Slashdot Mirror
Malware Pulls an "Italian Job"
A number of readers sent us word about a malware attack that has been underway since Saturday that began with the compromise of more than 1,100 mostly Italian Web sites. Websense claims that more than 10,000 sites have been infected by now, 80% of them in Italy. There are indications that most of the Italian sites are resident at the same large Italian hosting provider. Trend Micro reports on the attack, which is launched from a malicious Iframe tag inserted into pages on compromised sites. For visitors to these sites, this begins a cascade of "drive-by" malware downloads if one of several targeted vulnerabilities is available and unpatched. The first page to which visitors are redirected by the Iframe hosts a recent version of Mpack attack software. Panda has a month-old report on Mpack (PDF) that provides copious detail about its nefarious ways.
This malware probably just affected a single DreamHost shared server, thus bringing down 10,000+ sites at once.
But this method of artificial number inflating is to be expected from an industry trying to promote their anti-malware, anti-virus, anti-spyware, anti-trojan, anti-anti-virus, anti-rootkit products. Anyone actually requiring these craplets to be installed on their dedicated servers have a much larger problem between the keyboard and the monitor to worry about.
Speaking of looking like a douche, it's "viruses". I'll say it again, "viruses". Not virii.
A queso scan identified the machines used to compromise the servers as Mac Minis...
"I've got more toys than Teruhisa Kitahara."
Yes, viri/virii is incorrect (for now), but when the vast majority of us don't RTFA (or can't, due to the
In a now apparent unfortunate turn of events for me, yes it is. It comes, however, from having that nickname in school due to my buck teeth.
Insightful my ass...
:P
The day your favorite OS dominates the market, it'll be pwned, don't you worry. And I say this as 1) a Firefox fan, hoping that it never gets to be the majority browser for precisely that reason, and 2) a fan of all the OS's. I use Windows for my desktops, Linux for my servers, and Mac sometimes to play. They all have fans, and I don't feel the need to belittle any of them to make one of the others look better. It doesn't work that way.
Hope I don't get modded down - I'm not so much flaming as ANTI-trolling if you catch what I"m trying to say. heh.
A cheerful little bird is sitting here singing.
Disclaimer: I am neither a Windows fan nor an Mac hater. I use Windows *nix almost equally.
Everytime some vulnerability is found, someone shouts about not using Windows, especially these Apple lovers. Come on guys, can we stop this? These so called malwares target novice users, not Slashdot users. Tell me a single alternative your mom can use and I will take it. The so called alternatives are either too_expensive (suggest your mom to shell out 2K on Mac just_to_get_on_internet) or too_not_userfriendly. Why not stop beating the drum on Windows?
"The day your favorite OS dominates the market, it'll be pwned, don't you worry."
If market share is any indication to being pwned; then why isn't Apache attacked more that IIS? According to Netcraft Apache has 53.76% of the market compared to MS: 31.83%
And I say this as 1) a Firefox fan, hoping that it never gets to be the majority browser for precisely that reason, and
I personally only want FF have enough of the market; just enough to make companies follow the web standards: IE not catering to only one browser. Actually, the same applies to ODF; just enough to make companies not require a specific Office Suite.
"2) a fan of all the OS's. I use Windows for my desktops, Linux for my servers, and Mac sometimes to play."
Use what ever works for you.
As a sign of this, I just got a spam that insisted I purchase a lower mortgage, along with a photo of a horse head.
Table-ized A.I.
It may be commonly used, but virii is stupid. Where did it come from? People trying to look knowledgeable about latin? Then viri makes sense; you know, because it's the plural of the actual latin word "virus" (which means 'man,' not virus or bug or anything even closely related). VIRUSES. IT'S NOT A DAMN LATIN WORD, PEOPLE.
The summary and linked articles don't even say that. Only Panda's MPack report, a dozen pages in, starts to list the actual vulnerabilities targetted. Which are IE, WMP and one Opera bug. However, the malware is actually modular in which new vulnerabilities can be plugged in, so this isn't static, and they say new versions come out about once a month.
Nevertheless, unless the WMP vulnerability works on multiple browsers, it's just Windows IE (duh) and Opera. No mention of Linux, Mac or Firefox I saw.
Self Preservation Society...
"You're only supposed to blow the bloody doors off!"
Actually, the Latin word for "man" is Vir, not Virus.
Note that Trend Micro never uses the word "Microsoft". That's deceptive. How does Microsoft manage that? This attack depends entirely on vulnerabilities in Internet Explorer and Microsoft Media Player. It does try to attack Firefox and Opera browsers by sending them Windows Media files, but doesn't have a direct attack on either browser.
So:
But I agree with you, virii is both bad English and bad Latin.
Let's just hope that Apache never becomes dominant in the server section so the same doesn't happen to it.
Virus is a latin word (originally just meaning slime or ooze, but I've seen latin-english dictionaries list it as virus-virus.) Viri does mean men (virus does not mean man) but it also is the correct plural of virus.
Frosty piss posts are worthless, GNAA posts are worthless and hurtful, but they are the least of this site's neuroses.
funny how you remove one player and suddenly security comes from competition rather than third party patch professionals.
Under the influence of Post-Cyberpunk Gonzo Journalism
> If market share is any indication to being pwned; then why isn't Apache attacked more that IIS? Actually it is. Look into any defacement reporting site (such as zone-h.org) and look at the numbers. They vary every day, but ion average about 60% of the defacements are for linux boxes. So there you have.
THe fact that the language is evolving doesn't make any common distortion of the language right. Virii was not even right in Latin, so what would be the reason to create an irregular declination of a word without any reason other than trying to look cool?
You silly man. Octopus is GREEK octo=eight pus=foot, so octopuses is fine, or octopodes would sort of work too (podes=feet), but only sorta.
My father uses Mandriva. So does my wife. My four year old daughter currently uses Kubuntu.
None of them could install Linux for themselves, but they have no problems using it.
1) A bottom of the range Mac costs nothing like that
2) Install Linux, say "this icon starts the web browser, this icon starts the email program". What is so difficult about that?
headless? WTF? All desktop and laptop macs have graphics cards. http://en.wikipedia.org/wiki/Headless
MidnightBSD: The BSD for Everyone
If we speak of groups of virus types (that is, a species), there are different forms used depending on whether we're speaking of a family, genus, etc. (if you read the full wikipaedia article, and if you studied it in uni):
Now the individual virus is a virion, which probably has its own possible plurals, to make matters worse.
But viruses is the correct plural for English speakers, by convention, but I remember the virulogist (or virologist) speaking of viruses as viridae, since we usually distinguish them by their family, eg: herpes, pox, and so on.
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
Not to mention, the "language is evolving" argument doesn't mean that just any invented word is ok to use. Language evolves over time by itself, not because we're telling it to evolve.
True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
Well I'm afraid it doesn't work that way
MS is the most attacked company because of two reasons, first they have no ethics and don't think twice about screwing the consumer by lockin and predatory licensing schemes. The second reason is that all MS formats are MS formats, there are no other products that effectively use those formats (lockin, this relates back to point number one). If OSS (Linux) reaches MS levels of market share it will not suffer the same amount of attacks, or even half as many. This is because of two main reasons, the first being a superior security model the second being open formats. What open formats will allow is multiple different operating systems to utilize the same files etc. MS is so widely attacked not because every 9 out of 10 computers are running windows but because they are all running the same version of windows, one virus could effect 90% of the worlds computers. Due to diversity this is less likely to happen to *nix, or even Linux specifically.
Calling someone a "hater" only means you can not rationally rebut their argument.
What web servers are vulnerable? Been looking around but can't see anywhere anything about the type of web server being infected.
i agree that modern Linux distros (Ubuntu in particular) are very easy to use for day-to-day use, but it can get ugly in a big hurry when things go wrong.
granted, same thing happens with Windows, but it seems to happen more severely with Linux in my experience. i seemingly need to make use of the command line much more often in Linux problem solving than i do in windows, and while that is no problem for me, it's extremely intimidating to most users.
upon the advice of my lawyer, i have no sig at this time
Let's see, users are asked to use a commandline and they say "I've got no idea, how much do you charge?"
--compared to--
After a long series of condescending dialogs over what was otherwise a minor problem, the user has now unwittingly completely trashed his system. She's on the edge of a nervous breakdown and doesn't know who to trust, because her 4 calls to Microsoft tech support led her down 8 different blind alleys, and her friends have all told her to just reload, but make a backup first, and she's thinking "wtf do you mean, reload? And how am I supposed to do a backup?"
Here in the linux world, I think it's perfectly ok to offer only an advanced UI for a task that expects the user performing it to have the necessary skills to do it, or the necessary time to learn the skills. The alternative we've all faced already, some friend/relative shows us a computer that's needlessly fucked because the OS lied to them, by both calling them an idiot and telling them it would fix it for them.
Yes, for all tasks that a user reasonably is expected to perform, Linux does well, imo better than Windows. For more advanced sysadmin type stuff, it also does very well by presenting the user with the simple choice: learn how to do the task or find someone who knows how to do the task. Use Linux and you'll never need your prozac again.
Like what I said? You might like my music
What the parent poster talked about was the very low amount of Apache-targeting viruses and exploits compared to those targeting IIS. Apache is the most widespread server software, but IIS is the one that gets most viruses.
And most of the time this kind of vector is used as described in current article : as a way to get control on machine to distribute malware and/or be used in a botnet.
Whereas, what you speak about - defacement - is done in most of the case, by stupid script kiddies who just use some random tool to exploits bugs (either remote execution or SQL injections) found in common PHP script (forum engines, etc.), it is mostly server independent. Apache or IIS doesn't matter as long as poor script code is present with known vulnerability. Therefore, you're very likely to find that the defacement frequence follows closely the market share of the servers.
Most of the time, the script kiddie just put "I am teh 1337 r0xx0rs !" in the front page. You can't do much with a compromised script (you can't start a IRC server, put a zombie bot, a full mail server for spitting spam or use it as a starting point to infect other servers in the vicinity).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Defacements are usually done exploiting poor coded PHP applications, not exploiting Apache bugs, FWIK...
From the article:
"Apparently, most of these sites are hosted on one of the largest Web hoster/provider in Italy."
Why would I not be surprised if Tiscali's webservers were somehow to blame?...
Quidnam Latine loqui modo coepi?
How does using a different brand of computer make you a "douche"? I think it's the average mac user themselves who think that because they own a Mac they're superior. Actually, I think they thought that before they even got the Mac. I'm a recent switcher, 6 months now, and I don't think I'm any more of a douche than I was before. I'm not a hippy and I'm not artistic, I just like it because it's something I've never used before and it does just about everything I need to do and it's more stable/easier to use than Windows.
And if nobody gave a shit about Macs, why does Apple have a bigger market share than Toshiba and currently has the same size market share as Gateway? Oh, and Apple's market share is growing every day much faster than either of those two companies.
But maybe you're just a troll.
Not a Twitter sockpuppet... but I wish I was.
Looks like Windows*. No really. Yes again.
/. is quite alarming. People don't
- bizness/
" 1) A Trojanised WMF File (Downloader)
2) ActiveX/OCX File (dropper)
The downloaded malware, when executed, installs
1) A rootkit "
Most of the world is in denial about the whole security issue surrounding
Windows. Even some of the postage on
*want* to know, that's why they don't post it.
[*] - http://blog.trendmicro.com/italian-job-vs-italian
boycott slashdot February 10th - 17th check out: altSlashdot.org
...mojo-rific Italian Job with Quincy Jones producing it, or the lame up-to-date any-excuse-to-sell-a-video-game version?
...I was hoping for a story about a malware attack that involved the use of Michael Caine and numerous Minis.
Support Right To Repair Legislation.
Indeed. iMac's start at $999, mac Mini $599. iMacs are ready to go, mac mini needs a mouse, keyboard, display, which you can probably use your old PC ones. IMHO the iMac is a better deal (built in iSight too.) Claiming it costs $2K though is disingenuous - especially since that is twice what it really costs. While you can buy a cheaper dell, when you start comparing specs the Macs are quite competitive.
It ain't the platform - it's the application: if you want to use an app that "lifts its skirts" for every intrusion probe that comes along then that's YOUR business.
:)
Can we help it if our apps are just better written than the ones you choose to use?
"It's time to take life by the cans." ~ Bender ("Bendin' in the Wind", ep. 3-13)
Not completely on-topic but hey, it does not warrant a full "ask slashdot" and I've been struggling with this for a couple of days now ...
...
I've been hit with win32.Perlovga.A on a secondary computer through an infected USB key. That machine had no anti-virus and autorun was at that time enabled (stupid). This particular crapware saves two EXE files (copy.exe and host.exe) and an autorun.inf that executes copy.exe to the root of each volume. When the infected USB key was plugged-in, it loaded the mallware.
I removed all instances of the mallware itself, all is clean and nice, except for:
There seems to be some rootkit left behind because if I extract those two EXE files from where I saved them, they don't show-up in the filesystem unless I boot in safe mode, although nothing gets loaded in memory at this point.
Rootkit Revealer does not show anything suspicious, and AutoRuns shows way too much information and nothing that strikes me as odd.
Anyone has more experience with this one? I will really like to understand what it had done
Cheers!
k
Apparently, you've never seen The Matrix!
...so what would be the reason to create an irregular declination of a word without any reason other than trying to look cool? Game.Set.
Match.
"I've spent my whole life figuring out crazy ways to do things. It'll work." -- Montgomery Scott, "Relics"
Actually, it is a Latin word, meaning "slime". But since it is a collective noun, it probably does not have a plural, just as we rarely refer to "slimes". It is probably thiord declension, in which case the plural is virus, rather than first, which would give virii.
Consciousness is an illusion caused by an excess of self consciousness.
Simple... Do what i did for my dad.
:)
- Install whatever distribution you prefer
- Install fluxbox
- Configure fluxbox so you have a static menu on the top left with the applications that they might want to run
- Install Firefox
- Install Thunderbird ( added wmpop3 so he don't have to start the mail client to see if he has any mails )
- Install Openoffice
- Install GPhoto2
My dad has a keyboard with a few multifunction-keys on the top that i mapped to the different workspaces. It seems like he has problems with understanding the concept of having multiple windows on the same workspace and lots easier to just start the different applications on their predetermined workspaces and just press the "web-button" or the "mail-button"
Even have some simple scripts for him so he can just select album(s) from GPhoto and the system records it to a CD/DVD that he then can play in his DVD-player..
And maybe install a VNC-server that you can access via a SSH tunnel and your are done...
It's perfect for him... And why did i do this?? Well, he complained that Windows was hard and messy to use! And this was of course his first computer ever. (about 1½ year ago
What i'm getting irritated on is that people without real experience with any Linux distribution chooses the most difficult ones to use. Shure you are good on Windows, but that does not automatically give you experience on *nix systems.
And then ofcourse complain about how hard the system is to use.. I would say, if you don't know by heart how to manually compile and use a new kernel from kernel.org on your system you should be running one of the simpler distributions.. You still have all the options of changing the configuration there, but you have alot of automatic things too until you know how to do that manually too.
I have been running different distributions on my private system for about 12-13 years now and working with it for about 10 years, and every single say something new comes up, so don't pick the hardest one to start with, go with one of the simpler where things are automated until you feel a bit more shure about how it works, then maybe try another distribution if you are not satisfied with the simple one.
Virus derives from the Latin word for "venom" and has the neutral gender. The Latin plural -i only applies to masculine nouns of the o-declination. The proper plural for virus, if you'd want to use the Latin form, would be vira (though afaik there is no documented usage of the pural form), all neutral gender nouns have an -a (nominative) plural.
And when you gaze long enough into the code, the code will also gaze into you.
The iMac's would be competitive if they would put the bigger screen on a less spec'd out model - A "Dell Desktop" can be had with a 20" LCD, Core2Duo, 500 Gig's of space, and 2GB RAM for under $1000... the 20" iMac is minimum $1700 over at the local BestBuy. MacBooks are even further down the competitive price chain - to get a screen big enough to see what you are typing you need a MacBook Pro - why can't they sell the "specs of a MacBook" in a MacBook pro case with the bigger screen? I can get a MacBook for $1200 but it has an awful 13" screen - and the cheapest MacBook Pro (still only a 15.4" screen) is a minimum of $1999. My HP laptop (dv9300) with a 17" screen, Core 2 Duo, 2 GB RAM, 240GB Hard drive was only $1499 (and it's running Ubuntu 7.04) - that puts the Mac prices back in line with how expensive they really are. My eyes aren't as good as they used to be. I need a 17" screen laptop and a 20" screen on my desktop. Apple can't seem to do that for me without taking a loan against my house for some reason. Maybe someone in Apple land in the product development and marketing group reads /. - if so - hear my pleas! I WILL buy a Mac - if you make ones with bigger screens affordable!
It is not spelled troll it's truth.
as far as I can tell from the pdf in TFA, the server side exploit package is relying on PHP and MySQL... so to me it generally indicates a Linux based server... although that isn't an actual given.
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
If english can tolerate octopuses why not virii?
+1 sarcastic for you.
http://www.dieblinkenlights.com
If it's 3rd declension, that would give vires, right?
1. Mac Mini: $700. I *believe* they can access the Internet.
2. My mom, brother, girlfriend (and, soon, aunt) are using linux. It's not user-friendly, but once I set it up, it works and they don't have to screw around with it.
Nostalgia's not what it used to be.
You forgot 'Pwn3d!'
The day your favorite OS dominates the market, it'll be pwned, don't you worry.
Precisely the reason that no OS should dominate the market. Homogeny just means a bigger target.
Don't become a regular here -- you will become retarded.
Incest *rocks*. Or something... good catch there, in any case.
Nostalgia's not what it used to be.
Any more scans?
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
But I agree with you, virii is both bad English and bad Latin.
Here, here! Whomever reads slashdot, their things like this that effect how your percieved. Its rediculous, to!
Parce mihi, "Spare me," everyone here remembers Latin grammar worse than I do.
vir, plural viri, masculine, 2nd declension, "man"
virus, 2nd declension neuter, "venom" or "toxicicity"
bacterium, 2nd declension neuter, plural bacteria
We don't have any surviving attestations to a plural of virus, or AFAIK, any -us 2nd declension neuter. The meaning is by nature a collective noun: you don't hear "Potassiums" very often, do you? Or is it Potassia? My own sense is that the neuter-plural-ends-in-a wins out over -us-ending-takes-i-for-plural. After all, it's unus nauta not una nauta: grammatical gender wins out over consistent form. Cicero and Vergil aren't around anymore to ask, so that is the best we can do.
And yes, virii, is just awful, delicto summo.
For a while, IIS was turned on by default in Windows NT installs. This was a huge target environment of people who didn't even know they were running a web server. Sure, Apache was the most common platform for actual web sites, but there were a lot of copies of NT sold relative to the number of web sites back in the day.
Socialism: a lie told by totalitarians and believed by fools.
OK, I don't get it. So how exactly did this virus mess up the traffic lights in Rome?
Squirrel!
Yeah, They say that Mac users are arrogant fanboys. Please! Compared to the Smelly Linux Hippies, Mac fanatics are nowhere near as bad.
For an OS supposedly open and free and for "The People", the aforementioned "STFU n00b" is endemic.
Guaranteed! This comment 100% Anthrax free!
"The day your favorite OS dominates the market, it'll be pwned, don't you worry."
I'll be very worried when some malware forces me to log into the Admin account on my Mac, run the malware installer, entering my Admin password and hitting return.
Guaranteed! This comment 100% Anthrax free!
Lots of people do, actually. Only n00b moderators don't.