Slashdot Mirror
Trojan Installs Anti-Virus, Removes Other Malware
An anonymous reader writes "SpamThru takes the game to a new level. The new virus uses an anti-virus engine to remove potential 'rival' infectious code." From the article: "At start-up, the Trojan requests and loads a DLL from the author's command-and-control server. This then downloads a pirated copy of Kaspersky AntiVirus for WinGate into a concealed directory on the infected system. It patches the license signature check in-memory in the Kaspersky DLL to avoid having Kaspersky refuse to run due to an invalid or expired license, Stewart said. Ten minutes after the download of the DLL, it begins to scan the system for malware, skipping files which it detects are part of its own installation."
It sounds a little too intelligent to have been designed by humans.
Cyclons? I hear they are hot!
Any system that is badly protected enough to get infected is probably already bogging down and in danger of the user getting it fixed. This is probably a very good strategy to improve the usefulness of the machine to the hijacker, and reduce the chances of the user doing anything about the infection. I'm surprised this hasn't happened before.
A pizza of radius z and thickness a has a volume of pi z z a
...plenty other crapware removing that virus. Seeing how much of that crap can coexist on one machine, I imagine these people will be forced back in line. And I don't think anything like a "civil war" fought on user's computers will be good for the users either.
Live today, because you never know what tomorrow brings
During his analysis, Stewart found that SpamThru was being used to operate a spam-based pump-and-dump stock scheme.
Add one and one together, and you know who the operator of the botnet is.
bash$
Hopefully we will see a new "virus" war, hasn't it been quite a while since the last one?
:)
There's a reason for all those extra cores in the upcoming processors.
I was wondering how long before this actually happened. Back when my web server was under a barrage of malformed requests from infected IIS installations, I had the urge to create a script which would retaliate with exploiting, gaining access and patching the zombified computer... or at least, shut it down.
While I never actually did this, mostly due to lack of time and for fear of possible lawsuit, it was certainly possible. So now it's a reality, thanks to... whoever. I think it's a Good Thing.
Malware is commonly known as the Norton Antivirus installer. ;)
Where can i get this trojan?
This is a viral signature. You are now infected!
I know before too long they'll be some long and nearly interesting thread about the Darwinian loveliness manifest in this virus' competitive adaptation, but I think it instead provides a firm basis to identify the handiwork of Intelligent Design.
In other words, God spams.
He Is That He Is has simply moved on from meat-based proselytizing and entered the so-called Cyber Age, as was foreseen in Deuteronomy 4:20, Revelations 1:1415, and Glossary 36:D.
These stories are free but worth money.
I'm just waiting for Microsoft to release a virus that'll force everyone to run Automatic Update. Think of how many problems it would solve!
Why is evertybody saying this is a good thing.This could be very bad. A virus or any malware that disguises itself as an antivirus would not be detected by anti virus programs. ITs actually very clever. Your machine would be infected and you might not even know it. Especially if you normally run kapersky.
Because that's not the only thing it does. If it was, I'd definitely consider it a good thing to infect all those without up-to-date antivirus software with.
Naturally, this is a Windows specific little bugger. So, if you're running anything else, you should be okay. (Of course, the systems that us /.ers support are another story...) Sophos is the only vendor of the few big boys I searched that seems to have any info on this mal-ware with the "SpamThru" name. Of course, there are other variant names of this, so check with your vendor against these other possible iteratives:
* Backdoor.Win32.Agent.uu
* Spam-DComServ
* TROJ_AGENT.BOR
Removal instructions can also be found here
Just another nameless binary in a crowd of 1's and 0's
Uhhh, because it installs its own malware? Why do you think it's a good thing to have some scam software installed on your machine?
... and then they built the supercollider.
2? Those bloody integers, eh?
I sit here a happily run OSX 10.4.8 on my G4 powered Mac and laugh at the electronics and software Wars taking place in the MS World. I clean WIndows machines for a living an are not surprised at this development. Most machines can take a little malware infection, but are maintained when the owner can't boot anymore or the machine slows to a crawl.
How long will it be before somebody lobotomizes this to just install the anti-virus? Could be a new age in the spam wars...
... if virus authors are confident enough to use it as a mean to eradicate competition! This guy put enough faith in this AV to use it as defense on a compromised system. It kind of implicitly confess that, would the machine have been protected by Kaspersky, it couln't have been compromised.
Obligatory conspiracy theory: could it be a publicity stunt from Kaspersky themselves? Naaah, I'm certainly too paranoïd.
--
Arkan, who don't care anyway, as long as you can't patch DLL in-memory... on GNU/Linux
http://www.secureworks.com/analysis/spamthru/
When the mob kills people it is usually a rival gang. They want to be the only people milking their territory for good reasons.
Wait! I have the answer! Just install WinAntiVirus and WinAntiSpyware Pro 2006! It'll download the Trojan, you pay your $24 or whatever, and it all disappears!
Wait...what's that "annoying as hell" flashing icon in my taskbar for...?
In biology, we hear that it's generally not good to regularly use some types of anti-bacterial cleansers. After awhile they start wiping out the good or innocuos types, leading to proliferation of the undesirable types. My lawn guy says the same thing about some types of weeds; apparently they keep other, larger and hardier weeds from getting a stronghold. It's funny that in the future this may be how viruses are combated in electronic devices.
Now you see why windows remains the dominant desktop. It is because by its very nature it is a tremendous cash cow, going up and down and sideways across the IT food chain. Very, very few people are altruistic enough to work as hard as they can to put themselves out of business, especially once the work involved becomes more or less easy and routine.
Human nature, you can see it at work in a number of areas, take governments for example. It would be quite possible for governments to work towards fine tuning laws and processes to the point that they are clearly understood, as universally fair as possible, and requiring the least bit of constant interferring-they would have to fire themselves, voluntarily withdraw. It doesn't and won't happen though. Bad car analogy. Could automakers make the million mile car that was super reliable, got good mileage, had decent power, and because of that, actually be cost effective for the consumer in the long run? I bet they could, but there wouldn't be much incentive for them to remain in the car making business, as sales would dreop off severely eventually. The fixit shops would hate it. The oil companies would hate it. Stockholders would hate it.
And so on. You are trying to balance consumer desires with business desires for repeat sales and increasing sales and peripheral sales, in an economic system that values and rewards that over even just a maintainance of the status quo mode. So it obviously doesn't happen... not much anyway.
I think that in the blaster days there was a copycat worm that downloaded the microsoft anti-blaster patch and installed it (in fact I know there was, because I got 'hit' with it).
It's a nice way to fight zombies, and it might go some way to doing what legal/conventional means have failed to do by using the same viral nature of the original malware to clean the internet up. (While still trying to copy itself from cleaned pc's). The only problem with this is (besides the ethical bit about fighting fire with fire, which I don't really care about) is that the users won't know about it.
Getting infected to the point of having to have somebody clean your system up and install ativirus/firewall/antispyware and a safe browser and email client is a learning experience about how dangerous the internet is these days. If people have their system cleaned up without realizing it, the system may be clean but the people are none the wiser. The best thing, I think would be to install free (as in beer) software, hiding it just until all scans are done and the system has been cleaned and protected, and then, informing the user in some clear way what has happened and what they can do about preventing it in the future, and that they should probably get their system checked out by a human. It would have to do so in some way that doesn't get mistaken for a web-ad, like replacing the wallpaper with the message.
The problem with this scheme of course is that once they get their machine cleaned out the machine won't be spreading the worm anymore and it will lose out to other worms that have the luxury of staying completely still. Maybe if you let the worm hide for two weeks, and then inform the user...
"I use a Mac because I'm just better than you are."
Please dont use Peter Norton's name in connection with Symantec's Anti-CPU Suite. Thank you
The system had the verbosity of HTML combined with all the readability of compiled assembly viewed as bitmap images
Funny how there's a war fought over who has control of a windos PC - by multiple parties, none of which is the owner of said PC.
Assorted stuff I do sometimes: Lemuria.org
Back in the days I actually installed this on my webserver. It was only after I had it running for a while that the number of exploited windos servers attacking me dropped. I'm very sure that there is a kind of ground layer of infected PCs and servers that will never be cleaned up by their admins.
e is the most reliable way to get its clueless idiot users to reinstall, activate the firewall and/or run a damn virus scanner.
In fact, I think there's a much larger percentage where something-bad-and-visible-happening-to-the-machin
Remember: 10 years ago, the script kiddies taking over your machine wanted to shut it down, just to show you who's boss. Today, the organized criminals taking over yourr machine want it to stay up, so they can push as much spam out as possible.
Assorted stuff I do sometimes: Lemuria.org
Graphical Processing Unit, Physics Processing Unit,... Virus Processing Unit? :)
:P
It should be noted though, that a "Virus Accelerator Board" is not a very good name from a marketing perspective!
Heh, in 2001 I had this exact idea as part of my concept for a theoretical modular virus. Most of the things I envisioned in that concept have since been picked up by malware producers (for example, modular virii, multi-system virii, rootkits in a virus either as the main payload or to reinstall the payload(or a diff payload) after the system has been cleaned to mention a few which have gone into use on some scale since I came up with my idea), but there were a few tricks my concept had that I've yet to hear about in the wild, so I wont go into any of those details for fear of giving anyone ideas. (I have never developed, nor do I ever intend to develop this concept into an actual program. I'm morally opposed to virii... I was just thinking of the things I would be afraid to see in virii, and how one would go about dealing with something using concepts like what I envisioned.)
It also reminds me of a sorta funny virus killer that was my precursor idea to the modular concept in 2000: a virus which uses the same 'sploit as a previous virus. The goal: download a removal package, the patch to the 'sploit you used to get in, and a package to temporarily host all of the packages. Once it does this, it simply removes the old virus, patches the system, and hosts the files for a breif period of time(prolly around a day, definately no longer than a week... could also judge how long to host it off frequency of requests for the info) to allow the virus to P2P the files rather than place the load on a central server. Could also disable the network adapter for a period of time in there if needed to make sure it doesnt get reinfected during the removal/patching phases.
I decided against ever building such a virus-chaser because it's near as bad as the original virus. It's illegal, it could cause network congestion, and while it intends to do good, it's pretty immoral to install stuff on a system & patch it without the users consent.
Still, a funny concept, similar in some ways to the malware this article discusses.
PS, I know the plural of virus is viruses. Virii is just fun to say tho.
I don't believe there are any non extreme ways of getting rid of the damn thing. It has its little claws dug in deep and you have to bash it repeatedly on its ugly little head with a crowbar before it finally lets go (spewing gore everywhere).
I haven't had to uninstall it from friend's machines recently (so it might have gotten better, or worse) but I have fond memories of that thing. Reminded me of the headcrabs in HL2.
May contain traces of nut.
Made from the freshest electrons.
I think that in the blaster days there was a copycat worm that downloaded the microsoft anti-blaster patch and installed it...
. jsp?docid=2003-081815-2308-99
...(in fact I know there was, because I got 'hit' with it).
That would be Welchia:
http://www.symantec.com/security_response/writeup
The only bad thing about Welchia (aside from it installing patches on your system without your permission) was that it did not throttle its traffic when it came to looking for new machines to patch. It flooded or swamped network segments as it probed new machines to work on. If Welchia had been a little more subtle with its scanning, Welchia's presence would have been less of an issue.
Boring, eh? They're both vigilante attempts to fix the problem, but this one actually downloads and installs a pirated commercial AV software package. Significantly different from Welchia, and the first of its kind, as far as I know.
:-).
People have joked for years about releasing a worm that patches Windows systems by installing $LINUX_DISTRIBUTION, this thing just brings us one step closer
It's a fair question.
Software that installs without the user's knowledge or consent is by definition malware.
Microsoft asks users to temporarily disable AV when installing IE7 because the installer makes complex changes to the Registry. The install can be trashed by something as simple as an out-of-date signature file.
Trouble shooting conflicts with AV software can be a nightmare for non-technical end users and Kaspersky is no exception: Kapersky Lab Forums > Protection for Home Users
Where does that leave the user who doesn't know and cannot know that KAV is resident on his system?
"Maybe I should at least check for rootkits"
/var/log/secure quickly gets longer than your arm and sooner or later someone will be in... and the rootkits are never far behind.
You seem to say that as a joke, but I will answer seriously - you should. Just because you use Linux doesn't mean that you won't get rootkit'd... I'm not sure about Kubuntu, but with fedora it comes as a default with SSH runing and allowing root login - if you don't stop that
You should put something like RKhunter on a clean install ideally so you can keep a check on whats going on. Also chkrootkit is quite good, although I find it a lot harder to read.
*''I can't believe it's not a hyperlink.''
Sorry, but The Geek Formerly Known As Peter sold his name along with his soul to the Symantec Overlords. He is now only known by the sequence 50696E6B205368697274.
You would think the authors of the "botnet takeover" viruses would make them such that once they gained control of a computer, that they would do just this... patch the vulnerability that they used to get in in the first place, to prevent "compettion" on the owned system?
I work for the Department of Redundancy Department.
Viral marketing?
http://www.TheGamerNation.com/Forums
The only problem with this approach is that it's illegal. And not just in the sense it's "not nice", it's actually risky: one machine in a thousand may get broken, and the owner can sue you. So anything you do you do as a criminal, meaning both risk and absolutely no recognition. I don't think many would do something as difficult for free and completely anonymous. People are just not that altruistic.
The official approach, Automatic Updates, is almost as good. Unfortunately Microsoft's main motivation is to make money, and working software is only a side effect (I don't find anything evil in that btw, MS has done more for IT then any other company). So the system isn't perfect, updates may be late or Automatic Updates may not be enabled. The "virus" way is better because if affects exactly the kind of targets normal trojans do. Bigger the disease, better the cure. It's almost biological in nature.
The problem with this scheme of course is that once they get their machine cleaned out the machine won't be spreading the worm anymore and it will lose out to other worms that have the luxury of staying completely still. Maybe if you let the worm hide for two weeks, and then inform the user...
Why? If the machine gets cleaned means it won't be infected anymore, but the existing software can function very well. That's why a compromised machine is compromised forever: you never know what may be lurking in there.
Why not protect your computer in the first place and not have to worry about spyware and viruses. If you are on a Windows machine and you are browsing warez or other "not so legit" sites, you better protect yourself. You would be advised to use an Anonymous Proxy to browse such sites, as you really don't want your IP address floating around in their logs when they get busted, do you?
Furthermore, a proxy such as the above would protect you from malicious scripts.
How about a dedicated antivirus board? I'm on a Mac so I dunno, but everyone around me is constantly complaining about the CPU load for antivirus software.
...Beuller?
Imagine, then, a cheap processor (an Intel embedded-grade unit, for instance, running about 100-150 mhz) connecting to a new slot on the motherboard that runs background virus scans while your HD(s) is(are) idle. Got sensitive data or a long vulnerability list? Drop fifty, hundred bucks and upgrade the card.
CPU load isn't the only reason for this either. Vista is trying to kill off antivirus software, remember? This could be a chance for hardware manufacturers to get McAfee, Norton, Symantec, and all them good ol' boys right back into the ball-game.
Dell? Are you listening?
You can imagine what the airport code for Fukuoka (in Kyushu, Japan) is.
Yep. That.
And then the Linux users can utilise that extra processing power for more SETI@Home stuff. Awesome!
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
I like the idea of dis-infecting a machine that was trying to infect your machine.
Would it also be advantageous to have the now worm-free machine to also perform that function?
If "yes" would you want to be especially helpful and place a removal icon in the "Add/Remove Programs" section so that that functionality could be removed?
If "no", why not? Other than the bit about installing software on someone else's machine?
I would NOT want the anti-worm to probe the network. This sounds good in theory, but in practice, any amount of scanning will become a problem as the number of machines doing the scanning increases. Sure, they only consume 0.1% of your bandwidth today. But when there are 10x more machines, 100x more machines, etc.
Any suggestions?
This should be reported, in very clear terms, to "enforcement@sec.gov". Or on the SEC's online form. Or to the SEC Division of Enforcement, 100 F Street, N.E. Washington, D.C. 20549. Because it's a felony being committed in support of a pump-and-dump stock scam.
The stock being hyped is "TTEN", which has very low volume. The SEC can find out who was trading it just before the spam run started. That's how to find the people behind this. They can follow the money.
So put together a comprehensive package listing all known stocks being hyped by this thing and the dates the spam began, and ship it off to the SEC. The SEC and FinCen (the U.S. Treasury Financial Crimes Enforcement Network) have the data mining tools to look at the stock transactions and find the people behind this. The SEC has gone after pump-and-dump spammers many times before, and they usually get them.
Although it may not have applied in this case there could also have been technical reasons why a patch wasn't applied, it certainly wouldn't be the first time that a patch - even a MS one - has caused complications in other software that is installed. Automatically assuming the sysadmin is incompetent and patching their system for them and potentially breaking their business-critical application suite is not "a good thing" imo.
A better solution would've been to flash a message up on screen basically saying something along the lines of "I got in to your system because it has a vulnerability - either patch it or block the listening port to trusted hosts only or next time the real virus might get in" might've been a better solution.
I don't think that most of the slowdown with antiviral software comes from the processor usage, but rather from it having to read every file you try to access before you access it. My NAV at work was set up to scan every single file every single time it was opened. That's a major resource hog. Espcially since things like txt or XML files (which can get large) have 0 chance of maintaining viruses. A smart virus scanner may just do an md5 sum of the file, and then it it hasn't changed, then don't bother scanning. Although I don't know if that would be any faster. Myself, I use Linux at home, so I don't worry so much about virus scanners.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
This makes me wonder if you could make money by remotely managing somebody's computer for them. Install all the updates, make sure everything runs smoothly, clean off the malware and viruses. You could probably get the system automated. I know a lot of people who's computers are always taken over by viruses, or they just end up installing stuff that they use once and never again (I don't know why windows develops problems when you install too many programs, my Linux box has hundreds of programs installed, and doesn't slow down a bit. Anyway, I think there's a lot of people who'd be willing to pay a monthly subscription fee if you kept their coomputer running fast and organized. With all the required updates and stuff. I think Dell could offer something like this to their customers. Although they probably make more money when they buy a new computer every year when their old one gets slow.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
I'm not too excited about anything competitive like this. Soon these viruses will get smarter and smarter, soon making sophisticated decisions that resemble artificial intelligence behaviour, and then just leave it up to darwinism til these things evolve into something smarter than us. Luckily we can still just pull the plug on any computer as a last measure, but once they come up with computers that have undisconnectable power cords - wait, you can always use a woodden handled axe to cut the cord, if you got such a thing, and it's not electric powered with an rfid chip that shocks you if you can't id yourself because such weapons have to be kept out of terrorist hands, in the name of public safety. But you can always just bite the damn cord apart, and recieve a mild shock in the process. So we only have to worry about systems that can never come down, such as the electric grid, or hospital systems that have backup grids, where there is always power, so such viruses might hide out in such "always on" systems and evolve, but hey, we can even shut down the electric grid if that's what it takes to take control back, problem is these days the shutting switches are also computer controlled, and I suggest we should have a manual shut off station where you can toss a lever just like in the good old days, as a general safety measure for any device that is powered by energy. Most things in your home have a power cord you can pull, and you can shut off all power to your home by cutting the conduits where the electricity, natural gas and high pressure water come in, but there are complicated places in the world where nobody really knows how to shut the whole thing down, or where is the switch to toss to shut the whole thing down. On the other hand, you also don't want such shut the whole thing down switches too accessible, because of terrorists, damn, not again, these terrorirsts are annoying maaan.... Once there are cameras everywhere watching for terrorists, and computer vision is developed enough to where those computer driven cars can actually drive through the desert on their own, meaning they can see, then these viruses will be able to see everything in the whole world, including you disconnecting their power cord, and they can instantly make up a false criminal record and send 911 on your ass and have the police plug the power back in, and you can say you're innocent, riiight, that's what all people in prison say, they are all innocent.... Once I laughed at someone for saying "fuck technology." I love technology, it's so much fun, but maaan, fire was the first big technology man invented, and playing with any new technology since then is like playing with fire - it's fun, but you can get burned if you don't pay attention. On the other hand how do we know that such "higher intelligence" entitities would not be protectors, but destructors of us? What is man to nature on this Earth? A protector, maintainer or destructor? Do unto others....?
I was immediately outraged at the illegal install of software, but then I remembered the virus itself was illegal anyhow, ...
I wonder, though, if a retaliatory disinfector, or even a "beneficial nematode", would be legal?
This would be a server that not only detects and blocks worm infection attempts, but responds (using one of the vulnerabilities exploited by the original malware or one it installs - which are known to exist due to the malware's presence) by disabling the malware in the attacking computer, and perhaps patching the vulnerabilities exploited by the malware and/or (in the "beneficial nematode" case) copying itself to it. The former attacker is now no longer attacking, is protected from reinfection by the secondary infection, and perhaps becomes another source of counter-attacks.
Since it only counter-attacked, and even a passively-blocked attack without a counter-attack consumes resources (amounting to a DoS if sufficiently large and persistent), it could be argued that the counter-infection falls under the same principle as the use of force in self-defence. Or perhaps a "necessity defence" could be argued.
Of course one would have to be especially careful when designing such a self-reproducing tool. A significant issue would be accidental escape into the wild of a buggy version early in the development. Timeouts or "hayflick limit" reproduction counters seem advisable. And building them on pirated antiviral tools would be out of the question.
IANAL. Does anybody out there have a more informed opinion?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Here's a link of an example, over 2 million miles with a valve replacement when they stopped selling leaded gas
6 34.html
http://www.theautochannel.com/news/2004/08/26/213
Let's take a look at the career of last year's big pump-and-dump spammer:
"Computer Virus Broker Arrested for Selling Armies of Infected Computers to Hackers and Spammers
"Pump-and-dump spam domains go silent after botnet closure"
Spammers register pump-and-dump spam domains for use in spam runs. These domains are commonly discarded after a few days. The tactic is commonplace but the the arrest of alleged botmaster Jeanson James Ancheta, 20, of Downey, California, on 3 November has been accompanied by a radical shift in the landscape. "Up to recently, the graphs were all fairly smooth, with the stats showing that 12 days was about the maximum lifetime for this type of domain, while 30 per cent only lasted a day or under, and 10 per cent only lasted three hours or under," Shipp said. "This kind of activity just disappeared completely from the radar on 2 November."
Following up:
"Botnet Creator Pleads Guilty, Faces 25 Years"
Federal Bureau of Prisons Inmate Locator
California City Prison: "This medium security desert prison opened in 2000, and is a stunning sight, either by day when its monolithic forms stand out on the desert pavement like ancient Egyptian architecture, or by night when floodlights bathe the gleaming facility in an orange glow which can be seen from as much as 30 miles away."
Next spammer, please.
It's about time someone ported Corewars to Windows!
in my experience, Kaspersky Labs works almost amazingly better against viruses; at least, it has easily fixed computers where AVG couldn't even see a problem. I'm sorry, I know it'd be great to be all "yay AVG!" since it's free, but I've begrudgingly grown to respect Kaspersky. Of course, it's much much better than Norton as well, but that's pretty much for granted.
(Reminds me of a funny story, though. My friend's computer was acting up, in some very odd and rather annoying ways. I tsk-tsked him, implying that he probably caught himself some kind of infection. He went "no, no, this legit copy of Norton I have would have seen it." I took his hard drive out, threw it in my machine, and Kaspersky Labs immediately started deleting. Once the massive infection (mainly of worms) was gone, we put it back in his box, and his Win2k install ran with significantly less hassle; all those mysterious problems were gone, howabout that. Norton, thoughout all of this, just smiled into space like an idiot. And don't get me started on McAfee!)
Kasperksy is also quite configurable for ignoring certain files, and has a rather robust system for doing so; I find it handy myself, considering that I have quite a few programs that have the kinds of engines in them that might be detected heuristically by Kaspersky as being virus-y, for lack of a better term (for example, the smtp engine in anonymail is the kind of setup that a worm might use for using a computer to randomly mail copies of itself around). So if this piece of kinda-mal-ware is to survive its own medicine, that sort of functionality is rather useful (I haven't used AVG for about a year now, but when I last used it I remembered a lack of that kind of breadth of deliberate "leave such-and-such alone).
You're right though, that adding copyright infringement ontop of this is a bit of an issue, but under the circumstances it's an issue of contempt for the end-user anyways. Not saying whether that's justified or not, just that it's deliberately out of the control of whomever owns the infected computer, so it's not like *they'd* be liable anyways . . .
Actually, hey, maybe the creator really likes AVG and doesn't want to give it bad press? There's quite a few possible reasons for this choice, thinking about it.
I remember sigs. Oh, a simpler time!