Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS05-039 Worm in the Wild

Posted by CmdrTaco on from the brace-for-impact dept.

An anonymous reader noted that SANS is reporting that the MS05-039 worm is in the wild. It has been named Zotob.A. Not a lot of information on this one yet except that it's trying to FTP files from a subnet.

16 of 252 comments (clear)

  1. What drives people to do this... by cameronk · · Score: 3, Insightful

    Every time some new worm is released onto the Internet, I ask myself what drives the sick people who create such things. What can we do to provide more disincentives to keep them from being jerks?

    --
    "...What is good for General Motors is good for America." -Charles Wilson, Secretary of Defense and fmr President of GM
    1. Re:What drives people to do this... by a_n_d_e_r_s · · Score: 3, Insightful

      Mostly money.

      Worms are used to get zombies, who are used to send spam, who are used to lure suckers to spend money on junk.

      --
      Just saying it like it are.
    2. Re:What drives people to do this... by Waffle+Iron · · Score: 3, Insightful
      I ask myself what drives the sick people who create such things. What can we do to provide more disincentives to keep them from being jerks?

      There are 6 billion people on this planet, and it only takes one of them to launch a worm. With a sample that large, there's no way that a worm won't get written if a vulnerability exists and generally known. There's always going to be at least one crazy who'll do it regardless of any disincentives. Peoples' energy is better directed at eliminating the vulnerabilities in the first place.

    3. Re:What drives people to do this... by fermion · · Score: 2, Insightful

      Another issue is that it is often not that hard. The current situation is that a security risk for a given bug does not exist unless there is working code to exploit the bug. Therefore one has to supply code that exploits the bug if one expects the bug to be fixed. This leads to the zero day exploit in which some kids uses that code, combines it with other code from old exploits, and generates a new problem. It would be better if the powers that be did not require exploit code, but were able to work from the theoretical, but that is not the way it is. This situation leads to the MS nightmare of zero day exploits, which is really the issue that makes MS Windows such a headache, as all systems have security issues, but just not so easy to exploit.

      --
      "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
    4. Re:What drives people to do this... by BoomerSooner · · Score: 2, Insightful

      Boredom. Plus sticking it to MS. Just think if someone could easily hack all the bsd/linux servers in the wild, they would cause much more havoc. However it is non-trivial to hack compared to reverse engineering the MS patches and comparing the old and new code.

    5. Re:What drives people to do this... by lgw · · Score: 4, Insightful

      What scares me is it's only a matter of time and technology until we have this same situation with biological viruses.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    6. Re:What drives people to do this... by theendlessnow · · Score: 2, Insightful
      Money? Probably not.

      Intellectual challenge? Yes. Somewhat.

      However, most viruses/worms and such are created merely for an emotional high. When you have a company like Microsoft that believes there is no bug or hole until it's made public... there's a natural desire to rip through their "perfect" OS (perfection depending upon whether or not there is a KNOWN exploit out there today).

      It's no different from the high that some get by building explosive devices or setting fire to things. There's a high in taking down that which some feel is indestructable.

      Microsoft is NOT a company that is known for giving out "pats on the back" to people outide of their own private paradise....

      Many times these folks simply want a bit of attention and recognition that they are important.... maybe having a "Don't tell = no bug" and "We know it all" philosophy breeds a spirit of targeted attention getting terrorism..... just a thought.

    7. Re:What drives people to do this... by ThaFooz · · Score: 2, Insightful

      Honestly, I think they are heros. Worms can do truely hideous things, the worms going around don't do anything that harmful. They are warnings that our infrastructure is unsafe

      I don't buy that argument simply because the vast majority of these worms hitting MS machines come out after MS identifies or fixes the hole. They're letting MS tell them which piece of code is vunerable, and they're banking on the fact that so many windows users don't bother to patch regurlarly. I fail to see the heroism in that.

      If you think that they "aren't doing anything that harmful", you're mistaken. The reason they don't trash the machine is simple - there is nothing to gain from doing so, and a dead machine can't propagate a worm. The point of infecting a home user's PC isn't to disrupt or steal from that user (its unlikely that there is anything more valuble on the machine than a low-limit CC#, if that), it's in having said PC's resources at your disposal. With a sufficently large zombie network you can go after something that actually matters.

  2. miscategorised by hungrygrue · · Score: 3, Insightful

    Why is this under "worms" and "security" but not under "Windows" and "Microsoft".

    1. Re:miscategorised by suitepotato · · Score: 4, Insightful

      It is only horribly redundant because the average malware scumbag writer is taking the easy way out and going after Windows machines, taking advantage of end-user naivete and Windows' openness to infection. If they had any guts and were truly 1337, they'd try to get into a source repository on sourceforge and slip their own modded source in to get Linux people to infect their machines or something equally hard and nasty.

      Come to think of it, what do we know of the server security at any of the big name OSS-hosting sites and does anyone really peruse the source anymore? Given the difference between being C++ proficient and merely being able to administer a Linux system is like the difference between the average Windows user and a Windows programmer, I'm guessing not too many.

      --
      If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
  3. Firewalls offer limited protection only by Dynamoo · · Score: 5, Insightful
    Remember folks - if you work for any large organisation, your external firewall will ONLY protect you as long as some freaking idiot doesn't bring an infected laptop in. From my experience a perimiter firewall will maybe buy you 1-2 days MAXIMUM in this situation if you have a large number of mobile users. In our case, we do not allow users to connect laptops to non-company networks at all.. but they still do.

    What's worse is that today is Sunday, so there's a greater chance of those laptops being used on an unprotected internet connection.

    Shucks, the patch for this is only four days old. There goes my Sunday afternoon!

    --
    Never email donotemail@WeAreSpammers.com
    1. Re:Firewalls offer limited protection only by Alejo · · Score: 2, Insightful

      And home users getting in through a VPN. Of course they want working all Microsoft services too. And it still is your fault, not theirs.

  4. Re:Must everything be handed to you? by Bald+Wookie · · Score: 3, Insightful

    Why should you have to do a Google search? The patch/exploit is the entire basis for the article. I know the quality of journalism at /. is mediocre at best, but expecting readers to search for the most relevant piece of information is asinine.

  5. Re:Vulnerability by Anonymous Coward · · Score: 2, Insightful

    One of these defenses was requiring authentication for all RPC access

    That's... not really "defense in depth". That's the kind of basic, rudimentary security that no sane company would have ever released a product without in the first place.

  6. An attack on Win2000? by nurb432 · · Score: 4, Insightful

    I bet microsoft secretly loves this, to get at all those people that wont upgrade to XP/2003.

    "See, you have to upgrade to be safe, send us money"

    --
    ---- Booth was a patriot ----
  7. Re:They were careless by Eivind+Eklund · · Score: 2, Insightful
    It's always been the truth that any computer wanker that has been caught has been careless. It's just that almost all criminals are sometimes careless.

    The question is where people gets recruited to be computer wankers. A large amount of these are from the "scene", starting out with just doing it for fun and becoming more criminal with time. By removing the false glamour of the scene, fewer kids will start out as computer wankers, and there will overall be fewer wankers.

    Of course there will be some left. However, that will happen no matter what we do. The money spent on securing computer systems is an insurance policy against the costs of a security break. At each point, the question is how this money can be most effectively spent - on social engineering (propaganda, routines, company morale), on technical engineering, or on an actual insurance policies from Lloyds or similar.

    Spending it all on the technical side would be wasteful.

    Eivind.

    --
    Doubting the existence of evolution is like doubting the existence of China: It just shows that you're uninformed.