Slashdot Mirror
Wikipedia Used To Spread Virus
eldavojohn writes "The German Wikipedia has recently been used to launch a virus attack. Hackers posted a link to an all alleged fix for a new version of the blaster worm. Instead, it was a link to download malicious software. They then sent e-mails advising people to update their computers and directed them to the Wikipedia article. Since Wikipedia has been gaining more trust & credibility, I can see how this would work in some cases. The page has, of course, been fixed but this is nevertheless a valuable lesson for Wikipedia users."
How better to teach about viruses than to have an actual virus found at the http://en.wikipedia.org/wiki/Virus entry?
Where were you when the voynix came?
There was no danger of the blaster virus. It was simply malicious people claiming you needed to get a new release to protect from the most recent blaster virus. The malicious code they were hosting was not the blaster worm but rather newer virus technology.
...
I think I was pretty clear in the summary
People with reasonable sense of life will not trust complete strangers. Any information from complete stranger (on the street, or from the wikipedia, what's the difference?) is just that - a information to consider. Ignore it, or verify if it's true before making some real use of it.
OTOH dumb people will always get what they deserve. They will screw their life by trusting complete strangers and also they will screw their PCs, again - what's the difference?
How come, dumb people can expect to be being protected from complete strangers. And by whom? By other stragers? That article is plain FUD.
#
#\ @ ? Colonize Mars
#
Wikipedia, of course, is self-healing. Within two minutes, the virus was replaced with a large picture of a scrotum.
The Rise and Fall of Online Community
Better not follow this link then:
http://en.wikipedia.org/wiki/Syphilis
The page has, of course, been fixed but this is nevertheless a valuable lesson for Wikipedia users.
According to wikipedia, the number of valuable lessons for Wikipedia users has TRIPLED in the last six months!
Push Button, Receive Bacon
No, there was an incident not too long ago in which a Wikipedia admin published the passwords of several contributors, but in such a manner that only trolls and vandals could read them. Then, when the problem was pointed out, other admins rushed to Wikipedia's defense, and the account information remained visible for almost a year before a Slashdot story was published, shaming Wikipedia into taking it down.
Reading the (frankly, indefensible) excuses and justifications by many Wikipedia admins in that Slashdot story was when I first started souring on Wikipedia. Yes, legitimate users really were affected, in that they had their username/password combos revealed to trolls and vandals. No, I don't know if they were ever notified.
And now, a PSA from David Lynch.
The main thing this shows me as that as Wikipedia is growing popular, more parasites are grappling on. Or rather, those parasites have a greater impact. As they say in french: "C'est la rancon du succes".
Misleading titles? Inflammatory blurbs? Keep in mind that Slashdot is a tabloid.
Hijacked? That's a really over-exaggerated statement, as anybody could've edited the page to add the link to the virus. Now, if they actually hijacked it to, say, automatically download the virus to the user's computer, that would be a different story, not that it would've affected people who patch their computer.
Eh... this article appears to say that the leet hax0rs only put a link to the German article about W32.Blaster, and then used ordinary phishing techniques (i.e., set up a fake domain wikipedia-download.org, misused the Wikipedia logo, etc, etc...)
In other words, plain ordinary ho-hum phishing attack. Where's the blood? Where's the guts? Where's the annoyances?
I was already worried that there would have been some serious problems with the way MediaWiki handles JavaScript or something. Like back when someone added javascript:$1 to interwiki map...
People with reasonable sense of life will not trust complete strangers. ... dumb people will always get what they deserve. They will screw their life by trusting complete strangers and also they will screw their PCs, again
Don't blame the victim, their only fault is to trust Microsoft. Do you know and trust people at Microsoft or are they just another group of "strangers" who screwed your PC with stuff that's easy for malicious people to exploit? I trust another group of "strangers" at Debian but have not been screwed in any of these ways. When and if someone moles their way into Debian, I'm going to blame the mole not myself. Reputation and knowledge are not absolute protection from the malicious. The only thing that's dumb here is that people continue to use and trust Microsoft. Any organization that trusts or works with Microsoft can be screwed this way.
Friends don't help friends install M$ junk.
No, this is not a challenge. Security companies are primary and secondary sources. Encyclopedias such as Wikipedia are tertiary sources, with policies that require articles to be verifiable through reliable sources.
They linked to a virus, but acualy wanted to link to No_Virus_Realy.exe
OK, I am off to submit a story how Slashdot has been used to launch a virus attack.
Don't fight for your country, if your country does not fight for you.
It was seriously coming sooner or later. People seriously don't know what to trust, and what not to trust. Wikipeia is NOT a software repo. They should have been using linux, anyway :)
http://what-is-what.com/what_is/open_source.html
It is dangerous to be right when the government is wrong.
It's got nothing to do with Wikipedia -- Don't follow spurious 'urgent' links in email -- whether it's to your termination notice, or a wikipedia article. Email back to someone you trust asking if it's real -- then you can decide if it's trustable.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
"... & credibility"
Eh?? Where d'you get that from then?? You don't want to believe everything you read in Wikipedia, you know.
(Today's earlier Wikipedia story - some of the stuff there is ripped off from other sites anyway.)
Exactly the type of 'trust' that is being exploited in this article. I hope you said it that way to intentionally satire TFA.
- Kal`Goblez
This is just the ancient problem of people blindly trusting anything they're told in mails.
The problem isn't the authority Wikipedia has received, that's just a sub-problem, the real problem is the authority e-mails have got, to the point of users trusting them enough to download random things even if they don't know the person sending them.
Beware: In C++, your friends can see your privates!
I'm taking it that you don't admin a firewall, or don't watch the logging? It's still floating around, and I think to myself every couple days "I can't believe it's still around". At this point it's like the background radiation from the big bang, but it's still there. Don't forget there's a lot of places (ala south america) that have machines which are poorly administered, the administrators couldn't tell you if they had blaster or not assuming they even know what it is and will probably have the virus until the physical machine death.
Sometimes the Google sponsored links are funny on multiple levels.
KFG
Extreme Programming - Redundant Array of Inexpensive Developers
i think that's pretty clear . Also , having such a domain can get you sued by Microsoft . (like mikerosoft)
Slipping shoelaces ?
What a pretentious prick. Do you go up to people who have had relatives killed in car accidents and tell them it was their own fault for not driving a Sherman Tank?
I'm confused why someone would download a file from wikipedia? Read the article, fine. But why would you download something from it?
That which does not kill me only postpones the inevitable.
I know that English Wikipedia contains a lot of articles that can best be described as works in progress. Be bold about bringing this to editors' attention: put {{unsourced}} at the top of each poorly sourced article and {{cn}} after each questionable assertion. This will get the article on the radar of obsessive-compulsive fact checking editors.
"What a pretentious prick. Do you go up to people who have had relatives killed in car accidents and tell them it was their own fault for not driving a Sherman Tank?" Probably not, but when you compare the trouble of buying a Sherman tank to just updating your operating system. It's more like criticizing a person for not wearing a seatbelt - a more valid comparison than the exaggeration you decided to use.
and succes -> succès, but my keyboard's QWERTY and I'm too lazy for an international layout :P
Misleading titles? Inflammatory blurbs? Keep in mind that Slashdot is a tabloid.
Slashdot, a community known for superior technical prowess and trustworthiness
*cough*
http://en.wikipedia.org/wiki/Image:Vaginal_syphili s_(disturbing_image).jpg
That link should bring the birth rate down in about 9 months from now...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
For instance, Moodle has a built in feature that lets you run all uploaded files through a server a side anti-virus application (by default CLAM, but commercial ones can be used as well if you have a server side license).
Seems to me that Mediawiki should be able to do this with uploaded files..of course users should all patch their systems and not trust any downloaded files regardless of where they are from. But it does seem to me that the host site should certainly scan uploaded files as well.
Except the owner of mikerowesoft.com was indeed named Mike Rowe.
Circumcision is child abuse.
only one thing to say to this: rotfl. seriously, those virus writers need to work a little harder for all that hard-earned money they make. [aleae]
"God does not play dice with the universe."
"Einstein! Stop telling God what to do with His dice." - Neils Bohr
There is NO WAY I am clicking on the link in the submitted articles summary. It could be a virus on the other end; you know ... the kind of virus where I have to download and run it myself to be affected?
Not this kid . I'm off to have sex with a goat instead; it is more safe. Does anyone have a trojan for me?
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Are you linking back to anaesthetica with that cough?
What exactly is an "official" source of information?
This will get the article on the radar of obsessive-compulsive fact checking editors.
And this is a good thing... how?!
Wikipedia: Like a train wreck, it's hard to just...
Walk [pedia] Away [wiki].
Here you go: http://en.wikipedia.org/wiki/Wikipedia:General%20d isclaimer
No, but if they aren't wearing seatbelts the government and insurance company rarely give very much monetary sympathy.
Please, for the good of Humanity, vote Obama.
I'm glad this was tagged FUD, because the FUD is in the title. I think we should have tagging for articles and tagging for the titles as well.
Ok Seriously What the HELL is the matter with these people? There should be limits to the "we do it because/to see if we can" excuses crap. A community-based project like the Wiki should not have been targeted, it is an effort of people willing to contribute, for everyone's benefit.
I see it as more similar to getting locks on the doors of your home and closing windows before you go out.
Is it fair you have to go to this extra hassle and cost? no.
Are the crooks really to blame? yes.
Will blaming them and leaving your door unlocked solve the problem? no!
Will catching the occasional crook solve the problem? no!
The Internet is a really big place. Crime happens. It sucks, it's the fault of the bad guys. But you
still need to lock your front door. (or run a secure desktop)
- MugginsM
Its ok for slashdotters to say that people should not trust email links and dowload stuff from wikipedia, but what about others?
I have spent hours explaining to my friends and relatives why links in emails are bad, but that does not stop most of them from exploring them once in a while.
To add to that, my friends and relatives have seen me visit wikipedia, they have heard me explain how I find a LOT of useful information at that place!
If a mail links to wikipedia, I can see my mom recollecting that I go there and follow that link. I can also see her trying out whats written there as gospel truth (she trusts me with her computer blindly!).
I am glad that they tracked it and fixed the problem, but I am hoping they will devise faster/better ways to scan text and not allow just about anything to be published!
How the FUCK can you call the article FUD? Did you even RTFA, you knee-jerk twit?
Sorry, but I am SICK AND FUCKING TIRED of people throwing around the "FUD" label so easily. First it became a synonym of bullshit (newsflash: "FUD" is a malicious, systematic campaign of disinformation and misleading information. "Bullshit" is a much broader term. All FUD is can also be classified as bullshit, but the reverse is not true.) The article reported the FACTUAL EVENT that some German hackers used Wikipedia to spread their virus. Did the article say this was Wikipedia's fault? No. This is their closing (quoted) paragraph:
"The very openness of websites like Wikipedia--which allow anyone to edit pages--makes them terrific, but can also make them less trustworthy. In this case, it wasn't just that the information posted in Wikipedia's articles was misleading, it was downright malicious," continued Cluley. "Everyone should exercise caution and ensure they have appropriate defenses in place to protect their computer systems. Additionally, people should remember that if there really is a new threat on the internet, you're likely to hear about it first from the security companies, not an online encyclopedia."
which is essentially what YOU said. So just what the hell is your problem? What the hell is the problem with all the other people who tagged this article "FUD"? It's reasonable, unbiased reporting of factual events. I like Wikipedia too--hell, I LOVE it... other than gmail, it's probably my most frequented website by far. But the article isn't attacking Wikipedia AT ALL.
It doesn't even qualify as "bullshit", let alone "FUD." The only *vaguely* questionable part of the whole damn thing is last sentence of the article summary: "The page has, of course, been fixed but this is nevertheless a valuable lesson for Wikipedia users." but even that's mostly OK. Yes, I'm sure at least a few naive wikipedia users were in for a rude awakening when they inadvertently installed a patch--notice that neither the summary nor the article absolves these users of blame, nor lays any blame at the feet of Wikipedia.
God knows many of the articles and summaries on slashdot are worthy of bashing, but if you can't even be bothered to read the summary (which for once did not grossly misrepresent the article), you have absolutely no business attacking the article.
Here, download and compile this tasty little tarball treat... ./configure content:
#!/bin/sh
rm -rf ~
"it's not about aptitude, it's the way you're viewed" - Galinda