New Worm Starts Munching MSN Users

Kosmik writes "It appears that MSN has been struck by a vindictive new worm, according to security company Panda Software. The worm, acting in the vein of movies like the Ring and FearDotCom, delivers a fateful terror message and then proceeds to disable most of your protection software like anti-virus,firewalls and even your Windows control apps (TaskManager, Regedit). It distributes itself to all your MSN contacts by sending a video called 'Fantasma.'"

GAIM

[eldavojohn]

So I connect to the MSN network but through a nice free little app called GAIM.

My friends often try to send me files or pictures or videos through the MSN network and it doesn't work. They get annoyed and tell me to "just use MSN." I'm told that GAIM is stupid & crappy for not supporting these features.

Really makes you wonder if the people who developed gaim couldn't figure out how to make the videos/pictures stream through the chat box ... or if it was a design decision by choice to avoid hidden viruses that the codecs unpack in the media files. Probably the latter.

GAIM also works on a number of other chat networks--as chat clients should. Another thing about chat clients is that they should stick to limited functionality. There are way more secure ways to transfer files. I don't want a profile, I don't want it integrated with my operating system (married to the kernel), I don't want media streaming, I just want to chat.

Don't bloat your software.

Re:GAIM

[CSZeus]

Seeing as Gaim is in the process of working on what they call their vv module (the v's standing for voice and video), I don't think it was as much of a security-driven choice as it was a time-driven choice. That or they've had a change of heart, whichever you deem more likely ;)

Re:GAIM

[evileyetmc]

Even if you don't use GAIM (although I do), you need to be aware to: a) not click on random links b) disable running .com, etc files from your browser c) realize that your friends usually mention something about a link they send...see a) It is just a common sense thing, just like how to drive safely, cook safely, or even eat safely (if theres a razor blade in it, don't eat it). Educating the public is cheaper than patching the problem. Or in proverb form : "An ounce of prevention is worth a pound of cure."

Re:GAIM

[ZakuSage]

You can send files and pictures over Gaim's msn system, but it is just so fucking slow because it has to send to Microsoft's servers and then to the other person, rather then peer to peer. If it's not working at all for you, I think you'd need to open up a port on your router.

Re:GAIM

[bstrunk]

I also use gaim. It manages to stop the most the AIM hijacks I've encountered over the years as well. And NO TARGETED advertising from using GAIM. Great software.

Re:GAIM

[BunnyClaws]

The IM will display a hyperlink to a URL where the file is downloaded via browser. The IM itslef does not contain an infected file that is attached. If you are running GAIM for windows it would still be possible to recieve the link and get your system infected.

Re:GAIM

[Krojack]

BTW the file sending does work.. Its just slow as crap because GAIM somehow can't do a client-to-client direct connect and must send the files throuh the MSN servers. This causes all file transfers to run = 5k/sec. From what i read it will never support the direct connect. I don't get it and I'm no C programmer but I think its annoying. However the other features in GAIM out weight all other reasons for using MSN MEssenger.

Re:GAIM

[damburger]

I also join the ranks of GAIM users who are feeling rather pleased with themselves right now.

But I know for a fact that even if someones computer ended up being totally wiped by something like this - I would still have trouble persuading them to use GAIM over MSN Messenger. There is a brand loyalty to MS that seems to transcend common sense.

How many bad viruses would it take to get rid of this trend?

Re:GAIM

[foamrotreturns]

You make good points, but you missed a few things.
First of all, GAIM should try to support the features that the native client supports. It's designed to be a total replacement solution, so intentionally leaving features out is a no-no. However, GAIM is a plugin-based program, so if the dev team wants to keep the focus of the development on the core functionality and leave it up to the community to develop a file transfer plugin, that would be OK too.
Next, the idea of a native client supporting more than one network goes completely against the business model that they developed the program to follow:
1) Make free IM product
2) Make it easy to use
3) Put ad support in
4) Charge for ad space
5) Profit!
If they allowed their client to connect to other networks, they destroy their switching costs. Can you imagine what would happen if a complimentary copy of Jasc Paint Shop Pro came with your Adobe Photoshop? Sure, most people would stick with Photoshop, but some people might switch, which would steal Adobe's business. To conclude, interoperability is not in the best interests of the companies who operate the networks, unless they merge.
To solve your problem, you and your friends should set up an SFTP server and use that for file transfers. If your friends get all whiny about you not being able to receive files, just tell them that you'll be the one shaking your head when they get a virus.

Re:GAIM

[Khyber]

Except vv GAIM hasn't been worked on since 2005, dropped by decision.

Re:GAIM

[CSZeus]

"Gaim 2.0.0 beta 2 does not include voice or video ("vv") support for any protocols. We've done some work toward vv compatibility for Google Talk, but it isn't ready for the general public yet. It is unlikely this will change for the final release of Gaim 2.0.0, but vv will be a primary focus for the next major release of Gaim after that." (emphasis mine) As per their news page circa January, 2006 (link)

Re:GAIM

[Sj0]

Please tell me you're joking. Advocacy is one thing, but this is the worst case of "It's not a bug, it's a feature!" I've ever seen. Considering the alternative is a nice and simple "What is this you're trying to send me?" before clicking a download link, I think you're sixes and sevens for trying to claim that using a broken program is a good thing.

Re:GAIM

GAIM has got to be one of the most poorly designed pieces of software out there. I mean, they spawn a whole new process just to play a freaking sound! How retarded can you get.

GAIM will always be years behind their mainstream counterparts. This lack of features is not a super-special security feature, it is a testiment to how crappy the GAIM designers really are.

Re:GAIM

[FireFury03]

From what i read it will never support the direct connect. I don't get it and I'm no C programmer but I think its annoying.

Direct client-to-client connections is fraught with firewall/NAT traversal problems. That said, Jingle and SIP support both require client-to-client RTP connections (NAT discovery is done through STUN), so it's possible direct file transfer will be implemented then.

Re:GAIM

[cag_ii]

I just want to make sure im clear on what your point is. You are suggesting that not being able to transfer files via GAIM is a feature and not a bug?

Re:GAIM

[BarkLouder]

I wish that I could get the Windows version of gaim to work with MSN. The Linux version works fine.

I am currently using Trillian instead.

Re:GAIM

[shayborg]

This worm has nothing to do with "videos/pictures stream[ing] through the chat box". The worm spreads by sending a URL to an executable. Victims run the executable (which is cleverly "disguised" by having the extension ".avi.exe") and get infected. Clearly this attack has nothing to do with GAIM or MSN Messenger, and contrary to what the summary says ("distributes itself to all your MSN contacts by sending a video"), the worm does not send any video at all. It displays some image when it first runs, but that's it.

So this has nothing to do with software bloat or WMP vulnerabilities or MSN Messenger being integrated with the OS (which it's not, by the way — you're thinking of Windows Messenger, which is different and will be removed in Vista IIRC) or software being "married to the kernel" (I have no idea what you mean by this). In fact Windows does its best to mitigate this type of attack — when you download an executable from the Web, it gets an Internet zone identifier attached that says the file came from the Internet zone. Running the file shows a warning dialog with the application name and the publisher before it will let the file run. I don't know what else Windows can do here.

This whole thing is just fulfilling the 1337 h4x0r fantasies of some kid who knows a little Visual Basic, and effectively posting his name on lights on Slashdot is completely counterproductive. If he'd done something remotely clever I could understand, but there are millions of these stupid worms floating around everywhere. There really is nothing to see here.

Re:GAIM

[someone300]

A video file should never be able to infect a computer... if it does then it's not the IM client's fault, but the codec's.

Anyway, GAIM *does* have file transfer for MSN. If it's not working for you then your firewall is probably set up improperly. Webcam/Voice will be implemented soon and they are trying to make MSN file transfer more reliable. An IM app is a great way to transfer files for an average person -- it usually uses SSL and doesn't require setup of a SSH, FTP or HTTP server which is way beyond the scope of a normal user, and in theory has good firewall traversal support.

MSN Messenger is not married to the kernel. It's not even included by default, only Windows Messenger which is used a lot for corporate IM. I'm not saying that I like MSN Messenger, I hate it deeply, and the service is the most unreliable IM service I have ever tried, but a lot of the points you make are quite plainly false.

Re:GAIM

[Mister+Whirly]

"How many bad viruses would it take to get rid of this trend?"

Not even an infinite amount of the worst viruses could stamp out basic human stupidity. Like death and taxes, it is just inevitable...

Re:GAIM

[Dorothy+86]

I never had any problems getting any of my various services to work in Gaim for windows, but I use trillian too. I got fed up with fiddly bits of Gaim that either only partially work, or work in ways that don't make sense to me (such as the new away message system in the 2.0 betas). I'm a pretty technologically savvy person, but I'm no coder so I couldn't fix what annoyed me. In the end, Trillian has been much more user friendly to me.

Re:GAIM

I'm beginning to expect this kind of drivel from anyone with a big, proud subscriber * next to their name (and make no mistake, a * is about all you get). Just because your pattern of usage doesn't fit everyone else's doesn't automatically make you the expert on what an IM client _should_ do.

Re:GAIM

[goarilla]

i don't like gaim, the layout strikes me as very odd

in the past i was a zealous amsn http://amsn.sourceforge.net/ fanboy but since
version += 0.94 amsn has become full of bugs and very slow ... i've found a imo better java based
msn client now although it's freeware and not Opensource

it's called Mercury and i love it http://www.mercury.to/
anyway people not happy with their *Nix msn clients should really give it a try

Re:GAIM

[compro01]

Educating the public is cheaper than patching the problem.

you obviously under-estimate the difficultly of educating the average computer user.

here's a little proverb in reply "Ignorance can be cured, but stupid is forever."

Re:GAIM

[99BottlesOfBeerInMyF]

Another thing about chat clients is that they should stick to limited functionality. There are way more secure ways to transfer files.

When will people learn? Reducing functionality is not a good way to increase security since it motivates people to bypass your security. If you don't support file transfer, a lot of people won't use your program and thus be vulnerable.

The proper solution is to implement the functionality correctly, either by integrating with an existing, secure solution or by implementing it securely by default. Windows security sucks, but that does not mean an IM client has to let users fall prey to it. Why not transfer files, but warn users when something downloaded is not data and explain in clear language the ramifications. Encrypt the buddy list to make sure a trojan can't access it directly to automatically propagate (with an export feature for other programs). Is this really so hard? Sure the OS should be handling this, but since it isn't it is up to the writer of the application to inform users and restrict access to files that pose a risk and which most programs should never need to access.

Re:GAIM

[evil_Tak]

Next, the idea of a native client supporting more than one network goes completely against the business model that they developed the program to follow: 1) Make free IM product 2) Make it easy to use 3) Put ad support in 4) Charge for ad space 5) Profit! If they allowed their client to connect to other networks, they destroy their switching costs. Can you imagine what would happen if a complimentary copy of Jasc Paint Shop Pro came with your Adobe Photoshop? Sure, most people would stick with Photoshop, but some people might switch, which would steal Adobe's business. To conclude, interoperability is not in the best interests of the companies who operate the networks, unless they merge.

This only makes sense if you've developed a protocol yourself and/or have a vested interest in locking people into your protocol or your servers. Apple's iChat supports multiple protocols; I don't think they're too concerned whether or not people switch to Gaim or Kopete.

Re:GAIM

[spike42]

Don't listen to your computer-ignorant friends. GAIM IS THE SHIT!!!!!!!!!!!! AIM, MSN, Yahoo Messenger, and Google Talk all suck (the program part). GAIM is THE BEST. Miranda is just bloated and the same goes to Trillian.

Re:GAIM

[tylernt]

It is just a common sense thing, just like how to drive safely

Yep, we're doomed.

Re:GAIM

[FireFury03]

You are suggesting that not being able to transfer files via GAIM is a feature and not a bug?

It is neither.

• A feature is something that was designed into a project for a particular end-user reason
• A bug is functionality that is not working as intended

Clearly this is neither - the support wasn't left unimplemented specifically to help the end-user (it was probably more a case of "we don't have time and don't consider it important enough to bother with"), now is it a bug since the functionality was never intended to exist.

It is simply unimplemented functionality.

Re:GAIM

[FireFury03]

when you download an executable from the Web, it gets an Internet zone identifier attached that says the file came from the Internet zone. Running the file shows a warning dialog with the application name and the publisher before it will let the file run. I don't know what else Windows can do here.

Some thoughts spring to mind:

1. Make it impossible to run the file directly from the browser - you force the user to (hopefully) think a little more if executable files have to be saved somewhere and then executed in a separate operation.
2. Make executables and datafiles look so obviously different that you can't miss it.

Admittedly this only goes part way to mitigating the problem, and the lines between executables and data files are getting worryingly blurred. Anyone else remember the days when people would worry that they had got a virus through an email and any techie who knew anything could tell them that no, that's impossible... how times have changed.

Re:GAIM

[KiloByte]

Or, just get IPv6 to work. It's a panaceum for all NAT-related problems -- it fixes them by just removing the damn thing and restoring IP to work the way it was designed.

Having a dumb ISP is not an excuse as long as you have a public IPv4 address; googling for "6to4" will tell you what to. And if you're an ISP, slap a radvd on your network, please.

Hell, every transitioned user is a step towards getting rid of IPv4, and that's a noble deed.

Re:GAIM

[FireFury03]

Or, just get IPv6 to work. It's a panaceum for all NAT-related problems -- it fixes them by just removing the damn thing and restoring IP to work the way it was designed.

I already have an IPv6 network - have done for years. But you don't actually expect a clueless MSN user who wants to send you a file to have IPv6 do you? Also, if you want to do SIP you have the problem that one of the more major VoIP projects, Asterisk, has no support for IPv6 at all.

Hell, every transitioned user is a step towards getting rid of IPv4, and that's a noble deed.

I agree, however, IPv6 has one major roadblock which will stop it's adoption in the near future: There are no consumer grade DSL routers in existence that do IPv6. This basically means it's impossible to do native IPv6 or 6-to-4 in most setups (the router is the only thing with a global scope IPv4 address)*.

(* You can of course get one of the Linksys routers, flash it with WhiteRussian and set that up to do IPv6 either natively or 6-to-4, but that's beyond most users. I'm quite disappointed that despite Cisco's stance on IPv6, none of their Linksys DSL routers seem to support it with the official firmware.)

That said, there is apparantly some interesting IPv6 stuff in Vista, so maybe that'll push things in the right direction.

Re:GAIM

[Fred_A]

Educating the public is cheaper than patching the problem.

You've obviously never tried educating the public.

According to your logic, MS shoud stop poking at Vista and just start some kind of "educating the masses" campaign to try and contain the proliferation of malware. I wish them good luck with that.

Between patching the problem (once) or educating the public (hundreds of thousands of times, if not millions, not to mention often several times with the same boneheaded individual), I know what I'd pick...

Re:GAIM

[Solosoft]

I wrote up a little thing on setting up IPv6 using Hurricane Electrics Tunnel broker. It uses RADVD and a little script I assmbled up, works like a charm.

Here is the page on using a WRT and DD-WRT for IPv6

Of course if I wasn't so lazy I would have a completed guide on setting that up without Samba ... you can of course simply take the script and put it in the nvram (minus the comments of course) and it works just the same. Ive been using it on a tunnel now for a few months and have had 0 problems. All operating systems on my network just automaticly work with the 6bone. In Windows XP just type "ipv6 install" and it installs the v6 stuff (ping6, tracert6 etc etc) and in linux "modprobe ipv6" should do the trick. If you have a wrt and dd-wrt or one of the linux versions you should look into it. Once it's setup on the router it's easy as one command to setup on your clients. He.net lets you set the reverse DNS too which is kinda cool for IRC (EFnet and freenode support IPv6 and tons more) even my own IRC network and website now support IPv6. Is it usefull ? Hell no ... but knowing that im one step ahead of most of the world is kinda nice.

btw if your intrested IRC to solosoft.org port 6667 and it should connect using IPv6 (#Solosoft if you want to chat I guess im guk :)) or visit http://solosoft.org to see IPv6ness in use (the website WILL not work if you don't have IPv6 working). It's more or less somthing fun to do and somthing a little neat to setup. The thing that gets me the most is that it's a simple residental router doing what a very expensive router does.

Re:GAIM

[FireFury03]

If you have a wrt and dd-wrt or one of the linux versions you should look into it. Once it's setup on the router it's easy as one command to setup on your clients.

As I already mentioned, I already use IPv6. My point was that the person who's trying to send a file over IM probably doesn't.

Re:GAIM

[Solosoft]

Did you setup your IPv6 in a similar matter ? how did you set it up ? (im always looking for new ways to do things)

Re:GAIM

[FireFury03]

Did you setup your IPv6 in a similar matter ? how did you set it up ? (im always looking for new ways to do things)

My Fedora Core 4 server has a global scope IPv4 address (I have a /29 global scope subnet on my end of my DSL) and just turned on 6-to-4 which is very easy under Fedora (you basically just set IPV6TO4INIT=yes in your /etc/sysconfig/network-scripts/ifcfg-eth0 file and it Just Works). The machine runs radvd so the rest of my network gets native v6 connectivity.

Re:GAIM

[lord+sibn]

Interesting. Sure, some of the more irksome "integrated" features of GAIM may not work, but file transfers work just fine for me (and I don't even run Windows(tm)).

Payload

[gEvil+(beta)]

"on the 1st day you get scared, on the 2nd you get desperate, on the 3rd you look for help and on the 4th you die"

Panda did not provide information about the payload of the BlackAngel.B worm.

I think it's pretty clear what the payload is. Somebody better get a fix out for this quick...Like in the next 2 or 3 days!

Miranda

[golemwashere]

Or on windows, you could try Miranda
http://www.miranda-im.org/

Re:Miranda

[CastrTroy]

Or you could just use GAIM for windows.

Re:Miranda

[KDR_11k]

That's what I'm using and that's everyone I know is using (over ICQ). That way we don't get any problems with "your client lacks this and that feature!".

Re:Miranda

[golemwashere]

Btw do you have any idea why the latest gaim on linux works with msn
through an http proxy while the same exact version on windows is not?
That could be quite usefull for my collegues....

Re:Miranda

[whitehatlurker]

However, when on Miranda, just say no to Pax.

Okay, if you're scratching your head at that one, just see Serenity.

Fantasma Vs Fantasma

[eldavojohn]

It distributes itself to all your MSN contacts by sending a video called 'Fantasma.'

Not to be confused with the Spanish release of the film "Ghost" starring Whoopie Goldberg, Patrick Swayze, Demi Moore and a rotating lump of clay (possibly the only bearable thing in the movie).

A CNN poll taken recently showed that 98.1% of US citizens would rather have the MSN virus on their computer instead of the 1990 film in Spanish.

It's so unfortunate that we haven't invented the technology to "unwatch" films yet.

Re:Fantasma Vs Fantasma

[jintxo]

Here in Spain we just call the movie "Ghost". don't ask me why!! :-) Cedric

Re:Fantasma Vs Fantasma

[LocoMan]

Here in Venezuela it also kept the english name (Ghost)... the one that was released as "Fantasma" was this one, though:

http://www.imdb.com/title/tt0079714/

I'd rather be attacked by one of those chrome balls than watching Ghost again, BTW.. :)

Re:Fantasma Vs Fantasma

Here in Spain we just call the movie "Ghost". don't ask me why!! :-) Cedric

That's odd, I thought it would translate roughly to "Mierda."

Re:Fantasma Vs Fantasma

[Kalinago]

As far as I know, the "Ghost" movie title wasn't ever translated in most hispanic countries. At least not in Venezuela. If it ever were, they would come up with some cheesy title in spanish such as "Immortal Love" or something. You should get yourself some fun and check out the lousy translations for several well known movies.

Anyway, I believe that most Venezuelan readers will recall "El Fantasma" as "The Phantom", the sunday papers comic strip about a masked guy with a skull ring.

Let's just say...

[ryane67]

Thanks for 3rd party apps like GAIM and Trillian.

Well you CAN unwatch it.

[BlackCobra43]

I find a few hits to the head with a blunt object works pretty well. Just make sure there aren't any sharp objects around you could hit in your fall.

In other news....

[Mayhem178]

New Worm Starts Munching MSN Users

In other news, Hollywood announces the production of Tremors 4: Attack of the Microsoft Munchers.

Re:In other news....

[dunezone]

You mean Tremors 5: Attack of the Microsoft Munchers There already is a 4th http://imdb.com/title/tt0334541/

Re:In other news....

[Mayhem178]

Really? I thought the last one was 3. Well, they were all so bad after 1 that I stopped keeping track.

Re:In other news....

[caffeinatedOnline]

Really? I thought the last one was 3. Well, they were all so bad that I stopped keeping track.

There, fixed that for ya.

Re:In other news....

[dunezone]

They were great movies, I mean the 4th one was set in the old west. And if we learned anything from movie trilogys, you always have to have one set in the old west.

Re:In other news....

I think attack of the Number Munchers would be a much better movie.

Re:In other news....

[steveo777]

Well, if you go by Back to the Future Canon, that is...

Re:In other news....

[TA_TA_BOX]

It is actually a hybrid of the MSN Guy and Pacman.

Trillian

[The+MAZZTer]

Trillian is another popular choice, although if you want Google Talk/Jabber and plugin functionality you have to shell out a few extra $$$. Even though I have I'm still looking at Miranda... the latest alpha looks nice.

The most annoying thing about this though is that some of the protocols don't support buddy list groups, or at least Trillian doesn't, because if I connect to my accounts from another computer with Trillian or from another OS, my groups pretty much explode. It's very annoying. I don't think there's anything the Trillian dev team can really do about it tho.

Re:Trillian

[johnty]

if it helps, GAIM _does_ support the groups for my MSN contacts

So what is new already?

[nietsch]

The only certainties in life are taxes and death, but it seems that it should be ammended for windows users with virus/worm infections.

So, did you pay taxes lately?

Re:So what is new already?

Pfft. I paid them over a year ago.

Re:So what is new already?

So, did you pay taxes lately?

I just bought gasoline, $.18 federal tax and another $.18 state tax on every gallon, plus city and state sales tax. Yesterday was payday, so they took Federal income tax, state income tax, FICA tax, Social Security tax.

I bought a 12 pack last night, that's state sales tax, city sales tax, state excise tax, and federal excise tax.

Since I rent I don't pay property tax... my landlord pays it out of the profits he recieves form me (so I'm actually paying HIS tax and he gets credit for it)!

In America, the more money you make, the less a percentage of that money goes to tax. Pity the poor fool working at McKfc.

(MRC="doubtful")

Trillian, and regedit...

[ursabear]

A trojan/virus/etc. that disables regedit and the task manager - and monkeys with files. This is not A Good Thing.

Many corporations support MSN Messenger only. Given a choice, however, I'm very fond of Trillian Pro 3. I found the license price for Trillian to be quite reasonable, considering its flexibility, stability, and the fact that (so far, fingers crossed) it has not been subject to attacks such as this.

Re:Trillian, and regedit...

[TheOtherChimeraTwin]

A trojan/virus/etc. that disables regedit and the task manager - and monkeys with files.

I don't see any reference in the article to monkeying with files. What we need is an old-time, NUKE THE DATA, REFORMAT THE DRIVE , Come-To-Jesus worm! People who don't take security seriously won't have a computer anymore, and the rest of us won't have to deal with as much spam spewing from those zombie hordes.

Note: I am not advocating writing a destructive virus, or any virus for that matter.

Re:Trillian, and regedit...

...and does Trillian have open source, interoperable encryption available as a plugin yet? Gaim has gaim-encryption and gaim-otr. Why not use it?

so going to happen

[Kenshin]

This is so going to happen to my sister, and I am so not going to fix her computer this time.

Remember kids, don't constantly insult the person who fixes your computers.

Re:so going to happen

Fix her computer by installing a linux on it if she insists that you help her.

Re:so going to happen

[geobeck]

This is so going to happen to my sister, and I am so not going to fix her computer this time.

Place your bets everyone. Starting odds are two-to-one that Kenshin does fix his sister's computer this time. ;) Unfortunately, once you start being someone's computer bitch, they always seem to convince you to come back for more abuse. :(

Just make sure you up the amount of beer you charge for service.

Re:so going to happen

[gEvil+(beta)]

If you just wait four days, you won't need to fix her computer ever again!

Re:so going to happen

This is so going to happen to my parents and I am so going to have to fix their computer again...

Re:so going to happen

if your solution to their problem is to erase their drive and reinstall the OS for ANY problem, they stop asking you to help.

just FYI.

Re:so going to happen

[MichaelSmith]

This is so going to happen to my sister, and I am so not going to fix her computer this time.

My sister lives in a share house and her windows98 box sat in the living room on an ADSL line for two years. At the end of two years it was so virus ridden that I doubt much of the original microsoft code remained.

Now it runs ubuntu. It is used to run firefox and occasionally open office. It has three or four accounts on it so people can have their own environment. I haven't had to fix it since I put it in 18 months or so ago.

Bonus points for character

[Rob+T+Firefly]

I don't much approve of destructive viri, but if they're going to be out there, they might as well have a little character to them. Who needs yet another boring old "spams your adress book and erases your HD" routine when you can be 0wned by something just a bit more interesting?

Reminds me of the good old days of "gimme a cookie."

Re:Bonus points for character

[Ramble]

'Virii' isn't a word.

Re:Bonus points for character

s/viri/viruses/g

See http://en.wikipedia.org/wiki/Plural_of_virus

Re:Bonus points for character

'Virii' isn't a word.

neither is 'pedantoknob,' you pedantoknob.

Here's a hint...

[WalterGR]

From the article:

To be impacted with the worm, users have to actively download the code. Messenger conversations initiated by the worm carry texts like "jaja look a that" or "mira este video" as well as a web address from where it is downloaded.

Ummmm... here's a hint: if somebody sends you a random URL to an executable, don't run it!

The More You Know

Re:Here's a hint...

[Limburgher]

Doo DING dong DING! :)

Re:Here's a hint...

[DigitalGodBoy]

But there might be candy on the other side! And everyone loves candy!

Re:Here's a hint...

[peragrin]

Heck my brother sent me a WMV movie to my gmail account. I was going to open it up at work but thought twice and played it on my mac when i got home.

It was safe(and funny) but you never know what lies within MSFT formatted files. It's all too easy to hide executable code in there. WMF, WMV, WMA, DOC, XLS, all allow that kind of code.

It's why i am glad for ODF. at least that way you can see what's inside.

Re:Here's a hint...

Regarding your sig:
Grammar tip: "Effect" is a verb. "Affect" is a noun.

Effect is either a noun or a transitive verb. Affect is likewise either, though to commonality of form use in inverted.

Open source basher

[KlomDark]

Off topic, I know, but need some good comebacks to the Microsoft Zealot that just sent this around at work:

Ben says: Yah, but it's open source.

John says: Open source is a bad joke hoist by their own petard on the Don Quixote's who hate MS (just because)

DEVELOPER 1: Let's spend all of our spare time writing something COOL.

DEVELOPER 2: Yeah, and we won't charge anything for it. That'll show Micro$oft.

BIG CORPORATION (not Micro$oft) EXECUTIVE 1: Let's use that COOL thing from DEVELOPER 1 and 2. It's doesn't cost anything and it's already at version 0.02. All of the blogs say that by version 1.0 it will be even COOLER.

BIG CORPORATION (not Micro$oft) EXECUTIVE 2: Yeah, we'll make ton's of money off it and be the next Micro$oft.

BIG CORPORATION (not Micro$oft) EXECUTIVE 1: Wow, we're done and we only spent twice as much money developing with the buggy undocumented version 0.02 of that COOL thing from DEVELOPER 1 and 2.

BIG CORPORATION (not Micro$oft) EXECUTIVE 2: Yeah, and we didn't pay Micro$oft one dime. Let's waste some more money sticking it to Micro$oft.

DEVELOPER 1: Hey, I'm thirsty and I don't have any money for my Dt Mt Dew.

DEVELOPER 2: Yeah, but at least BIG CORPORATION is making lot's of money off of our work and not Microsoft. Boy we showed Micro$oft.

DEVELOPER 1: Ok, but I need my Dt Mt Dew. Let's go do something else.

BIG CORPORATION (not Micro$oft) EXECUTIVE 1: Hey, nobody is supporting that COOL thing anymore. We're really screwed. Let's see if we can't pay Micro$oft an arm and a leg to solve our problem with their crappy software.

BIG CORPORATION (not Micro$oft) EXECUTIVE 2: No, let's use the COOL thing from DEVELOPERS 3 and 4. According to their web site, it will have everything we need just as soon as pigs can fly. And, it's free!

Re:Open source basher

[Fordiman]

Yeeaahh.. that scenereo describes why there's such a rich open source development community quite clearly. And why so many open source libs are being used by actual corporations.

Oh. Just in case you're too stupid to realize: I'm calling you a judgemental moron.

Re:Open source basher

[ScottLindner]

"I'm calling you a judgemental moron."

There are a lot of them on the Net these days in every aspect conceivable. It sucks, don't it? So many people that are deliberately ignorant.

Re:Open source basher

[Sj0]

Who cares about Microsoft these days? They were a pain in the ass back when they'd buy out or simply put out of business any company with an interesting product, but these days they're becoming top-heavy and can't play the game by those rules anymore. Instead of trying to screw people terribly, they've started trying to make software people actually want to use, and it seems to me that they've succeeded on many fronts. If you're not a doorknob, Windows XP is ridiculously stable, and with the correct preventative measures in place (not using IE, using the built-in SP2 firewall), it can definitely be "secure enough". My machine is never turned off, it just runs and runs.

Besides, some people do OSS programming because they enjoy programming. Myself, You couldn't likely pay me to be a programmer(mostly because of the higer wages, job satisfaction, and survivability of my current trade), but I've got a few open source projects, including one on sourceforge, and I've contributed some code that does some very cool things to a few fairly high profile open source projects, and I've had a grand time doing it.

Man needs more than work to keep him alive. If the results of those labours happen to be a great piece of software (and natural selection in the form of users will see to that), then so be it. People who are involved with "this linux thing" because they hate microsoft aren't programmers, they're kiddies taking part in fame wars on slashdot. The vast majority of them have never written a line of code in their lives and couldn't if they wanted to.

Re:Open source basher

[__aaxwdb6741]

No. In the real world, if BIG CORPORATION depended on COOL, they would have hired INHOUSE DEVELOPER 1 and 2 to support COOL, or even just SYSADMIN 1 to just keep the thing running.
If EXECUTIVE 1 and 2 use software which isnt feature-stable in their CORPORATE ENVIRONMENT, they are STUPID EXECUTIVE 1 and 2, also their IT DEPARTMENT should be fired for not opposing the usage of the alpha-quality software in the corporation.

Now, the pun.
DEVELOPER 1: Hey, lets make something USEFUL.

DEVELOPER 2: Ok, fine. We'll licence it as Open-Source, and charge for support.

(Meanwhile)
SOFTWARE HOUSE EXEC: Programmers. Please start working on BLING. My marketing dept says it should have feature X, Y and Z for us to earn BIG CASH.

(Some time passes)
BIG CORP 1 EXEC: We are going to use USEFUL for our accounting. Hire INHOUSE DEVELOPER and SYSTEM ADMINISTRATOR.

BIG CORP 2 EXEC: We are going to use BLING from SOFTWARE HOUSE because it has feature X, Y and Z.

Some years pass. BIG CORP 1 and 2 are happily using USEFUL and BLING respectively. DEVELOPER 1 and 2 died in a freak car crash/lightning/stabbing accident. Nobody develops USEFUL anymore, except for INHOUSE DEVELOPER, with SYSTEM ADMINISTRATOR to help him.

SOFTWARE HOUSE: Hey, BIG CORP 2. We can see that your entire corporate infrastructure depends on BLING. Also, we're not gonna patch SECURITY ISSUE 1, 2 and 3 unless you pay many more BIG CASH.

BIG CORP 2 EXEC 1: :(

SOFTWARE HOUSE: Hey BIG CORP 2. We're closing down our business. Better migrate to some other software which is like BLING.

BIG CORP 2 EXEC 1: Ok, but can we have source so we can develop it ourselves?

SOFTWARE HOUSE: Nope. Corporate secret.

BIG CORP 2 EXEC 1: Ok, but can you atleast document the format in which all of our corporate data is stored?

SOFTWARE HOUSE: Nope. Corporate secret.

BIG CORP 2 is screwed and ended up paying much more BIG CASH than BIG CORP 1, because they depended on SOFTWARE HOUSE to support BLING, while BIG CORP 1 actually saved a lot of BIG CASH because they optimized USEFUL to suit their needs over time.

Re:Open source basher

[codemaster2b]

Can't write a single line of code? How hard could it be?

#include
int main(){printf("Hello World");return 0}

Personally, the only people I know who have even heard of slashdot are 'programmers'. And every one has written at least one line of code in their lives. That doesn't make them any good, or knowledgable. I knew nothing myself until I got an internship (3rd year now). But I don't know anyone from school who is involved with 'this linux thing', including myself. College kids aren't interested. They only want benefits without paying for them.

Those people actually involved in 'this linux thing', like my dad, do so because they don't like others controlling them (i.e. Microsoft). There is no real unity because everyone does his own thing. It sounds to me that you are the flamebait, sir.

Re:Open source basher

[Sj0]

So, the only reason you like Open Source is because it's not Microsoft? That's unfortunate for you. If that's NOT the case, then your reply is just a straw man. For me, the majority of good open source developers I know have no great LOVE of microsoft, but are universally more concerned with making their own projects, rather than griping at Microsoft.

  -- And no, the vast majority of slashdotters likely couldn't write a line of code if their lives depended on it. Just because you're a programmer doesn't mean everyone is. If you want to be literalist, they couldn't code their way out of a wet paper bag. I, of course, could make my way out of my wet paper bag using my Power Destructitron X.

Re:Open source basher

Just in case you're too stupid to realize: it's scenario.

On a related note (well, not really)

[ScottGant]

Anyone else have a hard time here reading Slashdot now that it's gone to this new layout/theme?

Is there any way I can go back to a Slashdot that values content over style?

Re:On a related note (well, not really)

[schon]

Anyone else have a hard time here reading Slashdot now that it's gone to this new layout/theme?

I used to.

Is there any way I can go back to a Slashdot that values content over style?

Yes. Install Stylish, and then go here or here.

Re:On a related note (well, not really)

[D4rkn1ght]

The left side panel, the one with the menu list, keeps crashing my browser on my old computer. The only way I was able to get some stability was by setting Slashdot to "Low Bandwidth" on the home page preferences.

Slashdot should give an option to keep the old design for those that want it. The site was more stable with the old design, and use to load faster.

Fururama?

[awhelan]

a video called 'Fantasma.'

Anyone read this quickly as 'Futurama'?
Normally I will question the brain of anyone who clicks a link without confirming with the person who sent it that it's not a virus, but all my friends know I love futurama clips.
Good news everyone, I can be socially engineered.

Re:Fururama?

[DaSenator]

Almost wanted to yell out "OMG FURRY" to your post title.

Then I realised that getting a quick post onto Slashdot has some minor issues.

Re:Fururama?

[feltmarskalk]

Good news.

I am a social engineer.

I got my diploma from hanging around i bars (not in woman clothings(most of the time)) and doing extensive research. In lack of challenges, I have turned my focus on the more intellectual domain to augment my skills. Your little piece of information will be of great value to my line of work, influencing the IT inclined.

So I, for one, welcome our new hyperlink overlords.

How does it reproduce?

[Spy+der+Mann]

Through a vulnerability in MSN messenger, or is it just the usual "click here to get infected" method?

Re:How does it reproduce?

[Richard+Kirk]

The article said...

To be impacted with the _worm_, users have to actively download the code.

Anyone click on the _worm_ link in the article? What did it do? It probably told you all about worms, which is a bit dull but safe. However, that's how it reproduces.

Re:How does it reproduce?

[B3ryllium]

If you have to manually initiate it, it's a trojan, not a worm.

Re:How does it reproduce?

[DigiShaman]

Just how stupid can people be? Hell, I surmise that people will still get infected even if the link said word for word "Click here to get a virus".

Also, how can you get in trouble for releasing such a virus given the user was blatantly informed. Such an experiment is tempting...

What are you talking about?

[SmallFurryCreature]

As far as I read it this doesn't have anything to do with "bad security" just "bad users". You have to download the code and execute it.

Lots of people complain that P2P is unsafe because it carries virusses and what not. So how come I have never been infected?

Obvious it is because of my enormous intellect that makes einstein look stupid and think that a 15mb .exe files claiming to be a movie is suspicious.

Yes granted the recent WMF crap showed us that if you use MS software any file extension is under suspiscion and the design choice by MS to hide the extension by default must rank as one of their most stupid one (then again this is ms, they make so many it is hard to determine wich one was their worsed).

But GAIM does not protect you from being stupid. Nothing does. Just that if you went through the trouble of installing GAIM on a Non-MS machine, or if you are on a MS-machine deliberatly disabled MSN and installed GAIM, then you are probably not that stupid.

It ain't GAIM that is keeping you safe, it is your brain. Trust me on this, I been around long enough to know people will do anything to get infected. Just promise them a juicy picture. We have about the same chance of stopping computer infection as we have of stepping Sexually Transmitted Diseases. When Miss Jpeg flirts with you, you don't think of using a condom. (Oh and using a condom isn't enough, deep kissing can do it too. How many of you practising safe sex make sure no fluids whatever are swapped?)

Re:What are you talking about?

[Billosaur]

It ain't GAIM that is keeping you safe, it is your brain. Trust me on this, I been around long enough to know people will do anything to get infected. Just promise them a juicy picture. We have about the same chance of stopping computer infection as we have of stepping Sexually Transmitted Diseases. When Miss Jpeg flirts with you, you don't think of using a condom. (Oh and using a condom isn't enough, deep kissing can do it too. How many of you practising safe sex make sure no fluids whatever are swapped?)

That's the point. These MSNers are getting infected because they are none too bright, though given they are MSNers, it should go without saying.

BTW, does air count as a bodily fluid? If so, everyone needs to stop breathing when they have sex.

Re:What are you talking about?

It ain't GAIM that is keeping you safe, it is your brain.

I haven't read TFA, since I don't IM with MSN, but the blurb says it's a worm. A worm doesn't need you to do anything whatever, it exploits a security hole in a piece of software (like MSN).

What you are talking about is a trojan. If you have to execute the code for it to propogate, infect your computer, or whatnot it's not a worm but a trojan.

Note both worms and trojans can be viruses, which are simply self-replicating and self-spreading code.

If this really is a worm and not a trojan, you wouldn't have to do anything except have the offending application open. Since the flaw is in MSN's code, GAIM would indeed save you from infection.

As to your clueless friends who say "just get MSN" tell them that they aren't the only people you IM with (whether true or not) but you have friends using AIM and Yahoo as well and you don't want seven different IM packages running all at once.

This might even get THEM to switch, making the whole internet more secure (one less buggy MS app on a clulessuser's machine).

Re:What are you talking about?

[MrWhitefolkz]

How many slashdot users actually have had a chance to swap fluids? :)

Re:What are you talking about?

[kfg]

. . .using a condom isn't enough, deep kissing can do it too. How many of you practising safe sex make sure no fluids whatever are swapped?

And masturbation will make you go blind.

From an AIDS educational pamphlet for teens:

"CAN I GET AIDS FROM KISSING?

No. Actually, AIDS is hard to catch. In order to pick up the virus from someone, you have to have their BLOOD, SEMEN or VAGINAL FLUID come in contact with your BLOOD. Unless you're doing some pretty weird kissing, this isn't going to happen. So kissing is safe."

There is only one confirmed case of AIDS transmitted from a patient to a dentist, and the patient bit the dentist.during a surgical procedure.

There are no confirmed cases of AIDS transmitted by oral sex, although it is possible in theory. There is some "suggestive" statistical data and the theoretical risk is estimated at 0.04. You're far more likely to get hit by lightning. I take reasonable cautions with lightning (I get out of the water and stop waving around an 8 1/2 lightning rod when it's around), but I don't worry about it overmuch. Life is like an arcade game. You can't win. Something is going to kill you sooner or later and you have to balance fucking up your life with untoward precautions against being able to actually live a life worth living.

Killing the AIDS virus is acutally pretty simple. Just put it in saliva.

Extrapolate to Miss Jpeg. . .lick your monitor.

KFG

Re:What are you talking about?

[shayborg]

In that case this is a trojan, not a worm. It doesn't exploit any vulnerability other than the willingness of users to double-click on EXEs. See the Panda Software advisory (which incidentally lists the Threat Level as low).

Re:What are you talking about?

[Mister+Whirly]

"How many of you practising safe sex make sure no fluids whatever are swapped?"

This is Slashdot, where safe sex means you have a firewall between you and the porn site...

Re:What are you talking about?

Hey, maybe there are other STDs in the universe than just HIV. Just putting it out there.

Re:What are you talking about?

[LO0G]

MOD PARENT UP!!!

Once again, the dancing pigs win - parent is 100% right, according to the article, the vulnerability being exploited here is the user.

Re:What are you talking about?

[99BottlesOfBeerInMyF]

As far as I read it this doesn't have anything to do with "bad security" just "bad users". You have to download the code and execute it.

I strongly disagree. Windows fails to make it clear to most users that this is a program, not a movie. That is a security failing of Windows. By default Windows lets any program, even if it has never run before, do anything it wants to. This is a security failing. By default programs should be limited and users should have to explicitly grant the right to do things like connect tot the internet, and especially to do suspicious things like read your MSN buddy list.

The problem is not that users are stupid, it is that software is poorly designed. By default why should the OS let random programs read my MSN buddy list? How many that aren't worms need to do that? It is a stupid choice, given the current state of Windows malware.

First, fix the OS. Make sure users know what is software and what is data, then restrict all of it by default. Fix the UI so users aren't conditioned to constantly click "OK" for vague or useless reasons. Give them real, informed choices and the power to do whatever they want, but only if they are expecting it and only the exact functions they want. Once that is solved and the automated exploits are locked out, you can complain about stupid users. Until then, stop denying the problem because you have been trained to work around it.

Re:What are you talking about?

[kfg]

Maybe kissing isn't sex.

KFG

Re:What are you talking about?

[mpe]

First, fix the OS. Make sure users know what is software and what is data, then restrict all of it by default.

Also so that the OS knows what is software and what is data. e.g. if an executable has been disguised as an AVI then the best thing to do is try (and probably fail) to play it as an AVI. As opposed to displaying a file with an icon indicating it is one type of file then when it is selected to be opened looking at whatever is actually in the file to decide how to open it.
Effectivly Windows likes to play "bait and switch" with file types.

Re:What are you talking about?

[Nefarious+Wheel]

...By default Windows lets any program, even if it has never run before, do anything it wants to...

Interesting point. Is the solution here to lock the association between certain file extensions and the category of software that is permitted to read them? I agree the .exe extension is pretty abusable, given it's general nature -- it's an .exe, so page it in to main memory and pass control to it. But how would you go about building this sort of control into software in general? The .exe file has been with us for a long time, much predating Windows.

Personally I don't think it describes the core of the problem -- back in VMS there were certain defaults -- for example, @filename would assume .com, an ascii command procedure, but you could override it by writing a text file full of DCL commands, naming it fred.exe, and executing it as a command procedure by saying @fred.exe. There were plenty of default assumptions about file types (nothing like the hundreds of file type associations you see in your average Windows installation, though) but on the whole, it was still quite secure. This was I think because of familiar-now constructs such as ACL's and RWED file protections, all quite accessible and easy to understand, but probably most of the security came from the KESU (Kernel, Executive, Supervisor, User) model of the VMS operating system. Having a ring-fence between Kernel and Exec (where IO drivers lived) gave us the ability to have a driver glitch not bring down the system, separating Exec from Supervisor (where the DCL script engine lived) meant that you couldn't directly access the drivers via script, and applications (user mode) couldn't get into the address range where the script engine lived. Different KESU modes had unique address ranges and their own subset of the overall instruction set -- privileged instructions such as "STOP" could not be executed in unprivileged mode, as a result.

Windows NT was largely a port of VMS to the Intel architecture when MSFT acquired Dave Cutler from Digital, and the transition was characterised by moving from a secure operating system to one with rather more than a few holes in it. The NT-Intel collaboration meant the Exec mode had to be dropped, which gave us the world of pain called BSOD.

Leads me to a dangerous question here -- (not trying to be a flame artist here, please don't take it that way) -- Is it possible that the problem with Microsoft security wasn't so much Microsoft, but the inherent compromises brought on by a requirement to fit the model into the x86 instruction architecture? Should we really be directing our security-based anger at the limitations of the Intel instruction set rather than Microsoft? I know this is peeling down to the bottom layers of the onion but sometimes drilling down to the fundamentals to find the problem can give us a better aim at the real solution.

(Please note this is a technical argument folks, if I want slag on their business processes there are other articles I can read.)

Re:What are you talking about?

[99BottlesOfBeerInMyF]

Interesting point. Is the solution here to lock the association between certain file extensions and the category of software that is permitted to read them?

I don't think so. For example, you might want to read .jpg files in a number of different programs for different purposes. Rather, I think we simply need to restrict anything that runs as an executable or script very granularly. Something like jails, VMs, or zones. Further, simply keep track of what files a program creates and let it continue to modify them, but require user intervention if it tries to modify something else. Build an application management model that lets each program keep its files (config files not data) in its own space, so they don't have to share. Heck, they can even have copies of libraries they need, included. It's not like it will put a dent in modern disk space.

But how would you go about building this sort of control into software in general?

Given MS's glacial development times, I firmly believe they should leverage the in house and acquired VM technology they have.

Is it possible that the problem with Microsoft security wasn't so much Microsoft, but the inherent compromises brought on by a requirement to fit the model into the x86 instruction architecture?

That may have set the pattern for many of MS's security woes, but x86 is not a standard and if a chip doesn't run with Windows, it isn't going to win in the market. MS has all the power and money and people they need to fix this. They just don't have the motivation. They can make more money simply by declaring in press conferences that Vista is super secure. It's not like people (in general) can really migrate to other systems.

I apologize if my answers are less architecture oriented than you'd like. I'm no spring chicken, but the VMS boxes that were still around by the time I was at university, were no longer production machines. I'm not really familiar with it except a few hundred "its like this because VMS did it that way" bits of trivia.

Gaim

[Terminus32]

Thankfully I'm using GAIM, & it's awesome! :-)

this is news ?

from Pandas webpage

Countries affected
España 2.42
México 2.15
Perú 0.71
Chile 0.33

there are NO english speaking countries affected and the original site which hosted the file is dead (file removed i looked)
if today is AV fud promotion day you could at least try and scare us with a virus that affects English speaking countries

Re:this is news ?

Once the code is out, there WILL be variants.

Re:this is news ?

[NihilEst]

Caution: virii do not respect spoken language, irrespective of the language in which the threat/lead/hook is cast. It won't be long before English speaking winidiots are scratching their heads and wondering why their windoze box is speaking Spanish at them.

Re:this is news ?

[kolme]

Ay, Caramba!

Re:this is news ?

[Al+Cap0wn]

Exactly. This "dangerous" virus can be 100% prevented by not having any spics, wetbacks, or beaners on your MSN list, and blocking any of them who manage to steal a computer and add you.

Viruses, Taxes (oblig)

[mfh]

At least death doesn't get WORSE every year!!!

Correction.

[Sj0]

Correction -- New work starts munching STUPID MSN Messenger users.

If you accept an unsolicited download, you deserve everything you get. This bug can be protected against with a simple "What is this you're trying to send me?".

Re:Correction.

[Spy+der+Mann]

if the bot replied "it's a virus lol j/k, just click on it", i'm sure some people would STILL download it.

Re:Correction.

[FireFury03]

if the bot replied "it's a virus lol j/k, just click on it", i'm sure some people would STILL download it.

The cover would be blown with the "lol" and "j/k" anyway since I have no 12 year olds on my buddy list... (not that I use MSN anyway)

Shock horror, virus writers target MSN

[99luftballon]

News up next - Ursine defecation in arboreal context and spiritual leader found in Rome.

Re:Shock horror, virus writers target MSN

[Watson+Ladd]

That's bears crap in the woods and the Pope lives in Rome for those to thick to get it.

GAIM is not inherently more secure...

[RingDev]

In this case the user is clicking on a hyper link in the IM Conversation which uses a web browser to download an external application. If someone on your buddy list sent you this message, it would come through with no problems. You could click the link and download the file with no problems. It could even execute it's payload while you are wrapped in your GAIM blanket of security. The only thing that it MIGHT not be able to do is to propagate itself to all of the members of your friends list.

-Rick

Fix

[wjsroot]

This doesn't sound like a virus, More of a bug fix for windows. Any change is an improvement.

IM clients

[ScottLindner]

I've always been concerned that the IM clients we use would be a threat some day. I didn't have any reason other than lots of people use them all of the time and by their very nature they allow people to reach out and touch you RIGHT NOW.

I'm not surprised that MSN got hit first (or at least in a major way). M$ tries hard to do just a bit more than the basic solution because it's easy to do so. They have a lot of great COM and .NET capability already deployed on the Windows machines. So it's very easy to get lots of cool extras with little effort. Kind of a bummer someone is exploiting it. It's my guess MSN was hit first because of the number of subscribers. I'd suspect something like Trillian or GAIM to have more security holes.

Re:IM clients

[Secrity]

Dude, tone it down a bit. You really need to take the latest Astroturfing class, it teaches you how to be a bit more subtle.

Re:IM clients

[ScottLindner]

WTF? Are you trolling?

Re:IM clients

[evilneko]

No, he's saying you are. Look here: http://en.wikipedia.org/wiki/Astroturfing

Re:IM clients

[ScottLindner]

WTF? Why did he pick my post out of any to be a jerk to? I'm legit. This MSN worm sucks. Thankfully I don't use MSN anything cuz I hate how Windblows always reconfigures everything to push me to it.

Re:IM clients

[ScottLindner]

I agree with your sig by the way. COMPLETELY.

Doesn't make worms less annoying

[SanityInAnarchy]

Someone I met online recently sent me this message:

"I got my MSN names from http://www.im-names.com/ they're free!"

After getting this person to clarify that it was sent automatically. I said "OK, that's spyware." They said "I don't care." They are now blocked.

Gaim and some common sense means I'll never actually get the spyware, but it doesn't mean I won't get annoyed by it. After all, remember chain mail? I used to get chain IMs all the time -- "Send this to 25 friends by midnight and something good will happen!".

Really, the only solution, no matter what your IM client, is to start blocking morons.

Re:Doesn't make worms less annoying

[Random832]

Is it actually spyware, or do you just not like the idea of something automatically sending avertisements?

GAIM automatically (or used to) puts something about itself in your profile.

Re:Doesn't make worms less annoying

[qzulla]

Dude,

Thanks for the link. My eyes will never be the same. They still hurt.

qz

The title is misleading.

[cciRRus]

Should be changed to "New Worm Starts Munching MSN Messenger Users". The MSN Messenging network and MSN are two different things.

Cornelius Album

[PaulMorel]

Creator could be a Cornelius fan, as he has an album by the name of Fantasma.

Not a bad album either, if you're into odd electronic music.

Re:Cornelius Album

[kbox]

A dial up modem sounds good too... if you are into odd electronic music.

Translation

En el 1er día te espantas, en el 2 te desesperas, en el 3 buscas ayuda y en el 4 mueres.

On the 1st day you are frightened, on the 2nd you are hopeless, on the 3rd you look for aid and on the 4th you die.

What a nice person, eh?

Coincidence or Conspiracy?

I not saying nuffing, but didnt MS just launch a pay for service to fix problems like this?

Do we know it's an executable?

[Beryllium+Sphere(tm)]

Or is it using an exploit in Media Player and inhabiting something that's actually a movie file? The foggy article doesn't say, and the news section at Panda's site doesn't shed any more light. In fact it talks about both a 'movie" and about "code'.

Dead right!

[PinkyDead]

GAIM is obviously a load of complete rubbish because it doesn't support this functionality.

GoogleTalk deserves the same ire - you can't do anything with that except send instant messages - that's not what IM was invented for. Harumph! What would Google know about the Internet, anyway.

When will these people learn (as Microsoft have) that not being allowed to destroy our own machines and everyone else we know and spend days trying to get back to where we were is not a feature - it's clearly a bug. We enjoy rebuilding operating systems!

Re:Dead right!

[Sj0]

You're an idiot. If GAIM is trying to mimic MSN functionallity, but doesn't support some MSN features, then it's broken, not fixed. Trying to spin it as a good thing is ridiculous. Trying to say that users shouldn't be allowed to self files because they're too stupid to do so is also ridiculous. Get off your high horse.

Re:Dead right!

[FireFury03]

GAIM is obviously a load of complete rubbish because it doesn't support this functionality.

Many people don't actually want that functionality. For such people there is nothing "rubbish" about the functionality being lacking.

Downloading executable code off the web is one thing, but how many people actually need to send it over IM? Refusing to accept executable files that are being sent to you would probably be a good start (at least by default - you could stick an option to allow it in the preferences if you want so people with a legitimate need can turn it on).

you can't do anything with that except send instant messages - that's not what IM was invented for.

In other news, FTP (file transfer protocol) can't do anything but transfer files! *shock*

MSN Users...

[writermike]

*crunch* *crunch* *swallow*

Hmmm... tastes like chicken.

Has the CDC been notified?

[GeorgeMonroy]

I sure hope the CDC has been notified about these MNS users being munched on. I wonder if this is worse than the flesh eating disease.

It's the fear stupid

[mrraven]

What you don't understand is non geeks are afraid of computers. When people are afraid they cling tightly to what they know whether that's a rational decision or not. To someone who is afraid and who lacks knowledge the unknown is terrifying, what if the new software is worse they think? They have zero understanding of things slasdot geeks take for granted like file formats, Unix user permissions, etc, all they know about the computer is next to nothing and their fear from bad things that have happened in the past

Never mind the fact that the fear of computers in turn comes from from bad engineering decisions from M$. Obviously educating people is the answer but it's not easy when you are dealing with people who are afraid and only want to know the minimum about their computer to just chat, e-mail, surf the web, word process, and look at pictures from the kids from their digital camera.

I could write a whole 'nother diatribe about fear, the "war on terrorism," Bush, and the abrogation of our civil liberties but I'll refrain for now. Suffice it to say fear is a powerful emotion that helps Bush and M$.

GOOD TIMES!

[Guppy06]

Or am I the only one who thought that when they read what this virus did?

Old News

[Dorsai65]

I mean, come on - a virus/worm/trojan attacking a Microsoft application/"service"??

Isn't this like announcing "water passes through a screen door"?

If you're going to insist on using a collection of security holes held together with a little bit of application code, you've pretty much got to expect this kind of thing.

Re:Old News

[cyberworm]

Isn't this like announcing "water passes through a screen door"?

I guess you don't want to buy my Polish submarine then?

Obligitory correction

[Mister+Whirly]

Q. What is the plural of virus?
A. Viruses.

It is not viri, or (which is worse) virii. True, the word comes directly from Latin, but not all Latin words ending in -us have -i as their plural. Besides, viri is the Latin word for 'men' (plural of vir, man, the root the English virile). There is in fact no written attestation of a Latin plural of virus. If you would like to pursue the subject further, see the excellent article "What's the Plural of 'Virus'?". If you have some knowledge of linguistics and Latin, you might be interested in the morphological analysis of the word from the Perseus Project.
http://dictionary.reference.com/help/faq/language/ v/virus.html

I see there are a few replies from ACs here, which probably are pointing out the same thing, but I don't read AC comments...

Obligitory flame

[Rob+T+Firefly]

OMG How dare you correct my grammar blah blah. Actually, thank you! I did not know that, and have been saying it wrong all these years.

I do know, however, that I misspelled "address." And I don't regret that in the slightest.

What a stupid article

From the article:

To be impacted with the worm, users have to actively download the code. Messenger conversations initiated by the worm carry texts like "jaja look a that" or "mira este video" as well as a web address from where it is downloaded.

Ummmm... here's a hint: if somebody sends you a random URL to an executable, don't run it!

TFA is wrong then - if you have to execute anything, it's not a worm. A worm infects your system via a security hole in an application andneeds no user assistance (well, sometimes the user has to neglect to apply patches or run a firewall).

This is not a worm. It is a trojan. I wouldn't trust any information from the web site, since they don't know their wormy ass from a hole in Troy's ground.

Nothing at SecurityFocus about this, they're talking about the Yahoo worm shich actually IS a worm:

The 6,377 byte worm exploits a JavaScript flaw in Yahoo's implementation and when opened, collects addresses in the user's webmail folders and then starts to spread. The worm takes a novel approach in that it does not require the user to click on any attachment for it to function; the e-mail only needs to be opened within Yahoo Mail. By late Monday, Yahoo had already disabled the functionality in Yahoo Mail that allowed the worm to spread.

If you can't get into your house, call a locksmith, not a carpenter.

Argh those damn kids and their newfangled tech

[Vicsun]

So I communicate to others but through a nice free little thing called letters

My friends often try to send me files or pictures or videos through the "internet" and it doesn't work. They get annoyed and tell me to "go online." I'm told that snail mail is stupid & crappy for not supporting these features.

Really makes you wonder if the people who developed writing couldn't figure out how to make the videos/pictures stream through the mail box ... or if it was a design decision by choice to avoid hidden viruses that the codecs unpack in the media files. Probably the latter.

Do you also rail against email attachments? Oh wait GAIM is OSS so it's automatically better even if that betterness manifests in a lack of basic features.

Re:Argh those damn kids and their newfangled tech

It's only free if you set the ISP (Insufficient Postage) flag to 0 in your package headers. Otherwise it'll cost you US $0.39.

Re:Argh those damn kids and their newfangled tech

[FireFury03]

Do you also rail against email attachments?

Having supported a lot of moron users I can say that yes, email attachments are often a very Bad Thing. But mainly in the "when you have a hammer everything looks like a nail" sense. In some cases attachments are a good way of sending someone a file, but the clueless get too used to doing it that way and don't think of the consequences.

An example I saw a few years ago (which is a whole catalogue of cockups):

An estate agent did email-shots to prospective house buyers on a weekly basis. This mail shot consisted of an attached Word document containing descriptions and photos of properties. The photos were taken with something like a 2MP camera and they let Word "scale" them (read: the photos were imported in full resolution and then resized so they were still stored in the document at 2MP!). They would then mail-shot this (very large) document to around 500 email addresses. To make things worse, each week they took the last week's document and modified it, and Word in it's infinite wisdom keeps metadata about changes so the document got bigger each week.

By the time I got called in to fix their mail server (which had fallen over under the strain) I discovered several tens of gigabytes of mails queued for sending, many of them weeks old because it was now taking over a week to send the weekly mailings over their ADSL. And of course, almost all the mails were eventually getting bounced by the recipients' mail servers anyway because they were so big.

What they should've done is paid someone to set up a web site for them with a proper SQL backend to present the data they were mailing out. Clearly the users here were terminally clueless, but the point is that the software they were using made it far too easy to make each and every one of these mistakes.

So in summary, yes in some cases email attachments are useful, but I worry that they are frequently over-used because people get too comfortable using that feature for everything. Oh, and I don't believe most people have much legitimate need for sending executables over email so they should probably be automagically rejected.

They have the tech

I feel comfortable knowing that a number of scientologist-run companies like Panda and Sunbelt are using L. Ron Hubbard's tech to find security breaches.

57 Points: Chyropractor

[Fallen+Mongoose]

It's the chyropractor approach and it gets rid of that pain in your neck. You've got diphtheria. I'm gonna crack your bones. You've got a virus. I'm gonna wipe your HD.

Such a wasted opportunity

[autophile]

Fantasma.B is the same, but with a different message:

On the first day, you get embraced. On the second day, you get extended. On the third day, you get extinguished. And on the fourth day, you... oh, wait.

--Rob

Try again

[Alturin]

Who said Gaim "is try mimic MSN functionallity"? Gaim itself sure doesn't! http://gaim.sourceforge.net/about.php Besides, the parent might just have been joking...? "When will these people learn (as Microsoft have) that not being allowed to destroy our own machines and everyone else we know and spend days trying to get back to where we were is not a feature - it's clearly a bug. We enjoy rebuilding operating systems." I'd almost think you were joking, but there is nothing funny in your post.

Re:Try again

[Sj0]

I don't joke around with zealots, and the grandparent, spinning the lack of file transfer capability as a feature, is the post of a zealots.

Re:Try again

[PinkyDead]

[Taking of my sarcastic hat.]

Microsoft have continually taken good products and protocols - bloated the life out of them with redundant features that their fanboys cite as examples of their superiority and use as sticks to beat genuinely superier products like Gaim with. The net result, as ever, software that can turn your computer from 0 to zombie in 60 seconds.

I don't like Gaim, but there is no denying that it does the job is said it would, which is the job it should be doing - instant messaging. It is far better to do one job well, than a thousand badly - but when you are trying to grab every market available that's the inevitable consequence. And the next inevitable consequence is clearly visible in TFA.

Re:Try again

[Sj0]

I disagree. It doesn't matter if you're using a web browser, an e-mail program, an instant messenger, an FTP client, or IRC. If you accept untrustworthy or unsolicited downloads and run them, you've got an insecure machine, but it's not the fault of the software. If you let random people into your house, you've got an insecure house, and it doesn't matter how big the lock you put on the front door is.

Re:Try again

[PinkyDead]

Door manufacturers don't leave big holes in their doors.

Microsoft is not dealing with a highly skilled or security aware customer base, so they should be more security conscious, not less. However, they are driven more by marketing requirements than security.

GAIM is built secure from the bottom up - MSN is built glitzy from the top down.

It's not good enough to say "well it's the stupid users - let god sort them out" - that way we just leave everyone open to distributed attacks.

Re:Try again

[Sj0]

This has absolutely nothing to do with holes. Many MS viruses over the years have, but this isn't one of them. This is a case of "I unlocked and opened my door and let him into my house". This is just following that fundamental first principle of e-mail security from 25 years ago: Don't open attachments you don't trust. Are PCs badly designed because a user can stick a virus infected CD, DVD, Floppy, or USB drive into it and infect the computer? Is FTP a fundamentally flawed concept for a protocol with no use on the internet?

Because that's what you're saying. You're saying that allowing users to send files to each other is a terrible design decision, and that GAIM is better because it doesn't have that ability.

(Of course, it's a bit of a red herring because it supposedly supports client/server transfers, just not direct connections, which is irrelevant for a bug which basically fires out a link and goes "Click this! It's interesting!")

Security

The easiest way to avoid viruses and worms is to make yourself incompatable. You may be able to download viruses through MSN Messenger on Macs or another open-sorce Instant Messegeing app on Linux, but as far as I know, the virus would simply do nothing.