts appeared.