Slashdot Mirror
Invisible Malware Install 65MB Large
Paperghost writes "Words fail me with this one - don't have the .NET framework on your PC to utilise the adware maker's technology? No problem, they'll download it for you without you knowing. The problem is that it's a sixty-five megabyte install." From the article: "...the size of the .NET framework to download can vary drastically depending on what extras you have - don't forget the service packs, SP1 is an extra 10 or so MB in size. But I'm actually understating the amount of space used when installed, as .NET can total up to 100MB."
I wonder if it comes with 24-hour tech support?
It's bad enough installing spyware, but now they have to go and install Microsoft software!?!?!?!
You slimy bastards!
I hope they're using bittorrent...
And the makers will of course claim that they are providing a valuable public service by keeping peoples pc's updated! Bvah!
nhnFreespirit
Any word on which browsers are vulnerable? Is this the sort of thing to be, once again, filed under "Switch to FireFox"? The author leaves a lot of unanswered questions.
Or is this the child of something that must be user-run first?
I hope the land around you yields, a crop like all the other fields, and then your waiting might make sense...
They could have at least installed the open source version of .Net, aka Mono. What were they thinking!
"With enough memory and hard drive space, anything in life is possible!"
I'm still waiting for the worm that will monitor someone's usage habits so it can stealthily download and install Linux.
I bet some people started working on it, but got into a religious argument over what distro to use and gave up.
I could also see a worm that would harvest someone's credit card number and use it to order a Mac Mini.
Help I'm a rock.
It's like apt-get for Windows, except you don't even have to ask for the software. Further proof Linux isn't ready for the desktop, I guess.
This reminds me of a couple years ago when many piece of software came bundled with spyware called NewDotNet that claimed to be "needed for next generation internet applications" - just around the same time MS started pushing .NET
I remember uninstalling it from a bunch of machines because people asked, "Do I need this?" Yes....
It would be cool if it didn't suck.
I remember the good old days when we would statically compile in our 100 Mb of needed libraries when propagating some malware. Technology just bites you in the ass sometimes.
It installs WINE.
word.
Maybe it would get wider acceptance if MS named it differently. I first heard about it a few years back, and wanting to know more, I typed .NET into Google. I got back every www.*.net website on the web, but little about Microsoft. I knew C# had something to do with this, so I typed that in. Google dropped the # and returned every page with the letter C. Then I heard about ASP.NET, and decided to look that up on Google. I got back every www.*.net/*.asp page in the world, again no useful info. Finally, I gave up and installed Linux instead. I heard that mono got me .NET on Linux, and so I looked up mono. I learned alot about being careful about who I kiss, but little else.
Unknown host pong.
I guess it'll download Mono. Hurray, malware is finally getting portable. Now if they finish Mono we can have malware on Linux too! ;-)
What happens when Longhorn-specific malware packages decide to upgrade those Win95/98 boxes still out there...
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Now I know how to install it without clicking "I agree". So we'll be seeing some benchmark results on .NET real soon now, right?
For those of us that occasionally program in C# with .NET this is a bigger pain that you know. The two most descriptive keywords of the programming environment really are meaningless nothing-words in the Web's (normally) best search engine.
Get off my lawn.
Consider the .NET framework for a second. Suppose you wrote something innocent like a screen saver, written in C# based on the .NET framework. How would you as an ISV "ship your software"? You can't. Not unless you sign up to ship Microsoft's software as well. You see, the .NET Framework isn't widely deployed. It is present on a small fraction of machines in the world. Microsoft built the software, tested it, released it to manufacturing. They "shipped it", but it will take years for it to be deployed widely enough for you, the ISV to be able to take advantage of it. If you want to use .NET, you need to ship Microsoft's software for them.
Who said Microsoft does not know how to ship software anymore?! Let the trojan authors take care of that!
-------
Warning: Slashdot may contain traces of nuts.
It's a 65MB install, but only a 24MB download. From TFA:
.NET framework to download is around 23MB, though this is still a lot of bandwidth to use up without asking. In addition, the size of the .NET framework to download can vary drastically depending on what extras you have - don't forget the service packs, SP1 is an extra 10 or so MB in size.
.NET, it takes up 65MB.
the actual size of the
So once it's done its thing and installed
Guy asked me for a quarter for a cup of coffee. So I bit him.
BT Internet recently doubled the downstream rate on most of their broadband accounts, and after looking at the spyware penetration on some friends' Windows machines, 65MB malware seems completely plausible.
Prosperity is only an instrument to be used, not a deity to be worshipped. Calvin Coolidge
You appear to be using Linux. Please wait while we download and install Windows XP.
Progress 1% (2/690MB downloaded)
PocketGamer.org - For the gamer on the go!
Security is one of the core goals of .NET.
.NET as their preferred language of choice.
.NET, my malicious software is sure to be undeniably secure! Thanks Microsoft!"
That's why 9 out of 10 Malware authors now choose
A testamonial:
"I finally switched after being pwned by other Malware authors. All my other hack buddies laughed at me!" said 1337HaxX0r, author of AllYURComp.exe, "But now that I'm using
Karma: The only way to win is not to play.
The .NET download is just part of Windows now; sooner or later, you will need it, whether you want it or not. 65M is not all that large compared to other runtimes and libraries (C/C++ is much larger).
.NET.
The real problem here is that somehow these machines installed malware. The problem could be that they are running IE, it could be that the malware is exploiting a bug, etc.
There is a simple solution: run Linux instead. That will protect you from both malware and
No kidding, one time I was doing some painting with some latex paint, right? And I was painting an oak table (oak is a wood with a hard core), so I wanted to make absolutely sure that the paint would bond to it. So I hopped on to google and type in "hard core latex bondage". I think it must be a bug with the parsing engine or something.
Infact some models have shown its even in a species interest to play host to a disease causing entity that is more lethal to a competitor or predator. E.g. mice that carry diseases fatal to predetors.
In rare cases tolerance gives way ot full symbiosis where each helps the other. Perhaps a bacteria that helps deal with some more dread disease or an enteric digestive aid. Something that fixes nitrogen in your roots.
So anyhow maybe the course of virsuses are indeed ones that tune up your system, protect you from other viruses and make sure your computer is working optimally. Perhaps they will get out of your way when you are actually using it and just steal cylces and bandwidth when you wont miss it.
In that case 24 hour tech support is indeed on the way.
Some drink at the fountain of knowledge. Others just gargle.