MyDoom Strikes Again

Renegade334 writes "Months after the last attack of MyDoom, MyDoom.AI returns. Like usual it was spread by e-mails with claims to have attachments that contain passwords for adult websites."

MY CORNHOLE STRIKES AGAIN

[arothstein]

*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_
g_______________________________________________g_ _
o_/_____\_____________\____________/____\_______o_ _
a|_______|_____________\__________|______|______a_ _
t|_______`._____________|_________|_______:_____t_ _
s`________|_____________|________\|_______|_____s_ _
e_\_______|_/_______/__\\\___--___\\_______:____e_ _
x__\______\/____--~~__________~--__|_\_____|____x_ _
*___\______\_-~____________________~-_\____|____*_ _
g____\______\_________.--------.______\|___|____g_ _
o______\_____\______//_________(_(__>__\___|____o_ _
a_______\___.__C____)_________(_(____>__|__/____a_ _
t_______/\_|___C_____)/TOSS_MY\(_____>__|_/_____t_ _
s______/_/\|___C_____)_SALAD__|_(___>___/__\____s_ _
e_____|___(____C_____)\CMDRTACO_//__/_/_____\___e_ _
x_____|____\__|_____\\_________//_(__/_______|__x_ _
*____|_\____\____)___`----___--'_____________|__*_ _
g____|__\______________\_______/____________/_|_g_ _
o___|______________/____|_____|__\____________|_o_ _
a___|_____________|____/_______\__\___________|_a_ _
t___|__________/_/____|_________|__\___________|t_ _
s___|_________/_/______\__/\___/____|__________|s_ _
e__|_________/_/________|____|_______|_________|e_ _
x__|__________|_________|____|_______|_________|x_ _
*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Re:MY CORNHOLE STRIKES AGAIN

See previous related story!

dewdz

no way

Nice

[MPHellwig]

The clients that are affected will not dare to tell me.

Re:Nice

[xstonedogx]

If I know my clients, they're all infected. It's my folks I'm worried about.

Re:Nice

[SolusSD]

haha, my friends would not dare tell me for fear of being made fun of. several of them defend having to use antivirus software, defrag their hard drives, scan for spyware and adware, and scream when there firewall goes down

Wish...

[XFilesFMDS1013]

I wish enough people had learned the first time through.... Sooner or later, enough people are going ot get pissed off that something FINALLY gets done.

Re:Wish...

[AndroidCat]

Learned the first time? There are probably people still infected with Code Red. (Unless some other virus came along and patched that hole.)

wow

crazyness. tps

Actually, it's under control

[sebFlyte]

It's being reported that thanks to pro-active action from the porn site in question, the problem is under control...

Re:Actually, it's under control

[stupidfoo]

Sort of. It only helps if people actually visit that porn site before they open the attachment.

Re:Actually, it's under control

[Mz6]

No... The email contained LINKED images to the website in question. Therefore, all the website had to do was swap the linked images in the email for warnings that this message contians a virus.

Re:Actually, it's under control

[IainHere]

It's being reported [zdnet.co.uk] that thanks to pro-active action from the porn site in question, the problem is under control...

--
One swallow does not a summer make.

Excellent sig. Did you choose it just for this story?

Re:Actually, it's under control

[Skidge]

Porn to the rescue, yet again! We have that industry to thanks for many things: rapidly accelerating the advance and acceptance of new media technologies, keeping First Amendment lawyers employed, and giving sorority girls a shot at fame during Spring Break, to name a few.

Re:Actually, it's under control

[stupidfoo]

Ahh.. you are correct. I only skimmed TFA.

Re:Actually, it's under control

[maxwell+demon]

Unless they use a mailer which doesn't show images ... but then, they probably won't open random attachments anyway.

Re:Actually, it's under control

[sebFlyte]

No, it's my standard one. I only just noticed that it's lost the attribution to Aristotle.

Re:Actually, it's under control

BTW: It's a very nice pornsite: http://worldxxxpass.com/

Re:Actually, it's under control

[Alan]

But of course, someone using a paranoid mailer but still wanting to see porn might.

Re: Actually, it's under control

[Black+Parrot]

> Porn to the rescue, yet again!

Porn is like God: it helps those who help themselves.

Re:Actually, it's under control

[CrankyFool]

And then of course there's the Coupling (British relationship comedy -- think Friends, but smarter and funny) version -- 'One swallow does not a relationship make.'

Re:Actually, it's under control

They replaced the images with the 1980s ones of Bill Gates from the previous story?

Re: Actually, it's under control

[Fulg]

> Porn is like God: it helps those who help themselves.

LOL! Where are my mod points when I need them... Definite +5 Funny!

this is IT !! i'm outta here.

[Neo's+Nemesis]

i've had enough. even after learning about already existing about n+ variations of mydoom, folks on this planet still have to run every executable files from strangers with questionable topics.

i guess computer usage should also be decided on IQ.

Re:this is IT !! i'm outta here.

[Basehart]

how can people fall for this same old tired trick every single time? Maybe it's the same people who actually buy things from spam ads!

Re:this is IT !! i'm outta here.

[peragrin]

The last election was in the USA. And those with triple digit I.Q.'s couldn't out number the two digit I.Q.'s.

Of course the difference must be spoken. roughly 99 average for Bush, and a 102 average for Kerry. Not that huge of a gap.

Re:this is IT !! i'm outta here.

[shic]

That old chestnut - users invite viruses and worms through stupid behaviour: that much is true. If you believe this apparently dumb behaviour is a consequence of some in innate inability (such as a low IQ) then you are a bigger fool than you claim others to be. The reason users take no notice of your warnings is that they couldn't care less - if their actions cause problems then "the computer went wrong" and someone else will have to sort that out. The personal consequences of ignoring warnings about good practice are smaller than the effort and willpower required to act sensibly.

Re:this is IT !! i'm outta here.

[Hasai]

*shrug* Why do you think municipalities started requiring a license/certificate of training in order to legally operate an automobile?

It's been my own long, painful experience that most people are as dumb as a box of rocks. But, hey; don't get upset about it, profit from it. Charge $250USD a pop to clean-up their brainless screw-ups. Long-term personal prosperity will be assured.

Re:this is IT !! i'm outta here.

[innerweb]

This is the right attitude. It used to bother me that my clients would not listen and do things that were good for them (even the simple easy dirt cheap things), then I figured out, it is all about comfort levels. If the client is comfortable where things are they will not change. SO, now I simply give them a written explanation of what they need to do (or not do), and list the fee for fixing each of the problems they might encounter if they do not do as instructed. Get this, many have actually thanked me for letting them know the cost of fixing things up front. Instead of just doing things the right way, they were happy to have a dollar amount they could plug into their projected expenses. If that does not tell you anything, nothing will.

We recently had major flooding. Several of my clients have businesses in the flood zone (much cheaper rent). Most of those followed my advice and moved their hardware upstairs. A few did not and are not paying me major bucks for reinstalling, rebuilding and recovering everything they need. If they had just taken a day and moved eveything the first time (they are all now moving upstairs), then they would have saved much money and even more downtime.

But, in the end, how they run their business is their choice. All I can do is offer my advice and hope they listen.

InnerWeb

Re:this is IT !! i'm outta here.

[EmperorKagato]

I agree. As a fellow member in the IT field you have to show why they should care. Especially users who are on your IT department's #1 call on the help desk list. Members of my department and I who respond to virus reports usually talk with them while cleaning their computers and try to give them an enjoyable experience while waiting for Ad-aware to clean up 1000 adware objects on a Gateway 350mhz P2.

If you show that you care about them. They will care more about work than personal browsing.

Re:this is IT !! i'm outta here.

[danknight]

why is this Offtopic? parent was talking IQ.seems like a logical reply

Re:this is IT !! i'm outta here.

[randallpowell]

Makes me wonder if MyDoom is GPLed.

Re:this is IT !! i'm outta here.

[randallpowell]

Great! Bush bashing. I blame this on Bush and his cronies by sending jobs overseas. Now angry programmers are getting back at the anti-intellectuals in America and rightfully so. Bush allowed 100,000 viruses to be released last year and failed the domestic Internet security and allowed these things to violate homeland security. These people will never learn. They're Republicians after all.

Re:this is IT !! i'm outta here.

[ScentCone]

You're right, it should have been modded a troll. If you can't see why someone thinking that being ignorant/naive about mail attachments is the same as having a low IQ, then you really don't get a lot of things. Like the previous poster, who assumes that only dumb people voted for Bush. Guess what: some of us have better than a 130, don't go to church, think Bush is wrong about plenty of stuff, but still wouldn't have voted for Kerry for anything. Just because Hollywood and socialists like him doesn't mean I have to. I've got bones to pick with Bush, but it's not about IQ. Neither is opening mail that appears to be from your employer, and not understanding the consquences if you've never been an expert. What, everybody you know is an IT professional? Small world you live in.

Re:this is IT !! i'm outta here.

[rudabager]

Where are you going? Oh and your little comment about computer usage should be decided on IQ... well an idea (however humorous) rocks the foundation of the principals of the internet as being a world wide open forum. I dont want to start my own thread here, but just know that even suggesting such a thing is skating on thin ice. ie. dont give the government the wrong idea.

Re:this is IT !! i'm outta here.

[ScentCone]

even after learning

Come on, really. What makes you assume that everyone has learned about it? Or that even a tiny minority of non-IT-pros has truly "learned" about this any more than they have learned how to drive well, not block the grocery store aisle with their cart, spend less money than they have, not stub their toe in the dark, or a thousand other things that people, even high-wattage people, still do?

Everybody can't do every thing well, or even close to well. The key is providing them with tools that help them help themselves (see MS's latest anti-spyware tools - quite good), and to absolutely pummel the parasitic scumbags that look to ruin lives or just productivity through their little malware stunts.

No nerds would have jobs if all of IT was foolproof. Just like car mechanics wouldn't have jobs, plumbers wouldn't have jobs, and doctors wouldn't have jobs. Perhaps you meant that people should have to pass some sort of rhetoric ability test before they're allowed to spout crap online.

Your rhetorical skills aside, you're probably not actually dimwitted. Suppose you received a standard mail-order looking box in the mail today. Would you open it? People killed or injured by the Unabomber did. Smart, highly trained people. Malware payloads aren't much different... when you're a busy person with a non-IT focus, IT is just background to you, like receiving postal mail and shipments. Try to think about it like a non-nerd for five minutes.

Re:this is IT !! i'm outta here.

[inimicus]

Been said before

UserFriendly, Nov. 14, 1999

Re:this is IT !! i'm outta here.

[Neo's+Nemesis]

considering that there have been numerous training classes to employees in almost all major companies about dangers of opening unsolicited emails and emails with questionable content (even if by known person), it pisses off me, and many others when the same thing iterates itself.
i was exaggerating when i referred to the level of usage on basis of IQ. you didnt find the sarcasm behind it and took it too literally.

Re:this is IT !! i'm outta here.

[Sylver+Dragon]

I've always thought along similar lines. Most people can't or won't bother learning enough about their computer to take care of it. They would rather pay for someone else to clean it up from time to time. To me this is a good thing! I can do something that isn't really that hard (try replacing an asphalt shingle roof sometime) and charge US$50/hour to do it.
Truth is we all do this in some places in our lives. Many of us (myself included) really don't want to do automotive work. I can, but I just don't enjoy it and am not that great at it, I would rather pay someone else, more talented than myself, to do it. Having tried it, I'll never do a roof again, I'll just pay someone else to do it. I eat meat regularly, but I haven't the slightest clue of how to do a butcher's job. If we all spent some time and thought about it, we'd find that there are services and products we consume, which we would be hard pressed to supply ourselves. This isn't a sign of a lack of intellegence, it's simply a symptom of our specialized society. There is simply too many jobs and to much knowledge for one person to have. So, we have different people who specialize in what they are good at. We use money for a medium of exchange, and all exchange our services with each other.
Those of us who happen to be good with computers and/or cleaning up an infected PC sell that service to others who don't want to spend their time in that area, so they hire us, making us valuable. In a lot of ways we are comparable to mechanics. We fix a broken machine for a price. We are paid because we have the knowledge and tools to do the job, and most people could care less about how the computer works, but it would require effort.
Anytime you think about insulting the end users, keep in mind that their ignorance is what is paying your bills. If everyone was able to keep their computer running smoothly and virus free by themselves, most of us would have to get a real job. Ya, it's not fun to clean up an infested Windows machine, but would you rather be flipping burgers?

Re:this is IT !! i'm outta here.

Everyone keeps saying this! It's those damned (l)users again!

Well, it isn't! One of the first things this virus does is create a new startup in the Directory. The second thing it does is to scan through the e-mail address book and mail itself to addresses from it. Why, oh why does any e-mail attachment run have access to the Registry? And why, oh why does the Registry lump things like system settings into the same file as user settings? Why, oh why does anything executed from an e-mail attachment have access to things like my mail list? oh, fsck it! there is no arguing with idiots!

Damnit, these problems are Microsoft design-related problems, NOT (l)user problems.

Re:this is IT !! i'm outta here.

[rudabager]

I did see the sarcasm, but I know others would miss it... perhaps even intentionally. Not to go off topic, but I have heard things about laws being made requiring internet users to have a license. Even though it is probably a myth this scares me. So you can understand my concern... I hope.

Re:this is IT !! i'm outta here.

[StikyPad]

Hmm.. There is an equal number of people on both sides of the 100 mark, since 100 is nothing more than the arbitrary value assigned to the median score. If society at large starts scoring better, the median changes accordingly. You're basically saying that a pound of sand didn't outweigh a pound of dirt.

eat more wurms, dem good

NZZ Format, the TV format of "Neue Züricher Zeitung" will broadcast a program with the title "Das Ende des Ölzeitalters" ("End Of The Oil Age").

http://www-x.nzz.ch/format/broadcasts/broad_448. ht ml

The broadcast is in german and to be seen on SF2 on sunday 23rd of january, 21.30 h and on Vox on monday 24th of january, 23.00 h.

The economic and technological developments ala the 20th Century are inconceivable without oil; the maintenance of our standard of living impossible. But oil is a not renewable raw material and one day will be used up. The estimated oil reserves of the planet are scarcely enough for the next 40 years. Already now it will be ever more difficult to find and produce oil, because the large and easily accessible fields are going down hill. Many experts believe, that the high point of oil production has already been reached. The world-wide demand however increases uninhibited, not at least due to the rapid economic development of China and India. Thus the further shortage of the black gold seems predetermined. Alternative energy technologies with similar power density as oil are not in view. The fight around oil has begun.

Passwords for Adult Websites!!

[Tibor+the+Hun]

Where? Which ones? How do we get them?

Re:Passwords for Adult Websites!!

[lukewarmfusion]

I'll email 'em to you.

Re:Passwords for Adult Websites!!

You must have Microsoft Windows with Outlook Express installed to get them. I'm sorry, Linux is useless here...

Re:Passwords for Adult Websites!!

[mrtroy]

Free pron site right here!!!!

This is all I need for a month!

Re:Passwords for Adult Websites!!

Please add me to the list as well

Re:Passwords for Adult Websites!!

Look for my thank you note titled "I LOVE YOU".

Re:Passwords for Adult Websites!!

[Drakonian]

Me too!!

Re:Passwords for Adult Websites!!

[moroderzone]

Somebody post the torrent!

Re:Passwords for Adult Websites!!

I'll email 'em to you.

You already did, probably.

Yay

The virus companies write variants and release them to enforce the upgrades. I worked at a popular AV company doing front end work, not the actual engine, and when we got together for drinks the engine writers would talk about upgrade paths from what they were working on. Ever wonder why most viruses don't destroy your system? Because there's no money in an erased system. There is a lot of money in AV upgrades.

Re:Yay

I saw that movie too!

A = Corruption probability
B = Number of hosts on the network
C = Cost of patch
X = Cost of reinstall

If A + B + C is less than X, then they don't do a download!

Re:Yay

[Lifereaper0]

For some reason this does not suprise me at all. I love the human species sometimes, I'm just waiting to hear about the hospital that arranged for thugs to stand outside their building and break peoples' legs.

Re:Yay

[Damhna]

True-ish.

The reasons why we are seeing a move away from the destructive payloads of yesteryear is that there is a lot more money to be made in compromising systems.

Whether the intention is to harvest a shedload of zombie remailers for spam markering or for some of the recently seen rogues capable of using a 'distributed computing' model for decrytpting databases there is lots of money in malware.

True , there is indeed a lot of money made by the AV companies for upgraded and improved software,stragey and infrasturcture consultation services. This is becasue companies are waking up to realise that they are no longer looking at script kiddies or disgruntled employees as the most likely vector but rather, well financed, educated professionals.

Companies could once upon a time hide behind the "why would anyone target us ? We're small" mentality.
No longer.

Got Bandwidth ?
Got CPU ?
You are a target.

Re:Yay

[crimoid]

If you could prove this you'd be a rich man. Hire a lawyer, file a class-action lawsuit, change the world.

Re:Yay

[Twanfox]

Don't like it? Support free AV programs like AVG. They just released a "new" free version just this January, their 7.0 (paid version is 8.0, I believe). Get all the updates np, doesn't cost you a dime unless you're a business.

Re:Yay

[accad]

I'm sorry, but I for one don't believe that AV companies write viruses just to make money.

I mean think about it, 1st off, if they do that, they won't have the virus writers in the same setting as the other company employees, it's too risky.

2nd, with the number of AV companies out there, why hasn't one of them figured this out by now and gone public.

3rd, what is the propability of these employees staying silent all those years? No one has yet come forward AFAIK.

Correct me if I am wrong, but we already have the means of tracing an outbreak to its source, and in fact it was used before for locking up the original writer.

IF (big IF) AV companies actually do that, then they certainly would not allow the virus writers to mingle with the other employees over drinks, and we all know how much virus writers like to boast.

just my 2 (canadian) c.

Re:Yay

[KontinMonet]

just my 2 (canadian) c.

...worth a lot more than US cents these days...

Re:Yay

[Ithika]

Come on, +1, Insightful? Haven't you guys *seen* Fight Club? (I'm assuming it's too much to hope the moderators have read the book, as they generally have problems comprehending the full gist of 5-line forum posts.)

Re:Yay

[Tim+C]

Extraordinary claims require extraordinary proof: so prove it.

Re:Yay

[endoboy]

Not to accept your premise, but you may want to work on your math skills...

that should be:
If A*B*CX then....

multiply the probability times the cost... don't add it

Re:Yay

[BVis]

I'd like to put a plug in for avast! antivirus as well. Updated often, unobtrusive, scans peer to peer and AIM traffic (if you're so inclined), just works. Finds stuff Norton doesn't even look for. http://www.avast.com/ .

Re:Yay

[chrish]

Another cheer for avast! here; I've got it installed on two machines, and I've installed it for a couple of other people, and it works like a charm.

Re:Yay

[chrish]

Sorry, dude. The only ones who get rich off of class-action lawsuits are the lawyers.

Re:Yay

[davegaramond]

Yes, sometimes capitalism makes me sick (though I cannot offer a better alternative for the world). An industry arises for a particular problem and they perpetuate (become part of the) problem. This happens all the time in medicine/health industry, law, and of course computer.

Re:Yay

Computer viruses don't destroy your system because, like a real virus, the actual virus is more sucessful if it has minimal effect on the host.

The common cold for instance is very sucessful, you have probably had it. But Ebola isn't. There were a few high profile cases, then it went away because all the hosts were dead.

Re:Yay

[penguinoid]

OK, who are the morons who moderated this insightful? I suggest both of them and the parent go work on their math skills, or at least get some common sense. Does he actually think you can add up a probability and a dollar?

That should read (corruption probability)*(number of affected clients)*(value of each client) + (cost of patch) - min((cost of reinstall), (cost of cleanup)). If that is less then zero, they lose money by getting the patch. There are also other factors, like bad marketing or protecting sensitive information.

Re:Yay

[dodobh]

That is only for broken operating systems which are vulnerable.

I recommend Linux/FreeBSD on the desktop for x86, or OS X for those on PPC.

Take your pick, much safer not to use Windows. And if you really have to use Windows, don't hook those boxen to the publicly connected network. Put them behind application level gateways, with really limited internet access (if any) Having a separate box for surfing and checking email helps.

Why

[AdvancedLoser]

don't I ever receive these emails. I need those passwords to access the pron sites. Must be because I use mozilla.

It'll never work

When will virus writers learn that they can't spread malware that way. Nobody in this day and age is stupid enough to click on an attachment claiming to have XXX-site passwords. I mean c'mon, who is stupid enough to fall for that?
/sarcastic-anti-luser-rant

Re:It'll never work

[Cro+Magnon]

Oops! Er, it wasn't me! Someone else borrowed my machine! Honest!!

What's MyDoom?

[krunk7]

For that matter, what's a 'v-i-r-u-s'? I have never seen this thing that you speak of.

........Oh, my bad, it's another one of those windows features. /moving along now

Re:What's MyDoom?

[stratjakt]

It's not a virus, and it doesn't really have shit to do with windows.

It's just some code to do bad shit, you email to idiots and trick them into clicking it.

This could be done on any OS. Just, no one really cares for an army of about 12 OSX-based bots, when they can get thousands of Windows boxes.

Re:What's MyDoom?

[Dougie+Cool]

Quite. The only reason these things are directed at Windows is because a) There are so damned many Windows users and b) The majority of stupid computer users will use Windows.

Re:What's MyDoom?

[freshman_a]

True it could be done on any OS. And true there are thousands of Windows boxen out there. However, you still need users that are dumb enough to click on the attachment in the first place, regardless of OS.

Re:What's MyDoom?

[stratjakt]

Believe me, OSX and Linux have more than their share of stupid users.

They post here on slashdot all the time. They tell you silly shit like iPods make great external hard drives, and work well as backup devices.

They talk about using Gentoo as a backend server, because all you have to do is put "emerge sync && emerge -u world" in your crontab and nothing will ever go wrong, and the -funroll-loops in your CFLAGS will make it unga bunga faster.

Re:What's MyDoom?

[Dougie+Cool]

I think it's fair to say that the intelligence histogram will give a fair number of "uninformed" users in the Windows OS, simply because a new PC user is less likely to go for a Mac than an x86-compatible. Probably a Dell. And how many x86 PCs come preinstalled with Linux? So your average Joe is probably going to be running some form of Windows, and if you aim it at XP Home you're probably going to hit a lot of people who don't have a clue. Aim it at MacOS and most users will have the gumption not to open emails providing them with free pron... I hope.

Re:What's MyDoom?

ok mister smartypants.

make one to affect linux. I FUCKING DARE YOU.

oh wait Linux does not have stupid scripting languages in it's email programs? how stupid! the email program needs root access and a complete set of scripting languages in it!!!!

if your email program let's you execute an attachment OR your OS hide file extensions then it is a utter and complete piece of shit and is the fault of all the problems that happen with it.

I cant get over your attempts to troll every time you think yoiu are at max karma.

Re:What's MyDoom?

[freshman_a]

Believe me, OSX and Linux have more than their share of stupid users.


I agree.

However, if one of these users click on an attachment, such as myDoom, it really doesn't matter too much since it only affect Windows users. IMO, all OSes have their share of stupid users, but stupid Windows users seem to do the most damage from what I've seen.

Re:What's MyDoom?

[skinfitz]

I hear this "only windows users" think so much, I think I might write some OSX and maybe Linux malware and email it to the MyDoom authors to include in their next release.

"OSX users be sure to click the Mac attachment. Don't worry, there are no viruses for OSX so it's perfectly safe to click it. Linux users - you need to type a special command due to the super secret nature of the passwords and the fact the companies don't want us sending them to you - unzip the file then type "make"..."

Re:What's MyDoom?

The majority of stupid computer users will use Windows.

So brutally true.

Re:What's MyDoom?

Linux users - you need to type a special command due to the super secret nature of the passwords and the fact the companies don't want us sending them to you - unzip the file then type "make"..."

I'm glad someone pointed this out. It wouldn't really be that difficult to infect a good chunk of linux machines out there. Most linux users don't read the source end-to-end and carefully analyze it...they just download, unzip, make, and run it. Maybe they've read the README and INSTALL. You could probably even put in comments in all-caps in the source stating that it was a virus. RPMs would be even easier. And there _are_ linux vulnerabilities out there.

The only "stupid" thing windows users do is trust someone they don't know...but at some point you need to take that leap, unless you've met all your software developers in person.

Re:What's MyDoom?

[krunk7]

Your absolutely correct, it's a worm. And being that it was written for windows, I'd have to say that it has everything to do with windows.

Now, given, this could be done for any other os. But in general it's only done for windows. A valid analogy would be if a man eating Tiger alert was issued for Pretoria, South Africa. Sure, tigers could live in America if released here and if so, there could be tiger alerts here as well. There's nothing intrinsically unsuitable about the environment that precludes such an occurance. But Pretoria, South Africa Tiger alerts have absolutely no consequence for me.

Re:What's MyDoom?

[sloanster]

Linux users - you need to type a special command due to the super secret nature of the passwords and the fact the companies don't want us sending them to you - unzip the file then type "make"..."

LOL, you really think Aunt Mildred is going to do all that? No, she'll tell her nephew Jason "I don't understand what they are telling me to do", and Jason will take one look at it and tell her it's a stupid scam, and just to delete it.

So, lotsa luck, you go ahead and try to spread a worm through linux. But let's face facts, while it's trivial to spread a windows worm, it's so damn much work, with so little chance of success, trying to bypass security on linux, that you'll eventually give up in frustration, having achieved nothing.

Re:What's MyDoom?

[SlimFastForYou]

If they are that gullible, I hope whoever set their computer up did not give them the root password.

At least with most distrobutions, a virus theoretically could only do so much with user-level access. Though I do remember reading a while ago that Lindows (now known as Linspire) had no root password or everything ran as root or something to that effect. I hope they have since changed that.

Why is spyware something that doesn't plague Gnu/Linux systems? A common argument (and somewhat valid) is that Gnu/Linux doesn't have near the market share of Windows.

I would like to add, however, that spyware wouldn't be nearly as effective on Linux machines. It could be removed with ease unless the root password was given. Same goes for web browsing - even if a piece of spyware were designed to exploit some Mozilla flaw, where would it place itself? In the user's home directory? Anyone with basic knowledge of how the logon process works would be able to identify and remove such malware with ease.

Compare that to hours of registry editing, spyware scanner updating and scanning, only to find that it's still not completely gone - followed by a reinstall of the OS in bad cases.

Re:What's MyDoom?

[squidsuk]

You're optimistic about the number of Linux machines that might be affected. This was discussing email, not download. Sites hosting malicious downloads can be taken down or blocked where email can't, and virus/worms need a vector (like email) to spread on their own. You might get trojan spyware like that, I suppose.

Anyone who knows enough to save, unzip, make, and run an unsolicited email attachment probably knows not to do it. Even with RPM's, having installed it doesn't run it in and of itself; it's very different to 'click on this and it executes'. RPM's would of course be a better vector for spyware than source, though.

And when it comes to 'Linux vulnerabilities', those exist, of course, but in an ecosystem that isn't a monoculture and where vulnerabilities get fixed fast, it's doubtful if you can engineer anything capable of spreading fast enough to be self-sustaining.

Re:What's MyDoom?

[_xeno_]

Heh, for some reason, that reminds me of someone in the LUG back at college who apparently was running Debian Testing and had apt-get update or whatever in his crontab.

He stopped that after some upgrade killed his shell. (Which, as I recall, was "also his window manager." Apparently he thought only having a single xterm in his .xinit made bash his window manager.)

tesing login: user
Password:

Segmentation fault: core dumped.

testing login: root
Password:

Segmentation fault: core dumped.

testing login: dammit

Re:What's MyDoom?

[stratjakt]

How much would a trojan need to do? What does MyDoom do that requires root priveleges?

Let's think what it does, and if an unpriveleged user account on linux is adequate:

- listen on an unpriveledged port (check)
- send data like spam, personal info or DDoS on an unpriveleged port (check)
- add itself to the users start-up scripts to always run, be it .bashrc or "Program Files\Startup" (check)
- run with some obscure task name so it's not readily obvious to a non-guru that it doesn't belong there (check)

You can do all that on Windows, OSX, Linux, BSD, AIX, Solaris, HP-UX, QNX... you name it. All you need to do is trick someone into running it.

This kind of stuff has absolutely nothing to do with OS security. The problem, and eventual solution, are both found in meat-space.

Re:What's MyDoom?

[skinfitz]

No, but then I don't think "Aunt Mildred" is going to be bothered about getting passwords for pr0n sites either, which is your motivation here.

Besides that I'm making a point - the user is the weakest link, regardless of what's in the message. If all that was attached was a windows batch file with "DEL *.*" in it, people would STILL click it, and others would STILL consider it a "virus".

Re:What's MyDoom?

[skinfitz]

You're optimistic about the number of Linux machines that might be affected. This was discussing email, not download.

Erm... --> "I think I might write some OSX and maybe Linux malware and email it to the MyDoom authors to include in their next release."

i.e. the next time a MyDoom email arrives, it has three attachments. One for Windows, One for OSX and one for other UNIXs. Mark my words - multi platform malware is only a meme away. As more "regular user type" people start switching to other platforms we WILL see malware arriving by email targeting those users. By far the simplest way of doing this is to email them several flavours of said malware, to be sure that they will get one to run on their platform. Ask yourself this - what is to stop MyDoom from including (along with the PC payload) payload code for Mac OSX and simply asking the user to click both attachments? Why not include bash script and hit all UNIXs? All you have to do is edit login scripts to make sure things start at runtime. If the user knows an admin password, all the better. (Incidentally show me *one* OSX user who doesn't run their own Mac using a local admin account - the default behaviour).

Imagine a school that switches to any form of UNIX - these workstations are going to be used by the normal people for normal stuff like writing assignments / checking email / browsing the web - the email arrives - Hey kids! FREE XXX PORNO!! BYPASS YOUR FIREWALLS! Run this script! - have some attached bash script that could using a variety of methods compile code on the box (or simply download it or get it from a compromised machine) and hey presto - instant UNIX virus / worm. Hell you could simply write it in Python or PHP or even PERL - would run on anything. All you have to do is tell the user how to copy it into a shell and press return under the guise of giving them pr0n.

NEVER underestimate the power of a free pr0n promise on a male adolescent who seriously doesn't give a shit about school computers.

Re:What's MyDoom?

"OSX users be sure to click the Mac attachment. Don't worry, there are no viruses for OSX so it's perfectly safe to click it. Linux users - you need to type a special command..."

Newsflash: OS X users need to type a "special command" when changes are made to the OS too (FreeBSD core, remember?). Your lack of knowledge suggests you wouldn't be capable of writing an OS X worm.

Re:What's MyDoom?

[skinfitz]

AC:Newsflash: OS X users need to type a "special command" when changes are made to the OS too (FreeBSD core, remember?). Your lack of knowledge suggests you wouldn't be capable of writing an OS X worm.

One assumes you are referring to entering one's password. Firstly, one doesn't have to enter an administrative password to run a program. Secondly, are you seriously telling me that people would not enter it if asked? Mac users are for starters not traditionally amongst the most technical, and they are trained that when clicking icons, sometimes they have to enter an admin password. Again, this is assuming that it's needed.

And "lack of knowledge"? Don't be so fucking patronising.

Re:What's MyDoom?

[squidsuk]

Since I don't use OSX, I can't comment on that, though if what you say is true then I'm glad that I've gone Linux rather than OSX.

A school that runs Unix (e.g. Linux workstations) are hardly going to give the kids root access, are they? Any virus/worm would *have* to be able to first manage a local exploit at least, even to get started. That's hardly "just tell the user ... and press return"

The same sort of thing can apply to the home situation - if you're a parent, and you want your kid to be able to use the internet but you don't want the machine eaten by the malware out there, do you:

(a) Do what's listed here http://www.pcpitstop.com/spycheck/safesurfing.asp

(b) Or give them a Linux workstation, with their own user, but without root access?

Both options require the parent to learn something about the threat, and what to do about it. Which is easier? Which is more effective?

Especially amusing on the Windows safe surfing tips I thought was the stuff about only accepting ActiveX when you're "absolutely confident" it's trustworthy, as if you could ever know.

Go Linux, and that question doesn't arise. Depending on age and maturity, you can relinquish the root password at some later stage, when you would be explicitly handing over control and responsibility to the kid, if it was their own computer, or if it was a family shared computer then probably not ever.

In any case, one of the beauties about Linux is that even if it was prevalent (> 50% of machines), it *still* wouldn't be a monoculture, and would *still* be a hostile environment for this sort of malware.

That's likely to translate into fizzling rather than spreading. Perhaps the best real-world example so far of that is the attack record against Apache, as compared to IIS - we'll have to wait a bit for Linux to continue growing before we see the point replicated for desktop systems.

Re:What's MyDoom?

[skinfitz]

A school that runs Unix (e.g. Linux workstations) are hardly going to give the kids root access, are they? Any virus/worm would *have* to be able to first manage a local exploit at least, even to get started. That's hardly "just tell the user ... and press return"

Basically, why? Since when do you need root to open an unpriviliged port and do other non-system level things like send emails?

Sure if you want to cause serious damage to the system then you would but you wouldn't need root to cause a lot of problems for users.

Dont fall into the trap of assuming that just because something runs on one platform that it can't spread payload for others. The point my parent post was making is that why not inlude Linux malware right along side the Windows code? For a virus like MyDoom, the more users that receive the virus, the more likely it is to spread. If you have code that will run on any unix that will happily email a cross platform payload around, you are causing things to spread more effectively, as you have a larger attack vector. Sure right now it might not be worth the hassle but if Linux had even 10% market share it would be worth doing just to contribute to the attacks on the remaining 90%.

You cannot compare this to things like Apache, as Apache does not deliever the promise of free pr0n to adolescent males with trivial user action required to further propagate.

This is very much a case of attacking the weakest link, which in this case is the user. Whatever actions that user can take, a script can take. There would be little to stop the average user emailing a payload to their friends, therefore a script can do the same thing without requiring root privileges.

Learned?

[E+IS+mC(Square)]

I think those who get affected actually deserve to be affected - mostly, they are the ones who keep on spreading those "forward this to 10 ppl in 10 seconds or you will throw third nipple". Give 'em more.

Re:Learned?

[MightyMartian]

> I think those who get affected actually deserve
> to be affected - mostly, they are the ones who
> keep on spreading those "forward this to 10 ppl in
> 10 seconds or you will throw third nipple". Give
> 'em more.

And if it was just those morons too thick-headed to read or listen to the TV, then I'd say "infect away!"

Unfortunately net admins like myself end up having to stare down the face of a hundred thousand zombies trying various means to bust in or break down my network.

Re:Learned?

[rudabager]

or grow. but yes i agree thank you for saying it. ps does anyone know what site it attacks this time?

Re:Learned?

I have a third nipple.. Maybe that's why I've never had a virus

Re:Learned?

[BossMC]

I agree completely, unless the user does not read/speak English natively. Although, in this case, that may not be very relevant.

Re:Learned?

http://securityresponse.symantec.com/avcenter/venc /data/w32.mydoom.ai@mm.html

Yay!

[Gathers]

Passwords for adult websites? Yay!!
Oh, if only I knew how to open email attachments!

Re:Yay!

[kjamez]

Oh, if only I knew how to open email attachments!

i think you click it three times ...

Given how its spread...

[DaveAtFraud]

Like usual it was spread by e-mails with claims to have attachments that contain passwords for adult websites.

I'm surprised it wasn't a /. reader who discovered it!

Re:Given how its spread...

[rbarreira]

Who told you /.ers were adults?

Re:Given how its spread...

[stratjakt]

Actually, it was a straight porn site.

I'm quite sure no slashdotter will ever bother to run the attachment.

Re:Given how its spread...

HAHA! Slashdot readers like porn! HAHA!

Re:Given how its spread...

Is this the first time you've admitted your homosexuality?

nice information.

Article = 1 sentence,

slashdot karma = +2 to everyone who responds with more then one sentence,

-1 troll to everyone who posts a run on sentence, /. maker of fine words.

Last time..

[wpiman]

Last time our company got taken down by this thing-- the IT department got it fixed after two days.. In that week's company newsletter- there was a report about how quick our IT department worked to fix the problem. Guess who authored it- head of the IT department.

What they failed to mention was that they never did the critical updates that would have prevented this. Way to go guys. I guess it is all about how you report it.

Re:Last time..

Way to go guys. I guess it is all about how you report it.

What would you like us to write as your farewell statement in this weeks newsletter? Wpiman leaves us after faithfully working for us for x number of years as our professional slashdot reader... -The Head of IT.

Re:Last time..

[grub]

If your IT head doesn't have system updates somewhat automated with AV and spyware software he should be fired on the spot. That report he sent out was nothing more than a PR move to cover his ass.

Re:Last time..

[smooth+wombat]

Way to go guys. I guess it is all about how you report it.

Your IT department must be fans of Fox News. I can't count how many times Fox spins the news, no matter how bad, into something Bush has done right.

I seriously think that if news came out that Bush used to be an arsonist in his college days that Fox would spin it to somehow imply that Bush was simply doing neighborhood beautification projects.

Re:Last time..

[MyLongNickName]

Wow... yet another Bush slam craftfully woven into the slashdot fabric. I am amazed.

It's getting old, and I didn't even vote for the guy.

Re:Last time..

[smooth+wombat]

Yeah, I know it can get old. However, I've been tracking things on Fox just to see how they spin things and it's truly amazing how biased they are.

Example: when Sergeant Charles Graner was found guilty on 9 out of 10 counts of prisoner abuse I watched as Shepherd Smith, someone I actually like on Fox, sat there and said that Graner was found guilty on all five charges. It wasn't five charges, it was ten.

I could go on but it's a known fact the bias Fox has. I was compiling info for an article and just gave up because the amount of material was so great.

Besides, the Right likes to Clinton bash, even though the guys out of office, so bashing the current officeholder is fair game.

Re:Last time..

DUH, heads of the IT department usually have no idea how IT even works.

and that's the nimrod that makes the decision to NOT test every pacth when it comes out right now but waits until "someone else" does it.

bullshit, if you have a large company, you had damn well better have a pro on board that will take a test machine and patch it up and test the hell out of it to verify patches and get them in the company ASAFP.

but your typical CTO and management have no clue at all what they job is except to act like a farking manager delegating things they have no clue about.

you have to love corperate america.

Re:Last time..

[MindStalker]

Sorry to bite the bait, but how the hell is misreporting the amount of charges he was guilty of spinning. Its bad reporting yes, but I don't see how this changes the spin in any way whatso ever.

Re:Last time..

[MyLongNickName]

Mind Puzzle Person A is an idiot decides he likes to bash guy with political slant X even if it is not relevatnt. Person B decides to emulate person A except he goes after guy with political slant Y. What does this make Person B?

Re:Last time..

[randallpowell]

randallpowell's Law: During the years 2000 and 2008, any topic on Slashdot that indicates soemthing bad or stupid has happened, Bush will be blamed.

He's an elected official. If he can't take it, or his supporters, time to leave. Let the grown ups run the government.

Re:Last time..

[MyLongNickName]

I am not his supporter. I'd just like to read an IT article without seeing Bush, Clinton, or some other politician being brought up.

Re:Last time..

[sangreal66]

I hate to break it to you, but counts != charges. He was convicted of all five charges (Assault, conspiracy, maltreatment of detainees, committing indecent acts and dereliction of duty). He was concvicted of 9 counts under those charges.

Re:Last time..

[MyLongNickName]

And btw, your law is screwed. It should be between the years 2000 and 2008, not 'during'. Yours indicated that he will only be blamed for two of the (nine years).

And on top of it, it should be years 2001-2008. He was inaugerated in 2001.

And on top of that, it shuld indicate that bush will be blamed if and only if Microsoft can't be blamed first.

Re:Last time..

Please... kill your fucking self.

Nobody loves you.

Just do it.

Re:Last time..

[randallpowell]

See open source does work. Besides, shuld is should. Also, I have a psych degree, have pity.

Re:Last time..

[MyLongNickName]

See open source does work :)

Maybe your sig should read "RandallPowell law: ..... beta 0.5"

I already have 6 of these.

[SteelV]

I already got 6 of these in my gmail account, from people I don't know. Thankfully, they all ended up in the spam folder. Nice!

Re:I already have 6 of these.

I already got 6 of these in my gmail account, from people I don't know.

You mean from email addresses that you don't know. Most likely, the actual computers involved in transmitting the mail to your Gmail account are owned by someone you do know...

Too bad...

[somethinghollow]

Too bad we don't have virus scanners that check for user stupidity / ignorance.

Re:Too bad...

[Eternal+Annoyance]

Then a lot of otherwise nice persons would get deleted :)

Re:Too bad...

[Oxy+the+moron]

You mean like this one? :)

Re:Too bad...

Might I suggest linking your signature to http://www.lp.org/issues/ or at least lp.org?

Re:Too bad...

[Jozer99]

We do, its called a learning curve. The best way to keep losers from using computers is to make it so losers CAN'T use computers! I would like to thank Microsoft and the open source/linux community for making giant leaps in this direction, and countering the regression caused by Macs.

No Effect Felt

[Palshife]

Like usual it was spread by e-mails with claims to have attachments that contain passwords for adult websites.

And, like usual, it hasn't affected most of us because even the Windows users among us understand basic tenets of email security.

Re:No Effect Felt

[DingerX]

Yeah, but will someone please tell the three dozen people around the world with my (forwarder-linked) yahoo email address in a readme.txt file and Bagz.G on their hard drive to fix their bloody machines!?
New worm? I can't see it. My mailbox is floody with 93kb attachments about Vasia and the Amirecans.

Re:No Effect Felt

Even so - it appears most people don't.

Sorry, look I haven't read the article. I'm at work, I don't have time to read articles, just the funny bits people write :P

BUT it seems to me that there has been a patch for MyDoom for FRIKKIN AGES and even just lately Microsoft released an automated scanning tool to search and remove it - which is deployed by Windows update.

How the hell can anyone STILL be unpatched? That's just frikking irresponsible.

Eat that

[Mr2cents]

Eat that, Duke Nukem Forever!!

Where can I download this new MyDoom thingy?

Adult websites

[Miketsmith]

Well, the way I see this is: People who are stupid enough to open an email claiming to contain adult passwords deserve to get the virus... *shrugs* Was MyDoom the one that DDoSed that website? I forgot.... Which website was that... *falls over in confusuion*

Everyone forgets the most important question

[RattRigg]

Do the passwords work?

Re:Everyone forgets the most important question

[Miketsmith]

Well, go find out ;) *smirks*

Re:Everyone forgets the most important question

Anyone has mirrors, it seems ./ed...

Juuust kidding ;)

Re:Everyone forgets the most important question

[BobPaul]

Do the passwords work?

Yes

Re:Everyone forgets the most important question

Here is the website in question. We should all click once to thank them for their cooperation. http://worldxxxpass.com/

Stupidity Scanners

Virus scanners? We need webcams that can scan for stupidity in users and not allow the stupid ones to do stupid stuff.

the rapture must be at hand!

[RafeDawg]

remember how God used to smite masturbators?

Re:the rapture must be at hand!

No, that must have happened in a previous life...

Re:the rapture must be at hand!

[iluvcapra]

Now he just smites kittens.

Re:the rapture must be at hand!

[xstonedogx]

remember how God used to smite masturbators?

Yeah.

When I was a teenager he smited me three times a day, minimum.

Re:the rapture must be at hand!

Actually that is a common misinterpretation of the old testament. The original meaning was that Onan was killed by God because he refused to have sex with his late brothers wife to have her give birth to a new leader of the jews.

Re:the rapture must be at hand!

[mangu]

Onan was killed by God because he refused to have sex with his late brothers wife

He didn't refuse to have sex with her, he just pulled out when he came. Just like in pr0n videos.

Re:the rapture must be at hand!

[penguinoid]

Actually, he was killed because he refused to give his brother an heir. The greedy bastard wanted to inherit his brother's posessions. He was supposed to sleep with his brother's wife until she had a child. Or, he should have refused publicly, in which case the widow was to slap him, spit in his face, and take his sandals (a ritual public humiliation that would be remembered for about a generation).

not creative any more

[cyfer2000]

Can those guys be more creative? like "adult site for girls", "account of phishing website", "spammers' email address list". This trick is too boring.

Re:not creative any more

[maxwell+demon]

Well, a warning about a new virus would be creative. And the attachment contains the virus signature. Open the attachment to get the virus signature into your computer. Note that without having the signature, your virus scanner likely will not be able to detect the virus.

The ironic thing would be that every single sentence in that mail would be true: Indeed, there's a new virus (right there in the mail, in fact). Of course the attachment contains the virus signature (as part of a complete, working virus). Of course opening the attachment will get the virus signature onto your computer (by getting infected by the virus). And of course the virus scanner will need the virus signature to detect the virus (just that opening the attachment will not help here, of course).

Re:not creative any more

[cyfer2000]

fantastic!

sex withf 4 dick

offic_ial GNAA irc 3 simple steps! to make sure the

Amazing! "Free pussy" and brains switch off!

[swb]

I'm continually amazed by how quickly people turn their brains off when "free pussy" is in the air..

Haven't had a problem

Of course I use a linux-based mail filtering gateway and so despite the fact that our company mandates a cluster of Exchange servers and Outlook as the default mail client, I haven't had a single virus outbreak in almost 6 months. Only my boss and the other admins know that the machine exists and we exchange secret-admin handshakes and have a beer with lunch whenever the latest virus comes out. Guess I know where we're going for lunch today.

Re:Haven't had a problem

[Mr.Sharpy]

we exchange secret-admin handshakes and have a beer with lunch whenever the latest virus comes out.

damn, you must be an alcoholic by now.

Next version of the virus

will probably have links to provocative pictures of Bill Gates posing with computers.

The virus will fail miserably.

Re:Next version of the virus

Greatest MS anti-virus ever!

Re:Amazing! "Free pussy" and brains switch off!

Thats b'cause something else is turned on - and we all know men can't multitask !

Re:Amazing! "Free pussy" and brains switch off!

[stratjakt]

The problem is, God gave men a brain and a penis, but only enough blood to run one of them at a time.
- Robin Williams

(I probably messed the quote somewhat, but the gist of it is right)

How to prevent this from affecting you

[KiltedKnight]

1. Don't open attachments from unknown sources
2. Virus scan all attachments before opening
3. Don't open attachments from unknown sources
4. Don't use mail programs that ignore the MIME information (read: Outlook and Outlook Express)
5. Don't open attachments from unknown sources
6. There is no number 6, unless you're in The Village
7. Don't open attachments from unknown sources

Re:How to prevent this from affecting you

[LiquidCoooled]

I'm sorry, but a LOT of people get viruses from their good friends - mainly because their good friends have your address to find.

Now, change your (otherwise very good) mantra to:

1. Don't open Unsocilicted emails from ANYONE, not even your mother.

check that they meant to send you something, and if your not expecting it, treat it as a virus.

Re:How to prevent this from affecting you

[KiltedKnight]

Actually, one other thing you really need to do is to turn off all plugins, Java, JavaScript, downloading of images that are not embedded, etc., and be very leary of sending "confirmations of receipt."

You should secure your e-mail client even more than your web browser.

Re:How to prevent this from affecting you

Nice reference to the Prisoner. "Who is #1?"

Re:How to prevent this from affecting you

[McBainLives]

8. Don't rely on Windows any more. Get yerself one of those nifty Linux distributions or (dare I say?) a Mac.

Re:How to prevent this from affecting you

[LiquidCoooled]

I agree totally, but its easier to try to change somebodies behaviour than it is to get a newbie to change their settings.

Some workplaces mandate certain features to be enabled and certain things in place, and people have their own way of dealing with things.

Teach them to be warey and distrustful of attachments and downloads, and within reason you can cut the number of incidents.

I am nervous to rely soley on technology to stop what is partly user problem (in the main anyway the stupid outlook bug is just a memory thank god).
If you don't let a user know what his actions are doing, then when they get on an unprotected machine and mistreat it like their own, problems will occur.

Re:How to prevent this from affecting you

[kid+nickng]

Do not open ANY e-mail

then all problems are solved :)

We already have that

It's called Windows - if you run it you are stupid.
(cue ms fanboys & malfunctioning hilarity units)

Question! Corporate-wide antispyware software?

[af_robot]

If your IT head doesn't have system updates somewhat automated with AV and spyware software he should be fired on the spot

Could you advice ANY good anti-spyware software which can be deployed corporate-wide? (with trial version)
Like Symantec Antivirus Corporate Edition or TrendMicro OfficeScan?
It is *PITA* to install/update defs and run spybot/adaware on every single computer on big LAN.

Re:Question! Corporate-wide antispyware software?

[MightyMartian]

> Could you advice ANY good anti-spyware software
> which can be deployed corporate-wide? (with trial
> version)

Sure, a baseball bat. Beat the dummy who downloads spyware to death. For a trial version, try a plastic bat, so they'll just go Ouch!

Re:Question! Corporate-wide antispyware software?

[grub]

Spybot can be scheduled. If you want to get autoupdates you have to pay. So what, though, what's worse: configuring them once or cleaning machines randomly?

This reminds me

[Zencyde]

I took a picture a while back with text on it that seems to fit this article in a very appropriate manner, note: do not click the link unless four letter words do not offend you. http://www.imagedump.com/index.cgi?pick=get&tp=194 276 Hopefully the DBDF acronym will catch on. :D

Adult websites?! Could someone forward this to me?

hahaha losers.

In other news...

[Uninen]

Apple is hiring young hackers to develop more of these new "sales-promoters" to increase the sales of the new Mac mini.

Re:What's MyDoom? - Mod Parent Up!

[Zemplar]

"...and b) The majority of stupid computer users will use Windows."

Mod Parent Up! +1 Insightful

Command to check if your system is susceptible

[captainclever]

uname

Re:Command to check if your system is susceptible

[algae]

alex@alex-dt ~
$ uname -a
CYGWIN_NT-5.0 alex-dt 1.5.12(0.116/4/2) 2004-11-10 08:34 i686 unknown unknown Cygwin

hmm... might still be vulnerable.

Re:Command to check if your system is susceptible

[agent+dero]

Wow, much respect, most people here won't admit that they run Windows, and have to use Cygwin to get their *nix fix :P

Re:Command to check if your system is susceptible

[AlreadyStarted]

Darwin

Hmm... I'm in trouble.

i wonder..

[Deanalator]

Will it still have the feb 1 ddos launch date?

Yeah right

[pcgamez]

"Like usual it was spread by e-mails"

No, it was spread by stupid users.

Doing Something

[nurb432]

And what do you propose be done?

Im not being a smart ass here, I think the problem is that no one really has an answer yet.. Not that we all dotn want it to stop ( well all of us except the anti-virus makers )

The same goes for spam.. no one yet has a good workable answer.. If there even is one.

Re:Doing Something

[TheLittleJetson]

Uh, you could always drop the platform for Mac instead. For the average home internet user who is using software with Mac counterparts (web, email, office...) this is not a bad idea. I switched my stuff and my parents too, and for the past 2 years the only effect all this spyware/worms/etc has had on me is cluttering up my news headlines, occasionally I get an inbox full of worms when one is rampant on the campus network.

Honestly, there really is no excuse to stick with Windows unless there's some mission-critical program that is vital to your business needs or something. It's just not an enjoyable user experience to begin with, and security/viruses/spyware/adware is enough to make it a real pain in the ass. Just switch folks, it's easier than you think.

Re:Doing Something

[ichimunki]

Honestly, there really is no excuse to stick with Windows unless there's some mission-critical program that is vital to your business needs or something.

Or maybe you're not made out of money like most Mac zealots? Yeah, I know they just released some rinky-dink POS under $500 system so this argument would seem to lose steam, but when you look at what you get for $500 from Apple and what I can slap together in off-the-shelf components that will be affordable to both upgrade and replace when they break it starts to feel like less of a deal.

At this point I would rather see people recommending Linux as a Windows replacement since it won't require a substantial cash outlay for yet another proprietary operating system designed to limit the user's freedom in the future. Linux, via several existing distributions, has got to be at least as user friendly as Mac these days. I know I've recommended Mac in the past to at least two people and one of them has constant issues (largely due being unwilling to RTFM or put in any effort on his own)--luckily he does not *appear* to have any problems with this kind of malware. If they asked me today, I would offer to build them a system from scratch and install Linux on it rather than recommending a Mac.

My point here is that Mac is not the easy way out you make it sound like it is. In fact, if it hadn't been for a long series of headaches I had with my own iMac about six years ago, I may not have become a Linux fan when I did (if ever). I was very close, at the time, to switching to Windows--thankfully there was a little distro called Yellow Dog Linux that saved me from that.

Re:Doing Something

[ichimunki]

Ugh. I wish I could see who moderated my post troll--my foes list is nowhere near maxed out. I don't mind being called on the various flame-like qualities of my posts, but getting a troll mod when I'm being sincere ticks me off. (And yes, I'm prepared to see this post modded OT, which it is.)

Re:Doing Something

[ViolentGreen]

What about the hundreds or thousands of dollars of software that the user has for the windows machine?

Re:Doing Something

[secolactico]

Linux, via several existing distributions, has got to be at least as user friendly as Mac these days.

I wholeheartedly recomend Ubuntu Linux to whomever is looking for user friendliness similar to the mac. Unclutered desktop and system menus make it very easy to get used to.

I don't know of anybody who had trouble with OSX. The only thing that keeps me from it is the money, tho. As soon as I'm able to afford a Mac (the mini doesn't cut it for my needs) I'll probably get one.

Re:Doing Something

[TheLittleJetson]

Yeah, whatever. Any platform as long as it's not windows. If you're nice enough to build and install a system for someone, that's cool. I'm not that nice. I'll tell them where to take their money and spend it on a system free of headaches.

I too hated Macs 6 years ago. OS9 was horrid. These days things are different. I switched from x86/Linux to Mac after using them at work long enough to realize all my Linux crap compiled under OSX just fine. I could run it side by side with the Mac counterparts of the various commercial apps I had to occasionally reboot into Windows for. Plus it was less effort to maintain than Linux, which is good cuz I'm getting lazier.

Testimonial aside, the point of my post was to convince others to stop trying to make Windows work. If you're not *forced* to use it, then don't. Use something else. Life will be easier.

Re:Doing Something

[ichimunki]

Seemed to me like the point of your post was to promote the use and purchase of Apple's products. My point is that Mac is not much different than Windows, except in terms of some minor improvements in execution. Limiting consumer choice by doing things like removing buttons from the mouse and including only USB ports will, of course, make it easier to execute more smoothly.

My other point, that you completely ignored, was that people who own Windows computers have already bought and paid for a computer. Why on earth would they go buy proprietary, non-commodity hardware like the stuff Apple shovels out, when they can transform their existing system by installing an operating system like GNU/Linux at little or no cost (assuming they download an install ISO from the internet)? Then, if they really need their proprietary apps (most of which are not available for Mac OS X in comparable form to what one has on Windows), they can dual boot, too.

The Score

[halcyon1234]

Virus Writers: 1
Masturbators: 0

Re:The Score

Hey . . . we're making a come back.

You can't just tell people not to do things

[vanillaspice]

It's like, "Tommy, don't stick your hand in the wall socket. You'll get electrocuted."

"Sales people, turn off your preview panes. You're going to get our server banned from the ISP again."

Why aren't vendors responsible

[digitalgimpus]

At this point it's clear that Windows doesn't do enough to prevent these types of problems. Microsoft is the only company with complete access to Outlook AND the OS itself.

Now if a regular companies product is misused... the company still ends up with lawsuits (Toro, being the most famous). The product is defective... tons of lawsuits.

Yet Microsoft, despite it's weak software costing companies billions in lost revenue, and even having crippled a Naval ship, shut down governmental departments, etc....

Why aren't they held to this standard in the US "lawsuit happy" system?

IMHO it's a bit unfair that they have remained immune for so long.

If I come up with a product that's so terrible companies loose millions... there lawyers are after my ass.

Re:Why aren't vendors responsible

[randallpowell]

It's simple. Billy would increase the licensing fees for those companies that sue or complain. Look what happened to Goatse.

Re:Why aren't vendors responsible

That post made me so angry that I hit my head on the desk. And now it hurts. But I now see your point, and therefore am going to sue slashdot, apache, Opera, those responsible for HTML, HTTP, TCP/IP, memory, CPUs, etc. for causing me to cause myself to do something idiotic.

Fuck you.

Re:Why aren't vendors responsible

[TeknoHog]

If you're preaching ethics, consider removing your sig that advertises a pyramid scheme.

Re:Why aren't vendors responsible

[dioscaido]

Outlook has a setting that says 'warn me when other applications try to send e-mail as me', which is on in by default on SP2 and stops scripts like MyDoom. If the user is running as Limited User, the script is prevented from changing system settings or installing itself on the machine. Maybe the IT department should be liable and not Microsoft?

Just to note, one could easily write a MyDoom for linux. Search for .thunderbird/, .evolution/, etc... in the user's home directory, parse the address book, then pipe all the addresses one by one through mail -s 'message' address. Things like that don't happen because as a rule Linux users are much more knowledgeble and would never click on an unkown attachment. Just running linux doesn't make you secure, but it sure does imply you are more technically saavy.

Re:Why aren't vendors responsible

[Sylver+Dragon]

Also, one problem with the Limited User idea. Imagine the same people, who clicked on this attachment getting a dialog box roughly like:
For free HOT SEX type your administrator password here:
(Standard text box)
(OK button)

Ok, so they wouldn't be able to infest their work PC's, but we would still have a million infested home machines. Social engineering is a social problem, the likelyhood of a technological fix is really slim. Sure, there are applications which are more secure by default, but an uninformed user is still going to create problems.
For example, imagine how this would work on Thunderbird. Users are going to turn on the preview pane, because they like it. Users are going to allow remote images to load, because they want to see them. Users are going to run the attachment, and click through all the warning messages about security, because they want to see naked women. Sure, the ActiveX crap will be stopped, and autoload scripts won't work, but the attachment, which the user specifically ran will still infest their PC; and the user will have provided it the administrator password to do it. And as Thunderbird grows, virus writters will start looking for it's address book too.
I realize I will get flamed to hell for this, but Linux is not the panacea of security. It's great, but put in the hands of untrained people, and given the virus attention of windows, it will get infested, it may just require more social engineering than is required on a windows box.

Re:Why aren't vendors responsible

[squidsuk]

But it wouldn't necessarily be like that with for example Linux, would it?

Not on any Linux I know are you going to get to execute malware directly from your email with a O/S prompt like that.

You'd have to save it to disk, and explicitly make it executable, and if you know how to do that then you probably know not to do it.

Even if they want to give instructions to save it and run some sort of setup script, it's a comparatively long path from receiving the email to the bad code running. That makes it more likely that a clued up user will smell rat, that a less clued-up user will bollix up following the instructions, and it'll fail to take effect.

And even after that, for those unfortunate fools who actually manage to run it, the effort of doing so will at least act to slow down the spread of the thing. That's important, because the slower and less successfully it spreads, the more likely it is just to fizzle out completely.

Re:Why aren't vendors responsible

[Jozer99]

This kind of post is WAY to common. The reason that Microsoft is not getting sued is because their product is not defective in the sense that you think it is. Some products are clearly dangerous, such as baby toys that have sharp edges, ect. However, you don't sue Toyota when your car needs new spark plugs, because as a complex mechanical device, failure of certain parts is ineveitable. Lets say that Toyota has 10,000 parts, max. Windows XP has over 1TB of source code. If we conservatively assume 5 lines of code per KB, that works out to over 5 billion lines of code. Crashes and weaknesses are to be expected. They fact that they attempt to fix them as fast as possible is a point for them. Remember there is no law requiring 90% of computers to use Windows, people, companies, and governments use it because at the moment, it is the easiest path. Right now it seems that Linux is making great gains on that, but Windows is still the king, for now.

Preying upon the pitiful: 21st Century Darwin

[pgfault]

The old adage holds true that all things, including virii, prey on society's pitiful. Unfortunately, counter to Darwinism, the weak are not eliminated from the Internet.

Sigh...

Flagrant System Error

Computer Over
Virus = Very Yes

So who's not biased?

[Ucklak]

ABC
CBS
NBC
CNN


This is the new millenium. Information is at your fingertips. Come up with your own conclusions.
We're not dependent on these news outlets as our only source.

What do you bet....

[TrozPoit]

The vast, vast majority of people infected with the virus are men?

Re:Amazing! "Free pussy" and brains switch off!

I'm continually amazed by how quickly people turn their brains off when "free pussy" is in the air..

As opposed to the free pussy located underground....
/ewwwwww

NO WAY. It would have come out by now...

[wernst]

Now I admit that this is a GREAT theory: that the antivirus companies write and release new and variants of existing viruses only to drive the need for their products.

That said, the AV products have been out for SO LONG, and viruses EVEN LONGER, if this were true, someone would have certainly come out of the woodwork by now.

The gaming industry is not the only industry with disgruntled workers willing to blow the whistle on specific problems anonumously.

If this were true, we'd have proof by now...

Porn

[jeffy210]

Ah, never underestimate the stupidity of horny people.

Re:Porn

[Name+Anonymous]

Shouldn't that be: "Never underestimate the hornyness of stupid people"?

I think not

[dave1g]

http://www.xe.com/ucc/

xe.com Universal Currency Converter ® Results

Live mid-market rates as of 2005.01.18 18:23:38 GMT.

0.02 CAD = 0.0163793 USD

1 CAD = 0.818966 USD
1 USD = 1.22105 CAD

Re:I think not

A single snapshot is an absolutely meaningless comparison. The point was being made that the dollar has been collapsing against other currencies over time... (it's called irony if you're wondering).

Re:I think not

[dave1g]

Falling, but still more valueable than the canadian dollar. Its falling mostly against the euro. it has consistently been above the CAD and that snap shot would have been correct the past 10 years any day and time of the year.

Re:I think not

Maybe it was just refering to how the opinions of American's are useless. Just look at their last two elections...

Dream On

[ackthpt]

I wish enough people had learned the first time through.... Sooner or later, enough people are going ot get pissed off that something FINALLY gets done.

I've got one mailbox which has been receiving an old worm for about 2 years. I figure there's one or two people who have my email address and their email has been infected for that length of time and still don't have a clue.

When people finally get pissed off enough, they'll hand the goverment a mandate to do something about it and we'll all lament the freedoms we've lost thanks to the program the government 'friends' came up with, which favors special interests.

Be careful what you wish for, you may well get it.

Systemic Problems vs User Problems

[nurb432]

The real problem is not the platform, its the user.

Anytime you allow users to do anything, you have the potitional for an infection that casues troubles.

Some platforms may currently be more prone to problems, but you can be assured whom ever has the largest market share will be the one under the greatest attack in the first place.

Remember too, some problems are platform independant, such as the JPG problem from last year.. Or sendmail.. or ssh.. or or or..

But regardless of any systemic issues, excluding true worms that come in at a system level, it still mostly boils down to users clicking things they shouldnt.. And it doesnt matter what system they are using.. They can still run a trojan and at the very least hose their profile.. ( and will ).

So i guess there is a solution afterall, no users.

Disclaimer: I'm a BSD user and am also virus free, but im not so blind ( or stupid ) to think we are invunerable.. We just are not a direct target, yet.

Re:Systemic Problems vs User Problems

[Quino]

The reason doesn't matter, the fact remains that switching will make things better.

If half of computer users switched, we'd still be better off -- anything would be better than the monoculture we have now.

The fact that Linux/OS X/BSD whatever (as good as they are, and I do think they're innately more secure than MS offerings) aren't perfect either is no reason to stand by and just live with these Microsoft virus/worm problems.

There are valid reasons why it may not make sense for some people to switch, but pointing out that Linux/OS X/etc. aren't perfect (only better) either isn't one of them.

Re:Systemic Problems vs User Problems

[c0p0n]

The problem is mainly letting some moron to do design decisions like giving Outlook or IE the hability of executing things. Why the heck should be able Outlook to interact with the Windows kernel execution routines (mainly through ActiveX) in any way? It's a PIM, by god's sake!

Re:Systemic Problems vs User Problems

[TheLittleJetson]

The platform still plays a key role, simply by the processes it uses for various tasks, like installing an application. The process can have security as a result, even if the user is an idiot.

My weak analogy: Accidents on a roadway with no signs, lanes markings, or traffic laws could simply be blamed on "bad drivers". However, having lanes and laws to dictate the driving process, help reduce the likelyhood of even bad drivers getting in an accident.

If it were only popularity causing an OS to be targeted, then my plan to switch folks to Mac could blow up in my face when Mac is the most popular platform in the world, which should happen roughly.... never.

Re:Systemic Problems vs User Problems

[slAckEr+Of+dOOm]

>So i guess there is a solution afterall, no users.

I have a better one: no virus-creating script kiddies.

Re:Amazing! "Free pussy" and brains switch off!

[rob_squared]

"...when free pussy is in the air."

Aerosol pussy? Somehow that doesn't sound satisfying.

Re:Amazing! "Free pussy" and brains switch off!

Is where?

Re:Amazing! "Free pussy" and brains switch off!

May be they only enough blood to supply one of the two areas.

Re:Amazing! "Free pussy" and brains switch off!

[babyphatman]

i thought the p was always free cause the crack costs money...

Readable version

http://shit.slashdot.org/article.pl?sid=05/01/18/1 611224

Why I wouldn't open an email attachment

[adeydas]

First, even if I am an avid porn surfer, I would know whether or not I have requested for passwords and that there is nothing called free bread in the porn industry.

Second, if I don't know anything about porn, I might get a bit curious to know what it is. But any person of proper IQ would get cautious by the nude pics that come with it.

Third, if a really dumb guy gets the mail and opens it, he will get suspicious since the extension is .exe which cannot be a password file and if he has already opened it, he might scan his computer for viruses.

So can somebody please explain me what kind of people would actually spread it?!

Re:Why I wouldn't open an email attachment

[darb_is_fat]

Third, if a really dumb guy gets the mail and opens it, he will get suspicious since the extension is .exe

Uhh..most "dumb" users don't know what an .exe is..

Re:Why I wouldn't open an email attachment

[Jim_Callahan]

Plus, Windows XP hides file extensions by default. One of the many things I had to waste time fixing when I installed the system.

Re:Why I wouldn't open an email attachment

"...he will get suspicious since the extension is .exe which cannot be a password file"

Unless its a self-extracting archive...

Clamav?

[phreakuencies]

I have ClamAV installed and I checked in the virus list (sigtool --list | grep -i mydoom) and I can't see anything resembling this one. I know ClamAV may have different naming conventions. Does anyone know if clamav's virus definitions get updated fast enough?

Re:By which you mean

[Jim_Callahan]

If A*B*C X

Re:By which you mean

[Jim_Callahan]

bah, stupid html rendering thingy not allowing a "less than" symbol.

Market share doesn't equate to vulnerability

[squidsuk]

"but you can be assured whom ever has the largest market share will be the one under the greatest attack in the first place."

Under greatest attack, perhaps. That doesn't translate to equally vulnerable, nor automatically likely to be a mass problem.

Any infection like this is going to be exponential, the key question is whether the exponent is greater than 1 or less than 1 at any particular point. If it's greater than 1, even for a while, you get this situation as with Windows where the number of infections rapidly becomes astronomical, until there aren't any more vulnerable systems to attack.

If the exponent is less than 1, which I suspect would be the case for Linux/Mac, even if Linux/Mac were the market-dominant OS, then the infection will have a half-life from any initial distribution, and will rapidly decay to nothing having infected only a comparatively few machines. It just won't spread effectively in such hostile conditions.

Re:I agree

[Jim_Callahan]

We've put up with the "gullibility" security hole long enough. I'm sick of these "people are stupid enough to ignore common sense" exploits. Just another effect of the monopoly that God has on biological creation. We should definitely switch to an open-source type of creation, or "eugenics".

Reminds me of the Titus episode

[Spy+der+Mann]

Sure, go ahead, kid... touch the socket.
*BZZZT*
(kid cries)
HAH! Now you won't do it again, will ya?

Fool me once...

[Esion+Modnar]

shame on you. Fool me twice, shame on you. Fool me again, OK, I should take the blame this time.

This really shakes what little confidence (none) I had in the general level of intelligence out there. Are they just a bunch of Homer Simpsons that keep opening the fucking attachments?

This is depressing. They're all morons. And they stay up all night calling Dell tech support just to see if they're really there (even on Kwanza).

Re:Fool me once...

"Are they just a bunch of Homer Simpsons that keep opening the fucking attachments?"

One of the reasons email has supplanted faxes is because of the capacity to add attachments. Do you really think it would be so popular if people had to copy and paste every single lump of text from Word documents, rather than just attaching the .doc? This doesn't make people morons, since its precisely what email was designed to do, its just means the Microsoft has fucked it up for everyone.

Problems with a " < " ?

[LordPixie]

Use: & L T ; for a <
Sans spaces, of course. If you want a Greater Than symbol, use & g t ;.

Oh, and please turn over your geek license on the way out. Thank you. =)


--LordPixie

That was a strongbad reference

[Spy+der+Mann]

Funny.

Uh but he missed the link.
Strongbad gets a virus.

No.. It doesnt..

[nurb432]

No I didn't mean that they were more vulnerable because they have a larger market share. I meant that they would be more targeted, thereby exposing vulnerabilities more often..

Keeping off the radar helps greatly...

Re:No.. It doesnt..

[soulhuntre]

Keeping off the radar helps greatly...

I thought "security through obscurity" was officially refuted on /.

Oh, wait... unless it's an attack on Microsoft. My bad :)

Darwinism? No more Internet for them

[squidsuk]

Maybe it does apply...

http://www.latimes.com/business/la-fi-fedup14jan14 ,1,795541.story?coll=la-headlines-business&ctrack= 1&cset=true

LookOut!

I have unnofficially renamed Outlook to Lookout! - As in Lookout! distribution list here comes another worm/virus....

Re:By which you mean

[endoboy]

well, nice to know that at least I have company over here in the dunce's corner

Been done

Been done
Nice try though passing off in detail something already in existence. Do you write patents for MS too?

What we need is an old-style malicious Win32 worm

[Werrismys]

What we need is the kind we met some years back... the one that caused havoc to hundreds of thousands of Windoze-PC:s in Korea, overwriting their BIOSes.

What we need is a really malicious Windows worm that will spread for two weeks, then wipe out the host's disks, then preferably its BIOS, rendering the machine even more useless than it was under Bill's rule.

As it is now, infected Winblows users simply run a cleaner program every now and then and hope their puter gets better, and feel secure, until the six-month-cycle is full and they have to reinstall Winshit. And in the meanwhile, their 0wned boxes continue to be a nuisance to the rest of the Net.

If a really malicious worm, using old, patched holes, is released and manages to practically destroy those hundreds of thousands of shitboxes on wideband, the better to the rest of us.

The victims will either get a clue, or buy a Mac.

Can you imagine losing two years worth of photos? I for one would want to point a finger at SOMEONE. In this case, M$.

Re:What we need is an old-style malicious Win32 wo

Can you imagine losing two years worth of photos? I for one would want to point a finger at SOMEONE. In this case, M$.

That would imply that you didn't back up your files at all during those two years?

What if you had something completely non-virus related happen to your computer? (eg, stolen, hard drive crash, house catches fire, etc). Who would you blame, then?

Re:Amazing! "Free pussy" and brains switch off!

Yay Pussy!!!

Re:Amazing! "Free pussy" and brains switch off!

Free Pussy

Mod parent up

[einhverfr]

The interesting point I have noticed for a couple years is the rise of viruses which appear to have organized crime connections. These include spam relays, marketed zombie services, etc. I don't think that this is the work of the AV companies. I think that it is a much more interesting trend and indicates the rise of a sort of "e-mafia." Or at least if AV companies are responsible, then they are clearly criminal.

It *must* be organized crime because such behavior is criminal and selling spam relays, zombie computing services, etc. requires organizational ties for sales, etc....

Re:No patch

Patch for what? Dumb user gets freeporn.exe in the mail, dumb user runs freeporn.exe despite the warnings, dumb user gets infected. Malware like MyDoom and Bagle can even infect Linux systems. After all, if people are willing to open an encrypted zip file and run freeporn.exe (or whatever) they will be willing to chmod +x freeporn.bin and su to root to run it. Even then root access is only needed to corrupt system files (not necessary), bind to ports below 1024 (not necessary, port 31337 is just fine for backdoors), or use raw sockets (with a DDoS network, who cares about spoofing). While Linux's security model will provide protection against many types of malware, the kind that require deliberate action by dumb users will still operate perfectly in Linux. Considering how well the encrypted zip file viruses worked, there are still plenty of dumb users around and there is nothing Linux can do to fix that.

Re:Ever hear of Bagle?

Several variants of the Bagle virus did exactly that. The malware came in an encrypted zip file. The user actually had to open the zip file, check the text of the email for the password, type in the password, extract the executable file, and then manually run it. Incredibly, there were lots of idiots who did just that.

Re:Amazing! "Free pussy" and brains switch off!

[hkmwbz]

Sadly, this isn't even "free pussy". It's "free pictures of pussy".

Re:By which you mean

[Jim_Callahan]

Yeah, we should start a club or something. Good to be the target of my own laughter once in awhile, though.