Slashdot Mirror
MyDoom Strikes Again
Renegade334 writes "Months after the last attack of MyDoom, MyDoom.AI returns. Like usual it was spread by e-mails with claims to have attachments that contain passwords for adult websites."
← Back to Stories (view on slashdot.org)
The clients that are affected will not dare to tell me.
I wish enough people had learned the first time through.... Sooner or later, enough people are going ot get pissed off that something FINALLY gets done.
It's being reported that thanks to pro-active action from the porn site in question, the problem is under control...
"Nothing can shake my belief that this world is the fruit of a dark god whose shadow I extend." - Emil Michel Cioran
i've had enough. even after learning about already existing about n+ variations of mydoom, folks on this planet still have to run every executable files from strangers with questionable topics.
i guess computer usage should also be decided on IQ.
Where? Which ones? How do we get them?
If you don't know what AltaVista is (was), get off my lawn.
The virus companies write variants and release them to enforce the upgrades. I worked at a popular AV company doing front end work, not the actual engine, and when we got together for drinks the engine writers would talk about upgrade paths from what they were working on. Ever wonder why most viruses don't destroy your system? Because there's no money in an erased system. There is a lot of money in AV upgrades.
When will virus writers learn that they can't spread malware that way. Nobody in this day and age is stupid enough to click on an attachment claiming to have XXX-site passwords. I mean c'mon, who is stupid enough to fall for that?
/sarcastic-anti-luser-rant
I think those who get affected actually deserve to be affected - mostly, they are the ones who keep on spreading those "forward this to 10 ppl in 10 seconds or you will throw third nipple". Give 'em more.
Passwords for adult websites? Yay!!
Oh, if only I knew how to open email attachments!
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
What they failed to mention was that they never did the critical updates that would have prevented this. Way to go guys. I guess it is all about how you report it.
I already got 6 of these in my gmail account, from people I don't know. Thankfully, they all ended up in the spam folder. Nice!
It's not a virus, and it doesn't really have shit to do with windows.
It's just some code to do bad shit, you email to idiots and trick them into clicking it.
This could be done on any OS. Just, no one really cares for an army of about 12 OSX-based bots, when they can get thousands of Windows boxes.
I don't need no instructions to know how to rock!!!!
Too bad we don't have virus scanners that check for user stupidity / ignorance.
Like usual it was spread by e-mails with claims to have attachments that contain passwords for adult websites.
And, like usual, it hasn't affected most of us because even the Windows users among us understand basic tenets of email security.
Attention deficit disorder is a complicated issue, spanning several major... HEY LET'S GO RIDE BIKES!
Eat that, Duke Nukem Forever!!
Where can I download this new MyDoom thingy?
"It's too bad that stupidity isn't painful." - Anton LaVey
Do the passwords work?
I started with nothing and I still have most of it.
remember how God used to smite masturbators?
------- Was it just a coincidence I got moderator points the first time I logged on to
Can those guys be more creative? like "adult site for girls", "account of phishing website", "spammers' email address list". This trick is too boring.
There is a spark in every single flame bait point.
I'm continually amazed by how quickly people turn their brains off when "free pussy" is in the air..
will probably have links to provocative pictures of Bill Gates posing with computers.
The virus will fail miserably.
True it could be done on any OS. And true there are thousands of Windows boxen out there. However, you still need users that are dumb enough to click on the attachment in the first place, regardless of OS.
Slackware
The problem is, God gave men a brain and a penis, but only enough blood to run one of them at a time.
- Robin Williams
(I probably messed the quote somewhat, but the gist of it is right)
I don't need no instructions to know how to rock!!!!
OCO is Loco
If your IT head doesn't have system updates somewhat automated with AV and spyware software he should be fired on the spot
Could you advice ANY good anti-spyware software which can be deployed corporate-wide? (with trial version)
Like Symantec Antivirus Corporate Edition or TrendMicro OfficeScan?
It is *PITA* to install/update defs and run spybot/adaware on every single computer on big LAN.
I took a picture a while back with text on it that seems to fit this article in a very appropriate manner, note: do not click the link unless four letter words do not offend you. http://www.imagedump.com/index.cgi?pick=get&tp=194 276 Hopefully the DBDF acronym will catch on. :D
What day is it? Could you please tell me?
Apple is hiring young hackers to develop more of these new "sales-promoters" to increase the sales of the new Mac mini.
Believe me, OSX and Linux have more than their share of stupid users.
They post here on slashdot all the time. They tell you silly shit like iPods make great external hard drives, and work well as backup devices.
They talk about using Gentoo as a backend server, because all you have to do is put "emerge sync && emerge -u world" in your crontab and nothing will ever go wrong, and the -funroll-loops in your CFLAGS will make it unga bunga faster.
I don't need no instructions to know how to rock!!!!
"...and b) The majority of stupid computer users will use Windows."
Mod Parent Up! +1 Insightful
uname
Last.fm - join the social music revolution
Will it still have the feb 1 ddos launch date?
"Like usual it was spread by e-mails"
No, it was spread by stupid users.
And what do you propose be done?
Im not being a smart ass here, I think the problem is that no one really has an answer yet.. Not that we all dotn want it to stop ( well all of us except the anti-virus makers )
The same goes for spam.. no one yet has a good workable answer.. If there even is one.
---- Booth was a patriot ----
Believe me, OSX and Linux have more than their share of stupid users.
I agree.
However, if one of these users click on an attachment, such as myDoom, it really doesn't matter too much since it only affect Windows users. IMO, all OSes have their share of stupid users, but stupid Windows users seem to do the most damage from what I've seen.
Slackware
Virus Writers: 1
Masturbators: 0
UTF-8: There and Back Again
It's like, "Tommy, don't stick your hand in the wall socket. You'll get electrocuted."
"Sales people, turn off your preview panes. You're going to get our server banned from the ISP again."
At this point it's clear that Windows doesn't do enough to prevent these types of problems. Microsoft is the only company with complete access to Outlook AND the OS itself.
Now if a regular companies product is misused... the company still ends up with lawsuits (Toro, being the most famous). The product is defective... tons of lawsuits.
Yet Microsoft, despite it's weak software costing companies billions in lost revenue, and even having crippled a Naval ship, shut down governmental departments, etc....
Why aren't they held to this standard in the US "lawsuit happy" system?
IMHO it's a bit unfair that they have remained immune for so long.
If I come up with a product that's so terrible companies loose millions... there lawyers are after my ass.
The old adage holds true that all things, including virii, prey on society's pitiful. Unfortunately, counter to Darwinism, the weak are not eliminated from the Internet.
Sigh...
I hear this "only windows users" think so much, I think I might write some OSX and maybe Linux malware and email it to the MyDoom authors to include in their next release.
"OSX users be sure to click the Mac attachment. Don't worry, there are no viruses for OSX so it's perfectly safe to click it. Linux users - you need to type a special command due to the super secret nature of the passwords and the fact the companies don't want us sending them to you - unzip the file then type "make"..."
ABC
CBS
NBC
CNN
This is the new millenium. Information is at your fingertips. Come up with your own conclusions.
We're not dependent on these news outlets as our only source.
if you steal from one source, that is plagiarism, if you steal from many, well, that's just research.
we exchange secret-admin handshakes and have a beer with lunch whenever the latest virus comes out.
damn, you must be an alcoholic by now.
That said, the AV products have been out for SO LONG, and viruses EVEN LONGER, if this were true, someone would have certainly come out of the woodwork by now.
The gaming industry is not the only industry with disgruntled workers willing to blow the whistle on specific problems anonumously.
If this were true, we'd have proof by now...
Ah, never underestimate the stupidity of horny people.
------
"And may your days be long upon the earth."
Now, given, this could be done for any other os. But in general it's only done for windows. A valid analogy would be if a man eating Tiger alert was issued for Pretoria, South Africa. Sure, tigers could live in America if released here and if so, there could be tiger alerts here as well. There's nothing intrinsically unsuitable about the environment that precludes such an occurance. But Pretoria, South Africa Tiger alerts have absolutely no consequence for me.
http://www.xe.com/ucc/
xe.com Universal Currency Converter ® Results
Live mid-market rates as of 2005.01.18 18:23:38 GMT.
0.02 CAD = 0.0163793 USD
1 CAD = 0.818966 USD
1 USD = 1.22105 CAD
I've got one mailbox which has been receiving an old worm for about 2 years. I figure there's one or two people who have my email address and their email has been infected for that length of time and still don't have a clue.
When people finally get pissed off enough, they'll hand the goverment a mandate to do something about it and we'll all lament the freedoms we've lost thanks to the program the government 'friends' came up with, which favors special interests.
Be careful what you wish for, you may well get it.
A feeling of having made the same mistake before: Deja Foobar
The real problem is not the platform, its the user.
Anytime you allow users to do anything, you have the potitional for an infection that casues troubles.
Some platforms may currently be more prone to problems, but you can be assured whom ever has the largest market share will be the one under the greatest attack in the first place.
Remember too, some problems are platform independant, such as the JPG problem from last year.. Or sendmail.. or ssh.. or or or..
But regardless of any systemic issues, excluding true worms that come in at a system level, it still mostly boils down to users clicking things they shouldnt.. And it doesnt matter what system they are using.. They can still run a trojan and at the very least hose their profile.. ( and will ).
So i guess there is a solution afterall, no users.
Disclaimer: I'm a BSD user and am also virus free, but im not so blind ( or stupid ) to think we are invunerable.. We just are not a direct target, yet.
---- Booth was a patriot ----
"...when free pussy is in the air."
Aerosol pussy? Somehow that doesn't sound satisfying.
I don't get it.
i thought the p was always free cause the crack costs money...
A person is smart. People are dumb, panicky dangerous animals...
Linux users - you need to type a special command due to the super secret nature of the passwords and the fact the companies don't want us sending them to you - unzip the file then type "make"..."
LOL, you really think Aunt Mildred is going to do all that? No, she'll tell her nephew Jason "I don't understand what they are telling me to do", and Jason will take one look at it and tell her it's a stupid scam, and just to delete it.
So, lotsa luck, you go ahead and try to spread a worm through linux. But let's face facts, while it's trivial to spread a windows worm, it's so damn much work, with so little chance of success, trying to bypass security on linux, that you'll eventually give up in frustration, having achieved nothing.
First, even if I am an avid porn surfer, I would know whether or not I have requested for passwords and that there is nothing called free bread in the porn industry.
.exe which cannot be a password file and if he has already opened it, he might scan his computer for viruses.
Second, if I don't know anything about porn, I might get a bit curious to know what it is. But any person of proper IQ would get cautious by the nude pics that come with it.
Third, if a really dumb guy gets the mail and opens it, he will get suspicious since the extension is
So can somebody please explain me what kind of people would actually spread it?!
I have ClamAV installed and I checked in the virus list (sigtool --list | grep -i mydoom) and I can't see anything resembling this one. I know ClamAV may have different naming conventions. Does anyone know if clamav's virus definitions get updated fast enough?
If A*B*C X
...it's really a sad day for America when we require a goddamn ACT OF CONGRESS to make our DVD players work properly. ~
bah, stupid html rendering thingy not allowing a "less than" symbol.
...it's really a sad day for America when we require a goddamn ACT OF CONGRESS to make our DVD players work properly. ~
If they are that gullible, I hope whoever set their computer up did not give them the root password.
At least with most distrobutions, a virus theoretically could only do so much with user-level access. Though I do remember reading a while ago that Lindows (now known as Linspire) had no root password or everything ran as root or something to that effect. I hope they have since changed that.
Why is spyware something that doesn't plague Gnu/Linux systems? A common argument (and somewhat valid) is that Gnu/Linux doesn't have near the market share of Windows.
I would like to add, however, that spyware wouldn't be nearly as effective on Linux machines. It could be removed with ease unless the root password was given. Same goes for web browsing - even if a piece of spyware were designed to exploit some Mozilla flaw, where would it place itself? In the user's home directory? Anyone with basic knowledge of how the logon process works would be able to identify and remove such malware with ease.
Compare that to hours of registry editing, spyware scanner updating and scanning, only to find that it's still not completely gone - followed by a reinstall of the OS in bad cases.
"but you can be assured whom ever has the largest market share will be the one under the greatest attack in the first place."
Under greatest attack, perhaps. That doesn't translate to equally vulnerable, nor automatically likely to be a mass problem.
Any infection like this is going to be exponential, the key question is whether the exponent is greater than 1 or less than 1 at any particular point. If it's greater than 1, even for a while, you get this situation as with Windows where the number of infections rapidly becomes astronomical, until there aren't any more vulnerable systems to attack.
If the exponent is less than 1, which I suspect would be the case for Linux/Mac, even if Linux/Mac were the market-dominant OS, then the infection will have a half-life from any initial distribution, and will rapidly decay to nothing having infected only a comparatively few machines. It just won't spread effectively in such hostile conditions.
We've put up with the "gullibility" security hole long enough. I'm sick of these "people are stupid enough to ignore common sense" exploits. Just another effect of the monopoly that God has on biological creation. We should definitely switch to an open-source type of creation, or "eugenics".
...it's really a sad day for America when we require a goddamn ACT OF CONGRESS to make our DVD players work properly. ~
Sure, go ahead, kid... touch the socket.
*BZZZT*
(kid cries)
HAH! Now you won't do it again, will ya?
This really shakes what little confidence (none) I had in the general level of intelligence out there. Are they just a bunch of Homer Simpsons that keep opening the fucking attachments?
This is depressing. They're all morons. And they stay up all night calling Dell tech support just to see if they're really there (even on Kwanza).
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
Use: & L T ; for a < ;.
Sans spaces, of course. If you want a Greater Than symbol, use & g t
Oh, and please turn over your geek license on the way out. Thank you. =)
--LordPixie
Funny.
Uh but he missed the link.
Strongbad gets a virus.
No I didn't mean that they were more vulnerable because they have a larger market share. I meant that they would be more targeted, thereby exposing vulnerabilities more often..
Keeping off the radar helps greatly...
---- Booth was a patriot ----
Maybe it does apply...
4 ,1,795541.story?coll=la-headlines-business&ctrack= 1&cset=true
http://www.latimes.com/business/la-fi-fedup14jan1
You're optimistic about the number of Linux machines that might be affected. This was discussing email, not download. Sites hosting malicious downloads can be taken down or blocked where email can't, and virus/worms need a vector (like email) to spread on their own. You might get trojan spyware like that, I suppose.
Anyone who knows enough to save, unzip, make, and run an unsolicited email attachment probably knows not to do it. Even with RPM's, having installed it doesn't run it in and of itself; it's very different to 'click on this and it executes'. RPM's would of course be a better vector for spyware than source, though.
And when it comes to 'Linux vulnerabilities', those exist, of course, but in an ecosystem that isn't a monoculture and where vulnerabilities get fixed fast, it's doubtful if you can engineer anything capable of spreading fast enough to be self-sustaining.
well, nice to know that at least I have company over here in the dunce's corner
Heh, for some reason, that reminds me of someone in the LUG back at college who apparently was running Debian Testing and had apt-get update or whatever in his crontab.
He stopped that after some upgrade killed his shell. (Which, as I recall, was "also his window manager." Apparently he thought only having a single xterm in his .xinit made bash his window manager.)
tesing login: user
Password:
Segmentation fault: core dumped.
testing login: root
Password:
Segmentation fault: core dumped.
testing login: dammit
You are in a maze of twisty little relative jumps, all alike.
What we need is a really malicious Windows worm that will spread for two weeks, then wipe out the host's disks, then preferably its BIOS, rendering the machine even more useless than it was under Bill's rule.
As it is now, infected Winblows users simply run a cleaner program every now and then and hope their puter gets better, and feel secure, until the six-month-cycle is full and they have to reinstall Winshit. And in the meanwhile, their 0wned boxes continue to be a nuisance to the rest of the Net.
If a really malicious worm, using old, patched holes, is released and manages to practically destroy those hundreds of thousands of shitboxes on wideband, the better to the rest of us.
The victims will either get a clue, or buy a Mac.
Can you imagine losing two years worth of photos? I for one would want to point a finger at SOMEONE. In this case, M$.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
How much would a trojan need to do? What does MyDoom do that requires root priveleges?
.bashrc or "Program Files\Startup" (check)
Let's think what it does, and if an unpriveleged user account on linux is adequate:
- listen on an unpriveledged port (check)
- send data like spam, personal info or DDoS on an unpriveleged port (check)
- add itself to the users start-up scripts to always run, be it
- run with some obscure task name so it's not readily obvious to a non-guru that it doesn't belong there (check)
You can do all that on Windows, OSX, Linux, BSD, AIX, Solaris, HP-UX, QNX... you name it. All you need to do is trick someone into running it.
This kind of stuff has absolutely nothing to do with OS security. The problem, and eventual solution, are both found in meat-space.
I don't need no instructions to know how to rock!!!!
No, but then I don't think "Aunt Mildred" is going to be bothered about getting passwords for pr0n sites either, which is your motivation here.
Besides that I'm making a point - the user is the weakest link, regardless of what's in the message. If all that was attached was a windows batch file with "DEL *.*" in it, people would STILL click it, and others would STILL consider it a "virus".
You're optimistic about the number of Linux machines that might be affected. This was discussing email, not download.
Erm... --> "I think I might write some OSX and maybe Linux malware and email it to the MyDoom authors to include in their next release."
i.e. the next time a MyDoom email arrives, it has three attachments. One for Windows, One for OSX and one for other UNIXs. Mark my words - multi platform malware is only a meme away. As more "regular user type" people start switching to other platforms we WILL see malware arriving by email targeting those users. By far the simplest way of doing this is to email them several flavours of said malware, to be sure that they will get one to run on their platform. Ask yourself this - what is to stop MyDoom from including (along with the PC payload) payload code for Mac OSX and simply asking the user to click both attachments? Why not include bash script and hit all UNIXs? All you have to do is edit login scripts to make sure things start at runtime. If the user knows an admin password, all the better. (Incidentally show me *one* OSX user who doesn't run their own Mac using a local admin account - the default behaviour).
Imagine a school that switches to any form of UNIX - these workstations are going to be used by the normal people for normal stuff like writing assignments / checking email / browsing the web - the email arrives - Hey kids! FREE XXX PORNO!! BYPASS YOUR FIREWALLS! Run this script! - have some attached bash script that could using a variety of methods compile code on the box (or simply download it or get it from a compromised machine) and hey presto - instant UNIX virus / worm. Hell you could simply write it in Python or PHP or even PERL - would run on anything. All you have to do is tell the user how to copy it into a shell and press return under the guise of giving them pr0n.
NEVER underestimate the power of a free pr0n promise on a male adolescent who seriously doesn't give a shit about school computers.
The interesting point I have noticed for a couple years is the rise of viruses which appear to have organized crime connections. These include spam relays, marketed zombie services, etc. I don't think that this is the work of the AV companies. I think that it is a much more interesting trend and indicates the rise of a sort of "e-mafia." Or at least if AV companies are responsible, then they are clearly criminal.
It *must* be organized crime because such behavior is criminal and selling spam relays, zombie computing services, etc. requires organizational ties for sales, etc....
LedgerSMB: Open source Accounting/ERP
AC:Newsflash: OS X users need to type a "special command" when changes are made to the OS too (FreeBSD core, remember?). Your lack of knowledge suggests you wouldn't be capable of writing an OS X worm.
One assumes you are referring to entering one's password. Firstly, one doesn't have to enter an administrative password to run a program. Secondly, are you seriously telling me that people would not enter it if asked? Mac users are for starters not traditionally amongst the most technical, and they are trained that when clicking icons, sometimes they have to enter an admin password. Again, this is assuming that it's needed.
And "lack of knowledge"? Don't be so fucking patronising.
Sadly, this isn't even "free pussy". It's "free pictures of pussy".
Clever signature text goes here.
Since I don't use OSX, I can't comment on that, though if what you say is true then I'm glad that I've gone Linux rather than OSX.
... and press return"
A school that runs Unix (e.g. Linux workstations) are hardly going to give the kids root access, are they? Any virus/worm would *have* to be able to first manage a local exploit at least, even to get started. That's hardly "just tell the user
The same sort of thing can apply to the home situation - if you're a parent, and you want your kid to be able to use the internet but you don't want the machine eaten by the malware out there, do you:
(a) Do what's listed here http://www.pcpitstop.com/spycheck/safesurfing.asp
(b) Or give them a Linux workstation, with their own user, but without root access?
Both options require the parent to learn something about the threat, and what to do about it. Which is easier? Which is more effective?
Especially amusing on the Windows safe surfing tips I thought was the stuff about only accepting ActiveX when you're "absolutely confident" it's trustworthy, as if you could ever know.
Go Linux, and that question doesn't arise. Depending on age and maturity, you can relinquish the root password at some later stage, when you would be explicitly handing over control and responsibility to the kid, if it was their own computer, or if it was a family shared computer then probably not ever.
In any case, one of the beauties about Linux is that even if it was prevalent (> 50% of machines), it *still* wouldn't be a monoculture, and would *still* be a hostile environment for this sort of malware.
That's likely to translate into fizzling rather than spreading. Perhaps the best real-world example so far of that is the attack record against Apache, as compared to IIS - we'll have to wait a bit for Linux to continue growing before we see the point replicated for desktop systems.
A school that runs Unix (e.g. Linux workstations) are hardly going to give the kids root access, are they? Any virus/worm would *have* to be able to first manage a local exploit at least, even to get started. That's hardly "just tell the user ... and press return"
Basically, why? Since when do you need root to open an unpriviliged port and do other non-system level things like send emails?
Sure if you want to cause serious damage to the system then you would but you wouldn't need root to cause a lot of problems for users.
Dont fall into the trap of assuming that just because something runs on one platform that it can't spread payload for others. The point my parent post was making is that why not inlude Linux malware right along side the Windows code? For a virus like MyDoom, the more users that receive the virus, the more likely it is to spread. If you have code that will run on any unix that will happily email a cross platform payload around, you are causing things to spread more effectively, as you have a larger attack vector. Sure right now it might not be worth the hassle but if Linux had even 10% market share it would be worth doing just to contribute to the attacks on the remaining 90%.
You cannot compare this to things like Apache, as Apache does not deliever the promise of free pr0n to adolescent males with trivial user action required to further propagate.
This is very much a case of attacking the weakest link, which in this case is the user. Whatever actions that user can take, a script can take. There would be little to stop the average user emailing a payload to their friends, therefore a script can do the same thing without requiring root privileges.
Yeah, we should start a club or something. Good to be the target of my own laughter once in awhile, though.
...it's really a sad day for America when we require a goddamn ACT OF CONGRESS to make our DVD players work properly. ~