Slashdot Mirror
MyDoom Seeks to Destroy Antivirus Firms
Khoo writes "Worm writers are threatening to attack antivirus companies F-Secure, Symantec, Trend Micro and McAfee.
In the latest version of MyDoom--MyDoom.AE--the authors embedded a message ridiculing rival worm Netsky and promising to attack the antivirus companies."
Isn't this like the virus companies threating to shoot themselves....? Oh, hang on, they don't really write all the virii... :)
"If A equals success, then the formua is A=X+Y+Z. X is work. Y is play. Z is keep your mouth shut" - A Einstein.
Maybe they can destory Live Update so that Symantec can finally create a copy that isn't a resource hog.... wait....
*sighs*
nevermind
UID 1000000 is just around the corner.
... if all of these viruses were something more then a rip-off of a rip-off of a rip-off of someone elses code.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Hey Netsky! Nice code, did your mommmy write it for you?!
It's just a skript kiddie who think he'll impress even more with such FUD...
Reminds me of a spam which I got which content was : "get a capable emailer".
Of course, had I had one, I'd have gotten some ad for penis enlargement pills...
So, I just dumped the mail and as I am on OSX, I don't have vir[iuse]* either...
Trolling using another account since 2005.
Do you want to use the antivirus product of a company whose network goes down due to a virus?
Evolution or ID?
Really was just a matter of time before an assault. It's a war. Virii vs. the White ('blood cell') Knights. The worst disease in the world is AIDS, not because it kills directly, but because it inhibits immunity entirely. After your anti-virus software is nuked, the most basic of hacks could nail your pc.
The only way to destroy Anti-virus firm is to stop writing viri. The more the viri, the more $$$ for AV companies.
You turned every legit hacker out there into a potential terrorist. You're handing the net over to authoritarian politicians who are not interested in real security or the free flow of information. Fucking idiots. Why don't you burn down libraries for chump change? Same thing...
We don't really want to boost the ego of those jacks, do we?
And hopefully, Taco won't repost the same story in a few days...
<sarcasm/>
Because if they ever catch them, 95% of
I seriously doubt Virus company write their own virus and release into the wild. There are enough virus already. They could hardly keep up. What I worry most is not about the attack toward the anti-virus company, all the anti-virus provider have to do is to set up temporary ip to dodge any Live update DoS. Similar to what Microsoft have done in the past. However, What sort of signal is this sort of news giving to the rest of the coder? Making virus make you more powerful? I have heard somewhere that if you control 10,000 machince on the internet, you are unstopable. That only lead me to wonder how many people out there actually control that amount of machince, and worst yet. What if they join together as an alliances and destory anything in their path for immature reason? Dalnet came to mind.. don't know anything else that have been heavily damaged by DoS. Can anyone else point out?
I think it's time to panic. We know virus writers always tell the truth and would never engage in deception or hyperbole. Therefore this must be true.
I reccomend we immediately declare western civilization over to beat them to the punch.
There, got my sarcasm out for the day. Now to go to work and refuel it.
"The Sage treasures Unity and measures all things by it" - Lao Tzu
Hey Spydr! Nice English, did a Martian write it for you?!
V I R U S E S !
"Virii" is not a word in any language on this planet.
How can people write such amazing worms and viruses and yet still have such POOR language in their little manifesto messages?
I just don't get these virus writers and their little comments. It seems like everytime you see a message, it was written by a kid (which is likely I suppose),someone really drunk, or someone really without command of the English language.
"we wanna stop our activity"
kind of reminds me of the tone of everyone's favorite...
"someone set us up the bomb"
Because according to the Princeton definition:
:)
Caterpillar: a wormlike and often brightly colored and hairy or spiny larva of a butterfly or moth.
It's not about the origination of the word, but that it looks worm-like.
And a side note, it's "Etymology", not "Etymology"
"We're breaking out the ramen noodles. . . "
"Really? Is it someone's birthday?"
spelling error on my part, mispasted and didn't even catch it:
** it's "Etymology", not "Entymology"
Funny irony in that, eh?
"We're breaking out the ramen noodles. . . "
"Really? Is it someone's birthday?"
huh? looks the same to me. Did you mean to say it's Etymology not Entymology?
I'm not sure those bigger AV companies will be able to protect themselves. They are slow in responding to threats much less threats against themselves.
3 316511)
I put together this report for our project team recently. The sources are MCI, Verisign, et al (mostly, esecurityplanet.com article -- yes, google makes reports easy/fun).
Wait time for AV fix
(source: http://www.esecurityplanet.com/views/article.php/
Below marks the average wait time from release of virus to each company providing definitions to find/clean
H:M Anti-Virus Program
06:51 Kaspersky
08:21 Bitdefender
08:45 Virusbuster
09:08 F-Secure
09:16 F-Prot
09:16 RAV
09:24 AntiVir
10:31 Quickheal
10:52 InoculateIT-CA
11:30 Ikarus
12:00 AVG
12:17 Avast
12:22 Sophos
12:31 Dr. Web
13:06 Trend Micro
13:10 Norman
13:59 Command
14:04 Panda
17:16 Esafe
24:12 A2
26:11 McAfee
27:10 Symantec
29:45 InoculateIT-VET
The averages vary from about 7 hours per virus to more than one full day (almost 30 hours). It's important to note two things about the figures in the table above:
Some of the programs were able to detect some of the viruses in the testing period heuristically -- without needing an update. Ikarus, Quickheal, and Virusbuster were able to do this with the Dumaru.Y virus, whereas Norman and RAV were able to do it with Bagle.B. In those cases, the anti-virus program was assigned a response time of zero for that one virus. This reduced those vendors' average response times.
On the other hand, A2 had not posted a signature for the Bagle.B virus within three days, when the test period ended. This program, therefore, was assigned a response time of 35 hours in this instance. If this virus had not been considered in the statistics, A2's average response time would have been reduced to 15:26 rather than 24:12.
Hours to saturation/Dollar damage done by:
Klez 2.5 hours $9B
Sobig 10 hours $14B
2003 overall virus damage $89B
Average cost to patch and protect one workstation (includes AV, PM & FW): $234.
Global spam decreased in August 2004 due to hurricanes (FL is the largest producer of global spam).
"All great things are simple & expressed in a single word: freedom, justice, honor, duty, mercy, hope." --Churchill
Why hadn't this happened sooner (if it really does happen)? I know companies like Microsoft and SCO are understandable targets fir these cretin, but wouldn't you think that their natural enemy would be the anti-viri firms? If this does come off, am anxious to see what the reaction is.
My
r u t311in m3 taht 1337 inst A l4ngooaje?????
"i thought we settled this a long time ago, the term varies depending on the number... viri for one, virii for two, viriii for three, viriv for four, virv for five, and so on..."
I read somewhere that MyDoom was named because the virus when viewed in an ASCII viewer contains an amount of freetext that was meant to say 'mydomain' but instead it was mis-spelt in the virus to say 'mydoomain' - hence MyDoom.
Think about it the last few years have seen some rather sloppy coded worms and virus. None of them have been intentionally malicious. I am worried about the guy sitting at home pissed off at the world and actually knowing what he is doing with a compiler. Virus scanners are a false sense of security, somebody that knows what he is doing can devastate most of the worlds networks in seconds. By the time the virus definitions are updated everything has gone black.
Let's see here, if you go for the old tin-foil belief that the virus companies write the virii to create a need for their software, and the attacks are real... Hmmm.
F-Secure: Check
Symantec: Check
Trend Micro: Check
McAfee: Check
So that leaves... grisoft, Avast, and a couple dozen smaller companies. It's a conspiracy! THE BASTARDS!
~D
This sig has been enciphered with a one-time pad. It could say almost anything.
The threat of a DOS attack is quite mild to actually writing truly malicious code. Something along the lines of repartitioning the harddrive and reformat the drives upon reboot. The viruses that we have seen have been mainly to slow or disconnect the victim from the network. I feel there could be worse scenarios that could happen besides what we have seen thus far.
Maybe if we gave the virus writers what they want they will leave us alone. I tired of the senseless mass killing of computers... you'd think they were doing this for fun.
I think you'll find the plural is 'viruses'
yeah sure, next time you gonna tell us that the plural of box is boxes and not boxen...
The silly thing about HIV (AIDS) isn't that it's killing off your immune system.. AFAIUnderstand, healthy CD4+ T-helper cells (the type of immune cells you're losing when you're HIV+) that come in contact with an infected CD4+ T-helper cell tend to self-destruct.
:)
If we're going to try and translate that to computerviruses and a computers' immune system.. Oh well, let's try.
---
Virus enters computer. Establishes infection. It shuts down a few processes, including some of the popular virus scanners, and alters a host file to mess with updates. New tools to remove the virus are developed on the web, and the virus gets update from a server on sealand which processes now to kill. - arms race. Whoever gets the update first, wins.
---
An HIV analogy would assume a host of virus scanners slowly being deminished on your computer, and mainly because virus scanners infected with the virus cause other virus scanners to crash. We're not there yet
I have a few friends that have 2-3 virus scanners on their pc, but that never seemed a very good solution to me.
Please tell us more about your great 'bi' mac....
DO NOT refer to it a dual processor, but as 'bi'...
check his journal on Macslash....
Wednesday June 09, 04
03:04 AM - The bi-2,5GHz is here
OK, the AppleStore is currently closed but my Swiss reseller has it now : the bi 2,5GHz has come, it is sold for the same price has the bi-2GHz which has dropped in price to its younger sibling's former price. Other specs seems to be the same as previously (160GB, 512MB...)
http://macslash.org/~mirko/journal/
Yea...your not teh ghey!
Just so they can use their produts to protect themselfs from viruses. I would trust an Anti-Virus Company more if they were runinning OpenBSD or some other Secure OS. Yea sure they make anti-virus for windows but that is because they know that windows is insecure. Becideds if someone wants a virus to spread they just kill the updates for the anti-virus.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
So much for the traditional arguments made by virus writers that they're trying to force better security practices. Either that, or running anti-virus software isn't considered a security practice by virus writers.
Nah, ... maybe I am too paranoid, this time...
If programs would be read like poetry, most programmers would be Vogons.
Ah, Fond memories of the old HCF ( Halt and catch fire) op code. ;-)
- F1 NEWS
He should include his full résumé, address and phone number in the next one.
One line blog. I hear that they're called Twitters now.
If the MyDoom writers want to mess up antivirus companies, why don't they just do it and be totally quiet about it? The only thing worse than an attack is one that you don't see coming. To top that off, they could have made a different virus to attack antivirus firms and make the antivirus firms think it was the netsky writers that did it. And then someone could make a movie about it and play it on TNT because they know drama.
This is the very reason why depending upon anti-virus software is dangerous. Anti-virus software causes people to become less careful about computer security. Becoming less careful about computer security because you have anti-virus software is something like driving less carefully because you believe that airbags will keep you safe in the event of a car accident.
Really I hope this pans out. Figting viri is fun at work. Its an excuse not to be doing stupid PHB things like rearrange the data room to make it look cooler but be impossible to get to anything or work in. Not to mention as a Linux user at home, other then the slowness this will create on my internet connection, I can't imagine anything more entertaining then a battle between Crackers and AV firms(assumeing they are not the same people) being played out on countless thousands of windows desktops and servers. It may as a side effect create a real market for diversity in the computer industry again.
virii dates back almost 20 years and was coined as psuedo-latin in order to easily distinguish between computer virii and biological viruses, in the plural. It isn't an attempt at sophistication merely clarity. Some use it, some don't, some mock. Had it caught on, it would have simplified the language we use.
Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
Sometimes I wonder if it wouldn't be cheaper to just revamp the whole IT infrastructure.
...) and up-to-date legislation to procecute virus writer and so on.
....) and move to something decent (PowerPC? Heck, even MS goes to PowerPC for the future XBOX, so why not for PC's...)
Let's say all companies in all countries, the governements and the IT suppliers join hands and pay into one large "IT fund" or donate research time and development for a joint new technology.
At the same time governements all over the world passes legislation to increase the reponsibility of IT vendors like e.g. Microsoft (faster bug fixes required by law, free bug fixes, longer free support, better en safer Windows code,
We use these measures to:
1) Get rid of x86/WinTel and all its legacy technology and software (no more ISA, no more IRQ, no more Win/DOS compatibility,
2) Get rid of Windows altogether and create a decent replacemnt for it without legacy and backwards compatability
3) All governements by Apple Machines and Mac OS X at huge discounts: already a huge step forward in security of our personal information and files.
I think this would enhance competition, drive the economy forward, foster future new developments and maybe get rid of monopolies and get decent competition in the IT market... and be a lot cheaper than the combined cost of all anti-virus licenses, and hidden costs of lost productivity and fall-out of current attacks...
I know... I know... I'm dreaming eh... Some forces would be against this... Damn....
this monkey has nothing on Witchiepoo
I am just the average Joe, who is brainwashed by such renowned companies as Microsoft into believing that it is not the software companies that make the mistakes, but the people who make the things that cause the mistakes to trigger!
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
I'm sure I won't find much disagreement here on /. for saying that computer viruses are a pain in the ass, cause economic damage, and waste otherwise productive hours of people's time to "disinfect" computers.
What is the point in writing these things in the first place? I might understand the virus writer having a self-esteem problem and writing virues boosts his/her ego. Other reasons escape me. Any takers?
Sorry to say, but there's absolutely nothing in your post that makes sense. Not trusting a company because of the OS they run?
And: 'because they know that windows is insecure' ?? Windows isn't any more insecure than your favorite BSD or Linux distro. It's how it's configured that makes it secure or not.
'if someone wants a virus to spread they just kill the updates for the anti-virus' : oh yeah, why didn't they think of that before? I have no idea how you plan to 'kill' the update though, since that's different for every AV and you'll need to find a way to build that into your virus.
*shrug*
Really was just a matter of time before an assault. It's a war. Virii vs. the White ('blood cell') Knights. The worst disease in the world is AIDS, not because it kills directly, but because it inhibits immunity entirely. After your anti-virus software is nuked, the most basic of hacks could nail your pc.
:-)
I got one of those full body condoms and put my computer in it.
It's easy to stand out when the general level of competence is so low.
sounds like buisness competition to me, whats a better way to knock out your competition than to release a worm only aimed at their faults?
-DrMyke
"mmmmmmmmm, doughnuts" - H.J.Simpson; super genius
Don't ever mention again internet and secure in one sentence. it isn't secure and never will be. Just as commuting to work will never be secure. There are only different levels of security: if you go by car (Windows), bike (Amiga ;)), bus (Linux) or train (OS X).
Sounds like the virus was written to help the antivirus companies justify their existence.
Hackers are stalking your children online...
Booga booga!
Hahaha
Make OS's more secure? hahahahahahhahahahaah
First off, both companies that build OS's and antivirus companies have quareterly earnings to meet, can we risk that not happening?
Also, on a serious note, individuals need to be more reponsible for the security of their own machine. We are in an age where more people have fast computers on fast internet connections, and people are going to exploit their ignorance.
This is a problem that is not going to go away quickly, because those individual users are not going to change quickly, and there is no financial reason for OS companies to make better software.
[I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
Exactly. I am tired of giving these panty wastes something to get off to everytime they log on to the internet. Get a life and do something productive with it.
Some 300 pound fat kid with acne, no self esteem and no ambition to do anything besides play video games an eat cheesey poofs gets bored one day. So he starts reading the Anarchists Handbook he downloaded. He visits "warez" 'sites and adopts an online handle with an inconceivable combination of letters and numbers that somehow translates to "Lord of My Domain and All Underwear Found Therein." Of course, his domain includes his room, his basement if he's luck and his driveway if no one is outside to make fun of him for picking his nose. And the only underwear "Therein" are pairs of his holey tighty whitey's and maybe some granny panties he stole from his sisters drawer that he's convinced himself belong to Marybeth Marchovschy, the head of the cheerleading squad. He still has no self esteem, but now he has a hobby besides touching himself while watching scrambled porn.
Fastforward. Some 500 pound Jabba the Hut rolls around all day in his house on a wheel chair paid for by my taxes because Fat Bastard is morbidly obese and too lazy to walk around. He would probably have a heart attack if he tried. He tried his hand at real coding, but Sam's C++ in 24 hours is not enough to get any of his submissions to the Open Sources Tiddly Winks project he has been ghosting for 2 years. What he can really do well is hack code other people wrote trial and error style. So he finds a virus floating around out there and hacks it up and spits it out and suddenly a plague is unleased upon the computing world becuase Jabba would not take a Butterfinger out of his mouth long enough to say hello to anyone and gain some self esteem and become a productive member of society.
But now he is 1337, now he brings companies to their knees, now he threatens the Anti-Virus companies who are trying to take away his precious. Now...he is making fun of a 500 pound Lard Ass in a wheelchair halfway across the state/country/continent/world for hacking up some code and spreading a virus. Just go roll yourself, wheelchair and all, into your neighbor's pool before your folds of skin provide a incubation space for some new super mold what will kill everyone in the world who can walk farther than you can spit. Ironically, although you will ultimately remove your seed from the gene pool using a swimming pool, you traded your chances at poisoning the human race with your genetic material for an all night Diablo session.
We are being intimidated by that?!?
modded interesting? ROFL
no windows really is insecure.
go look at the core windows packages vs a comparable linux/bsd distro.
which is more secure.
A virus that performs a Denial of Service attack against the "automatic update" servers used to keep the client av software up to date?
You then have a virus that is attacking the 1 thing that can "defeat" it, thus the virus "wins" as it has effectivly knocked out the source of the antidote (providing the virus is able to spread at a very fast rate for the initial 12 or so hours).
There is quite a lot of research on the web regarding the speed at which viruses spread and the # of hosts infected in the first X hours, which makes for interesting reading.
To do it properly the virus shouldnt have any hardcoded IP addresses or domain names but instead seek the server name(s) from the (registry|av-binary|where ever it is stored). Other virus have failed in the past because l33t master coders were stupid enough to hard code a list of IP addresses.
A fast spreading virus that could do as described IMO would be a truely "successful" ground breaking virus, and it would certainly be interesting to see how the AV companies react to that.
(Im NOT suggesting, nor encouraging it to be done, just looking at an idea from a problem solving / technical implementation POV).
Jason
They're not so stupid as to use windows products, they use linux so that they don't get any viruses on their desktop systems. :)
The government which is strong enough to protect you from everything is strong enough to take everything from you.
I'm no bugologist or anything, but isn't that thing an inch worm? Caterpillars walk with their little legs, not scoot along like that.
But as I said, IANAB.
Just pronouce it virii, and let's move on.
One virus. Two or more viruses. No other plural is acceptable.
i ru s.html
"Virii" is wrong.
"Viri" is wrong.
"Viriii" is wrong.
"Virodes" is wrong.
"Virusen" is wrong.
"Viruss" is wrong.
"Virus" as the plural is wrong unless you're speaking Latin, and even then it's not really a plural so much as a collective singular noun.
ANYTHING THAT IS NOT "VIRUSES" IS WRONG.
http://www.linuxmafia.com/~rick/faq/plural-of-v
I am fully in support of a keyboard that, whenever the letters "v" "i" "r" "i" "i" are typed sequentially, then administers a fatal electric shock to the typist.
Quidquid latine dictum sit, altum sonatur.
This is one step up from some article stating that Coyboy Neal is going to take over the world.
(I for one welcome our new Coyboy Neal overlord.)
Seriously - it's just trash talk. Nothing really "actionable" about it, and highly suspcious. What are they going to do?
My Doom3 is better than your MyDoom! Nyeah!
Um, this isn't "Slashdot, news for english majors..."
These viruses/worms don't do a damn thing.
You know what would be a great virus/worm? One that totally fucks up the partitions on your hard drive forcing you to reformat and lose all your data.
Now THAT would be a funny virus. Imagine that getting spread across corporate america... you think it cost a lot to take 3 minutes out of the day to update virus defs and do a scan? Wait till you need to take hours out to reformat and reinstall.
These are what worms/viruses should be. Not this "Hacked by chinese" bullshit.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
The message read: "Lucky's Av's ;P~. Sasser author gets IT security job and we will work with Mydoom, P2P worms and exploit codes. Also we will attack f-secure, symantec, trendmicro, mcafee, etc. The 11th of march is the skynet day lol. When the beagle and mydoom loose, we wanna stop our activity <== so Where is the Skynet now? lol."
One wonders if we should be more scared of the spreading misuse of the english language (lol) than by virii...
If a handful of major governments would just post some big bounties for these idiiots, the problem would oson solve itself.
Any company's computers, even the best AV writers, are vulnerable to 1st day infections
hey noob, its called 0day .
In my experience, it should be at the top of the list.
You ~obviously~ don't know squat about OpenBSD.
You must be a consultant...
Try getting your "information" off the back of a different cereal box next time.
And: 'because they know that windows is insecure' ?? Windows isn't any more insecure than your favorite BSD or Linux distro. It's how it's configured that makes it secure or not.
Right, if Windows is configured to not run any services and not be on the network it's C2 secure.
If you do any of those things it contains many network-exploitable 'root-level' vulnerabilities. Even if you follow the 65-page NSA documents on how to secure Windows.
As shipped, OpenBSD has had only a couple of these in the past several years. Windows has had more than a hundred.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
This is actually a big problem... worms have successfully managed to DDoS some *major* sites.
:o
Now what if the target of a DDoS was AV companies live update servers?
Anti-virus programs would not be able to download virus signatures against the new worms, making them ineffective unless manually updated.
So, lets not provoke the smart virus writers who can write one for OS X if they put enough time and effort in. Lets stay low key as long as possible
We need a good Mac OS X virus to get us out of the '0' column.
As it is people can claim there simply isn't anybody interested in writing Mac OS X viruses. At least if we got one they'd have to admit it's just damn hard.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I seriously doubt Virus company write their own virus and release into the wild
see this post from
Dr Solly (aka the original Dr Solomon Virus company
in short to confirm the parent poster, no they don't write them.
He needs to be held accountable for this mess!
Let's hope the folks McAfee are smart enough not to open an email attachment from freehotchicks@VxIxAxGxRxA.com
Thoughts and musings on how to release malicious code onto the internet while being physically present in a state hostile to the United States of America and targetting assets of that hostile state, causing a maximum of damage while making it nearly impossible to be traced or identified.
First of all, access to the internet has to be completely anonymous. Many people have used their personal internet access or the one at work. Malicious code _will_ be traced back to the orginating internet access by security agencies of states hostile against the United States of America.
Anonymous access to the internet is easily possible from:
a) unsecured wireless access points
b) internet cafes
Since many public and private places in states that are hostile to the United States are nowadays under 24h covert video surveillance, unsecured wireless access points are safest. The safest way to use an unsecured access point would be from a car travelling at the maximum speed possible for a notebook on board to find a path through an unsecured access point to the internet. The malicious code package however should not be released directly to the internet but onto the first vulnerable system after the AP that has access to the internet. When using the AP the physical MAC-address of the wireless adaptor must not be used for obvious reasons, the card should be programmed with a new MAC-address. After releasing the malicious code package the notebook should immediately securely erase all traces of the malicious code package, the delivery system and the secure eraser. The secure erasure of the mentioned components should also be triggerable by a single keypress. The notebook should be kept under sufficient power and in a state where secure erasure can be triggered at all times (disable screensaver, power low standby etc.). The secure erasure should also be triggered when the notebook is about to enter a state where the secure erasure can not be triggered and completed (low power, etc.). The notebook should not be hooked up to the car's battery nor should any antennas or fixtures be evident that reveal the notebook is being actively used in the car. The warmth of the notebook in operation is not explainable therefore appropiate navigational software and a GPS mouse should be present. It is important to avoid areas where the car could leave identifiable tire tracks. If possible avoid entering zones of known video surveillance or zones where searches by hostile forces can be expected. I know this sounds paranoid but shit happens.
The malicious code should be wrapped into an installer that hides the malicious code onto the first vulnerable target after the access point for a period of at least six days and release the malicious code to the internet preferably on the evening of the friday following the minimum six days.
All code, excluding the delivery system and secure erasure code, should hide on the system using state of the art techniques (filesystem filters, hooking registry access, manipulation of NT kernel data areas).
If the malicious code happens to be a worm, a very slow rate of infection is advised as well as a novel vulnerability being exploited. This is in the hope that the worm will over months penetrate into sensitive intranets without being discovered. As the clock of a given node can not be depended on for accurate time/date information the worm instance should not rely on it to measure time. Instead time should be measured by cpu cycles, poweron/poweroff cycles etc. Systems belonging to a state hostile to the United States of America can be recognized through characteristics discovered through prior intelligence.
All development and testing that takes place while located in a state hostile against the United States of America should be confined to one system. Backups must use state of the art encryption must be accounted for and be destroyed after being superseded. If you (unwisely) choose to keep the final version of the code after the attack, encrypt it with a xor of r
GET A LIFE
viri for one, virii for two, viriii for three, viriv for four, virv for five, and so on..."
That would be one hell of a long word in any practical medical usage.
Maybe not too smart either.
There are plenty of new viruses out there all the time. There is plenty of attention to the nastiness out there, which is good for the market. So some company would tweak their tool so it adds a tiny bit to the general insecure situation.
They'd have to arrange for internal secrecy so few people get to know the issue.
They're ready to take a hit when the next guy does a comparative batch test for viruses and declares their product unsafe.
They can't leave a paper/email trail so you can find out about the bad intent. Or a trail in the sourcetree.
They have to watch out extra for disgruntled ex-employees who want to get even.
It would complicate jobs unnecessarily. And the shareholders would not agree. No good intentions implied.
It could pay more to hype the existing security issues. If it's possible to add to the existing hype.
Yes, NT 3.5.1 and NT 4 both received C2, given a specific configuration and specific hardware. IIRC NT 3.5.1 was "off-the-network, no floppy". The services allowed on a C2 NT4 box:
- Computer Browser
- Microsoft DNS Server
- Netlogon
- NTLM SSP
- RPC Locator
- RPC Service
- TCP/IP NetBIOS Helper
- Spooler
- Server
- WINS
- Workstation
- Event Log
Note that many of these have had remote buffer overflow attacks since they were C2 certified, so you might ask what value C2 really has.To be fair, I looked all over and couldn't find any reference to Win2k, XP or 2003 being C2 certified - if anyone has a link to the contrary, please post.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Yeah, well, you are talking about regimes where the consequences of being discovered are a certain and painful death, I think being paranoid is probably pretty good advice...
But XORing against a random byte stream is not very good advice, because it is much more difficult than you might expect to generate such a random byte stream. Hint: The random number generator that comes with your compiler is not good enough.
... most of the viruses (yes, that is the correct spelling, look it up in an online dictionary if you don't believe me) are actually written, or commissioned, by the Anti-Virus companies. What better way to guarantee their continued demand?
The Anti-Virus companies write and distribute new viruses, and then they provide the "cures" for those viruses. It's a vicious circle.
And, I am soooo glad that I use Linux... I don't have to bother with 99% of the virus/trojan/worm garbage that other people are forced to put up with because they aren't smart enough to run a REAL operating system.
Windows is the biggest reason that viruses exist in the first place. And before you start telling me that virus writers would just focus on Linux if Windows didn't exist, read this and learn the real truth about why there aren't any active viruses for Linux. I don't even have anti-virus software on any of my computers because it just isn't necessary in Linux.
Do you want to get rid of viruses/trojans/worms/etc.? Then install and learn how to use Linux. Solve your problems or shut up.
Boxen -- I bought two boxen of doughnuts.
Shortly after that, I learned that the plural of Moose is Moosen
You're a bit late with this idea. MS Windows has been out in the wild for many years now...
Thank you and good day,
Mal the Elder
switch from "scan on access" to "scan on create"
I wish I could find this setting, I have NAV 2004
Sam
blog.sam.liddicott.com
No no, it's viriiii for four...:)
----- Question authority, but not ours. Hate the man, but we're not him.
What do they kill if the AV software dosen't need to update?
for a swarm of viru has been leashed upon your household. For thus spoke the internet - "Thou shalt no longer hold my people captive to your worldly laws and regulations". And so it was.
These guys do seem a bit like terrorists to me in some ways, although they need a political attachment to make them true terrorists. Remember Bin Laden gave warnings in the weeks leading up to many Al Qaeda attacks. So perhaps they are nut cases, but they have put out real viruses that have caused trouble and I don't think that ignore the warnings.
Alternatively I suppose you might have been higlighting how empty sarcasm is in general, but it seems a bit obscure, and rather off-point.
http://shit.slashdot.org/article.pl?sid=04/10/19/1 519249
I have done some research and visited many websites in the past week or two to find out what a good anti-virus solution is from an industry perspective. More and more I keep hearing it needs "auto updating" features. But I thought, "surely the ellite people of slashdot" would have done more research and realize that there are AV companies with products that need not to update with a virus signature. However, I am disappointed in the fact that I find that no one in this post know such a product exist. I read one or more post that stated "if you write a virus to take out the auto update". That would work for the AV vendors that use updates to fight a virus (such as the major ones listed). But this does nothing for the the AV vendor that does not use updates to fight viruses. How would you write a virus to take the AV company that does not use updates? How do you take out a company that can defend against zero-day exploits? And I'm not talking about the current heuristic scanning method that everyone thinks is the answer. For it is filled with false positives and false negatives. No, I'm talking about the AV vendor that has a different animal all together. Most of the industry and most if not all the people that posted here are still stuck in the era of "auto updates". That time has come to an end. Signature updates are a thing of the past. Simply put, they are not effective enough to combat the fast spreading virus. No, a new solution from a new AV vendor needs to come to light, with a product that doesn't need to update with virus signatures, and dosen't try to dictate what a virus "might" (behavior approach) do. You guys need to look deaper, such a company does exist. But I can't blame slashdot people, or the industry for that matter, for not doing the research. Because major AV vendors have the mental pull in this area. So, when they come out with what they "say" is the next technology (heuristic scanning) to fight the cyber war, they have the ability to make you overlook the real next generation of AV software and believe what they say is true and have you run with it. Heuristic scanning is not the answer either. It's the payload people. We have to stop the payload. And there is a product that does just that.
"pantywaist"
just be thankful we dont have to dead with virc or virm or virMCMXCIX or else we'd have to listen to bad prince songs...
tonight we'll be dancing like it's MCMXCIX....
https://www.gnu.org/philosophy/free-sw.html
It's the one where the anti-virus firms run away from Earth when the virus writers destroy it because they're afraid of the Antivirus project, and then the descendents of the AV firms have to find the good ship Antivirus and use it to blow up the skriptkiddies, right?
And it has John Travolta as a talking llama. Wait, no. Talking lamer. But that's just the way it is.
---
Mod me down, you fucking twits. Go ahead. I dare you.
(I read with sigs off.)
Viri is the plural of vir. vir is man, so viri is men. so the male population os slashdot readers are viri. so you'd electrocure everyone who was trying to type the plurar of vir, viri and accidently hit the i key one to many times boo on you...
How unimaginative of AV companies not to forsee this.
Really, being perplexed makes them look stupid, sack the PR people.
Hey Spydr! Nice English, did a Martian write it for you?!
V I R U S E S !
"Virii" is not a word in any language on this planet.
Thou hast a good point made for thee knowest English was ne'er meant to change.
Time is what keeps everything from happening all at once.
Last week I was stupid enough to let rice bake to the bottom of my gf's favorite pan. She was upset and told me if I could mess it up then I could clean it up too. Anyway, I set to work on that pan until my elbows began to hurt and then took a rest drooling over the pan filled with little bubbles. I fascinated by the randomness of how the little bubbles of foam popped and dissolved. All of the sudden I wanted to mount a camera over the pan and "harvest" the randomness. This I could probably do by dividing the camera image into squares which are assigned a number and that number gets logged whenever a bubble in that square dissolves.
I wouldn't really trust a hardware random generator but if you have a GSM SIM card you can use it to generate a stream of random values of unknown quality. The GSM standard describing the "Subscriber Identitiy Module", GSM 11.11 defines a card command / "APDU" (Application Protocol Data Unit) called "ASK RANDOM" that will return a random value generated by the card's random number generator. I guess if I needed to create a stream of random bytes I would take the random bytes I obtained from the pan full of bubbles and xor them with random values obtained from a new and unused SIM card which I would for example have obtained as a prepaid GSM card at a vending place that does not demand photo id and paid in cash. I would also send the "ASK RANDOM" command to the card a couple thousand times first and then start logging the values, randomly skipping about a third of them, the randomness of the skipping derived from another pan of foamy bubbles.
Come to think of it, I would also later encrypt the random stream itself as well as the resulting ciphertext with 3DES-OFB.
Ooh, a traditionalist!