Slashdot Mirror
Sober.P Worm Accounts for 5% of all Email Traffic
destuxor writes "The grave insecurity of the day is the Sober.P worm which is currently pushing nearly 5% of all email traffic at the moment. Unlike previous worms, Sober can disable the Windows Firewall and Symantec Antivirus. Interestingly, patched machines are not vulnerable to the exploits used by this worm. What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?" update percentage corrected.
If they have SP2, the computer automatically runs the updates.
I get _TONS_ of logs from various ssh-worms roaming around these days.
What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"
The problem is, MicroSoft went a long way to tell people that no, they can not trust them when it comes to privacy. People from random businesses around here are pretty paranoid now -- I've talked to the CEO of a ~300 employees big company who, albeit a non-technical user himself, went on a long tirade about not letting Windows phone home.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
I have tried using windows update on several machines over the years ever since it came out. All I ever receive in return are page script errors, stalled connections and general frustration of all kinds. I especially hate waiting for it to do something after god knows how long only to have it error out and start all over again. I gave up on windows update long ago which is fine because I generally follow and advise others to follow hte rule of 'if it ain't broke then don't fix it'.
Isn't life is full of little surprises!
*blinking cursor*
If virus writers ever changed their tactics from one of "sneak in and just borrow their CPU cycles and bandwidth for my bot-net" to one of "let's infect, spread, then kick them in the nuts" people would take notice once again.
Several years ago there was a virus that went around replacing jpegs with copies of itself (or something). My friend had a struggling web-hosting business where he hosted websites for about 100 different small mom-and-pop shops. Even though I warned him about the risks of viruses and that he should run his site with Linux/Apache he didn't listen. That virus wiped him out.
No, he didn't have up-to-date backups. But guess what? He keeps meticulous backups now and keeps his computers patched with up-to-date virus software and only connects to his web server via ftp (no mounted shares any more).
Alas, he still hasn't embraced Linux or OS X, but at least he's not part of the problem any more.
Just think what would happen if a virus spread around and just looked for .xls files and quietly changed all the 3's to 7's? How far back would companies have to go into their backups to be sure they had a known-good copy? D'ya think they might take viruses and security more seriously then?
The last major hassle we had with a worm was primarily due to the enormous amount of traffic it generated, bringing our networks to their knees. That was an annoyance to management, but they saw it as a network problem - not a virus/worm/security problem.
One of these days some one or some group is going to unleash a virus that really IS going to do real damage. Maybe then people will realize that they aren't sitting in front of an internet toaster, but sophisticated computing device that has a tremendous impact on many aspects of all of our lives.
"terrorism" and "pedophilia" are the root passwords to the Constitution
That won't work. Irresponsible users will always be irresponsible, no matter what OS they are using.
If that is your case, consider the user's responsibility and skills.
If he has no computer skills at all, just change his settings without him knowing.
If he thinks he has lots of computer know how, but really is some inexperienced (and irresponsible) n00b, I suggest tricking him into doing theing securely appealing to his 133tness ("Only ordinary mortals use IE6, we hackers use IE7 firefox edition", the firesomething extension might be useful in that case).
If he's responsible, but reluctant to change, wait for him to screw up, make him feel bad for screwing things up (just letting him know how much effort it takes to reinstall a workstation usually works) and them offer him a chance to do things securely. If doing things securely is not a hassle (activating windows update, for example), he will not change back either because the same inertia will make him stay secure, or because he sees the benefit of doing things securely.
There are more things to consider, but that should be a rough guide. Some people do not know how to use a general purpose machine, and would be happy with a "web browser" (or other) appliance. You cannot let these people loose with root priviledges.
GPG 0x1B479C78
it only comprises 4.65 percent of all email traffic? Where does this article say 25 percent???
Maybe they're not counting spam?
My mail server saw the first one on may 2nd. As of today (the 8th) at 4am, 419 were blocked. 11883 emails came into the system over that time, so about 3.5% of our traffic was sober.p. That's not 5%, but still pretty high. It shot right past virus #2: SomeFool.Gen-1.
We all know microsoft has alot of money. Why dont they just send out a s*** load of Patch CD's just like what AOL does.
Also keep a numbering system on the CD's that any moron can keep track of.
Hell im sure you could get away with putting them in common places.. like bestbuy, wallmart, Safeway, etc.
It can and often will break your machine's current state and render multiple applications inoperative.
I've had a lot of Windows patches kill applications. Most notably Adobe Premiere, Internet Explorer, Visual Studio, and a load of older third party shareware/freeware apps. Often enough a reinstall of the application fixes it, sometimes... not.
The biggest problem isn't a lack of patches being applied although it is a big problem. The biggest problem is that people still insist on using e-mail as a way of conveying web-like information without regard to its origin or nature. I know a lot of people, some family, who would never ever visit shady porn sites and the like who nevertheless, display all their e-mails in full HTML format with Active X, Javascript, and the rest turned on full blast. Then they select each e-mail in turn, opening it by default in the preview pane of MSOE and just to make sure it really is spam, will also click on the attachments as well.
Of course, I was seeing this same thing more than seven years ago in corporate offices never mind home PCs. Absolutely nothing has changed. Any time a user allows code to run, they take the chance that code will be designed to undo their protective shields including anti-virus, anti-spyware, and firewall services. Those services are not designed to act like viruses themselves and resist deactivation (with the exception of NAV which acts that way by an idiot structural flaw rather than purposeful design) at all costs. Oops.
What Microsoft could do is create a bootloader that worked from a separate partition and scanned the as yet not activated main OS partition for rootkits and viruses and removed them before the OS could be started along with them. Problem is, we can't ever know that MS didn't fark the system up with spyware of their own to check that DRM wasn't messed with, that we weren't using warez'd MS products, or even working on behalf of the *AA agencies to root out and destroy MP3s and so on.
Another solution is to make all web applications including and especially MSIE work only inside a virtual machine within Windows where it was quarantined from outside system interaction and had to pass a fine-grained security checkpoint to interact in any way with the outside short of mere audio-visual output. In other words, scripting that was doing something with a web page would generally work, something that wanted to browse the file structure would have to be signed, the user would have to constantly say yea or nay and enter a password. Anything to slow down the interaction, log it, control it.
I seriously doubt we will ever see it of course.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
Installed XP. Connected to network to install updates (On 100Mbit internet connection) It got a virus within 60 seconds of connecting, while it was still downloading the updates. :P (This happened around the time SP1 was released)
All misspellings and grammatical errors in the above post are intentional and part of my artistic expression.
Not too long ago I walked into a little computer training "shop" in a supermarket near me (in Dublin, admittedly the shop is probably 2-3 miles from MS main Dublin headquarters) and there in amongst all their brochures extolling the wonders of their courses was a small cd display stand with Windows XP2 update cds.
If the world was sane, the payback to MS customers (including the indirect ones getting Windows pre-installed) for "Product Activation" should be simple access to new installation CDs! So if your computer dies, you should be able to contact MS and get a new CD sent out for your new install which will have service packs (and preferably all critical and security updates) applied, so you can actually install it without having to disconnect your network (I would imagine 95%+ of all windows users are not aware of the dangers to a new windows installation). It's no good doing a new install and going straight to windows updates, but how many Windows users are going to think differently if/when they need to re-install?
Next time someone tells you installing Linux is hard, ask them how they deal with the security issues of installing XP, and if they don't know what you mean, provide a little explanation!
Never underestimate the dark side of the Source
The open source community should do this.
Step 1: Develop the ultimate virus/worm platform -- include a bytecode engine, polymorphism, have it jack into something Freenet-like so users could manually update the network.
Step 2: Get lots of press for your examples of honeynets completely nuked, and how long it took. Show estimates of how long it would take to destroy every computer on Earth with Internet access (including flashing the motherboard, etc.) and predict a Y2K-like apocalypse if terrorists ever get their hands on this and there's tons of unpatched Windows machines.
Step 3: Watch the news media declare vulnerable platforms like Windows and OSX to be "unpatriotic". Watch thousands of developers and hardware vendors and, yes, even end-users rush to put everything on something actually secure, like Linux or BSD.
Remember: Linux IS more secure now, because would-be terrorists (all the teenage hackers of the world) have an incentive to fix Linux instead of try to break it.
Step 4: If Step 3 fails, watch someone, somewhere, sometime, actually finish the job. In a matter of hours, every insecure box in the world goes down, hard, never to rise again. Hard drives wiped, firmware flashed... It'd be a massacre. Then, when the world finally wakes up, watch Step 3 again.
Remember, if I implemented this plan, I'd never actually pull the trigger. I wouldn't be doing anything illegal. That is, unless Congress decided to pass some DMCA-like laws to prevent the development of anything which could be used to 0wn people...
Don't thank God, thank a doctor!