Slashdot Mirror
Worm With Rootkit Package Loose On AIM
Mr0624 writes "According to a recent article on C|Net a new worm is swiftly spreading via AIM to many computers. It delivers a brutal root-kit which bypasses security software and takes control of a PC." From the article: "The worm was spotted in an AOL IM chatroom and infected one of the PCs that FaceTime uses for worm bait. The company said it also has seen the pest hit other computers. 'It is still out there, and it is definitely something the user should be leery of ... The rootkit is designed to not be detected, and that is the scary part.'"
So, I use GAIM, and I never use the Chat rooms. Should I worry?
"'The rootkit is designed to not be detected, and that is the scary part.'"
ummm isn't that the definition of a root-kit?
It looks like the begin of the end. When enought people come to there senses they might start looking for alternative OS's!
"I'm going to f***ing bury that guy, I have done it before, and I will do it again. I'm going to f***ing kill Google"
"Check out these great new pics of us!! LoLz :)"
Summary of TFA: "You might have seen this trick before. A friend points you to a link to an .exe file. You click on it and, ignoring the security message which pops up, attempt to run it. Bad stuff happens. BUT WAIT! Now bad stuff includes a 'root kit', too! Doesn't that sound scary and hacker-y?"
Help poke pirates in the eyepatch, arr.
"The rootkit is designed to not be detected, and that is the scary part."
/. by their summaries. Check the definition of root kit before writing such a summary. One would hope that at least story submitters are more competent than the average journalist - but then again, this is /. :-)
You can often judge the quality of the articles linked to by
The rootkit is designed to not be detected
... most rootkits are designed to be detected?
So
I suppose that anyone in the computer tech/repair shop industry might appreciate tools like Rootkit Revealer right now.
Hopefully Microsoft's project that hasn't been released yet will show up soon. They also have a few hints to detect rootkits installed on a system including two Slashdot links.
Hooray for AOL.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
This is actually pretty old news, one of my friends got this a few weeks ago (he's not a geek, and he called me because I build this custom pc for him). It's quite easy to fix though, a good Ol' system restore fixes it, and there are many programs that can search for, and delete rootkit and other trojans (i'm talking about other programs besides antivirus programs, which sometimes have a hard time deleting these buggers). The trojan was called directX.exe, found in windows/system32 folder. My suggestion: don't click on a link from a friend before 1) you know what it is 2) and make sure that it doesn't say that your downloading a video file, when it's obviously a batch or exe file. This virus is not really a big deal, you just have to have half a brain to deal with it.
public class null extends java applet { System.out.print ("Tabula Rasa"); }
Another virus to try to run with Wine on my linux box :D
DYWYPI?
or "Administrator", rootkit designers don't even need to escalate privelages. I can't wait for Vista :|
I just logged on to my AIM [.Mac] account and went looking for this "root-kit" (as I do have the 'root' user enabled on my Mac for various geek reasons :). It did take me a while to find the "lockx.exe" file being offered, but it was quickly downloaded with my 10Mbit pipe. I was even WARNED that I was downloading a executable (?) and did I really want to proceed (of course I did).
.EXE file on my desktop to which I quickly doubled clicked it to open it.
:)
I suddenly found myself with a
"There is no default application specified to open the document."; Which one should I choose?
I sure hope I don't get pwnd.
Considering the rootkit is spread by users clicking links and has NOTHING at all to do with the protocol, I'd have to go ahead and have to say yeah, it can spread via any client that lets you click on links and I'd also have to say RTFA
Monstar L
"The rootkit is designed to not be detected, and that is the scary part."
As opposed to those root kits that are designed *to* be detected? Damn it, thinking again instead of being scared into buying something. Really need to work on that...
Frequently Messenger type programs get worms that do NOT require the user to click, thus making the virus that much more worm-like since it doesn't require user intervention. Windows XP had several of these vulnerabilities, and so did MSN Messenger 6. Did you ever wonder why Microsoft forced upgrades sometimes? It's because a critical bug was found in their JPG processing code for instance, and the mere presence of MSN 6 and an infected buddy messaging you automatically, because they got infected automatically, meant you got infected too. It came through a malformed .jpg or .png Avatar picture that on most Messengers is set to download and display upon arrival of any message from that person, even a message sent by a virus.
Saskboy's blog is good. 9 out of 10 dentists agree.
The worm also places several spyware and adware applications, including 180Solutions, Zango, the Freepod Toolbar, MaxSearch, Media Gateway and SearchMiracle
At least one of these companies (the first one I checked - 180solutions) have a website, business address and contact information. Why in the hell are they not being prosecuted into oblivion? They are obviously benefiting from illegal seizure of people's machines; who else could be responsible for spreading this shit?
Mind elaborating on the example? I'm sure there are plenty here who could say what exactly that was you linked to, I'm not one of them. I'm just happy I'm smart enough not to run it.
Don't know something? Look it up. Still don't know? Then ask.
SDBot is certainly not 'breaking news' variants have been out for more then 4 months!(http://vil.nai.com/vil/content/v_134563.ht m)
People choosing to run executables from IM's (while logged in as adminsitrators) get what they deserve.
I'll bet that there are a lot of people that would just click on through for what ever the carrot is, screen savers, free porn, or whatever...
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Not that it's always true but mostly the reason that corporations are hacked and people contract viruses on their computers is failure to be more cautious ON_THE_PART_OF_THE_USER.
Have a good life, earth.
Just reimage the machine and the problem goes away. :O
Hopefully you have an updated image to use. If not, you will be hangin out at the Windows update site for 2 hours.
Not sure how you have a rootkit on a system (Windows) that doesn't have a "root" user per se... Presumably it's so called because it gets admin privs, but they aren't needed for much on Windows. It's not even that tough to remove, and I've seen it starting a few weeks ago. Much ado about nothing on C|Net is what this looks like - AIM worms aren't anything new, especially not when you work with college students.
I recognize people by their sigs. Is that a bad thing?
The bigger point is that malware need only become better at social engineering to convince most people not to ask. If the worm sent two messages -- one with the link and a second one with a friendly confirmation ("Hope you liked that link. See you later."). This could easily convince many people that it was a trusted link from a trusted source. By the time they actually talk to the friend (if they do) and mention it, the friend will deny sending anything, the infected person will check their PC, find no evidence of an infection and just be puzzled by the exchange. But it will be too late.
Yes, some people might still ask or be suspicious. But infectious malware needs only to succeed with a very small % to create a very large and valuable botnet.
Two wrongs don't make a right, but three lefts do.
As opposed to the usual kind and gentle root kits, I suppose?
Isn't that part of what makes a root kit?
quidquid latine dictum sit altum videtur.
You should put a big "DON'T CLICK THIS LINK" just to see how many people actually click it.
Don't press the Shiny Red Button!
Ummm, Jon, aren't you supposed to be dead...? - Otter(3800)
How many people still use .com files anyway? If anyone sees that isn't it kinda obvious? Also hasnt this been floating around for a while, at the beginning of this month I saw it and submitted it to Symantec, they said it was an old trojan
One worm does not a trend make.
Isn't this the actual point of any worm/virus/etc. To not be detected so as to be able to do what it's supposed to do. Haven't these things been doing this even before the 90's... really since the beginning.
This is just more typically stuff. User gets something that looks like it came from someone they know and they click on the link like the dumbass user that they are. This despite the fact that they are *always* told to never just click.
They'll never learn and as such, things like this will continue to happen. Stuff like this became not news to me a *long* time ago.
All I have to say is, ad nauseam.
Mr0624 (article submitter) and Joris Evers (article writer): why call this a worm when it is clearly a trojan horse?
From TFA:
"A very nasty bundle is downloaded to your machine" when you click on the worm link, said Tyler Wells, senior director of engineering at FaceTime.
ugh. I bet you think that all hackers are bad, too.
System Restore in XP typically takes less than 5 minutes, and extremely rarely causes any data loss.
You have used system restore, right?
http://www.jayloden.com/VirusClean.htm
This tool is updated almost daily. 100% effective, I can vouch for it. You can become infected if you click the link on non-AIM clients, but it won't spread to everyone else on your buddylist.
hmm, interesting, my antivirus did not detect this...
Shouldn't it be able to detect it because i haven't executed it yet?
i bet this is a fake rootkit
FTA:
The rootkit is designed to not be detected, and that is the scary part.'"
I was going to say that and add that this is definitely scarier than the ones that pop up the message "Would you like to download and install a rootkit". But that would be -1 redundant
This affects only users who still use the Microsoft Windows operating system. If you use Linux or Mac OS you are safe.
"A very nasty bundle is downloaded to your machine" when you click on the worm link ...
Why with anyone write a chat program where you can install (and obviously run) a program just by clicking on a link?
Besides that, in Windows isn't there a way to run programs (like chat) as an innocuous (nobody) user limited only to that user's home directory and with limited write capabilities?
What gives?
Ha! I have a Mac! I can't run M$DØ$ apps.
*Thinks smugly to himself*
"Hello 911? I just tried to toast some bread, and the toaster grew an arm and stabbed me in the face!"
How many people still use .com files anyway?
Yahoo.com, Google.com, Fark.com, News.com.com... Windows stores Internet shortcuts in files with the .url suffix, but even when you have "hide file extensions" turned off, Windows still hides the .url suffix, making it nearly impossible to distinguish Google.com from Google.com.url in icon view and difficult in any other view. The little arrow in the corner doesn't mean much, as the Google.com file could contain an icon with the arrow already drawn inside.
Add on
"Jenny got drunk and decided to stripteaze!!"
and I bet alot of "us" would...
Tm
Support TBI Research: http://www.raisinhope.org
Firefox offers to open it with /usr/bin/wine-safe
Think it's safe?
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
GWSks2004: Hey CutiChk3002, there is a worm being spread around on AIM, please click here to protect yourself.
Social engineering....
$sig$
Well this is true, it could just as easily be spread via email or something, but the relation to AIM is that once the virus (trojan, whatever you want to call it) gets into your system, I believe that it sends out messages to all of your contacts with the link, propagating itself.
.COM or .EXE files.
0 80.exe (It has since been removed -- the link is dead)
At least this is how several other IM viruses have been spread. I noticed that just this weekend I got several IMs from people that I haven't talked to in years (but who apparently still have me on their lists) which were nothing but links to
One of them was being hosted at this address:
http://home.earthlink.net/~two4tea/mc-110-12-0000
And I didn't get the other URL that was going around. I downloaded the file and opened it up in a hex editor just out of curiosity (I'm on a Mac so it wasn't possible to execute anyway), but there didn't seem to be any obvious text strings or anything.
What I wonder is how the file got up on that web site to begin with; it seems rather farfetched to believe that a virus could find out that someone has a Earthlink web page and upload itself, then send out that link, which makes me think that the person spreading the virus probably planted it there after somehow gaining access to the account, and then letting the version of the virus which points to that URL out. When the linked file is removed the virus stops propagating, but by then has already spread and nabbed a few unwary users. Unless the program has the capability of 'phoning home' to get the URL of the latest location to send out to everyone, that is. The file was a few hundred KB, so I suppose it's entirely possible that it has that capability; you could fit quite a bit of code into something like that.
Not really my area of expertise, but perhaps someone who knows something more can elaborate on how these things work?
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Or... just tell people not to download crap from 'teh interweb'.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
The worm also places several spyware and adware applications, including 180Solutions, Zango, the Freepod Toolbar, MaxSearch, Media Gateway and SearchMiracle, the company added.
So, would you like some spyware with your virus at no extra charge? I know this is fairly common, but does this imply that the people that make the viruses are the same ones that make the spyware we have grown to know and love? It seems that the line between "spyware" and "malware/viruses" gets more blurry every day.
"Eddies," said Ford, "in the space-time continuum." "Ah," nodded Arthur, "is he? Is he?"
Mind elaborating on the example? I'm sure there are plenty here who could say what exactly that was you linked to, I'm not one of them. I'm just happy I'm smart enough not to run it.
I don't have the slightest idea. It looks like a Windows executable. I was sent the link in an IM, presumably by the virus described in the article.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Actually it's more like the old adage about taking candy from strangers. "Here, eat this! You'll like it!"
Most people just don't make the mental connection that they could click on a link -- something they do pretty often and usually without incident -- and cause serious harm to their computer.
I vote that it's more ignorance (to a certain degree self-imposed, because a lot of people could understand a lot more about their computers if they wanted to, but simply choose not to) than a lack of ability or mental capacity.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Seems my article was re-worded. I wish they'd at least show it to me before they post it up.
f'ing editors
you go right ahead and run it then o.O
Snowden and Manning are heroes.
Shouldn't that be a WORKGROUP\Administrator-Kit or something? There is no root in Windows. Stop stealing unix terminology you clowns.
11*43+456^2
You can often judge the quality of the articles linked to by /. by their summaries.
The two are pretty much independent. Why can't you have a good article and a bad summary?
Check the definition of root kit before writing such a summary.
The description may seem redundant to you but it's not inherently wrong to define a term. If it were an article about transfinite abelian semigroups I think you'd be glad to see which property of it is relevant to the matter at hand.
i have a mac.
up until now i thought AIM was a virus, imagine my suprise. well that explains why everyone has complained to me after asking me to clean the spyware off their computer.
thats pretty much my best post ever. I spent like 3 hours typing it.
> ...the ones that pop up the message "Would you like to download and
> install a rootkit".
I expect that would work fairly well.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
I was worried there for a second then I read the article and found out that the name of the kit ended in .exe ...... who cares, and so whats new.... nothing to see here!
Yes, as long as you don't value what's in your home directory.
Slashdot anagrams to "Sad Sloth"
If you bother to upgrade to newer versions of windows, SP2 will ask you if you want to open or download the file, which is usually called something like http://12.234.426.43/picofme.jpg but it tells you this is an executable, so if you are still dumb enough to run it after it tells you "Hey! I'm an executable hiding as a jpeg", then you deserve to be infected and so do your friends.
"I Wish I Was Gay Just to Piss Off the Homophobes!" - Kurt Cobain
well, at least the constitution affords me the ability to find out who precisely my anonymous accuser is in a court of law. or is there an Anonymous Coward clause in the patriot act?
go get it
Some windows viruses do run under WINE. However, they do not affect the system to the extent that windows viruses affect windows systems. They RUN, but mostly nothing else happens other than wasting CPU cycles.
/. before.4 30222&from=rss
I think this was posted on
http://os.newsforge.com/article.pl?sid=05/01/25/1
The key knowledge non computer geek (but otherwise intelligent) people lack is which files are executables. Frankly, not having used Windows since 1995, I am a little behind on that subject myself. So you've learned that JPG and MP3 and passive formats, and safe to click on. Who would'a thought that SCR wasn't? It helps if your browser accurately distinguishes between executable and passive content. Even passive content can be dangerous when your "player" has a buffer overflow type bug.
And your hoping for competence???
I was thinking the same thing... You'd open Add/Remove programs and under installed programs would be something like "j00 l33t R00t|<1t" with a remove tab...
Though one of my friends whose pretty low on the totem pole in terms of computer literacy up and started sending me links that went to an executable... mc-{something}.exe A quick googelization told me it was some trojan/malware that takes your machine over and then attempts to send the link to everybody on your buddylist.
Though after that first day she disappeared off of IM. So either AOL got wise and started proactively looking for this and locking out those accounts or whatever it was drove her machine into the ground... My bets on the latter...
Yes Francis, the world has gone crazy.
Using a proprietary program (as RootkitRevealer looks to be) to fight the ill effects of another proprietary program (such as AIM chat software) sounds unwise to me.
Digital Citizen
In the case of AIM, I am pretty sure you have to click a link. And I stand by my opinion, regardless of what the moderators think :)
Is this another reason to switch? (Linux or Mac, I don't care)
Or even use another client? (Miranda or GAIM)
Hail Windows! Security holes galore.
The hip way to get your IP. No ads, ever.
mod parent redundant
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
When you click the link, it gets handed off to the registered protocol handler. This will generally be IE, which will offer to 'Open' or 'Save' the resultant file that resides on the other end of the link.
On an Unix-type OS you have to save it first and then do a "chmod +x". Even then you usually have limited access to the rest of the computer. Microsoft seems to have everybody run as "root" which I think is a big part of the problem.
First the warning was made by a company that sells IM prection software, but more so because the whole purpose of a rootkit is to be very secretive. To not let the infected party know that they are compromised is probably foremost in the authors mind.
If the infected package also adds spyware and hijacks the homepage isn't that drawing attention to the fact the machine is compromised a little too much, and therefore isn't it likely to be a pretty short lived infection in darwinian terms?
IMHO Someone who spends effort and time to slip under the radar is not going to waste time adding 180 and its ilk to the machine and ruin their newfound method of infection.
A compromised machine is just far too valuable to only deliver advertisments.
Orationem pulchram non habens, scribo ista linea in lingua Latina
It really depends on the client. I use GAIM, but I know i'm impervious to this, because I'm on a linux system; .COM files won't run under linux unless you get something like WINE, and run the console extension. One of the great things about Linux is that while it doesn't support Windows programs (Excepting WINE, Cedega, etc) that people might like (Word, Excel, I dunno!) it doesn't support Windows Malware as well. I guess what I'm trying to say is that the rootkit is made for the Windows platform; because of this, it will not run under any POSIX-Compliant system (Again, excepting the ones with WINE installed).
Yes this worm propagates extremely fast but I've personally dealt with it and after infecting myself on purpose to discover the changes, it's actually pretty simple to remove....
I downloaded it with wget (don't use a web browser to download things that exploit web browser vulnerabilities) and used the filesize (109568) to search for it on Google. Came up with a page on Trend Micro saying it's WORM_AGOBOT.AIM.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
Downloaded it. So now I have a file that appears to be meaningless binary gibberish. (AKA "Application/OCTET-STREAM") How does one 'run' such a file? I can't seem to find a Makefile, or any other way to compile it. I guess I don't quite get what is dangerous about it?
n/t
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Can this root thingy thing attack my nintendo ds?
A bit obvious... Just like some viruses were doing 10 years ago... Hardly news. It's just hooking some APIs (instead of interrupts like back then), big f'n deal. Next thing you know, they'll say how they try to hide themselves from being running in memory... Typical GRC lame stuff.
One would hope that at least story submitters are more competent than the average journalist
;)
You must be new here
silly AOL, will they ever listen?
I had a rootkit last month. Nothing could get rid of it but a full fdisk/mbr where I lost everything. It was MBR based and would append itself when running windows which made it nearly impossible to delete.
It's 2005 and you only tried FDisk? There's a number of free boot record editors that could have fixed anything. There is no rootkit that I know of that is based out of the MBR the way the old Pakistani virus did to Apples. If I have a customer who needs data recovered off a rootkit infected computer I put it in as a slave in a WXP or W2K system.
When I was working on developing a Snort rule to detect links to .pif attachments in MSN messages, I was surprised to learn that Microsoft would quietly discard any messages which contained a link to suspicious executables. It even blocked links to fake .pif files I hosted myself, so it wasn't a URL blacklist.
Why won't AOL do the same with AIM? This is a very effective measure to help stop this type of attack. I work at the resnet for my university, and these types of worms are very annoying to help students deal with. Using Snort last year, I was able to see that over 1/3 of all students who received a particular "OMG click this link!" email clicked it, became infected, and started to spew messages to the infected file.
Blocking the messages before they even arrive is by far the most effective way to stop this infection vector. I'm hard-pressed to think of a reason why this is a bad idea.
I tried to login as root on my windoze box but it wouldn't let me. Does that mean I have already been infected (or should that read rooted)?
The worm (or trojan horse or whatever) is always named lockx.exe. I work at a help desk, and I can tell you from experience that it's incredibly easy to detect and remove (at least, in this incarnation). Lockx is almost always in the root directory, and when it's not there, I've actually seen it placed on the desktop. I'm not sure if it's just the weirdass users on my campus or what, but those are just about the only places I ever see it.
Removal is simple, just download Jay Loden's Aimfix, run it in safe mode, delete the EliteToolBar adware from the Windows directory, and check your startups. Removal takes about 5 minutes, tops.
Howdy.
*I* pressed the shiny red button and noth@#$@#$##)(*)()_(NO CARRIER
Mumia Abu-Jamal is *laughably guilty*. Check the evidence.
This looks like the same worm a friend of mine got a few weeks ago. I loaded it up in VMWare and discovered that it installed, among other things, the "FU" rootkit.
I took a rootkit class at this year's Black Hat Training from the guy who wrote FU. He pointed out that it's more of a proof-of-concept rootkit. It does allow you to hide files, registry keys and drivers from both user-mode and kernel-mode processes, but, it really doesn't go out of its way to hide itself from every possible angle, so detection (and thankfully, removal) wasn't that bad.
I was able to whip up a little app to fix it from within Windows. But had the worm's author actually expanded on FU's techniques and done a better job of hiding the rootkit, recovery would not have been as nearly as easy. (Just imagine how much fun would it be to talk a novice through Windows XP's Recovery Console!)
Once the worm authors start to get better at exploiting the potential of rootkits, we've definitely got a much better problem on our hands. The old "1. get infected, 2. run anti-virus to disinfect, 3. repeat" cycle just won't work anymore. Good luck even finding a well-implemented rootkit once it's in your kernel, let alone trying to clean it up while it's effectively able to veto every action you take.
(Yet another reason why no Windows user should run as an Administrator.)
"Power corrupts, and absolute power corrupts absolutely." -- Lord Acton
And you will be logged in as root when you run wine?
IE: The worm is a compact, surreptitious BT/Kademlia client.
:p
Took me a second to realize that "IE" meant "id est" and not Internet Explorer. And "id est" means "that is," not "for example," also known as e.g. (exempli gratia).
Handy cheat sheet:
i.e. = id est = that is (not commonly captitalized, or puncuated as an acronym like IE)
e.g. = exempli gratia = for example
There's your pendantic lesson of the day
"Hey, you don't know me, but I just KNOW you'll love what I have in this box. Go ahead, take it home and open it."
Sounds like every guys pickup line.
If computers were as well-evolved as some of us like to think they are, you wouldn't need to be an expert to use on for simple day-to-day tasks. Most people just want to be able to do their banking/news reading/pr0n viewing/email online and be able to type a letter when needed and have no desire to learn about linux or how to protect themselves from every new type of malicious attack. It really shouldn't be so hard or time consuming to operate a simple home PC. I enjoy being informed, but most people just want a machine that works. Maybe the end users are not the idiots, so much as the designers are. How many years of development have gone into these machines/operating systems that are so vulnerable to so many threats? Maybe the average PC shouldn't be capable of playing Halflife5 or BF4 at 1192FPS at a resolution of 23902 x 9856, but why can't it run a browser, a word processor and an email app without fear of it becoming a zombie? Sean just my opinion
This is a hacked account, for which the owner can not be held responsible.
It is not just that these people do not have a complete understanding of computers and how to operate them. These people would also fall for trojans/spyware in real life. Like happily giving all their personal details to anyone who asks and then wondering why they get so much junkmail. What to think of pyramid schemes or false lotteries?
A non-idiot will always ask himself, why is person X offering to do something for me? Why does the supermarket offer me lower prices if I signup for a free card with my personal details attached? Exactly what is the math behind these pyramid schemes and can anyone not involved at the very beginning ever make money of it? Roulette, so what is the size of my house vs the house of the casino owner?
Same with virusses/rootkits/goatse links, why would someone send me a random link?
I think an idiot is a person who does not receive warning signals. HOT LESBIAN TEENAGE CO-ED ANIMAL HENTAI SEX FULL DVD.exe to them promisses some weird sex. They do not find it odd that the file is less then 1 mb. They simply do not think.
It has nothing to do with computer literacy. It is just common sense. Normal people have it, idiots don't.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
So anyone who gets infected automatically qualifies for this t-shirt
Bitdefender Linux Edition. It is a freeware so it is freely downloaded at bitdefender.com
Linspire VirusScan. Linspire exclusive that costs $30 a year or $20 for their CNR members.
ClamAV is another Open Source antivirus solution.Available at clamav.net. This one isn't for the average consumer but allows you to create your own signature for a new virus.
Linux also has number of firewalls. Most just configure ipchains. Guarddog is one such linux program.
\
Here's the box you need, then:
o ductInformation/0,,50_2330_12264,00.html?redir=PCP C01
http://www.amd.com/us-en/ConnectivitySolutions/Pr
Buy one at RadioShack for $300.
Yes, it's overpriced. However, considering that it's nearly impossible* to infect...
* I'd say impossible, considering the DRM they've got on the thing, and the fact that it's Windows CE-based, yet not Windows CE, so it's also a very obscure OS that exactly one model of device uses, but nothing's impossible when it comes to computers.
At first, I thought the article said, "swiftly spreading AIM to many computers."
Now that would be dangerous.
At first I thought this was a Linux (or similar) problem. It turns out that this is just yet another Windows worm.
Windows doesn't have "root"... This isn't a root-kit.
so let's all be scared and buy lots and lots of FaceTime products!
The rootkit is designed to not be detected, and that is the scary part. As opposed to all those rootkits that ARE designed to be detected?
Should loosening an AOL chat virus even be considered a crime? This is given that it sticks *only* to computers running AIM. Consider that there is virtually nothing on AIM but bots and script kiddies and cyber perverts, anyway, so, in fact, one might even be doing a public service knocking them all offline for a few hours. This is like if I hear somebody hacked a spam site and shut them down - Hooray! Vigilante Justice! Seems a great expenditure of effort going to waste, however, if AOL recovers from the attack.
For anyone curious, WoW runs fine in a limited user account as long as that account has write privileges to the executable folder and files to allow updates. It also doesn't require any HKLM settings to run, so you don't need to even run the installer on your system, you just need the files it unpacks. (I used VMware to run the installer.)
I'm not sure games that require arbitrary patching of files on someone else's (Blizzard's) schedule are all that much easier to implement in any other OS, though. A separate copy of all the game files for each user would be prohibitively large, but giving all players write access to the executable directory allows any single user to bork the whole thing if they feel like it. (Not an issue if only one user has access to play that game, but.) The only other option with current security and file-system models is to have a privileged updater executable, and then you'd have to be trusting some updater application from Blizzard with root privs on a regular basis. Either that, or Blizzard would have to get its updates approved for addition to the distribution's package repository every time they wanted to update their game.
I'm already not a big fan of the way adding software to Linux and Windows systems requires full root privs as a matter of course. Most software only needs rights to write to one specified directory and add an entry to a list of installed software; why the heck should I have to give the installer full control of the system?
There is no difference in the behavior of the "Run As" function between XP Professional and XP Home Edition.
Worms don't infect computers they infect operating systems. when will people ever realize this? The title should be "worm infects windows" or "worm infects Linux or OSX" or whatever. So people, wake up!!!!
Sdbot-ADD, the latest variant of a family of worms that is continuously modified with new components by hackers, comes complete with an adware bundle and a rootkit file, lockx.exe.
Why aren't the executives of the companies whose wares are advertised by the adware in prison? Seems easy enough for the cops to find them, and just about every country has laws against burglary and vandalism.
The police of all countries are not doing their jobs. Lets see some CEOs and CIOs in fucking prison where they belong.
(MRC="leftist")
I speak English. I.e. = "In Essense," a 100% English (ok, American) phrase.
Why in the hell would anybody use an acronym of two incredibly short words in a dead language if they're trying to communicate?
That's obfuscation, not communication; i.e., how politicians talk.
Dumbasses.
(MRC="dimming")
Hey, kid. Upgrade to Token Ring! ;)
We cycle around at 16Mbit!
(yeah, I know you mean fractional T3/DS3)
(oh, and TR runs at 4/16 with HSTR at 100Mbit--just for y'all who call it 'broken ring')
Personally, I like when they pop up like that.
And with firefox, you get to touch a mouse, but with a woman, you get to touch a cat. (meow)
Disconnect your television. Do your own research. Draw your own conclusions. They're probably lying. Don't be a sheep.
'The rootkit is designed to not be detected, and that is the scary part.'
If it wasn't designed to do so, it would not be a rootkit.
Ok root kits are possible on OS X, but i think the Apple configuration holds them at bay. And this is an .exe file. So once again, windows users sit around with gazed eyes in corporate America, and wait for the "computer guy" to show up.
:-)
Let see, how high will Apple stock go this week?
I've cleaned this off of 3 family member's computers so far as well. Another lost their entire computer before it could be taken off their system. In all cases what happened was another family member got infected then started automatically messaging everyone on the machine's friend's list. Since the computer was often used by a younger child, the social engineering worked exceptionally well in this case and most everyone clicked the link.
Regardless, if you follow the usual procaution of being careful what you click and have virus protection, you'll be ok. Still, this is one mean little virus if it does get in your system.
You are who you are, let no one tell you different. But, never close your mind to a new point of view.
I remember that by thinking i.e. means "In other words"
And e.g. as EGsample.
Not quite that simple; she has to point and giggle.
//Information does not want to be free; it wants to breed.
incompentant => incompetent
your => you're
(your indicates possession, you're is short for "you are")
e.g. "You're responsible if your dog gets off its chain and bites somebody."
I know not everyone on Slashdot has English as their first language, but misuses of your/you're must be attacked at every opportunity, or we are all surely doomed.
[...]
-Boot a Knoppix CD/DVD and fingerprint your system regularly for a baseline to compare against at a future date.
Note that Rule #1 means NO file on the system can be trusted. Therefore the system fingerprint needs to be stored on removable media, with removable write-once/read-many media preferred.
//Information does not want to be free; it wants to breed.
[T]hey should check first as a reference a 'encyclopedia' that lets 12-year olds edit and delete stuff posted by Ph.D.'s working in the field?
:)
;)) have shown me that some pages with any useful information have someone that has chosen to be its caretaker. Yes, the 12 year old can make changes, say that red is blue or that Mr. Rogers was a Navy Seal. However, soon (usually within a few hours), that Ph.D (or bored grad student, or zealous historian of Mr. Rogers) will change it back to the proper data.
p hy
And your hoping for competence???
I am neither a 12 year old nor a Ph.D.
My experiences with Wikipedia (tried to add a friend to an alumni list at his university
Wikipedia isn't exhaustive, but I trust its accuracy (at least to a certain extent) on matters that Geeks and/or scientists consider important. I expect its explanations of math, science, and computer tech to be a LOT more exhaustive and pedantically-complete than most articles you'd find in Encarta or Brittanica.
For example: Public key cryptography. http://en.wikipedia.org/wiki/Public-key_cryptogra
This has a LOT of info, mostly correct (probably more correct than *I* would be able to be). The only place where I have read a better explanation is in the "Big Red Book" of Cryptography, Bruce Schneier's [b]Applied Cryptography[/b] (an excellent read). I suspect that any entry in Britannica or Encarta or whatever other "major", "respected" encyclopedia will have far less information, and be less useful as a learning aid.
For my money and time, Wikipedia is an invaluable tool. Don't discount it just because anyone can edit it.
I'm even happier that you don't write VIRUSES!
It doesn't mean much now, it's built for the future.
My issue with that statement lies with families and shared computers; if Little Billy downloads AIM on the family computer, or a fellow student installs AIM to chat with his/her girlfriend/boyfriend, then I still could get hit with that virus on my family computer/campus PC.
Sorry, I do have a Ph.D. And I don't have time to keep going back all the time to correct something some 12 year old has messed up. I have real work to do. Some of the entries are decent. Others are not. I'm a scientist, and I can tell you I don't trust it's accuracy on matters I consider important. It might be decent at computer-sci entries, but there is a lot more to science than that. Rather than wonder, I'll reference a real source or respected encyclopedia.
You bring up good points.
y =hall%20effect&ct= (~375 words)
However, just because *you* do not have time, does not mean that someone else might not have. Since all articles are entered by volunteers, chances are someone cares enough about the subject. Most of the time, these peopel care enough about the subject not to spout drivel. Often they link to more authoritative sources, or to where the information was compiled from.
I'm certainly not saying that one should cite Wikipedia as gospel, nor that it is always the best source of information. It's not going to give you the same level of detail as someone's dissertation on the Hall Effect, and probably not on anything else either.
However, in the case that the GP referenced (the Wikipedia definition of a rootkit), it's a very GOOD first-pass definition. Not exhaustive, but certainly better than I would expect to find in Britannica or the dictionary. (A quick search of Britannica's online encyclopedia shows *NO* reference for a root kit. Or rootkit.)
Wikipedia's not going to be the best definition, but as a "What the hell is this?" resource, it's a GREAT tool for finding out basics on subjects. Or, as basic as the general public is going to care or understand about.
Just for the record, what subjects do you consider important, which Wikipedia has been lacking in? What are you comparing it to?
As an example of my basis of comparison:
Britannica: http://www.britannica.com/eb/article-9038924?quer
Wikipedia: (More, with pictures.)
Neither of these goes into as much detail as current research has (for example, no mention that I noticed of electronic propulsion via Hall Effect Thrusters). However, the Wiki article appeared to have generally more information, with room for growth. If someone wanted to know, "What's the Hall effect?", and did not have ready access (or time) to read the latest research papers and background material, it's a good start.
Doh -- forgot to paste the wikipedia link for Hall Effect:
http://en.wikipedia.org/wiki/Hall_Effect
This is a very effective measure to help stop this type of attack.
.htaccess to redirect to an executable.
Not if they use a serverside script or
I got this on my mom's computer, was a bitch to un install and still having issues
I don't know about you guys, but I'm going to walk without rhythm so I don't attract the worm...
(ducks)
I might know what I'm talkin' about, but then again, this is Slashdot...
The article says it is a worm, but it describes the propagation of a virus. In which respect is the journalist wrong? After reading the article, I would initially be inclined to dismiss the use of the term "worm" as being used sensationally, but the article gives details about the researchers "honeypot" machine being infected, which would lead one to think it happened without human interaction. Then it proceeds to talk about IM virus transmission vectors in a generic sense, but never actually indicates that it's talking about this one in particular. So... um, does anyone know how the thing actually propagates?
Oh, and if you're reading this Joris Evers, you might want to give your editor shit. That article was terrible, and (s)he should have told you.
-1 Uncomfortable Truth
Who will quietly remind you that Tedy spells his name with one 'd.' ;)
-- it's ridiculous how many people misspell ridiculous... (damn, damn, damn...)
I'm surprised that you didn't fix "exempli gratia = for example" while you were in there.
alright, so if someone has a little icon on, say, xanga, that has their aim name on it, and I click that and IM them, I've got the worm? Am I completely misunderstanding? If someone could explain this in layman's terms to me in an email, please send it to raz_taz_bedazzled@yahoo.com because I'm scared crapless that my computer is screwed over.