Slashdot Mirror
MyDoom Seeks to Destroy Antivirus Firms
Khoo writes "Worm writers are threatening to attack antivirus companies F-Secure, Symantec, Trend Micro and McAfee.
In the latest version of MyDoom--MyDoom.AE--the authors embedded a message ridiculing rival worm Netsky and promising to attack the antivirus companies."
... if all of these viruses were something more then a rip-off of a rip-off of a rip-off of someone elses code.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Do you want to use the antivirus product of a company whose network goes down due to a virus?
Evolution or ID?
Really was just a matter of time before an assault. It's a war. Virii vs. the White ('blood cell') Knights. The worst disease in the world is AIDS, not because it kills directly, but because it inhibits immunity entirely. After your anti-virus software is nuked, the most basic of hacks could nail your pc.
I seriously doubt Virus company write their own virus and release into the wild. There are enough virus already. They could hardly keep up. What I worry most is not about the attack toward the anti-virus company, all the anti-virus provider have to do is to set up temporary ip to dodge any Live update DoS. Similar to what Microsoft have done in the past. However, What sort of signal is this sort of news giving to the rest of the coder? Making virus make you more powerful? I have heard somewhere that if you control 10,000 machince on the internet, you are unstopable. That only lead me to wonder how many people out there actually control that amount of machince, and worst yet. What if they join together as an alliances and destory anything in their path for immature reason? Dalnet came to mind.. don't know anything else that have been heavily damaged by DoS. Can anyone else point out?
You don't read Slashdot much, do you? Look at the wonderful use of the word "your" for "you're" as well as the numerous renderings of "where"/"were"/"we're" or "their" and "there".
Hmm, maybe the same folks who can't spell correctly on this site are the same ones writing these worms and viruses. Nawww, that couldn't be true.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Why hadn't this happened sooner (if it really does happen)? I know companies like Microsoft and SCO are understandable targets fir these cretin, but wouldn't you think that their natural enemy would be the anti-viri firms? If this does come off, am anxious to see what the reaction is.
My
r u t311in m3 taht 1337 inst A l4ngooaje?????
I read somewhere that MyDoom was named because the virus when viewed in an ASCII viewer contains an amount of freetext that was meant to say 'mydomain' but instead it was mis-spelt in the virus to say 'mydoomain' - hence MyDoom.
Think about it the last few years have seen some rather sloppy coded worms and virus. None of them have been intentionally malicious. I am worried about the guy sitting at home pissed off at the world and actually knowing what he is doing with a compiler. Virus scanners are a false sense of security, somebody that knows what he is doing can devastate most of the worlds networks in seconds. By the time the virus definitions are updated everything has gone black.
So much for the traditional arguments made by virus writers that they're trying to force better security practices. Either that, or running anti-virus software isn't considered a security practice by virus writers.
I wish I still had the e-mails handy, but I once communicated with a reformed Mac virus writer in the mid-90's. (The Mac platform had a minor virus epidemic in the late-80's to early-90's before the Windows platform overshadowed it.)
His explanation at the time was that both the Mac and Windows APIs felt very "constrained" at the time, and he wanted to experiment with what parts of the OS functionality were usable in certain contexts. IIRC, he was one of the first to exploit an old "UI drawing resource" security flaw that was patched during the System 7 era.
Prior to the 'Net, most virus writers wrote the things out of curiosity or accident, since a computer's primary function is to simply copy and move numerical data. That's essential what a virus or worm is: a mere data replicator. Now that most PC are connected to a worldwide network, unvetted data copying is considered dangerous by many. This is partly why some in the business and media worlds regard P2P sharing and open source as part of the same "underground" as virus writing and software piracy. Most end users nowadays have completely forgotten that computers are simply Xerox copiers at a fundamental level.
Those who complain about affect & effect on
These viruses/worms don't do a damn thing.
You know what would be a great virus/worm? One that totally fucks up the partitions on your hard drive forcing you to reformat and lose all your data.
Now THAT would be a funny virus. Imagine that getting spread across corporate america... you think it cost a lot to take 3 minutes out of the day to update virus defs and do a scan? Wait till you need to take hours out to reformat and reinstall.
These are what worms/viruses should be. Not this "Hacked by chinese" bullshit.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
In my experience, it should be at the top of the list.
So, lets not provoke the smart virus writers who can write one for OS X if they put enough time and effort in. Lets stay low key as long as possible
We need a good Mac OS X virus to get us out of the '0' column.
As it is people can claim there simply isn't anybody interested in writing Mac OS X viruses. At least if we got one they'd have to admit it's just damn hard.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
There are worse threats. Right now, virus writers seem to be distracted by the easy money from spam, botnets, etc. I'm not sure this is bad. I think I'd rather be cluttering the net with more spam than rewriting my hard drives. Fortunately, my sistem has been, if not hardened, at least pretty thoroughly gelled.
What I say does not represent the views of my employers, my friends, my cats, or myself.
Thoughts and musings on how to release malicious code onto the internet while being physically present in a state hostile to the United States of America and targetting assets of that hostile state, causing a maximum of damage while making it nearly impossible to be traced or identified.
First of all, access to the internet has to be completely anonymous. Many people have used their personal internet access or the one at work. Malicious code _will_ be traced back to the orginating internet access by security agencies of states hostile against the United States of America.
Anonymous access to the internet is easily possible from:
a) unsecured wireless access points
b) internet cafes
Since many public and private places in states that are hostile to the United States are nowadays under 24h covert video surveillance, unsecured wireless access points are safest. The safest way to use an unsecured access point would be from a car travelling at the maximum speed possible for a notebook on board to find a path through an unsecured access point to the internet. The malicious code package however should not be released directly to the internet but onto the first vulnerable system after the AP that has access to the internet. When using the AP the physical MAC-address of the wireless adaptor must not be used for obvious reasons, the card should be programmed with a new MAC-address. After releasing the malicious code package the notebook should immediately securely erase all traces of the malicious code package, the delivery system and the secure eraser. The secure erasure of the mentioned components should also be triggerable by a single keypress. The notebook should be kept under sufficient power and in a state where secure erasure can be triggered at all times (disable screensaver, power low standby etc.). The secure erasure should also be triggered when the notebook is about to enter a state where the secure erasure can not be triggered and completed (low power, etc.). The notebook should not be hooked up to the car's battery nor should any antennas or fixtures be evident that reveal the notebook is being actively used in the car. The warmth of the notebook in operation is not explainable therefore appropiate navigational software and a GPS mouse should be present. It is important to avoid areas where the car could leave identifiable tire tracks. If possible avoid entering zones of known video surveillance or zones where searches by hostile forces can be expected. I know this sounds paranoid but shit happens.
The malicious code should be wrapped into an installer that hides the malicious code onto the first vulnerable target after the access point for a period of at least six days and release the malicious code to the internet preferably on the evening of the friday following the minimum six days.
All code, excluding the delivery system and secure erasure code, should hide on the system using state of the art techniques (filesystem filters, hooking registry access, manipulation of NT kernel data areas).
If the malicious code happens to be a worm, a very slow rate of infection is advised as well as a novel vulnerability being exploited. This is in the hope that the worm will over months penetrate into sensitive intranets without being discovered. As the clock of a given node can not be depended on for accurate time/date information the worm instance should not rely on it to measure time. Instead time should be measured by cpu cycles, poweron/poweroff cycles etc. Systems belonging to a state hostile to the United States of America can be recognized through characteristics discovered through prior intelligence.
All development and testing that takes place while located in a state hostile against the United States of America should be confined to one system. Backups must use state of the art encryption must be accounted for and be destroyed after being superseded. If you (unwisely) choose to keep the final version of the code after the attack, encrypt it with a xor of r
I say virii and get paid to do so. As english is a high context language, your little diatribe helps "educate" in no meaningful way. Toodles.
Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
Maybe not too smart either.
There are plenty of new viruses out there all the time. There is plenty of attention to the nastiness out there, which is good for the market. So some company would tweak their tool so it adds a tiny bit to the general insecure situation.
They'd have to arrange for internal secrecy so few people get to know the issue.
They're ready to take a hit when the next guy does a comparative batch test for viruses and declares their product unsafe.
They can't leave a paper/email trail so you can find out about the bad intent. Or a trail in the sourcetree.
They have to watch out extra for disgruntled ex-employees who want to get even.
It would complicate jobs unnecessarily. And the shareholders would not agree. No good intentions implied.
It could pay more to hype the existing security issues. If it's possible to add to the existing hype.