Slashdot Mirror
Zotob and Mytob Worm Authors Arrested
An anonymous reader writes "The Washingtonpost.com is reporting that two men have been arrested for allegedly authoring and releasing the "Zotob" and "Mytob" worms. The first Zotob, released Aug 14 - just 4 days after Microsoft released a fix for the hole it exploited, infected systems at many major news outlets. Mytob remains one of the most pervasive worms on the 'Net today." From the article: "Moroccan authorities, working with the FBI, arrested Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker 'Diabl0.' Arrested in Turkey was Atilla Ekici, aka 'Coder,' age 21. Both individuals will be subject to local prosecutions, the FBI said." Update: 08/26 20:56 GMT by Z : Nana Mous wrote to mention an eWeek blow by blow account of Microsoft's response to the worm. Very interesting read.
In the interest of stimulating more informed discussion, here is a link to a press release from Microsoft commending the Turkish and Moroccan authorities, as well as the FBI, for their prompt arrest of the suspects.
____
~ |rip/\/\aster /\/\onkey
Atilla, you don't need a cool alias - you already have one!
2+2=5 for extremely large values of 2
What more is there to say? These were created after the patches were released to fix vulnerabilities. This was malicious code that's intention was to exploit a recognized bug before everyone had the chance to apply the patch.
Both individuals will be subject to local prosecutions, the FBI said.
In other words, a few horse heads will show up in some beds, some vague threats made, and they'll get off with no punishment.
There are only 10 kinds of people in this world... those who understand binary and those who don't
You know how it is. When you're young, it's hard to keep your worm to yourself.
Best Windows Freeware
Very intelligent kids with no social values, must be homeschooled.
I'm not a Troll, it's reverse psychology.
what would someone that age get out of releasing something that would cost so much damage?? i realize you get the whole '3Y3 PWN3D J00R 4SS' effect, but still.
:)
and also, i guess this shows more than russia has some awesome programmers
last tid bit:
Moroccan authorities, working with the FBI, arrested Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker "Diabl0."
who the hell uses the term 'screen moniker'??
Wouldn't using Atilla as a screen name earn a bit more respect than Coder?
d z.htm
http://www.hyperhistory.net/apwh/bios/b3atilla_p1
The Stone Age did not end because humans ran out of stones. - William McDonough
removing their virii and others as well as great software such as CoolWebSearch and their ilk all day EVERYDAY of their sentence.
If I was either of the two suspects I would be crying my eyes out and demanding to be tried and jailed in the US instead of the "Local prosecution". Their best jails would likely not come up to the level of our worst.
"GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"
they had apparently commented the code: //.. @uthors: Farid Essebar, Atilla Ekici
Too bad the rest of us have to share a network with Windows users. When viruses hit Windows hard, the whole network suffers.
It's a shame that these idiot kids can't make a program that every computer [that runs Windows anyway] could use, and then when they get the urge to explot a Windows hole, they'd have a payload that would do more than cause reboots and crashes, and could do something useful like calculate something for medical science, patch the hole they exploit without doing damage, or play a podcast with a good message.
ANYTHING. The lack of creativity in today's vandals is just pitiful.
Saskboy's blog is good. 9 out of 10 dentists agree.
I think it's interesting that when these worms were originally introduced, and started first infecting machines, how the media made such a big deal about how quickly after the security hole was announced the worm was unleashed. I find it a bit more interesting the speed with which law enforcement is able to nab the creator of such programs. It used to be, "We don't know where in the hell to start!" to now it's more like "When can we pick this person up and how are we going to prosecute them here or there."
Just my thoughts.Generation Trance: What generation are you?
...that I actually know how to apply Windows bugfixes.
How on earth do they find these people?
Paul Grosfield - the quicker picker upper.
CROWD:A witch! A witch! Burn her! Burn her! Burn her! We've found a witch!
VILLAGER: We have found a witch. May we burn her?
CROWD: Burn her! Burn! Burn her! Burn her!
BEDEVERE: How do you know she is a witch?
VILLAGER: She looks like one.
CROWD: Right! Yeah! Yeah!
Oh my god, does this kid suffer from a lack of imagination or what?!
I could be wrong. I'm always wrong...
The worm also is thought to have temporarily disabled the systems that the U.S. Department of Homeland Security uses to screen airline passengers entering the United States.
Oh so the airport screening machines are on the internet, are they? I feel safer in the hands of people as competent as the DHS already...
Or more likely, this is just another piece of DHS propaganda designed to enphasize how dangerous those virus writers are. So dangerous they can disable our precious airport security systems! Terrorists!!
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
I've found that those with unique rl names, choose bland screen names.
Sort of like how the weak/shy personas use aggressive/offsensive screen names.
It is interesting that the U.S. government's FBI agency has become a world-wide police force.
--
Trying to make one book explain all of life makes some people crazy enough to kill.
Microsoft Assisted Worm Investigation Microsoft's Internet Crime Investigations Team supported the investigation with law enforcement immediately following the release of the two worms. Microsoft provided technical information and analytical support to the FBI on this case, which was then shared with Moroccan and Turkish authorities.
Daily News http://newsblaze.com
Among walnuts only the empty one speaks.
actually, i think microsoft should hire them on to their security team. ms could apparently use a few more code reviewers...
Must be in Europe somewhere? They always have odd ways of saying things. Cargo area in the rear (or front) of a vehicle for example.
USA = Trunk
Europe = Boot
They use Monicals over there I think... ;) There is more than one movie out there that shows them being used by Europeans.
If you can't already tell this was supposed to be funny.
Generation Trance: What generation are you?
He was *writing and distributing worms* and using his RL name online might have struck him as a bad idea.
Pointing at the emperor and throwing rocks at his balls are two very different things. They could of just pointed. They went the rocks at balls path.
Comment removed based on user account deletion
The real problem is that the childen are "pointing it out" by kicking the emperor in the balls.
Can't condone violence.
You can only be young once, but you can be immature forever.
boy, you are a retard aren't you. these people that were arrested didn't find the flaw, they merely plugged the thing into an already-existing virus base (blaster) and clicked on it. they don't deserve jobs for the fbi. they are just a bunch of script kiddies
-Anonymous Coward
Why don't the worms actually do something really destructive, like erase partition tables or cause irreversible damage?
That, to me, would seem like the choice route.. instead they're mild "blah blah, I will infect you and do nothing but infect others" apps.
Shame..
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
Happy Birthday, Joshi.
I guess they can kiss thier keyoard hands goodbye.
- moomin
It's not like the found these holes on their own. They analyzed the patches that were released, and wrote something to exploit the problem that was being fixed.
There's no way to combat that sort of attack, apart from not ever having bugs, ever. Which is unrealistic, and unattainable.
There is a big difference between pointing out that the emperor has no clothes and running up and smacking him on the balls.
the virii in hackers were a lot more fun. best quote ever:
GUY: SIR! WEVE GOT A COOKIE MONSTER!
other guy: TYPE COOKIE YOU IDIOT!
Who says that the FBI hires good people... retard.
did she too spread for all the people, like the worm spread to all the systems?
By making fairly harmless (ie: no permenant physical damage to the machines) worms using exploitable holes, this encouraged MS to patch and everyone to upgrade. In the wrong hands, the exploits could have been used to erase data, set voltages higher than they should be, all sorts of MUCH WORSE THINGS.
Bah he's not insightful, stupid moderators, heads way up their asses. It was released POST PATCH.
or they could be made to write a code to avoid dupes at slashdot.. and for every dupe, their genitals electrocuted?
To further ammend that, the problem is not code reviews, it's the MS design (or lack thereof). Alot of MS exploits are not issues where the code was defective as much as where the design was defective. Take, for example, the Slammer worm. You would ask the SQlServer instance for a database (directory service over UDP), then get a good old buffer overflow by making a bad request (not formatted properly). (My memory is a bit rusty on the details, check out wired for a slightly closer look.)
Code reviews, usually find the "duh" type of bugs. As in, poor control structures, misuse of class/methods. The security type flaws can only be fixed by: better design (what could someone do to this) or having people hack at your solution as part of testing (aha, look what I can do). Now the slammer fix could (and probably was) as simple as a check on the length of the request.
Now (knowing that), if I worked at Microsoft, I would be checking for that in code reviews... I mean they have been bitten by this numerous times and a buffer overflow attack is one of the oldest tricks in the book. And yet this is also a process thing: the guys who wrote the code that performs the search probably don't know alot about low level details, and those guys didn't know the restrictions, which points back to design.
...that I don't have Internet access.
Yes, but their midochlorian count was through the roof. I hear tell that once they get off their prison sentence turning Wookie turds into Jedi lounge furniture, the Emperor will hire them as consultants.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Imagine that a clothing company uses very shoddy materials and cuts corners in its production, yet they are popular enough that 9 out of 10 people will be wearing that brand of clothing. The clothes are crap, sub-standard, and you just know that if people realized this, the company would either improve, or people would buy their clothes elsewhere. To that end, you walk down a busy street and grab a handful of cloth every which way, easily ripping the shirts off 9 out of 10 women who pass by you.
Should you be jailed for "merely" demonstrating this weakness?
-paul
Pistol caliber is like religion: everyone has their favourite, and theirs is the only right choice.
A lot of posts referring to balls in response to your post.
interesting...
--- I used to moderate, then I read the -1 articles and decided having to filter through them was not worth it.
Umm, you forget that it was his screen-name as a cracker/worm-writer. Would you really want to use your real-name for such things, just makes it easier for the feds to find you.
Hope that includes torture.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
You really think MS's patch system is all about "your" security? It's driven, was created and exists due to MS's lawyers. They cannot be blamed -- as your yourself argue -- for the flaws in Windows. After all, they put out a patch, warned everyone, and people just don't do what the good MS tells them. But, my anonymous friend, you are overlooking that this is a flawed OS from the start, from the beginning, and MS really hasn't cared about security from the get-go. Where are the viruses taking down Netware, taking down Linux/Unix? They are not there. Why? Because those houses were built on a good foundation with thoughtful administration in mind. Windows is a house built on a swamp, but since the builder keeps telling you about the spot in the bog about to make the corner sink just before it sinks you are freely willing to believe that it's your fault.
So, now, who is the one not being insightful?...
"All great things are simple & expressed in a single word: freedom, justice, honor, duty, mercy, hope." --Churchill
Actually, if MS wanted to branch out to new markets, this would be a good place to start. Start a hacking/virus investigative branch and sell your services in tracking down the little bastards that write these worms/viruses.
Systems like that do have to be integrated with each other, and they need updates. You can either lay brand-new cable (and make sure that nobody physically hacks into it) or you can re-use the existing infrastructure.
The latter is a hell of a lot cheaper. And it's effective if you restrict what sorts of programs are used on the computer. Like there's no reason for these to have had port 445 open in the first place. (It's a hell of a lot easier to control open ports with Linux than with Windows.)
Restrict incoming bits to just the port you're expecting (or even better, make it "pull" and accept no unsolicited bits), and practice good software development, and you shouldn't have this problem.
>In the interest of stimulating more informed discussion...
You do know you are posting on Slashdot right?
If you do it accidentally, once, absolutely not.
If you do it premeditatedly, on a large scale, as some kind of "Fabric Avenger", then absolutely.
Why yes, I AM a rocket scientist!
who the hell uses the term 'screen moniker'??
COM programmers, perhaps?
Uninstalls Outlook Express and OE
Sets FF and TB icons to resemble IE and OE for clueless users.
Deletes itself.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Pointing at someone's balls and grabbing and twisting them and then pulling really hard is different. So if you're naked in public, expect to get at least get the finger of the children. And then there's the emporer, who's like a child, but bigger and naked. And he probably doesn't use crayons like the children who wrote the things that made him naked.
Or something like that.
Was anyone else concerned about the fact that there's now 4 replies that use the words balls? Maybe the 'naked emporer' image wasn't the right one to conjure up here...
"Thank you. Please spellcheck your genitalia references though.
They force people to build more secure systems. How is this wrong? People like this are keeping software developers on their toes. I say good on them...
How is this wrong? People like this are keeping software developers on their toes. I say good on them...
Couldn't you make the same case for people shooting cops or driving drunk? In the first case it will spur body armor manufacturers to create more effective armor. In the later it may lead to safer cars?
The Luddites were ahead of their time.
I was reading a dated (2004) article comparing security on Windows and Linux. In it, they point out that Windows is not on the Top-50 list of highest uptimes. I recently visited the list (http://uptime.netcraft.com/up/today/top.avg.html) and noticed that Windows does indeed have a few entries.
But, no Windows machine should have an uptime of more than ~6 months as all MS updates require a reboot. And the Netcraft list contained Win2k machines w/ 4+ yrs uptime! That means they should be ripe for the picking, right?
Directly-accessible web servers that haven't been patched.
Any reason these aren't hit?
On a computer or under a hood.
Damn, now I want to know what that subject line says...
my progeny worm
set loose to exploit your holes
mine left for inmates
The "Executive e-mail" is a key part of the response process, and it includes the use of a very specific, high-priority subject line to make sure the mail is read by the senior executives.
Unfortunately for Microsoft, and fortunately for us, that very specific, high priority subject line has been leaked:
a-nonymous. eh. forget it.
> E-mail blasts were sent with links to the incident page, patch download locations and other mitigation guidance.
nice strategy! now people will get used to install binaries from spam links!
#1, most countries have laws against hacking/viruses/etc. Hence the reason they are being prosecuted locally. They broke a law in their country so it'll be handled there. However #2, law enforcement around the globe cooperates. We don't want criminals to be able to escape prosecution simply be conducting crimes across national lines, or fleeing to another country.
So, what probably happened here is what happens all the time, the FBI had evidence that one of the authors was Moroccan so they got a hold of Moroccan police and gave them the information they had. Moroccan police investigated and have now arrested a suspect.
I fail to see the problem here.
So how long until this special subject line is either released and/or "bruteforced"?
...that I am not gay like RocRuby.
make install -not war is the GAYEST sig ever!
Then you should really go and deflate her now.
Turkey and Morocco are amongst America's most trusted allies. Turkey is member of NATO, and Morocco was granted by the US the status of most important ally outside NATO, and we have a free trade agreement with Morocco as well.
Oh, and btw., America's oldest friendship treaty (non broken) with a foreign nation was with... right: Morocco. Signed on our side by Thomas Jefferson himself.
cpghost at Cordula's Web.
Blame is not a zero sum game. Windows is one of the problems. A child who writes worms is another.
They also then probably went and tried to steal the from the citizens who went to help the king. That was the real big problem. If you notice in the stories, money exchanged hands. They were not pointing out security problems, they were thieves.
Fantasy remains a human right; we make in our measure and in our derivative mode... -- JRR Tolkien
Pointing at the emperor and throwing rocks at his balls are two very different things. They could of just pointed. They went the rocks at balls path.
Have you ever known an emperor to respond to the "oh, you made a mistake" approach? Or even recognize that a mistake has been made without a few rocks thrown at their balls? Plenty of people, security experts and script kiddies alike, have been warning with the "pointing" method for a long time. Absolutely no-one notices until the emperor takes a few rocks to the balls. Disclaimer: I disagree with such treatment on principle but can see why someone would take such an approach.
There's no way to combat that sort of attack, apart from not ever having bugs, ever. Which is unrealistic, and unattainable... even in Linux
1. hijack major media corporation with upcoming worm
2. make the word that only an old version is affected.
3. make that media corporation, and lot of its viewers, buys windows XP and stop using 2000. first profit
4. ???
5. profit, probably.
I still don't understand how MS get off being the innocent party here. I mean...
Amen to that, brother.
Don't e-mail your crimes.
That's why we can't find Osama.
Design for Use, not Construction!
Now that they have played that hand, the kids are screwed..
They dont even have 'normal' rights as an accused now.
---- Booth was a patriot ----
What I want to know is, why doesn't CNN patch? Maybe there's a good reason, but I want to know what it is.
I know a guy who works at the NYTImes. Their laptops are a mess--users have admin control, etc. They get hit with everything.
just remember: when your balls tingle, that means somebody is talking about them!
it's exposure
if some linux desktop flavor were as widely popular as windows, do you honestly think it would be any different with a new wonder worm every year?
you linux zealots are honestly going to tell me that some badly written linux app that people widely adapt isn't going to be fodder for these guys as well if the application and the os had as much exposure as windows?
it's a very simple formula: take a bunch of coders working on a lot of code, and presto changeo: holes. it's not like linux programmers are omnipotent and windows coders are drunk: people are people, no one is perfect, sh*t happens. the only deciding factor is how much interest there is in finding and exploiting those holes. if linux were up at bat instead of microsoft in the popularity contest, linux would be striking out just as much as microsoft.
so what's the real lessons for us?:
1. you need an ECOSYSTEM of os's out there. not one big borg state of 99.999% market penetration. in such a world, truly, one kid in his parent's basement can take down the entire world. what you need is something like 25% linux, 25% bsd, 25% windows, 25% mac, or whatever.
2. don't celebrate that microsoft is getting hammered with worms, you should WORRY. because microsoft is getting good at fighting these worms back. look at the difference in the response to zotob as compared to sasser or code red. does the linux world have a similar muscular attack response system? additionally, what happens is that over time, because of it's exposure, microsoft actually gets pretty darn well patched from all of the really scary expoits out there, and all of the exposure begins to WORK for microsoft sales pr: "well we've been exposed to a powerful searchlight over the last few years and all of the really scary holes have been found... if you go with our competitors, who don't have nearly as much exposure to exploit exploration, who knows what nasty things someone might find in that os."
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I suppose the "biggest kid on the block" argument is irrelevant at /. but just for grins I'll throw it out there.
If 90% or more of the world's computer systems ran on any other single OS, it would be just as susceptible and just as targeted as Windows.
I thought you were talking about Nike until you mentioned shirts...
Yes, because apparently you were also doing it to steal the wallets located inside said clothes.
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
would be to send them to bunk with Novak and Rove in Gitmo.
I'm not sure who that would punish, but it would make me happy.
-- Tigger warning: This post may contain tiggers! --
Very informed post indeed !
:)
Morocco entry in Wikipedia : http://en.wikipedia.org/wiki/Morocco, for those who want to know about the first country to have recognized the US
"The affected Windows 2000 operating system is already out of mainstream support and is not considered a consumer operating system."
... guess I'd better tell my uninfected Win98 PC to roll over and play dead then, cause King Bill declared it is no longer among the living.
..
Really
Strange, it works just fine
-- Tigger warning: This post may contain tiggers! --
The USA, proud member of the first world, is in the top ten for executions with such exemplary second world nations as Belarus and China.
Actually did that on a machine just yesterday after spending 2 hours cleaning out the viruses, spyware, porn dialers et al. Doesn't look exactly like ie, but close enough for these users...
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
The authors of the virus infecting Word documents go by the screen names of 'WordCraft' and 'Haxor', authorities said.
Authorities expect soon to catch two more virus authors, codenamed 'D40C' and 'Pr0gr4mm012'. The virus for which they will be hunted down is not yet known, but authorities promise 'it will be a real boo-hoo threat'.
I'm still trying to figure out what people mean by 'social skills' here.
NT
...it's too bad Windows 2000 and XP SP1 don't have the Windows Firewall that stopped the worm from getting on my PC and others. My brother prefers '2000 (visual styles bug him for reasons unknown).
That said...PWN3D!!1
You can hold down the "B" button for continuous firing.
....The FBI also announced that there are additional penalties for lame screen names and unimaginative naming conventions for their worms.
:-)
Now, "Trogdor" --that's a good name!
I might know what I'm talkin' about, but then again, this is Slashdot...
The FBI web site gives the impression that they are only there to help. However, the FBI acts on its own most of the time, I understand.
A transition happened, and American citizens were not allowed to consider the issues.
I can see why it would be as targeted as Windows is nowadays, but why would it be as suspectible ? What would magically add countless holes to, say, Linux ?
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
We apparently forgot to advise you : our geography course has been updated. As you know, we use Google maps, and Europe isn't constituted of only the United Kingdom and the Republic of Ireland anymore.
It's called the "Good Times" virus
Both individuals will be subject to local prosecutions, the FBI said.
Here's our chance to see if public flogging and amputated fingers deter hackers.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
They didnt steal anything from you. They could have, but they didnt. Instead you pulled your own head out of your ass, updated, so that someone with a real malicious intent couldnt use the same exploit.
There are already applicable laws against grabbing strangers' clothes and ripping them. There are no laws against ripping one's own clothes in a way that those clothes then rip the clothes of every other person one meets, causing their clothes to rip other people's clothes, and so on.
_I_ don't think that person SHOULD be exclusively responsible for all the ripped clothing. The manufacturer does bear some of the responsibility.
WINE?
..."games" would be more appropriate.
The subject line says: "STOP SPAM NOW-Here's how"
(No comments on the irony of my tagline, please.) };-)
The U.S. really needs an English to Wisdom dictionary.
Very interesting, thanks. I'm going to have to remember that!
~S
1) release virus
2) get arrested
3) update resume
4) get hired by security company
5) profit!
Not as susceptible, but possibly targeted. But then more bored kids would have things to do like optimizing their kernels and recompiling gentoo and whatnot, (I really have no idea what I am saying, but am about to install slackware linux anyway)
All your base are belong to Wii.
Where I live, "security experts" are always wheeled out at these moments to explain that the new viral assualt is the creation of organized criminal gangs headed by a supremely intelligent and resourceful Mr Big (who probably lives in a suite at the Ritz and never goes anywhere without a Yorkshire Terrier). Yet here we are again, with the alleged perps being a couple of no-name losers from nowhere. It'll be interesting to see what, if anything, they link to.
Las qué passoun
tournoun pas maï
I caught this worm Yes I uninstalled Fedora 3 and replaced it with W2K (Boot time reduced by 1 minute, wireless card now works) Noticed extreme activity on the NIC, being a laptop I can see the LED. "Strange" Say I, "Flashing away like fu**, I wonder..." Sure there we are in services, ps/2 mouse service, do me a favour wtf is this bullshit! Identify, disable remove etc about 1 hour after infection. Yet I run SpyBot/ADWare blah blah blah they EVENTUALLY spot it (Tuesday, I got it last Sat) BUT Firewall: disabled 445 NOT 443, which looks the same when you KNOW what your looking at! I did read some stuff about uPnP last year and thought "What a ... for a lightbulb"
This is Intel doing not m$!
well okay I will go for wintel
Anyway, no great harm done, thats being done by the undetected worms in all those SUN & Linux M/C between me and that GaySexPronUberMachine
Everyone knows Linux is coded by irrate *nix programmers no longer required by SUN microsystems becuase stealing 386BSD was soooo 1990's
sounds like sexual assault to me. have fun in jail.
I have discovered a truly remarkable proof which this margin is too small to contain.
As usual, I see a lot of highly-moderated "Insightful" comments discussing how these viruses are written just for the sake of writing them. These viruses and worms are used to build botnets that are used for DDoS, phishing and spamming. The authors of Zotob allegedly released over 200 variants of their worm to help numerous people build botnets.
It's unfortunate that so much media attention is paid to the authors of the virus and so little paid to its consumers. They are the ones filling your e-mail box with advertisements for ClAIS and VÌAGRRA and asking for your SSN.
Well, I for one welcome our new womens shirt ripper offers.
A hush falls over the seance. There is a message fro you from the spirit world. It's "...re-e-ea-ad....th-e-e....pre-e-vio-ousssss....p o-o-osssstssssss......."
I see the two writing on a chaulk board:
I will NOT make Microsoft and those who use their products look stupid.
I will NOT make Microsoft and those who use their products look stupid.
I will NOT make Microsoft and those who use their products look stupid.
I will NOT make Microsoft and those who use their products look stupid.
I will NOT make Microsoft and those who use their products look stupid.
And can you be a bigger karma whore, TMM?
The CNN report I saw on this said these sleezebags also created the RBOT variant (which I'm guessing is an offshoot of of ZOTOB) and I hope these guys see some some serious jail time. My company got hit with RBOT.CDM variant which Trend didn't have a pattern for on Wednesday and entered via a laptop that hadn't been patched in a while that was placed someone's unsecured connection, and brought in the virus around our firewall. At least it caused OfficeScan to break on one of the downstream infectees and the end user was smart enugh to notice his Real Time Scanner icon turned red (which means something took it offline) and even smarter to call and ask about it. A quick investigation showed the Registry Editor and CMD prompt were suddenly inaccessable, but it's a ugly feeling to scan the file with the latest pattern and the Controlled Release pattern scan right over the file and not report anything. At that point, you rip all the downstream infectees off the network, call Trend and wait (WAY too long I might add) for them to send you their forensic toolkit, which you run on the infected machine and take the 65MB snapshot it writes out and FTP it them. They had a pattern fix (which they call a "bandage pattern") for us the next day along with a cleanup method. 15 infected machines later, you're done.
... with only a short straw and lung inhalation power.
I can honestly say being at ground zero for an undiscovered variant virus really sucks. For having done Windows Network Administration for 10+ years, I felt rather at a loss. It's all better now, and with the arrests made, I'd like to offer my choice in punishment for these dirtbags if they get convicted.
I work for a large construction company and on some jobsites, it takes a while for for the sanitation crews to get around to pump out the Port-a-potties. I would suggest they farm these guys out to clean out some of these nasty johns
That'll learn 'em
...and I told him long before. He knows by now and probably thinks differently about that now too--I remember him saying that some months ago, so his opinions may have settled during shipping.
Judging from the Zotob news, I'm extremely glad I stayed on XP, and didn't switch as he suggested when he brought a Windows 2000 CD at that time. I like jellybean Start buttons anyway. ;)
Of course, if it was (disclaimer: I don't believe this, just think it may have been possible) Microsoft making the virus to get more "genuine" customers then I'll be extremely glad they are bankrupt, instead.
You can hold down the "B" button for continuous firing.
Im surprized people doing things like this don't release their virus infections through unsecured wireless networks. Just drive around town till you find one and then send out the files. Would make it a hell of a lot harder to trace.
This is my favorite line from the freakin article...
"Customers are more aware of the need to move into a maintenance mindset. Customers using Windows 2003 Server SP1 [Service Pack 1] weren't impacted by the vulnerability because of changes we made. This is best example of learning how to make product more resilient to attack and have it be secure by default."
A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
Every country with a Muslim majority is endangered by Islam fundamentalism. If moderate muslims don't speak out and don't get militant about their moderate viewpoints, the fundamentalists will drive/kill all moderate leaders.
So where are the moderate Islamists? I keep hearing about them, but nothing from them. Don't they yet realize that, to preserve moderation, it may be necessary to pick up a gun? Or are they all cowards? I fear the latter.
As someone who just finished working at an embassy overseas and worked with FBI officials there, let me assure you - the local countries don't mind the help and technical assistance they receive from the LEGAT offices. Quite the opposite - LEGAT provides a great deal of training and equipment when needed, and acts as a liason with local police force.
The LEGAT agents probably weren't the ones that made the actual bust, but they were likely there to coordinate it.
Considering the damage this virus caused to US interests (businesses and citizens at home and abroad), I'd argue the US certainly had an interest in taking these guys out of commission.
The tinfoil hat crowd can, and will, say what they want, but the FBI employees I've had the chance to work with are amazing people - honest, hard working, focused on their jobs, and quite frankly, underpaid for the risks they take. I'm just glad to hear that the guys were busted.
Is that what you were looking for? I just had to have it YELLED at me to hear it right.
This issue is a bit more complicated than you think.
Is it actually possible to get something installed and working properly under Wine ? I've pretty much given up on it ever being usefull, especially after realizing just how much time and effort was put into the graphical configuration program (which deprecates the old config file, meaning that if someone by some miracle actually got Wine working for his programs, it won't work anymore - oh, and it doesn't support all the options the config file did) and things like theming support !!! I mean, seriously, if you have an emulator, which doesn't run anything well, should you really worry about making it pretty ?!?
Sorry to all the Wine makers who might be reading this, but your stuff just tastes bad and leaves me mad, just like vinegar usually does...
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
that I don't have to constantly apply patches that require reboots and break stuff because I'm too stupid to operate a grown up OS
Shouldn't they arrest or at least fire the developers responsible for creating the vulnerability in the first place and thus making these viruses possible?
It's like your house has a 2 metre hole in the wall because the builders forgot to close it. And you can't close it yourself because it's against the law to examine the house.
I don't doubt what you say. It makes sense to me.
However, the question is whether the FBI is, in some ways, actually influencing law enforcement and the law in other countries. That's what happens with the U.S. government's CIA agency; "working with other countries" meant "infiltrating the governments of other countries". Does the FBI operate by its own rules, but show the other government only what it wants the other government to know?
In Brazil 40 years ago, U.S. government agencies "providing training" meant influencing the military to create a military dictatorship. Hidden actions of the U.S. government overthrew Brazil's government.
Corruption of the Brazilian government by the CIA in Brazil is a strong present-day concern. O Globo, the place where the article was originally published, is the biggest media company in Brazil.
The question is not what you see, but what is deliberately hidden from you.
In actuality, it is very difficult to run any organization. Organizations that have a high degree of secrecy quickly become uncontrolled.
U.S. Senator Frank Church investigated extreme corruption in the U.S. government's secret agencies. The agencies certainly never apologized; it must be assumed that nothing really changed.
I'm guessing that you, like most American citizens, have never read about the corruption mentioned here, or the many other cases of extreme corruption of the U.S. government in influencing other countries. That's why you mentioned "tinfoil hats".
--
Trying to make one book explain all of life makes some people crazy enough to kill.
End
Ubiquitously - A Ubiquity Developer Community
It works, especially now that so much has been done to mystify IT, that's why scammers use it. It's also a lot of bullshit on the technical side. Most of these M$ worms and M$ virii propagate without any user intervention at all. Many also affect patched machines. So the only mistake that the customers are making is using M$ products at all.
A virus is only harmless data, unless your system is designed to run it on sight. If your application or operating system can't live securely in a networked environment then it shouldn't be using IP anyway. Blaming the customer won't change any of that, though it may keep people from considering quality of the software.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.