Slashdot Mirror
Lycos Anti-Spam Screensaver Inspires Trojan
Even though it's been withdrawn, the Lycos anti-spam screensaver is not forgotten.
Rollie Hawk writes "And with this, the 'What's Good for the Goose...' award goes to all those people trying to install that notorious spam-attacking Lycos screen saver but ended up with a Trojan horse instead. This trojan is spreading via email with the subject line 'Be the first to fight spam with Lycos screen saver,' tucked in an innocent-looking file called 'Lycos screensaver to fight spam.zip.' According to F-Secure, this trojan contains keylogger elements but little more has been specified. The only question I have is how long until the 'I promise to clean that trojan disguised as a DDoSing Lycos screen saver.exe' virus gets released."
Trojan maaaan! Trojan maaaaan!
But i guess Lycos are rubbing their hands... all publicity is good publicity.
Well isn't that the basis of most trojans?
"I promise to clean your room, do your homework, give you neck rubs, check for typos, and build a perpetual motion machine!"
If they really wanted to, they could have tacked on a trojan that had absolutely nothing to do with the screensaver and call it that anyway.
I'm actually surprised the trojan doesn't DDoS Lycos.
+5, Truth
Of course, that doesn't make formal systems, immune systems, or anti-spam screen savers useless.
Behold the riant ape! Beware, his crooked thumbs!
I wonder though, just how many people are going to want to fight spam using an attachemnt that arrives in a spam email?
Fighting back with the same measure is not always the solution.
Fighting violence with violence doesn't work. Why should fighting spam with spam work any better?
Does it still count as news, to be told something that you KNEW was going to happen, has happened?
We have slashdot with articles of the same credibility as spam, instant DOS attack, and a perpetual masturbation machine all rolled into one.
1) Don't take candy from strangers.
2) Don't open email attachments from strangers.
-Mom and Dad
Of course everyone knows that you should always open email attachments that you aren't expecting from people that you don't know...
Anyone who opens and runs a *.zip or *.exe file in an email without requesting this get's what they deserve. These are the same damn people who open every virus ever sent to them, pass it on to others, install gator, and are part of zombie networks. I have no sympathy.
What's next, a hot new game that is also an anti-virus tool? Reminds me of the old SNL bit "It's a floor wax. It's a dessert topping. Actually it's BOTH!".
OK, for the last time Mom and Dad...
Don't open email attachments from strangers.
-Your children
Wow, you completely twisted around the post. The post is just about Lycos getting a bunch of press, and someone created a trojan around it. It has nothing to do with the motives behind lycos.
.
Hell, just look at all of the Free_Virus_Scanner_[Im_Really_A_Trojan].exe
Don't think that these trojan writers are ethical in any way. They aren't creating the trojan because they disagree with the screensaver's purpose. They are creating the trojan because that's what trojan creaters do.
How many of you didn't see this coming?
Shady programs attract shady characters and shady tactics.
Doesn't matter if its by a major corporation or John Q. Crackdealer.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Two part message, required to avoid error. Incorrect. There are two means here, to specify: 1. To fight violence with overwhelming violence, that is to kill every individual responsible and physically demolish all former resources to commit violence. 2. To fight violence with specific and controlled violence, not the covert operation but by negotiation that preserves the standing of all parties involved by allowing each to demolish a bit of the other. It is the comment and spirit that fighting violence with violence has never worked, so far as it has been defined above, that has never "worked" in that the passive and unresisting without diplomatic or other social support have always been killed and have always been superseded in effect by those willing to use violence against violence as described.
Will everyone please use the proper terms for these objects? "Misnaming Viruses" would've been my choice for the peeve poll:
A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents.
A Trojan is a malicious program that is disguised as legitimate software.
A computer worm is self-replicating, but is self-contained and does not need to be part of another program to propagate itself.
So most of the so-called viruses that are out there are really Trojans - they claim to be one thing, but are actually something else. Once you delete the original(s), you're finished; they don't generally infect your other files to propagate, they just make several copies of themselves independent of your programs. Other than macro viruses, there are very few true viruses in the wild these days.
Does the "screen saver" work in Wine? I want the benefits of the trojan without the overhead of an antivirus program.
Second part. The response made by Lycos is a good demonstration of the principle that was beneficial for the company as Lycos is now a more common word than before. The problem is the nature of an unthinking human, not necessarily ignorant, only unthinking at the moment that allows this opportunity for malevolent virus distributors to gain what they try to gain by that distribution. The tactic implemented by Lycos is appropriate, and if regulated carefully and done by volunteers en mass would effectively render the spam operations uneconomical and demolish them.
Increasingly I'm thinking that the only option to stay truly safe on the net or to keep from getting frustrated from the never-ending battle of "white hats vs. black hats" so-to-speak, is not to play at all.
I mean, if it's spreading like wildfire that means people are still just as uneducated OR want to harm the spammers and do something stupid because of it. No matter how much I try to educate people in our department about opening attachements before scanning them, or to ask themselves "do I know the guy that sent me this?" or to give their friend a call to double check on that unsolicited attachment's legitimacy, people still open the d*mn things anyway and *POOF* get nailed by something nasty.
So why should I or they even play the game of using the 'net for anything - if we have a choice in the matter?
If you can't ever win, and by win I mean be productive good workers by using the computer WITHOUT getting a virus that screws you over, DON'T PLAY THE GAME! Disconnect and drop internet cord altogether.
Personally, I'm not there yet but wonder more and more often when I see stuff like this whether it's coming to that
What do other /.-ers think about that?
When the Windows user has file extension hiding turned on (Microsoft's default), the attachment yohavewon.txt.exe appears to them as youhavewon.txt. It doesn't take much for the malware writer to use the standard windows "text file" icon as the application's icon, and the social engineering attack is complete.
I will not believe that Microsoft takes security seriously until they they issue updates for all their operating systems to disable this misfeature permanently.
I've posted my thoughts on the situation right here. Comments are very welcomed.
Who says violence with violence doesn't work??
;^9
Didn't you see Boondock Saints??
Of blankness, I know nothing.
So how much longer till someone gets so torq'd by spam that they write a worm to DDOS the spammers.
... you can imagine the rest.
Considering the way most spam gets sent by zombies, this might be a worm that targets zombie machines
Zombie gets told to send spam, calls his zombie friends, then they DDOS the box that sent the request, then they do some evil to "alert" the owner that they're box is corrupted.
I think the only reason we haven't seen this is all the good worm writers are writing the worms to make spam zombies.
Would any of this actually help or make things better? I doubt it. Fighting evil in an evil manner rarely results in an improvement (insert Iraq, El Salvador, Afganistan comments here).
----- If communism is a system where the government owns business, what do you call a system where business owns govern
In case you've forgotten, these days it is spammers who write (or fund the writing of) worms/viruses. The screen saver "took it up a notch" in the battle, and the spammers are just responding in the only way they know how; spamming :)
... an innocent-looking file called 'Lycos screensaver to fight spam.zip.
It's a matter of personal experience, but if a distributed file has an unsubtle and self-describing (yet imprecise) name like "screensaver to fight spam", it's automaticallly suspect. Legitimate programs just aren't named like that.
No, it only spreads on Windows PCs because Linux users generally won't download an executable file from a conspicuous e-mail.
Fortunately with the retirerment of the Anti-spam screensaver the developer's now have time to work on the Anti-Trojan screensaver...
Watch this counterattack:
:(
Email (spam) sent to me today, below.
lowmorgage.net apparently points to makelovenotspam.com, which gives 580 Server Error!!
Date: Wed, 08 Dec 2004 15:47:09 +0200
From: "Melissa Sutton"
To: MY EMAIL ADDRESS
Subject: We all go thru it.
Sender: "Melissa Sutton"
So here's the story,
I asked my parents and friends, for a little loan,
The interest rates on my m0rtgage were killing me
And i'd like to "live a little" too...
But they couldn't help me out right now....
Luckily, I found these guys;
http://www.lowmorgage.net/x/loan2.php?id=d37
Just thought you might like to know.
Melissa Sutton
... how long until we can begin summary executions for spammers. At this point, I don't care about the intrusion, I want retribution. I think the Lycos idea was one of the best I had heard of in a long time -- hit them where it hurts(bandwidth costs).
I have said the same thing here before... "slashdot the spammer's sites so they melt like a stick of butter"... I never thought of the even better idea "slashdot the spammer's sites to within an inch of their capacity so they stay online accrueing bandwidth charges"...
All the ninnies whining about lowering ourselves to their level, etc..., are rubes. Sometimes you gotta punch that bully's lights out who is stealing your lunch money(or else get someone bigger to do it for you).
I fight spam the exact same way (only on a much smaller level). I make sure to submit the email address of the registered domain owner for whatever pharmacy/deal site/mortgage broker that is being hawked, to at least a hundred of their 'assosciates' sites just to make sure they aren't missing any of the great offers out there (the ones filling up my inbox)...
We apologise for the fault in this post. Those responsible have been sacked. -- Signed RICHARD M. NIXON
... instead to fight the damn scammers and scammers:
http://www.aa419.org/ladvampire.html
open in your favourite webrowser and run it on huge broadbandconnections all day long 24/7 if you dont pay for bandwidth. dont use http-proxies for this page.
it will generate huge traffic for the scam/spam sites, and hopefully providers to shut down those damn pages.
thank you
Nay. Windows virii and trojans spread because typical Windoze users log in with local Administrator permissions. This makes things easier for them because you need to log out, then in again to actually become Administrator. Most users don't know about "runas" (a.k.a. Windows sudo) so ... Thus malware can infect the machine with Admin permissions, e.g. modify a boot sector, etc. Once you take away local Admin perms, things look WAY better. (Once you stop using IE or Outlook Express things look WAY better too).
The difference between Windows and Linux (beside the binary incompatibility) is that Linux users usually don't do their everyday work as root. And the Linux community doesn't need a whole year to fix JPEG file vulnerabilities. (D'oh).
One thing that is going to change once Linux gets more market share on the desktop: More clueless morons running unpatched systems. That's not going to harm properly administered systems, though.
Or at least go for the maximum irony and turn infected machines into spam-flinging zombies.
I mean, seriously. No sense of style.
Wikipedia
WWII solved most problems, it was the givebacks afterwards that caused the problems you cite.
>> tucked in an innocent-looking file called
>>'Lycos screensaver to fight spam.zip.'
In other news, a man in Reseda, CA, was shocked to discover that he'd been fleeced by a fraudulent business who's innocent-looking byline was:
"US Grreen CarrRd L0ttery 2005"
Seriously -- doesn't this seem like further proof that the people writing these lame-ass virii are really only interested in duping the dumbest of the dumb? I mean, they could've given it the exact same name as the real executable and caught some *vaguely* savvy people... Why not?
Yeah, many Linux users take source or nothing.
Especially those Gentoo users. "If I can't compile it myself, it's not worth having."
"Your effort to remain what you are is what limits you."
It would give a quick tutorial question on Windows security and won't let you out until you get it right.
One line blog. I hear that they're called Twitters now.
They make a virtue out of a necessity.
The real solution for this remains application level security, something neither Windows nor Linux has.
/. says to the contrary. Go join (any project)-devel, and wait a couple hours, and you'll see:
An untrusted application, regardless of if it is built from source, received by e-mail, or appears on your hard drive from God himself needs to be viewed with sceptisism until you can verify the source.
So long as operating systems depend solely on user level security to prevent attacks, the brainless monkeys sitting between the keyboard and the screen will click and run the applications.
Is it an issue on Linux? It will be, regardless of what anyone on
From: Some Clueless Newbie (newbie@hotmail.com)
subj: HELP?!!!!!!!!!!!!!!!!!!
date: today
I can't compile! please help!
Note that the clueless newbie won't give any accurate information on their problem (so that anyone can help), and will usually repeat their message 8 to 10 times over a 4 day period of time, ignoring all the replies of "what do you need?"
If I responded to the newbie's problem with a root kit attached to the end of an e-mail message and told them to run it, they would.
You can say that's not the average Linux user, and I'll agree with you, but the fact someone has taken a Linux distros CD and popped it in their drive in no way causes a brain to sprout in their head if there was not previously one there.
There are Linux programs, and I know you've seen them, that suggest that you run them as root so they can access video and audio. While you can just grant access to these devices, and adjust the Linux configuration so root isn't required, it's a lot faster solution to tell the people to run as root, and tech support looks for fast fixes.
This is what has happened on Windows, and if you believe Linux is going to displace Windows, you'll expect the same thing to happen there.
Most Windows NT distributions (I'm not sure about XP Home) in fact do ask for you to create a separate user account unless you're in a domain. The issue is that software is often poorly written, and requires access that it shouldn't, and so the user's run as admin to run that software.
But at any rate, letting a user be compromised is only academically better than letting the entire system be compromised.
If your code is acting bloated, and is running rather slow, it's likely and predicted that some loops you will unroll.
Lets see how that virus turns out...
Comment removed based on user account deletion
its just a trojan, i get like 10 trojans a day, claiming to be pictures of my hot neighbor, a new antivirus program, a utility to "Secure" my personal finances... this just has nothing to do with the lycos spam DDOS thing, other than name.
tasty electronic music vittles
2) Stupid people will open attachments blindly.
3) A Trojan sent as an attachment will DDoS competetion.
4) Profit!
The Gnomes would be proud.
UTF-8: There and Back Again
as usual, a /. story is really misleading... there is nothing news worthy here at all.
... you get a trojan, many of which DDOS websites ...
Isn't this a good thing, cos you get the same features but get to keep your existing screensaver?
That's very interesting. Are there other pages out there that do this in different categories? Is the code behind this available?
A billion spams a day really trashes the "exclusive" image.
Next status symbol target: Tiffany's. The spam is out there.
"Computer Viri" the next crisis to be solved by:
1) Life sentences for hackers
2) Government licensing of programmers
3) Government clearinghouse for "clean" code
4) Government "certified" computers
5) Government approval of all software
6) Government "war on hackers"
7) International coalition invades Canada to eliminate "Weapons of Mass Software Destruction"
8) Registration, and safety inspections required on all computers.
9) Government licensing of computer users
10) Government security clearances required for a programmers license.
11) Mass burnings of computer programming books
12) Linching of suspected hackers
13) Psycological testing of applicants for programmer licenses to determine if they are predispositioned for violence or hacking
Gosh I could write a novel with this theme!!!
And a Movie
And a TV Series
And DVD Sales!!!!!!!
Supra et Ultra
#!/bin/bash :;i ng > /dev/null /dev/null /dev/null
while
do
wget -O - --timeout=15 http://random.seeitfr33trial.biz/cheap/?man=spamm
wget -O - --timeout=15 http://www.bhex.com/rep/rolx/ >
wget -O - --timeout=15 http://www.avtechcomputers.com >
done
Of course, I don't actually run this--spam apologists might think it's illegal or unethical to drain bandwidth from spammers.
CEE5210S The signal SIGHUP was received.
http://shit.slashdot.org/article.pl?sid=04/12/08/1 350203
Ever since the lycos screensaver has been released a blog I maintain has had unusual surges of traffic on old inaccessible urls. The requests seem to come from multiple ips and don't seem to be from spammers since some of the requests are coming from Microsoft. These requests have greatly increased our bandwidth use and threaten to get our hosting banned for violating the TOS.
Someone here posted a link to http://www.aa419.org/ladvampire.html, and I found it was very easy to change the web sites and images to download pictures from the spam sites of your choosing instead of the 419 scammers the aa419.org site gives you. Just open the page source, and save to your desktop.
e =www), picked 16 of them, went to the site and got the url for some of their images, and pasted them into the saved html from aa419.org (the sites and picture location urls are all the way at the bottom of the code). You can get the sites/images from your email as well.
I went to the spamcop.net list of spamvertised web sites (http://www.spamcop.net/w3m?action=inprogress;typ
I set the saved page as my home page, and put a shortcut into my startup folder, and viola! I am costing spammers money and bandwidth just like makelovenotspam did every time I start my computer. As there are thousands of spam sites, no one will end up DDOSed, as I doubt many people will try or hear of this method. I would definitely make sure your windows updates are at the latest level, and get a new set of spammers each week to keep the links fresh. aa419.com recommends you turn the browser cache off so the images load from the site instead of the hard drive.
You may have to play with it a bit - for some reason only 9 of the 16 images I put in are loading, but I am very happy that it works.
I have not checked with the people at the aa419.org site, but I don't think they will be too angry that their work is being used for spammers as well, and not just 419 scammers.
Look up the original of this, Spam Vampire. It appends a fake query to each URL, varying the number in the query, so each one looks unique and the browser cache and any network caches along the way are neatly bypassed.
Beware, though, of a couple of caveats with this type of spammerhammer:
Also, there is nothing magic about 16 images or URLs. If you get the Spam Vampire source and follow the sample and the format already present, you can add as many or as few base URLs and image filenames as you like. Extra path elements can be either with the base URL, ending in "/", or with the filenames.
Look at the bright side: there's always seppuku.