Downadup Worm — When Will the Next Shoe Drop?

← Back to Stories (view on slashdot.org)

Downadup Worm — When Will the Next Shoe Drop?

Posted by timothy on Saturday January 24, 2009 @10:56AM from the it-looks-like-you're-using-windows dept.

alphadogg writes "The Downadup worm — also called Conflicker — has now infected an estimated 10 million PCs worldwide, and security experts say they expect to see a dangerous second-stage payload dropped soon. 'It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs,' says Don Jackson, director of threat intelligence in the counter threat unit at SecureWorks. The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes."

295 comments

what will it download? by Anonymous Coward · 2009-01-24 10:57 · Score: 5, Funny

the worm is capable of downloading second-stage code for darker purposes."
So it might download vista?
1. Re:what will it download? by drpt · 2009-01-24 11:50 · Score: 1
  
  I think so but they will rename it to "cornhole"
  
  --
  Proudly Butchering code for 20 years
2. Re:what will it download? by hobbit · 2009-01-24 13:05 · Score: 5, Insightful
  
  while Downadup today is not malicious in the sense of destroying files
  How quaint! The idea that someone might infect millions of PCs just to delete people's files is so 20th century.
  
  --
  "Wise men talk because they have something to say; fools, because they have to say something" - Plato
3. Re:what will it download? by Darkness404 · 2009-01-24 13:56 · Score: 1
  
  Well, deleting files doesn't really do anything. Sure, if someone was going to write a quick script to make someone mad I'd make it delete a few files. If I was going to create a worm that is advanced (such as the storm worm) I'm going at least make a buck or two on it.
  
  --
  Taxation is legalized theft, no more, no less.
4. Re:what will it download? by Anonymous Coward · 2009-01-24 14:13 · Score: 5, Interesting
  
  One of the big areas hit by downadup is in the corporate world where PCs are "managed". A lot of those have not been patched and are infected already or probably will be soon. Once it gets a foothold behind a firewall, it uses multiple other strategies to spread - weak passwords, etc.
  
  In a lot of business environments, deleting files could be crippling because those often times have people who don't back up their files, there isn't really a company policy, etc. It's bad enough when somebody loses a hard drive. Try having everyone "lose their hard drive".
  
  Another issue is this is the first time I have seen the infection attributed to a Russian-area site. Everywhere else it has been attributed to some one or some group in China.
  
  Regardless, one of the uses of a botnet is for cyber warfare. In this case the cat is out of the bag and people are watching it closely to see what it is going to do. But if the people who built this are sophisticated enough, or maybe this one spreads laterally and more stealthily than people have yet noticed, it could have a real purpose much more sinister than just deleting files or snagging myspace passwords. Downadup could also just be a decoy.
  
  It's been said that the first clues that war is coming will be people's computers not working properly as infrastructure and services are knocked out. Anyone starting a war will want a crushing first blow and taking out files, doing DDoS, etc, would be typical.
  
  Not trying to scaremonger but obviously this thing is illicit and almost guaranteed malicious. It would be naive to disregard a government's hand in it.
5. Re:what will it download? by hairyfeet · 2009-01-24 14:40 · Score: 1
  
  Oh please. Hackers are evil but even they aren't THAT cruel!
  Seriously though, this thing is attacking a hole patched in October. Why in the hell is so damned many PC users not bothering to patch their stupid machines? Have they not heard of Autopatcher? I mean how much more simple do they want? Autopatcher will let you get all the updates to everything 32bit from 2K-Vista, along with all the office patches, DirectX and Dotnet, all the tweaks and addons like flash and Java, and then you burn it to a nice DVD and you can patch every machine in your house. I think this is just further proof that some people will NEVER patch and all we can do is ask the ISPs to toss them when they start spewing crap all over the net.
  Because if they haven't bothered to apply October patches by now then they deserve what they get. Sorry, but 3 months is MORE than enough time to do backups and testing.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
6. Re:what will it download? by Zadaz · 2009-01-24 16:12 · Score: 4, Insightful
  
  Well of course deleting files could be crippling. Which is exactly why it would be a stupid thing for a hull breach app to do.
  A modern virus/trojan/worm/etc doesn't want to be noticed. It wants to be an available node to be sold to the highest bidder. Just like a biological virus it can't spread if it kills or incapacitates its host.
  Deleting files was something a virus did back in the 80's because hackers didn't have much imagination. That's not to say a terrorist organization couldn't buy the next payload and send out a "secure reformat on boot" app, but it would be a massive waste of a resource (a massive botnet is incredibly powerful/valuable tool not to be thrown away) and a foolishly indiscriminate target, even for terrorists. In any case they'd have to outbid the ordinary criminals who want it to spam, hijack, DoS, keylog, skim and blackmail.
  
  ...[This] is the first time I have seen the infection attributed to a Russian-area site.
  You really don't get out much, do you.
7. Re:what will it download? by janrinok · 2009-01-24 19:45 · Score: 0, Redundant
  
  Another issue is this is the first time I have seen the infection attributed to a Russian-area site.
  I realise that the article is referring to Ukraine, but your phrase 'Russia-area' covers 11 time zones and either 12 or 14 countries which directly border upon Russia, depending on whether you include the enclave of Kaliningrad: Norway, Finland, Estonia, Latvia, Lithuania, Poland, Belarus, Ukraine, Georgia, Azerbaijan, Kazakhstan, Mongolia, China and North Korea. That is a considerable chunk of the world, the majority of its population, and totally irrelevant to the subject. After all, your sweeping generalisation of Russia-area includes China which is where you have also heard the virus originated.
  Why didn't you just say 'Ukraine'?
  
  Anyone starting a war will want a crushing first blow and taking out files, doing DDoS, etc, would be typical.
  You do realise that Ukraine is no longer aligned with Russia? Are you honestly suggesting that the Ukraine is about to attack someone?
  
  --
  Have a look at soylentnews.org for a different view
8. Re:what will it download? by EastCoastSurfer · 2009-01-25 04:20 · Score: 1
  
  Why in the hell is so damned many PC users not bothering to patch their stupid machines?
  For the home user you're correct. In the corporate world it's not that simple. If you're managing say 20k machines with a mix of XP Pro -> Vista workstations and win2k->2003 server, then you have a mix of mission critical applications (some custom, some off the shelf), and add in that new security patches are being released all the time it's not that simple to stay up to date. You're bound to have some lag between a hole getting patched and it getting rolled out to every machine you have on your network.
  I do agree that corporate networks should have policies in place to do emergency patch rollouts when a threat like this exposes itself.
9. Re:what will it download? by stim · 2009-01-25 07:51 · Score: 1
  
  Not to mention testing the patches, and making sure they don't break your mission critical apps. Telling the bossman/customer "Its Microsoft's fault!" when something goes wrong isn't really acceptable.
  
  --
  Browse at -1 to keep an eye out for abuses.
10. Re:what will it download? by Anonymous Coward · 2009-01-25 08:30 · Score: 0
  
  I think this is just further proof that some people will NEVER patch and all we can do is...
  Write software that doesn't need to be patched?
11. Re:what will it download? by Anonymous Coward · 2009-02-03 16:45 · Score: 0
  
  LOL, too funny!
And now we rediscover by causality · 2009-01-24 10:58 · Score: 5, Funny

And now we rediscover why monocultures don't work (and are generally not found) in nature.

--
It is a miracle that curiosity survives formal education. - Einstein
1. Re:And now we rediscover by Dzimas · 2009-01-24 11:31 · Score: 4, Funny
  
  Hmm. Are you alluding to the dominance of computers or humans?
2. Re:And now we rediscover by dov_0 · 2009-01-24 12:05 · Score: 2, Informative
  
  Very good point. The variety in different distros and user chosen software would give Linux a great advantage over Windows securitywise.
  
  --
  sudo mount --milk --sugar /cup/tea /mouth /etc/init.d/relax start
3. Re:And now we rediscover by Godji · 2009-01-24 12:12 · Score: 1
  
  And that's funny why? Mod informative.
4. Re:And now we rediscover by timmarhy · 2009-01-24 12:26 · Score: 1, Insightful
  
  yeah right because computers happen in nature. we did have a diversity of computers in the wild, they happily swung from the trees and shat in the woods, but then the windows computer was introduced and ate all their food and raped their babies.
  or maybe not everything has an analogy based on nature, since it's 100% artifical to begin with, and fills an artifical reqirement (like all computers being compatible dictates a monoculture...)
  
  --
  If you mod me down, I will become more powerful than you can imagine....
5. Re:And now we rediscover by Anonymous Coward · 2009-01-24 12:36 · Score: 2, Funny
  
  HMPFH.
  *YOUR* PC might have shat in the woods, but my Mac was potty trained from day one.
6. Re:And now we rediscover by philspear · 2009-01-24 13:02 · Score: 2, Insightful
  
  I at least find it funny that IT joins many other fields in realizing nature faced a similar problem and solved it billions of years ago.
7. Re:And now we rediscover by The+Master+Control+P · 2009-01-24 13:29 · Score: 1, Insightful
  
  Compatible emphatically does NOT imply monoculture.
  
  That is the whole point of open standards.
8. Re:And now we rediscover by Anonymous Coward · 2009-01-24 13:32 · Score: 3, Funny
  
  Your mac, like all other macs, will die of extinction because of its stubborn refusal to eat meat and mate with the opposite sex. And if that ain't enough, when Mama Jobs dies, all Macs will also die.
9. Re:And now we rediscover by timmarhy · 2009-01-24 14:35 · Score: 1
  
  nice point you raise there. unfortunately a monoculture is the most efficent way to deliever compatiblity. it's also the only approch that makes sense from a managability perspective. so while it would be nice to be able to run any OS and communicate with alien technology like geoff goldblum in "independance day", it's unlikely.
  
  --
  If you mod me down, I will become more powerful than you can imagine....
10. Re:And now we rediscover by evan_arrrr! · 2009-01-24 14:59 · Score: 1
  
  Haha, you called his Mac a gay vegetarian.
11. Re:And now we rediscover by jopsen · 2009-01-24 22:25 · Score: 1
  
  Humans aren't all clones of the same guy, are we??? :)
  PCs running windows are all clones of same install disk!
12. Re:And now we rediscover by Erikderzweite · 2009-01-25 01:38 · Score: 1
  
  It is not efficient, it might be faster but it is much more prone to abuse. Just look at IE6 vs. standards. Microsoft sure as hell wants you to believe that a monoculture is the only way to establish interoperability, but open standards are more effective in this case. Just look at the things that prevent flawless interoperability between different OS's -- you'll find out that most of them are closed-technology related.
13. Re:And now we rediscover by Anonymous Coward · 2009-01-25 01:57 · Score: 0
  
  Humans aren't all clones of the same guy, are we???
  Not clones, but we all share the genes of one single man in Africa, the so-labelled Scientific Adam.
14. Re:And now we rediscover by causality · 2009-01-25 04:08 · Score: 1
  
  yeah right because computers happen in nature. we did have a diversity of computers in the wild, they happily swung from the trees and shat in the woods, but then the windows computer was introduced and ate all their food and raped their babies.
  or maybe not everything has an analogy based on nature, since it's 100% artifical to begin with, and fills an artifical reqirement (like all computers being compatible dictates a monoculture...)
  The concept is really simple. You have hundreds of millions of PCs which all have a common vulnerability. This need not be the case; that is only one way out of many possible ways. It is only the case so that one entity (known as Microsoft) can benefit. There is no other reason for it. There is nothing unique about the Downadup worm. This sort of "write once, damage nearly everywhere" exploit has happened before and will continue to happen again until we realize there is a better way. Once that realization is made, you'd be surprised at how easily things can change.
  
  You either grasp the basic concept and realize it to be a universal one with a sound basis ... or you respond with the above. It's alright. There is no constructive criticism, however well-founded or rooted in logic, that can be levied against Windows without some apologist coming out of the woodwork to "combat" it in a way that makes no sense as you have just done. When you get tired of seeing Windows with this semi-religious viewpoint, you'll feel better, for it's something of a psychic burden to come up with your conclusion before you examine your premises.
  
  The only real argument you could make here is "this monoculture is justified because it provides a common platform for development". Even that won't work because Microsoft has gone to great lengths to introduce subtle (and occasionally not-so-subtle) incompatibilities between implementations found on Windows and published standards. If not for that, the status of Windows as a development platform would be irrelevant or nearly irrelevant. Microsoft knows this which is why they aren't so fond of standards (ok, except for the ones they pay for). Even we who don't run Windows have to guard against secondary effects (bandwidth-wasting attacks from infected Windows hosts, etc) from those who do. No, the reality is that all of us are having a diminished experience for the sole purpose of enriching one company. This is just plain wrong, which is why people have to miss easy analogies and otherwise perform feats of mental acrobatics in order to avoid saying so. You're welcome.
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
15. Re:And now we rediscover by wvmarle · 2009-01-25 05:50 · Score: 1
  
  Computers automatically cause monocultures. Even if there would be like 50 equally prevalent operating systems that are totally different, this would mean there would be 50 monocultures of each about 20 million computers, assuming about 1 billion computers in this world.
  If we would have like 40 different Linux distributions included, all of them based on the same sets of source code, each vulnerability would be present in easily 10% of those distributions. Then we would have monocultures of 80 million computers already: 80 million potential targets.
  With all these computers linked to each other ovre the Internet, they can all reach one another.
  It just means a worm has to look a little longer to find infectable hosts, but that doesn't really matter as it is all automatic anyway.
  It may make it a bit harder to infect, but it is no holy grail. Computers are copied identically, not like e.g. humans who are all slightly different from each other.
16. Re:And now we rediscover by stim · 2009-01-25 07:54 · Score: 1
  
  Except that 99% of the different distributions are just rebranding of the same programs. And all of them run the (mostly) same kernel. In a pure linux world, the same problems would exist.
  
  --
  Browse at -1 to keep an eye out for abuses.
17. Re:And now we rediscover by stim · 2009-01-25 07:56 · Score: 1
  
  wrong.
  
  --
  Browse at -1 to keep an eye out for abuses.
18. Re:And now we rediscover by Anonymous Coward · 2009-01-25 08:20 · Score: 0
  
  Hardly, you might be able to link the genes back to a single man. But they have deviated and mutated, and so we don't all have they same genes. If we did everyone would look the same.
Spyware, Adware, Antivirus, Don't use IE, Use a by rolfwind · 2009-01-24 10:58 · Score: -1, Troll

Router, don't let the computer go on the internet naked.
When will Windows be ready for the desktop? Srsly.
1. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by samriel · 2009-01-24 11:09 · Score: -1, Troll
  
  So, in other words, always wear a condom, and for christ's sake, DON'T go looking for hookers in Taiwan?
2. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Anonymous Coward · 2009-01-24 11:10 · Score: 0
  
  Windows has been ready for the desktop for years now.
  When will it be ready to connect to the internet is another issue entirely, and I wouldn't recommend anyone waiting to see the day - they'll see their retirement checks long before it happens.
3. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Computershack · 2009-01-24 11:10 · Score: 3, Informative
  
  When will Windows be ready for the desktop? Srsly.
  Microsoft patched this and issued the fix through Windows Update a month before the worm was even in existence. It's only stupid fucks who don't update their OS that've got infected.
  
  --
  I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
4. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Anonymous Coward · 2009-01-24 11:17 · Score: 0
  
  See, this is why Micro$oft is correct with DRM and giving users less control. If M$ controlled every aspect of the computer - what programs you can install/run, what websites you visit this worm would not infect a single computer because a patch was available.
5. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Anonymous Coward · 2009-01-24 11:22 · Score: 0
  
  In Taiwan, hooker finds you!
6. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by nurb432 · 2009-01-24 11:24 · Score: 1
  
  And dont use email, or browse or or or..
  Only way to be 100% safe is to not be online at all.
  
  --
  ---- Booth was a patriot ----
7. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by JohnBailey · 2009-01-24 12:17 · Score: 1
  
  Microsoft patched this and issued the fix through Windows Update a month before the worm was even in existence. It's only stupid fucks who don't update their OS that've got infected.
  Ahh.. that's all right then.. So you are saying more than the thirty percent mentioned will be getting it..
  
  --
  It is difficult to get a man to understand something when his job depends on not understanding it.
8. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Kent+Recal · 2009-01-24 12:22 · Score: 0
  
  Interestingly you can already be 99,9999% safe simply by using a Mac or Linux.
  Neither e-mail nor browsing applications are broken per se - it's that one operating system.
9. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by TW+Atwater · 2009-01-24 12:26 · Score: -1, Troll
  
  It's only stupid fucks who use Windows that've got infected.
  There, fixed that for you.
  
  --
  More than 60,000 Windows programs won't run on Linux.
10. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Kneo24 · 2009-01-24 12:44 · Score: 2, Insightful
  
  Interestingly, security through obscurity is not real security.
11. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Kent+Recal · 2009-01-24 13:04 · Score: -1, Troll
  
  Before trying to sound smart in public you should maybe look up your catch phrase...
12. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Kneo24 · 2009-01-24 13:16 · Score: -1, Redundant
  
  The terminology I used here works. You feel that OSX and Linux are secure. I pointed out that the reason they appear to be that way is because they're obscure, "fringe", not a lot of users.
  If you were a virus writer, would you spend your time writing viruses for OS's that doesn't have the overwhelming majority of the market share in this scenario? No, you wouldn't. You'd have far less of a chance infecting as many people as you could in comparison to the larger other OS install base.
13. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Kneo24 · 2009-01-24 13:18 · Score: 0
  
  And after reading your link (I didn't bother to click because you were wrong regardless), it even validates my point further down the page. Good job showing everyone you fail at reading.
14. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by WhatAmIDoingHere · 2009-01-24 13:35 · Score: 0
  
  Well, considering that OS X and Linux are on something like 15% of all computers and the users don't use any anti-virus because they don't "need" it...
  
  --
  Not a Twitter sockpuppet... but I wish I was.
15. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Kneo24 · 2009-01-24 13:42 · Score: 2, Insightful
  
  That's 15% between the two (I'm sure Apple probably has the larger slice of that 15%), and they still don't make up the overwhelming majority. Call me when either one hits a market share of 30%. Those operating systems have holes too. Just because the majority of the people in the virus scene ignore them doesn't mean they aren't there.
16. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Anonymous Coward · 2009-01-24 14:40 · Score: -1, Troll
  
  Seeing this stupid comment going from 5 Insightful to 0 Troll has been amusing.
  Fuck off, you Linux/Mac troll! Try a real OS and not your play ones that don't actually run anything.
17. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Kent+Recal · 2009-01-24 15:23 · Score: 2
  
  And how does that relate to the point I made?
  By using OSX or linux you get both, the benefit of a system that was designed with security in mind and the benefit of a system that isn't targeted much by worm writers.
18. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Hooya · 2009-01-24 15:47 · Score: 1
  
  Well then, I think I'll stick to my "fringe" OS. Thank you very much.
19. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by timmarhy · 2009-01-24 16:40 · Score: 1
  
  no, it only works on 30% of machines.
  
  --
  If you mod me down, I will become more powerful than you can imagine....
20. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by symbolset · 2009-01-24 18:18 · Score: 2, Insightful
  
  Yeah, but good practices like having "no open ports" and "don't execute files in every damned media you mount" are good security practices. Practices that Windows fails at. Still.
  
  --
  Help stamp out iliturcy.
21. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Kneo24 · 2009-01-24 20:53 · Score: 1
  
  Isn't targeted much by worm writers yet. That's the key difference. Once market share grows, people will start poking holes in it. Sure, they probably are more secure than Windows in a lot of ways, but that doesn't mean someone couldn't find exploits if they really wanted to.
22. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Anonymous Coward · 2009-01-25 00:47 · Score: 0
  
  Maybe the major linux distros don't have open ports by default but some, like ubuntu, sure mount external mass storage devices with a+x flags by default.
23. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Erikderzweite · 2009-01-25 01:42 · Score: 1
  
  Malware for OSX is being written already (remember infected pirated iWork on torrents?). But full-scale infections like that of Downadup are yet to be seen.
24. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Kent+Recal · 2009-01-25 07:30 · Score: 1
  
  The key difference is that the Unices have had a security model from day 1 while windows started as a single-user system.
  Linux alone (not counting other Unices) is approaching 20% market-share in the server market which is potentially more attractive to malware writers because the hosts are usually better connected and better equipped. The reason we rarely see botnets span significantly into the server-area is not that the bad guys wouldn't be trying (look at your server-logs sometime) or because the average server-admin was better qualified (look at the millions of broken default installs from various hosting providers). The reason is that it's, on average, a much harder target.
  Unix systems have proper firewalling, capability constraints, process accounting etc. built in. They're more transparent and easier to harden - which is exactly what would happen if we'd start to see more widespread attacks.
  The mechanics of software security are not exactly rocket science when layered bottom up. Windows is troubled because they basically sprinkled one thin layer of "security powder" on the outside of an otherwise wide open core. Consequently your "personal firewall" is implemented as an afterthought and can be trivially bypassed from an unprivileged account. Such tricks are a bit harder to pull off on OSX or linux.
Obligatory by retech · 2009-01-24 10:59 · Score: 0, Offtopic

I, for one, would like to welcome our new Ukrainian Worm Overlords.
its not hard by madcat2c · 2009-01-24 11:03 · Score: 5, Informative

Use a hardware router, use a real anti-virus program that actually publishes updates everyday (Nod32 for me), and use a browser where you can kill anything that tries to auto install itself (firefox, chrome, etc).

And don't forward or respond to chain emails!
1. Re:its not hard by quickOnTheUptake · 2009-01-24 11:19 · Score: 1
  
  and don't use admin, 1234, or microsoft, as your password
  
  --
  Mod points: Guaranteed to remove your sense of humor.
  Side effects may include gullibility and temporary retardation
2. Re:its not hard by PrescriptionWarning · 2009-01-24 11:20 · Score: 1
  
  There are worms out there that actually disable your anti-virus updates from actually occurring while telling you that they have updated.
3. Re:its not hard by Joce640k · 2009-01-24 11:35 · Score: 1
  
  ...except that this spreads via USB sticks and blocks antivirus updates.
  A minor nitpick, I know...
  
  --
  No sig today...
4. Re:its not hard by Anonymous Coward · 2009-01-24 12:00 · Score: -1, Flamebait
  
  Or use a Mac and forget your laundry list of protection aids.
5. Re:its not hard by Anonymous Coward · 2009-01-24 12:02 · Score: 1, Interesting
  
  Gotta say, it's pretty clever of the worm writer to rediscover the sneakernet as a malware infection vector. Though I'm curious as to why it just blocks anti-virus sites and not Window updates? That'd make it almost impervious to fix by network.
6. Re:its not hard by Godji · 2009-01-24 12:14 · Score: 1
  
  I'm wondering about the method if infecting a USB stick. Is it filesystem-secific? How does it work?
7. Re:its not hard by phulegart · 2009-01-24 13:08 · Score: 1
  
  Yes there are. And there are simple steps to being able to clear those worms/spyware/malware when you are infected with them. However, those simple steps either require running scans and updates regularly, or paying for software that will do it automatically (although spybot does have a scheduler feature).
  The issue right now, is that there is not one cleaning tool that gets them all. That's where it starts to get complicated. A large portion of the worst stuff can be cleared easily and painlessly with Malwarebytes and a recent ComboFix. But then it's a matter of getting THAT knowledge into the mainstream. And these tools will fall by the wayside as different kinds of infections become more prevalent, and other cleaning tool developers stay on top of what is current. So education is the key I guess... as it is with most things.
  Linux users should not be feeling smug. They should appreciate Microsoft more than they do. If Linux had a more dominant position in the market, Linux users would be cleaning spyware/malware from their machines too. But most linux users are too smart to realize or admit that.
  
  --
  "I love deadlines. I love the whooshing sound they make as they fly by." -D. Adams
8. Re:its not hard by ancientt · 2009-01-24 13:29 · Score: 1
  
  It isn't exactly filesystem specific, though it does depend on being a filesystem that Windows will recognize. It infects USB by putting an autorun.inf on the device to install itself. The nasty bit is that, to the average user, it looks like the executable is just the windows dialog to open the device as a folder. f-secure.com has a nice writeup on it.
  
  --
  B) Eliminate all the stupid users. This is frowned upon by society.
9. Re:its not hard by Anonymous Coward · 2009-01-24 14:06 · Score: 0
  
  It uses autorun. You know, that thing everyone underestimated until now.
10. Re:its not hard by Anonymous Coward · 2009-01-24 14:17 · Score: 1, Informative
  
  I'm wondering about the method if infecting a USB stick. Is it filesystem-secific? How does it work?
  If I'm not mistaken, Downadup uses the windows autoplay feature (which spawns a box that asks you what to do when a new device is attached). This doesn't actually run the code. What does happen, however, is that it uses a folder icon (and a misleading summary) for an executable on the drive. Thus, clicking "View contents in Explorer" (or somesuch) actually launches a process which is the worm. It probably also opens the browse files window as a side-effect so that the user doesn't catch on immediately.
11. Re:its not hard by Anonymous Coward · 2009-01-24 14:24 · Score: 1, Interesting
  
  I believe it also blocks Windows Updates.
12. Re:its not hard by Anonymous Coward · 2009-01-24 16:17 · Score: 0
  
  I use GDI-64, myself. There's no way I'd use an anti-virus program that supports the Brotherhood of Nod, especially given the way they treat their AIs.
13. Re:its not hard by PrescriptionWarning · 2009-01-24 16:58 · Score: 0, Troll
  
  Correct me if I'm wrong, but the biggest reason most malware exists is because the default user in Windows is an Administrator level user, whereas in Linux you usually have to run as sudo or as root to do the real damage. Of course its highly likely most people would put in their root password if asked because common tasks like updating and changing system settings also requires the password. Well you probably can't win either way, but the harder it is for the malware to automatically install itself the better.
14. Re:its not hard by mgblst · 2009-01-24 17:03 · Score: 0, Troll
  
  Or, even easier, don't use Windows.
15. Re:its not hard by rugger · 2009-01-24 17:45 · Score: 1
  
  There is nothing stopping a linux virus/malware program running as the user.
  Most of the things you want a botnet for DON'T require root access on the infected machines
  Not to mention that many privilige escallation bugs get found on linux, any unpatched bug could let a malware program elevate its own permission to root and install systemwide.
16. Re:its not hard by SL+Baur · 2009-01-24 19:50 · Score: 1
  
  They should appreciate Microsoft more than they do. If Linux had a more dominant position in the market, Linux users would be cleaning spyware/malware from their machines too. But most linux users are too smart to realize or admit that.
  That's an extraordinarily ignorant comment. The kind of stuff that spreads viruses and worms was discredited in the Unix world over two decades ago. Do not execute foreign code coming from a wire. It was Microsoft who ignored history and best practice and "innovated" it. The idiots at Netscape share secondary blame in innovating the idiotic Javascript.
17. Re:its not hard by Anonymous Coward · 2009-01-24 22:27 · Score: 0
  
  Having daily anti-virus updates may make you feel good, but the updates probably contain only viruses from 2 weeks ago.
  Since Nod32 is well known, the virus probably has disabled or removed Nod32 from your computer by now, and you are now looking at the virus. The virus may even download the real updates. The harddisk use during the "scanning" is probably the virus digging through your email and doc files, in search of bank info.
  I suggest you start the system form a trusted operating system, like a Linux live cd-rom (check the signature of the iso image), mount the harddisk as read-only and then scan the harddisk.
18. Re:its not hard by Gandalf_Greyhame · 2009-01-25 02:23 · Score: 1
  
  hey! how did you know my password?
  crap - now I have to go change it...
  
  --
  I am not stubborn. I am right!
19. Re:its not hard by Anonymous Coward · 2009-01-26 03:36 · Score: 0
  
  Why the hell would I need to run anti-virus daily, unless I was SOME KIND OF FREAKING RETARD WHO RISKS INFECTING MY COMPUTER EVERY DAY? Jesus fucking Christ. I don't run AV, I never have, for 20+ years, guess how many viruses I've had?
  0
  People. Just don't be fucking idiotic online, and you won't get a virus.
  Corollary: If you have or have ever had a virus on your PC, it's your fault, because you did something retarded.
When you see divert fractions of pennies into a ba by Joe+The+Dragon · 2009-01-24 11:03 · Score: 1

When you see it divert fractions of pennies into a bank account they control.
You'll All Thank Me by hksdot · 2009-01-24 11:03 · Score: 5, Funny

You'll all thank me when I deploy the second stage to install and run SETI@home and discover alien intelligence.
-Virus Author
1. Re:You'll All Thank Me by Anonymous Coward · 2009-01-24 11:11 · Score: 1, Funny
  
  deploy the second stage to install and run SETI@home and discover alien intelligence
  ... that then comes and kills us all before we advance enough to be a threat to them. Yea, thanks a lot buddy. How about FOLDING@home instead?
2. Re:You'll All Thank Me by philspear · 2009-01-24 13:09 · Score: 4, Funny
  
  that then comes and kills us all before we advance enough to be a threat to them.
  Right before that would happen, he'll deploy "stage three" by handing the aliens a USB drive...
3. Re:You'll All Thank Me by will_die · 2009-01-25 00:08 · Score: 2, Funny
  
  Won't work.
  Everyone knows aliens us Apple based operating systems and Downadup is a windows based program.
4. Re:You'll All Thank Me by HTH+NE1 · 2009-01-26 06:18 · Score: 1
  
  All the better for ensuring immunity of your weapon deployment platform from your own weapon.
  
  --
  Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Keep spreading lies by Anonymous Coward · 2009-01-24 11:07 · Score: 5, Funny

Windows is actually far more secure than Linux. Get the facts, people.
1. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 11:19 · Score: 3, Informative
  
  Yeah as if a Microsoft website isn't going to show a bit of one-sidedness and in doing so leave out a metric ton of facts that don't exactly keep their product at best interest.
2. Re:Keep spreading lies by quickOnTheUptake · 2009-01-24 11:26 · Score: -1
  
  that's why it's estimated that 10 million linux computer are infected.
  Oh, wait.
  
  --
  Mod points: Guaranteed to remove your sense of humor.
  Side effects may include gullibility and temporary retardation
3. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 11:46 · Score: -1, Troll
  
  I prefer this site, its facts are far more accurate ;-)
4. Re:Keep spreading lies by Baseclass · 2009-01-24 11:46 · Score: 0
  
  This is a joke right?
  
  I've been running Linux for 10 years. Not once have I had a virus, malware, or spyware installed on my PC.
  By contrast, my wife's laptop which was running Windows XP (until I installed Slackware on it) required constant de-spywareification and resource intensive anti-virus programs always on alert.
  
  You my friend need to get the facts.
  
  --
  ^^vv<><>BA
5. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 11:54 · Score: 4, Informative
  
  I prefer this site, its facts are far more accurate ;-)
  Don't click that link!
6. Re:Keep spreading lies by Anders · 2009-01-24 11:56 · Score: 2, Insightful
  
  I prefer this [zoy.org] site, its facts are far more accurate ;-)
  At least it wasn't a rickroll ...
7. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 12:00 · Score: 5, Informative
  Be warned - in case you are tempted...
  This is a pretty ingenious script that
  Opens up windows (or tabs, depending on how you open the link) as fast as your computer can - 100% CPU
  Each window displays gay porn
  Plays a loud sound "Hey everybody I'm looking at gay porno"
  Behind the scenes it also copies the contents of your clipboard to this guy.
  It works in IE and firefox. It is simply a page with an image, a flash movie, and a javascript that copies your clipboard to a field then 'submit()'s' the form, reloading the page.
  Very simple and bypasses popup blockers (at least the ones I have on).
  This has got to be a security hole in firefox, both on the ability to open windows/tabs, and copying the clipboard.
  If you want to have a look, use:
  
  wget http://getthefacts.on.zoy.org/index.php
  
  WARNING: dont click on this link, just copy the wget command to a shell. Dont say I didn't warn you...
8. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 12:11 · Score: 1, Informative
  
  Same here. We couldn't keep my Mom's PC clean when it was running windows. I swear it would get infected with something within a month. Switched her to Linux just over two years ago and haven't had a problem since.
  She grumped about "things are changed" for about a week. Now she is happy surfing, emailing, printing, loading music on her MP3 player, and grabbing pics off her camera. She is happy - I am happy!
9. Re:Keep spreading lies by Penguinshit · 2009-01-24 12:20 · Score: 4, Funny
  
  It's a dickroll...
  
  --
  I have something in common with Stephen Hawking...
10. Re:Keep spreading lies by Kneo24 · 2009-01-24 12:52 · Score: 1
  
  Part of your moms problem, and the GP's wife's problem is education. Did you guys bother to teach them that the internet isn't safe and that they probably shouldn't click on every link they see?
  And if they'd rather not listen, let them educate themselves; do not help them. I had to do this to my mom and sister and they've been virus/spyware/malware free for a year now. They know to keep Windows up to date and run a scan at least once a week for any suspicious. They've also learned to not click on every fool link there is just because they can.
11. Re:Keep spreading lies by darkpixel2k · 2009-01-24 12:54 · Score: 1
  
  Damnit. When will Chrome be available for Linux? Do you know how long it takes to reopen 150 tabs on an old Compaq Presario 2300 laptop? Good thing I have a second brower installed. It'll take me a week to get firefox loaded back up.
  
  --
  There's no place like ::1 (I've completed my transition to IPv6)
12. Re:Keep spreading lies by nmb3000 · 2009-01-24 12:56 · Score: 2, Insightful
  By contrast, my wife's laptop which was running Windows XP...required constant de-spywareification and resource intensive anti-virus programs always on alert.
  Then, as they say, you're doing it wrong. Running XP/Vista securely is pretty easy:
  Most importantly: don't run as admin.
  Stay updated.
  (Optional) Use a browser like Firefox with addons like NoScript. Makes browsing new sites painful, but more secure.
  That combined with a little common sense means you don't even need any realtime anti-virus software. If you do accidentally get something malicious installed, cleaning a user profile is really easy. Worst case means copying files and then deleting and re-creating the profile, just like you would have to do on an infected Linux system.
  --
  "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
  /)
13. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 13:01 · Score: 0
  
  But operating system and user are completely correlated in your example. What if you had been using Windows for 10 years? I have run Windows for at least that long (until recently), and never had virus or malware. Now I run Linux, and love it, and still no viruses.
14. Re:Keep spreading lies by jesser · 2009-01-24 13:01 · Score: 4, Insightful
  
  Firefox doesn't let web sites access your clipboard directly. Flash does. The Flash guys consider it a feature, while the Firefox guys consider it a security hole in Flash (or at least I do).
  I bet the site is using Flash.
  
  --
  The shareholder is always right.
15. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 13:18 · Score: 0
  
  I wonder how he gets access to the clipboard in FF3. Flash, maybe? Hell, I've been working on something where we want to give the user the ability to click a button, copying the HTML from within a DIV to their clipboard, and without hacking about:config in FF3 (when using Flash 10) it's not even possible. :\
16. Re:Keep spreading lies by Baseclass · 2009-01-24 13:21 · Score: 2, Interesting
  
  I love how Windows apologists always qualify their answers with "I like Linux too but...". It's a bit like saying "Some of my best friends are black but..."
  You're obviously an experienced Windows user and understand the importance of discretion when clicking links, installing software, etc.
  The difference is, Linux users don't have exercise nearly as much caution. My wife and kids know nothing of what lies beneath their pretty GUIs yet since upgrading every system in the house to Slackware (yes upgrading), we've had no further issues involving malicious software.
  
  --
  ^^vv<><>BA
17. Re:Keep spreading lies by ATMD · 2009-01-24 13:25 · Score: 1
  
  No, that can't happen until the year of the Linux desktop, which I believe is the year after the release of DNF...
  *ducks hail of thrown Ubuntu disks*
  
  --
  Nobody else has this sig.
18. Re:Keep spreading lies by lordsid · 2009-01-24 13:34 · Score: 3, Insightful
  
  I don't know where you guys get your information but its pretty easy to access the clipboard from javascript even in firefox.
  Try searching for "javascript clipboard functions" the first link gives an example. All he would have to do is paste the content into a hidden div and wait for it to resubmit itself.
  
  --
  IMAGE VERIFICATION IS EVIL!
19. Re:Keep spreading lies by indi0144 · 2009-01-24 13:38 · Score: 1
  
  so we are positive that this can be a new meme?
20. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 13:39 · Score: 0
  
  Noscript ftw.
  Captcha: installs
21. Re:Keep spreading lies by Kneo24 · 2009-01-24 13:39 · Score: 1
  
  Did you try educating them the importance of safe browsing habits? If that failed, did you try allow time for them to learn on their own so they see how much trouble you go through and really learn a lesson?
  You can install whatever you wish, but you've really done nothing to stop their bad browsing habits. All you've done is seemingly hide it. It doesn't matter what your OS of choice is, everyone should exercise some caution when online.
22. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 13:51 · Score: 1, Interesting
  
  Seeing as I was about to reboot to tryout a live CD anyways, I went there.
  Other than seeing an ugly ass background pic, it does nothing to my Linux system, running firefox 3 with no script, adblock plus & flashblock.
23. Re:Keep spreading lies by danwesnor · 2009-01-24 13:51 · Score: 4, Funny
  
  Free porn? SWEET!
24. Re:Keep spreading lies by NeverVotedBush · 2009-01-24 13:57 · Score: 5, Insightful
  
  The both of you should probably add "that you know of".
  
  The reality is that Linux boxes are highly prized. Their owners frequently have high speed connections and Linux can do all sorts of fun things.
  
  Linux isn't perfect. There have been any number of security issues that would allow a knowledgeable hacker easy access. It all depends on if you kept your systems up to date and patched, didn't set up and allow unnecessary services, had a good firewall policy with a default deny/drop stance, etc.
  
  Linux comes out of the box now pretty secure but it hasn't always. And individual user habits can also compromise a system. Add to that the fact that one of the big ways into a system now is through add-on things like flash and such, and the knowledge that there have been kernel bugs that let user applications get root with a single command (things like vmsplice), and there is a possibility that your Linux boxes are rooted and you just don't know it.
  
  For the record, I run Linux almost exclusively and am no fan of Windows. But people need to understand that just running Linux is not a guarantee of safety. I'm also not questioning your capabilities. It's just that blanket statements about Linux security should probably be qualified.
25. Re:Keep spreading lies by nog_lorp · 2009-01-24 14:05 · Score: 3, Informative
  
  I don't know where you get your information, but
  
  Error: document.getElementsByTagName("textarea")[0].createTextRange is not a function
  Source File: javascript:%20document.getElementsByTagName("textarea")[0].focus();%20alert(document.getElementsByTagName("textarea")[0].createTextRange());%20void(0);
  Line: 1
  Yah know why? Because "Firefox doesn't let web sites access your clipboard directly. Flash does. The Flash guys consider it a feature, while the Firefox guys consider it a security hole in Flash"
26. Re:Keep spreading lies by blind+monkey+3 · 2009-01-24 14:06 · Score: 2, Interesting
  
  (MANDATORY) do not use Internet Explorer.
  as an example, this?
  Yes, December was last year so you can argue it is a year old....
  Your suggestions are good and will minimize risks. The UAC nagware needs to be addressed so that people don't get the urge to through a brick through their "Windows" though.
  I am also a little nervous about the "don't need realtime anti-virus software" with Windows - I think that Windows security has been improved but it could do with some more improvements - hopefully Vista SP3 (AKA Windows 7) will do this - I haven't looked at it yet but sounds like it is addressing some major issues, if so, thank you Microsoft.
  [taunt]I still prefer my Debian systems though[/taunt].
  
  --
  BM3
27. Re:Keep spreading lies by DMUTPeregrine · 2009-01-24 14:09 · Score: 1, Informative
  
  Exactly. Noscript is the best counter to crap like this.
  
  --
  Not a sentence!
28. Re:Keep spreading lies by ozmanjusri · 2009-01-24 14:15 · Score: 5, Insightful
  
  They know to keep Windows up to date and run a scan at least once a week for any suspicious. They've also learned to not click on every fool link there is just because they can.
  Why bother?
  Linux is free, and it's easier to learn Linux than how to keep Windows clean.
  
  --
  "I've got more toys than Teruhisa Kitahara."
29. Re:Keep spreading lies by calmofthestorm · 2009-01-24 14:20 · Score: 1, Insightful
  
  I love noscript:-)
  
  --
  93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
30. Re:Keep spreading lies by iago-vL · 2009-01-24 14:37 · Score: 0, Flamebait
  
  Actually, Flash provides a write-only clipboard. It can't read the clipboard unless the user gives it permission (short of some vulnerability in Flash, of course).
  
  --
  http://www.skullsecurity.org/blog/
31. Re:Keep spreading lies by gmagill · 2009-01-24 15:13 · Score: 2, Interesting
  
  Avast antivirus caught it for me (using Firefox)
32. Re:Keep spreading lies by Hooya · 2009-01-24 15:31 · Score: 1
  
  it might be interesting to note that I had windows on my wife's computer running well for almost a year and a half without problems. the trick was, I had her using FF in normal usage and IE only when she had to use her University's registration site which, for whatever reason, only worked in IE. It worked great for 1 1/2 years *without* AV or other software grinding the harddrive to a pulverized puff of magnetic particles.
  over the thanksgiving break, we had a few guests and one of 'em, of course, clicked the all too familiar IE icon (should have removed that from the menus) and the system went to hell in no time.
  anecdotal evidence but evidence nonetheless.
  FF and informed usage - 1 1/2 years.
  IE - 1 day.
  Both without AV.
  (I refuse to turn the computer into a grinder for the sake of running an AV to make up for the deficiencies of the OS it's running under. Personally use GNU/Linux - have been since 1995).
33. Re:Keep spreading lies by sootman · 2009-01-24 15:47 · Score: 1
  
  That site is just as bad in Chrome, last time I checked.
  
  --
  Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
34. Re:Keep spreading lies by darkpixel2k · 2009-01-24 16:09 · Score: 1
  
  That site is just as bad in Chrome, last time I checked.
  Blast! Then certainly someone out there is smart enough to develop a plugin or something that can detect non-stop opening of new gay porn windows along with annoying audio and halt it with a box saying "should this continue"?
  
  In chrome, can't you stop a tab and force it to close using a task-manager like thing?
  
  --
  There's no place like ::1 (I've completed my transition to IPv6)
35. Re:Keep spreading lies by hairyfeet · 2009-01-24 16:17 · Score: 1
  
  Doesn't work on Windows with Noscript and Adblock Plus enabled either. (FF3/Win2K Pro)
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
36. Re:Keep spreading lies by jesser · 2009-01-24 16:17 · Score: 1
  
  Oh. In that case, I wonder what this shock site is doing.
  (We also consider writing to the clipboard to be a security hole in Flash -- what if you were in the middle of copy & pasting from one Terminal.app tab to another, and the site copied some shell code followed by a line break character?)
  
  --
  The shareholder is always right.
37. Re:Keep spreading lies by Spit · 2009-01-24 16:20 · Score: 5, Insightful
  
  A better counter is not to click links posted by anonymous idiots.
  
  --
  POKE 36879,8
38. Re:Keep spreading lies by mlwmohawk · 2009-01-24 16:27 · Score: 4, Informative
  
  Linux isn't perfect. There have been any number of security issues that would allow a knowledgeable hacker easy access.
  Depending on the methodology of access this is potentially true. There are philosophical differences between the development of Linux, BSD, and Windows.
  I've been around the industry for a while and I have seen first hand the systemic differences. At Microsoft, things like adding executable code to TIFF images and metafiles is neither challenged nor audited. On Linux and FreeBSD the developers wouldn't even dream of doing something idiotic like that, and even if they do, there are legions of people who will scream bloody murder.
  Then there is the nefarious code purposefully put into Microsoft's proprietary code. Be it the NSA key, WGA, or other methodologies of accessing machines remotely. If these systems are in Windows, they WILL be exploited by external entities.
39. Re:Keep spreading lies by gsgriffin · 2009-01-24 16:33 · Score: 1, Troll
  
  Thanks for being brave enough to stand up and say that on /. I had to cancel my collo service and give away a linux web server box that I owned after trying to keep up with numerous patches every month and the eventual termination of product lifecycle. Within a couple months, my server was cracked and used to try to break into Stanford's graphic department while racking up an $800 bill over the weekend.
  
  --
  jsut athnoer menagiensls ltitle psrhae for you to dcoede. Why do we wtsae our tmie dnoig tihs?
40. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 16:59 · Score: 0
  
  what happens when a legitimate site has been hacked?
  like the other post said, the counter is noscript.
  dipshit.
41. Re:Keep spreading lies by kingcobra0128 · 2009-01-24 17:21 · Score: 1
  
  Yep No script is Good I believe as a technician from now on I am installing that plugin on ever computer I fix :D
42. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 17:42 · Score: 0
  
  Opera's built-in pop-up blocker blocked all the popups from that site, or at least it did for me. Eat that Mozilla! :P (YMMV)
43. Re:Keep spreading lies by citizenr · 2009-01-24 17:50 · Score: 2, Informative
  
  It works in IE and firefox. Very simple and bypasses popup blockers
  And in Opera everything is fine.
  -doesnt open any popups
  -doesnt bypass any blockers (no sound/no flash)
  
  --
  Who logs in to gdm? Not I, said the duck.
44. Re:Keep spreading lies by symbolset · 2009-01-24 18:06 · Score: 2, Informative
  
  They've also learned to not click on every fool link there is just because they can.
  Did you explain to them that it has open login ports they can't see that are by default open to the Internet, and a bot army has immense resources to bang on the default "administrator" account all day until it picks the lock (assuming the admin account even has a password), opening them up to remote control from anonymous badguys, complete loss of private information, keyboard information capture like credit card numbers and online banking access information?
  Did you mention that autorun unless carefully disabled, will automatically run programs in the root of any new media they insert, including music CDs, DVD videos, LCD picture frames, pen drives, cameras and so on?
  Did you know that most forms of Linux don't have those "features"? This is relevant because those are the precise features being used to spread the worm in TFA.
  
  --
  Help stamp out iliturcy.
45. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 18:10 · Score: 0
  
  No, it's just come full-circle, that's all. The original meme was a dickroll (gay porn site), followed by a duckroll (picture of a duck on wheels), and then the rickroll (Rick Astley).
46. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 18:20 · Score: 1, Insightful
  
  Wow. On slashdot just being in touch with your feelings is enough for a +1, Insightful!
  I love cake. :)
47. Re:Keep spreading lies by symbolset · 2009-01-24 18:40 · Score: 1
  
  Did you try educating them the importance of safe browsing habits?
  Didn't he tell you he installed slackware? The training was unnecessary. Slackware users can pretty much click with reckless abandon. Why would he need to teach them that the internet is a perilous place where a single errant click can send your computer careening completely out of control and render it useless? That's no longer true for them.
  
  --
  Help stamp out iliturcy.
48. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 18:57 · Score: 1, Funny
  
  I like how you say this as if having a free account on a random web forum like Slashdot somehow validates your identity and makes you any less anonymous.
  Here's a better counter for you. Don't click any links whatsoever. In fact, get off of MY internet.
49. Re:Keep spreading lies by Kneo24 · 2009-01-24 20:55 · Score: 1
  
  Whether you like it or not, the majority of the world uses windows. At least when they use someone else's windows box, they won't gunk it up with unnecessary malware.
50. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 20:56 · Score: 0
  
  That's not all it does.
  When I started emule, I found gay pron in the download list.
  Of course the most ironic thing is if it also installed downadup :(
51. Re:Keep spreading lies by Kneo24 · 2009-01-24 21:02 · Score: 2, Informative
  
  bang on the default "administrator" account all day
  I set these boxes up myself. All default accounts are disabled. They can bang on those accounts all day, it doesn't matter. They're not on. They're not going to turn on.
  
  Did you mention that autorun unless carefully disabled, will automatically run programs in the root of any new media they insert, including music CDs, DVD videos, LCD picture frames, pen drives, cameras and so on?
  
  Autorun doesn't work specifically like that anymore. It at least asks you what you want to do on XP and Vista. If you just want to explore the contents of the media that's connected to your PC, you can do that instead of it automatically trying to run everything inside of it.
  
  This is relevant because those are the precise features being used to spread the worm in TFA.
  Irrelevant for my family as long as they keep their boxes up to date. An up to date Windows system is unaffected by said worm.
52. Re:Keep spreading lies by Kneo24 · 2009-01-24 21:03 · Score: 1
  
  Yes, no longer true for them as long as they don't touch another person's computer that does have Windows on it. Once they do, their careless habits could cause grief for someone else.
53. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 21:17 · Score: 0
  
  The only thing it did here (FF on Ubuntu) was to crash Firefox. Forced shutdown + restore session, and no damage done. Might be because I have the flashblock extension though.
54. Re:Keep spreading lies by sponga · 2009-01-24 21:23 · Score: 1
  
  What if you are on Vista/Win7 beta?
  No seriously, Vista has been nothing but convenience from Viruses and Malware.
  People like to use the term 'Windows' out there without defining what versions lately for weird reasons or agenda.
55. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 21:56 · Score: 2, Informative
  
  "Autorun doesn't work specifically like that anymore. It at least asks you what you want to do on XP and Vista. If you just want to explore the contents of the media that's connected to your PC, you can do that instead of it automatically trying to run everything inside of it."
  Ummm no, if there is an autorun inf it will open it and run whatever program is listed to be run.
  You have to turn it off explicitly in more than one place to turn it of on all types of media.
  By the way, autorun.inf is also responsible for putting the icon for the device in "my computer" so if you think you have turned it off, but your usb drive still pops up it's icon when you plug it in, your machine is still using autorun.
  The behavior you describe is if there is nothing to do in autorun.inf or it does not exist.
56. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 22:07 · Score: 0
  
  I love noscript:-)
  +1
57. Re:Keep spreading lies by sniperu · 2009-01-24 22:57 · Score: 1
  
  Fact: Did you know that if an account does not have a password it can't be used for remote connections ?
58. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 23:35 · Score: 0
  
  Or, alternatively, use NoScript. Except for the background image, you don't get any effects really (and that one's nothing that hasn't been seen on Rotten or BME, either...)
59. Re:Keep spreading lies by subbuk · 2009-01-24 23:50 · Score: 1
  
  > Very simple and bypasses popup blockers (at least the ones I have on).
  use noscript plugin with firefox.
60. Re:Keep spreading lies by Anonymous Coward · 2009-01-24 23:51 · Score: 0
  
  Is doesn't matter which potential means there are to compromise a system. It almost never happens while with Windows it happens all the time.
  How much money do you spent on Linux Antivir software?
61. Re:Keep spreading lies by ChienAndalu · 2009-01-24 23:57 · Score: 1
  
  All these precautions don't protect you from the dancing bunnies problem.
62. Re:Keep spreading lies by Anonymous Coward · 2009-01-25 00:08 · Score: 0
  
  I would click yes and laugh maniacally.
63. Re:Keep spreading lies by Antique+Geekmeister · 2009-01-25 00:30 · Score: 1
  
  They're not the only uneducated ones. Have you ever used Subversion? Have you read the notes from its managers (who mostly work in the Linux and UNIX world) that it's OK that it saves your remote site passwords in clear text, because if you don't trust your local computer, you shouldn't use it?
64. Re:Keep spreading lies by Erikderzweite · 2009-01-25 01:22 · Score: 1
  
  The main attack vectors for Linux machines are either weak ssh passwords or some weaknesses in various hand-made php scripts. None of those applies to desktop PCs.
  It is also much harder to use social engineering on Linux boxes (even harder with noexec). Autorun tricks don't work either. And if a user has no previous Windows experience -- he's even safer because downloading and launching random crap isn't a common practice in Linux distributions -- you use package managers for that.
  Linux cannot give a 100% guarantee, but let's face it -- a default Linux install is much safer than a default Windows install. And properly configured Linux box is close to bulletproof (you can keep Windows safe too, but you need more work to achieve acceptable level of security). And a Linux box is easier to keep safe -- system-wide updates alone make a huge difference.
65. Re:Keep spreading lies by Anonymous Coward · 2009-01-25 02:21 · Score: 1, Informative
  
  No, that's not how it works at all. XP and Vista default to no autorun without confirmation.
  Grabbing the autorun icon and automatically running a program may both be stored in the same file, but are treated as two different entities that are handled completely differently.
66. Re:Keep spreading lies by mavi_yelken · 2009-01-25 02:53 · Score: 1
  
  Nod32 also caught it with
  HTTP filter archive http://getthefacts.on.zoy.org/ probably a variant of HTML/Exploit.DialogArg.A trojan connection terminated Threat was detected upon access to web by the application: firefox.exe.
67. Re:Keep spreading lies by k_187 · 2009-01-25 03:03 · Score: 1
  
  Exactly, the GP treated the symptom and not the disease.
  
  --
  11 was a racehorse
  12 was 12
  1111 Race
  12112
68. Re:Keep spreading lies by Kneo24 · 2009-01-25 03:06 · Score: 2, Informative
  
  When was the last time you used Windows? It does not work like that anymore. Not for XP or Vista. Just to test this theory I grabbed some really old games and some really new ones. Popped in the discs and sure enough, none of them actually opened the disc, just asked me what I wanted to do with it. My choices were either a.) use autorun, or b.) explore the contents of said disc
  The fact that someone modded you informative just shows that they too don't know what they're talking about.
69. Re:Keep spreading lies by Kingrames · 2009-01-25 07:06 · Score: 1
  
  noscript didn't work on that site for some reason.
  
  --
  If you can read this, I forgot to post anonymously.
70. Re:Keep spreading lies by bensafrickingenius · 2009-01-25 07:54 · Score: 1
  
  I just opened it in Win7, IE8. It was horrible (not just gay porn -- also a lot of blood, deformed babies, etc.), but AVG prevented any lasting effects, as far as I can tell. No new tabs or windows were opened. And I got to the mute button before my 6 and 9 year old daughters heard the part about me looking at gay porn. All and all not a nice addition to my peaceful Sunday afternoon. I think I'll get back to my NYT Sunday Crossword now. See if my stomach settles back down a bit.
  
  --
  I am not left-handed, either!
71. Re:Keep spreading lies by NeverVotedBush · 2009-01-25 08:07 · Score: 1
  
  I agree. I think that overall Linux is much more secure than Windows. The numbers of bug fixes may be more for Linux (I don't know) but that could also be because people are acting fast to make Linux the best it can be.
  
  Also, it now does come with default deny/drop on its firewall (at least the distros I'm familiar with but I would bet all), is basically just more secure due to that developer mindset you mention, and the people running it tend to be a little more technically savvy and probably don't just plug their Linux box right into their cable or DSL modem.
  
  I wasn't trying to say that Linux was just as insecure as Windows. I was just saying that there have been exploits for Linux too, you can misconfigure it, open ports, and run vulnerable services, and people that think just running Linux makes them impervious to attack could end up with a surprise.
72. Re:Keep spreading lies by NeverVotedBush · 2009-01-25 08:13 · Score: 1
  
  I think a lot of that kind of trouble can be prevented, though.
  
  Patches are just a way of life. If you don't patch, you can end up with a well-known vulnerability that also has attack code available in the wild.
  
  Also, if you run something like Fedora on a production system, you need to accept and upgrade on the same short schedule since Fedora releases aren't maintained for nearly as long as the full Red Hat releases.
  
  You don't say how long your system was cracked, but if it was for a while and you weren't checking logs and such, running something like tripwire and cfengine, or even something as simple as using strong passwords, it might not really be Linux's fault. You don't provide details of the attack so there is no way for us to know.
73. Re:Keep spreading lies by NeverVotedBush · 2009-01-25 08:16 · Score: 1
  
  I definitely agree. Linux tends to have a more knowledgeable user base that also understands the implications of poor security.
  
  I also know that Microsoft's constant building executable functionality into every file type imaginable was just asking to be exploited over and over and over.
  
  All I was saying was that just running Linux doesn't mean you haven't been rooted or cracked.
74. Re:Keep spreading lies by NeverVotedBush · 2009-01-25 08:17 · Score: 1
  
  Agreed completely!
75. Re:Keep spreading lies by mlwmohawk · 2009-01-25 08:34 · Score: 1
  
  I agree. I think that overall Linux is much more secure than Windows. The numbers of bug fixes may be more for Linux (I don't know) but that could also be because people are acting fast to make Linux the best it can be.
  Nice FUD. Without some serious analysis, you can't really draw any conclusions about "bug fixes." Many security bug fixes in Linux are merely "potential" vulnerabilities that are not and probably could not be full vulnerabilities without a lot of other things in place to allow the exploit.
  and the people running it tend to be a little more technically savvy and probably don't just plug their Linux box right into their cable or DSL modem.
  Again, WRONG. Linux/BSD are more secure REGARDLESS of the people running it. Qualified people running Windows will never be able to get it secure as Linux or FreeBSD simply because Windows is designed to be insecure.
  I wasn't trying to say that Linux was just as insecure as Windows. I was just saying that there have been exploits for Linux too, you can misconfigure it, open ports, and run vulnerable services, and people that think just running Linux makes them impervious to attack could end up with a surprise.
  I completely reject the equivocation argument. "All operating systems have security issues" which leads to "so it doesn't matter what you use" or something similar. It does matter because there are real differences between security exploits. All security bugs are not equal. A "potential" security bug with an arcane and virtually impossible exploit path is fundamentally different beast than an exploit that allows millions of Windows PCs to become part of a bot farm.
76. Re:Keep spreading lies by MrNerd · 2009-01-25 10:13 · Score: 1
  
  Comodo Internet Security + Comodo Safe Surf blocked this on a system I'm testing.
  
  --
  Mr nodothere Nerd substitutetheatsymbolhere gmail dot com
77. Re:Keep spreading lies by NeverVotedBush · 2009-01-25 12:07 · Score: 1
  
  Ahhh, nice flame. My butt is feeling quite toasty.
  
  The fact is that people can misconfigure a Linux box, use a weak password, not update, or through any number of things make their computer vulnerable. That really is a fact.
  
  And you are the one that's wrong about Linux being more secure regardless of who is running it. Say somebody wants to ssh in to their system so they open 22 but don't turn off permitrootlogin in their sshd_config - and last I saw, allowing root logins was the default. They also don't lock ssh to specific users or machines logging in. Now, also assume they think that nobody but they can log in as root at the console and so they pick a password like abc123. They ignore the weak password warning or don't even have that checking running.
  
  They now have a Linux box that's basically wide open because it was misconfigured and it is all because of the person running it.
  
  And actually, all operating systems do have security issues. Where have you been the last 30 years? I also never said it doesn't matter what you use. You are fighting a ghost of your own creation. I believe that Linux is more secure. That's why I run it. I believe that Windows is less secure. That's why I don't run that.
  
  All I said was that just assuming you are secure just because you run Linux doesn't mean that you are. And that, mohawk, is a fact.
78. Re:Keep spreading lies by lordsid · 2009-01-25 13:02 · Score: 1
  
  Glad to see you don't even know what is being talked about here. The idea is to steal what is on the users clipboard and submit it to the aggressor. Yes this is possible. I've written several web pages for my own reference that access the clipboard.
  Feel free to take your foot out of your mouth now.
  
  --
  IMAGE VERIFICATION IS EVIL!
79. Re:Keep spreading lies by rtechie · 2009-01-25 13:09 · Score: 1
  
  Then there is the nefarious code purposefully put into Microsoft's proprietary code.
  
  Be it the NSA key, WGA, or other methodologies of accessing machines remotely. If these systems are in Windows, they WILL be exploited by external entities.
  So you're saying "remote access of any kind = external exploit". There is certainly some truth to this, but virtually all operating systems contain some form of remoter access. In Unix you have telnet and ssh. In Windows you have Remote Desktop (and telnet and ssh). I'm sure there are exploits for these, but this is hardly a Microsoft problem.
80. Re:Keep spreading lies by mlwmohawk · 2009-01-25 13:26 · Score: 1
  
  Be it the NSA key, WGA, or other methodologies of accessing machines remotely. If these systems are in Windows, they WILL be exploited by external entities.
  So you're saying "remote access of any kind = external exploit".
  There is a difference between a "regular" service and a backdoor system like WGA, the NSA key, et. al. *You* have no control over how those services are configured nor whom they contact.
  In Unix you have telnet and ssh. In Windows you have Remote Desktop (and telnet and ssh). I'm sure there are exploits for these, but this is hardly a Microsoft problem.
  See, here is a prime example of "equivocation" that is nonsense. The "ssh" vs "Windows Remote Desktop" comparison is rediculous, do you have any idea how BAD the security in WRD? Any?
81. Re:Keep spreading lies by rfunches · 2009-01-25 17:47 · Score: 1
  
  False on Windows systems. You can enable remote logins on null-password accounts through Local Security Policy.
82. Re:Keep spreading lies by nog_lorp · 2009-01-25 21:08 · Score: 1
  
  With Firefox? Give an example please. The person who originally made that claim referenced an article that ONLY WORKED FOR INTERNET EXPLORER. So get some context before you insult me.
83. Re:Keep spreading lies by nog_lorp · 2009-01-25 21:12 · Score: 1
  
  Err, edit: the person who originally made that claim was... YOU. READ THE FUCKING THING YOU REFERENCED.
  
  Try searching for "javascript clipboard functions" the first link gives an example.
  You said this, did you not? Well, that first link gives an example that DOES NOT, I repeat DOES NOT work in Firefox.
84. Re:Keep spreading lies by Cro+Magnon · 2009-01-26 03:02 · Score: 1
  
  I also don't recommend clicking links posted by known idiots.
  
  --
  Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
85. Re:Keep spreading lies by rtechie · 2009-01-26 10:33 · Score: 1
  
  Somehow my post got mangled.
  
  Then there is the nefarious code purposefully put into Microsoft's proprietary code.
  Prove it.
  
  There is a difference between a "regular" service and a backdoor system like WGA, the NSA key, et. al. *You* have no control over how those services are configured nor whom they contact.
  WGA isn't a hidden backdoor. It uses a well-known port and connects to well-known servers. It's easily blocked or disabled.
  The NSA backdoor does not exist unless you can prove it exists. There have been extensive code reviews of Windows source code that have not revealed these imaginary backdoors.
  
  The "ssh" vs "Windows Remote Desktop" comparison is rediculous, do you have any idea how BAD the security in WRD? Any?
  What makes you think Remote Desktop is "bad"? Do you have any idea how it works? If so, please explain it. Just about every feature in SSH is in RDP.
  And the paranoid can tunnel their RDP connections over SSH or IPSec.
86. Re:Keep spreading lies by mlwmohawk · 2009-01-26 12:59 · Score: 1
  
  Then there is the nefarious code purposefully put into Microsoft's proprietary code.
  Prove it.
  Two things about this challenge. As a proprietary product, I am unable to prove or disprove what is or is not in Windows. We do, however, have plenty of evidence that "NSA Key" does not have an adequate explanation, that WGA does send personal information despite microsoft's claims to the contrary, and that there are plenty of "easter eggs" in Microsoft programs and Windows itself.
  It is reasonable to conclude that security is lacking and it is a fact that there is unaccounted for/unaudited code in Windows and microsoft programs. (Easter eggs are a an example.) Any security minded person presented with this situation and UNABLE to verify for themselves, should assume the worst.
  WGA isn't a hidden backdoor. It uses a well-known port and connects to well-known servers. It's easily blocked or disabled.
  Yes, but it is not 100% documented and verifiable as to what it does and what information is conveyed.
  The NSA backdoor does not exist unless you can prove it exists.
  See my first point.
  There have been extensive code reviews of Windows source code that have not revealed these imaginary backdoors.
  By whom? Not by me. Not under circumstances that I trust. By the same people who've requested its inclusion in the first place, perhaps?
  What makes you think Remote Desktop is "bad"?
  It is a server intended for very broad access to the system, however it is proprietary and impossible to audit. So you can't check the access execution path to verify that it is secure. More over, it uses AES encryption which, while fairly secure in theory, does not prevent MITM and does not prevent eavesdropping. All you need to do is get the password and that's easier than you think. Even WITH the passphrase, you can't eavesdrop and if properly configured, can't do an MITM with ssh.
  So, yes that's "BAD."
  Do you have any idea how it works? If so, please explain it. Just about every feature in SSH is in RDP.
  It isn't about the "features" it is about the "security" of how they are implemented.
  And the paranoid can tunnel their RDP connections over SSH or IPSec.
  Exactly.
87. Re:Keep spreading lies by rtechie · 2009-02-03 13:16 · Score: 1
  
  As a proprietary product, I am unable to prove or disprove what is or is not in Windows.
  Sure you can. You can sniff for leaks. That's how people found out about the "personal information" in WGA.
  You're not seriously going to do a line-by-line code review of Windows, even if you had the source. It would take you months or years. It would take you even longer in Linux, Nobody's going to do a line-by-line review of that either. AND NOBODY EVER HAS. Show me the line-by-line code review of Fedora 10.
  
  We do, however, have plenty of evidence that "NSA Key" does not have an adequate explanation,
  No, we don't. NSA uses it's own special sauce separate from FIPS for encryption/signing/etc. That special sauce is in Windows so NSA can use it. You need to turn it on with registry keys and it doesn't implement anything remotely similar to a backdoor. It affects logins, EFS, and network filesharing.
  
  WGA does send personal information despite microsoft's claims to the contrary,
  What personal information is that? It sends system details. It DOESN'T send the Owner or Company strings which is the ONLY "personal information" stored in a standard Windows install. Unless you consider what motherboard you have installed to be "personal information". Link:
  http://blogs.msdn.com/wga/archive/2007/03/07/wga-notifications-and-download-and-install-telemetry.aspx
  
  By whom? Not by me. Not under circumstances that I trust. By the same people who've requested its inclusion in the first place, perhaps?
  The University of Washington has done a code review of Windows 2000 and I think XP. And more importantly, the European Union has the source and their special masters have been doing a code review as part of the antitrust and other lawsuits against Microsoft. Like you, they're paranoid of the supposed "NSA backdoor". I think the British government has done the same thing independently. So have the Australians. Links:
  http://www.microsoft.com/presspass/press/2003/jan03/01-14GSPrelease.mspx
  http://www.microsoft.com/resources/sharedsource/default.mspx
  There's also the fact that the Windows 2000 source has leaked and independents reviewed that and found no backdoors.
  
  It is a server intended for very broad access to the system, however it is proprietary and impossible to audit. So you can't check the access execution path to verify that it is secure.
  You can't attach a debugger? You can find out everything it's doing pretty easily.
  
  More over, it uses AES encryption which, while fairly secure in theory, does not prevent MITM and does not prevent eavesdropping.
  AES is the most widely-used algorithm in encryption today. If you've got a problem with AES you've got a big problem with encryption in general.
  
  All you need to do is get the password and that's easier than you think.
  Please tell me how it's "easier" to crack passwords on RDP than SSH. Assume password ONLY on SSH. I'm not aware of any known vulnerabilties on the password engine so you have to brute force it. Limit login attempts to 3. What's the problem?
  
  Even WITH the passphrase, you can't eavesdrop and if properly configured, can't do an MITM with ssh.
  Not true, but I don't want to get into it. What you're talking about is probably pre-sharing private keys rather than passwords. As I said before, Remote Desktop has just about every feature of SSH, including this one.
Why is it.. by zmollusc · 2009-01-24 11:07 · Score: 4, Funny

.. that I can't get windows apps to do what i want without crashing, but it runs teh evil viruses perfectly?

--
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
1. Re:Why is it.. by Anonymous Coward · 2009-01-24 11:15 · Score: 0
  
  blah blah troll troll
2. Re:Why is it.. by John+Hasler · 2009-01-24 11:26 · Score: 1
  
  What makes you think it does? Perhaps 10% of all infections fail. So what?
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
3. Re:Why is it.. by Shados · 2009-01-24 11:37 · Score: 1
  
  Virus writers aren't former Visual basic 6 developers without degrees who think they're hot shit for being able to pop a modal dialog, and make a career out of it. Thats why.
4. Re:Why is it.. by nathan.fulton · 2009-01-24 12:00 · Score: 5, Insightful
  
  ".. that I can't get windows apps to do what i want without crashing, but it runs teh evil viruses perfectly?"
  Because there is a 100% correlation between a virus crashing and a virus writer's lost profit. With most legitimate software, a crash leaves only one practical option: keep using the crapware and hope it doesn't crash again.
5. Re:Why is it.. by troll8901 · 2009-01-24 12:14 · Score: 2, Interesting
  
  Too true. The original Internet worm had only 99 lines of source code, yet incorporated encryption, password guessing, vulnerability-injection, and so on.
  Except for a bug, I think the author was a genius - a true "hacker" in the original sense of the word.
  Of course, both viewpoints were presented by another guy, who included this incident in the last chapter of a book.
6. Re:Why is it.. by brusk · 2009-01-24 12:42 · Score: 1
  
  Actually no. If a virus works only 50% of the time, no big deal, the author probably doesn't even know.
  
  --
  .sig withheld by request
7. Re:Why is it.. by Yvanhoe · 2009-01-24 12:49 · Score: 2, Funny
  
  Let's be fair, the virus only works on 30% of the machines. Still impressive for a windows app though...
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
8. Re:Why is it.. by GF678 · 2009-01-24 14:25 · Score: 1
  
  Funny, it seems like programs in Linux just want to seg fault whenever they like. Linux doesn't even provide a means of knowing when something has seg faulted unless they are paying attention to console messages, which most people using GUIs are not. Seen it with exaile, pidgin, evolution, even firefox. Fucking disgusting and at a worse rate than Windows.
9. Re:Why is it.. by ghostis · 2009-01-24 15:09 · Score: 1
  
  and thus zmollusc was enlightened.
  
  --
  
  Computer Science is all about trying to find the right wrench to bang in the right screw. -T.Cumbo?
10. Re:Why is it.. by El_Oscuro · 2009-01-24 15:32 · Score: 1
  
  It does suck. I know to run the program from a command prompt to get the messages, but what typical user does? We need a function which displays the seg fault message in a dialog, and has a button like "google this error"
  
  --
  "Be grateful for what you have. You may never know when you may lose it."
11. Re:Why is it.. by Anonymous Coward · 2009-01-24 23:48 · Score: 0
  
  Because virus developers are not tied to ridiculous release schedules and design decissions made up by marketing people.
  And the program of a virus is rather short and simple most of the time, there is less interaction with the user and a virus rarely has any configuration options.
12. Re:Why is it.. by Peterix · 2009-01-25 00:54 · Score: 1
  
  KDE has a nice crash dialog that even shows you the backtrace (if you have gdb installed) and tells you where to report the error.
13. Re:Why is it.. by shadowless · 2009-02-06 07:41 · Score: 1
  
  Too true. The original Internet worm had only 99 lines of source code, yet incorporated encryption, password guessing, vulnerability-injection, and so on.
  Except for a bug, I think the author was a genius - a true "hacker" in the original sense of the word.
  Robert Morris, is that you again?!
  
  --
  Programming is the art that actually fights back!
Could it be hijacked... by TexVex · 2009-01-24 11:16 · Score: 3, Interesting

If this thing is a malicious software delivery system, wouldn't it be possible to hijack it and have it download something that removes it?

--
Fun with Anagarams! LADS HOST, SHALT DOS. HAS DOLTS. AD SLOTHS, HATS SOLD. ASS HO, LTD.
1. Re:Could it be hijacked... by Kifoth · 2009-01-24 11:22 · Score: 2, Interesting
  
  Good question... Since we know that the virus checks 250 formula based URL's every day for 'updates,' what's to stop someone from registering one of the upcoming url's and hosting code there that'll cause the virus to uninstall or cripple itself?
2. Re:Could it be hijacked... by John+Hasler · 2009-01-24 11:23 · Score: 2, Informative
  
  I would imagine that it requires signed code.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
3. Re:Could it be hijacked... by nathan.fulton · 2009-01-24 12:03 · Score: 1
  
  only if the virus writer is doing it wrong. There are about a million ways to prevent this, including encrypting the code.
4. Re:Could it be hijacked... by Fnord666 · 2009-01-24 12:17 · Score: 2, Informative
  
  If this thing is a malicious software delivery system, wouldn't it be possible to hijack it and have it download something that removes it?
  
  Unfortunately the virus writers already thought of that. The article didn't give details but I would guess that the downloaded payload is digitally signed and the virus code verifies the signature.
  
  --
  'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
5. Re:Could it be hijacked... by upuv · 2009-01-24 13:06 · Score: 3, Interesting
  
  Aside from the potential protections the virus may have for this.
  White hats have a few extra rules to contend with. Since going into someones computer and changing stuff without there approval is illegal in most parts of the globe the white hats would be just as guilty as the virus writer.
  God forbid the white hat actually makes a mistake and the cure is worse than the disease. An analogous problem occurred when Sony installed a root kit that prevented people from breaking the law. Sony thought it was protecting it's IP rites. What really happened was that Sony effectively gave complete and total access to any one who wanted to do stuff on the computer. Sony got slapped hard for this and it cost them a bundle. Many people lost there jobs and the damage to personal computers around the world was rather staggering.
  So it's not as simple as someone taking over the comms with the virus and sending back clean up routine.
  ----
  As an aside. If or when the world comes to accept that white hats are allowed to attack virus in this manor we will see an almost instant response from the virus writers.
  A double payload mechanism would be very effective for example.
  1. Virus infects.
  2. 2nd payload is delivered and hides in stealth.
  3. white hat antivirus clears first virus. As it would take time for the aggressive anti virus to be written. The 2nd payload could easily be delivered well in advance of the white hat action.
  4. 2nd payload is now on the hardware with no need to talk to command and control.
  That is just one possible vector change that would appear.
  ----
  More likely is that if white hats where given the go ahead to attack. The "Bad guys" would simply move to the next soft target. I suspect the next soft target to be the vast numbers of networked devices that are multiplying all running Linux variations. Also since next to no one ever updates the firmware on these appliances once vulnerable they will remain for ever vulnerable.
  ----
  So in the end no it's a BAD idea for the white hats to aggressively attack these things. It's an arms escalation that we simply don't need.
6. Re:Could it be hijacked... by arkhan_jg · 2009-01-24 13:46 · Score: 3, Informative
  
  According to this analysis, the writers anticipated the daily domain-generation algorithm it uses to check for updates being reverse engineered, and they put in additional protection so that it would only download code from the original authors - presumably using some kind of key signing.
  
  --
  Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
7. Re:Could it be hijacked... by Omniscientist · 2009-01-24 17:29 · Score: 1
  
  I'm curious as to how they would achieve digital signature verification as (in the case of Windows) using WinVerifyTrust relies on the root certificate authority store.
  If they got around that via throwing their own CA in the store, that would only lead to an easy way to make the virus ineffective. Their might be built-in functionality in the virus itself for such operations, but I'd think that would increase the size of the binary too much.
8. Re:Could it be hijacked... by Microlith · 2009-01-24 17:44 · Score: 1
  
  once vulnerable they will remain for ever vulnerable.
  Considering the diversity in terms of user environments and hardware capabilities, even if you had 100,000 of a given unit in service with a weakness there's no guarantee that it'd be effective or beneficial to exploit.
  The huge return on investment they get with Windows is aided by the fact that you have millions of insecure machines subject to the same vulnerability that:
  - run same underlying OS
  - use same microprocessor architecture
  - can be expected to have a given level of resources
  Sure, you could crack the default firmware for a wrt54gl, but you won't be able to do a whole lot due to the lack of RAM, lack of real cpu power, and inability to store anything. One reboot and all your settings are changed, if you decide to play it risky and actually reflash the firmware, you'll kill a huge percentage of the units and the remainder will likely go noticed in some fashion.
  Never mind having to cross compile your worm.
  The vast number of networked devices out there, even if they all run Linux, run Linux variations. That alone is a more diverse and resistant population than any number of WindowsXP SP2 machines with an idiot at the helm.
9. Re:Could it be hijacked... by upuv · 2009-01-24 19:48 · Score: 1
  
  I 98% agree with your arguments.
  However in the recent years we have seen the number of processor types used in smart devices decline to a small hand full. Vendors no longer have the luxury or the capital to develop complete systems from scratch. Thus they tend to only do the add-value trick.
  For example: Sigma systems chips that are used in almost all set top boxes these dats. This is an example of an architecture that is literally in everyones house and home lan. A lot of this kit runs java, web servers etc. Basically looks like a spam machine in the making.
  The thing is these days you don't need to flash the bios/eram/firmware to add software to these devices.
  I also add that with the list of recent hardware vendors dropping like flies as their CEO's skip town with all the venture capital. :) The number of variations of base kit is dropping much faster.
  And speaking of idiot's at the helm. Thank-you George Bush. You incompetent clown. :)
10. Re:Could it be hijacked... by achurch · 2009-01-24 22:00 · Score: 1
  
  Their might be built-in functionality in the virus itself for such operations, but I'd think that would increase the size of the binary too much.
  In this day and age? Hardly. Not when the virus writer got around a blocking attempt by including a 75k data file right in the virus itself.
11. Re:Could it be hijacked... by Anonymous Coward · 2009-01-24 23:08 · Score: 0
  
  The virus should have been signed by microsoft before it was installed in the first place, so I don't think code signing is that big of a problem.
  (unless the virus author implemented it a lot better than microsoft did)
I.e., when will people stop using Windows? by gunne · 2009-01-24 11:18 · Score: 1

That's what I thought the article was about when I read the headline...
1. Re:I.e., when will people stop using Windows? by Anonymous Coward · 2009-01-24 16:36 · Score: 0
  
  when linux or apple can get it right?
conficker - conflicker - downadup by e**(i+pi)-1 · 2009-01-24 11:19 · Score: 1

"The Downadup worm - also called Conflicker - has now infected an estimated 10 million PCs worldwide,

Ashamed of being fucked with, victims call "conficker" now "conflicker" or with the euphemism "downadup". It does not matter, it all adds up down there if you are screwed with.
The sick truth. by Anonymous Coward · 2009-01-24 11:21 · Score: -1, Flamebait

I am an ex-Linuxer, If Linux was used more it would get viruses too. That aside, whoever wrote this virus/worm should get Gitmo, and yes, McCain/Palin in 2013 will reopen it to teach morbidly obese nerds in their basement not to write viruses. This is cyberwar and they should have an example set to them. If we were a proper country like Soviet Russia they would get the Siberian wolf blowjob by now.
1. Re:The sick truth. by couchslug · 2009-01-24 11:29 · Score: 4, Funny
  
  "If we were a proper country like Soviet Russia they would get the Siberian wolf blowjob by now."
  Thanks to the internet, not only do I know that for some people that would not be a punishment,
  but that others wish they were the wolf.
  
  --
  "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
2. Re:The sick truth. by pxlmusic · 2009-01-24 11:30 · Score: 1
  
  3/10
  
  --
  "If for any reason you're not satisfied with our service, I hate you."
3. Re:The sick truth. by Anonymous Coward · 2009-01-24 11:51 · Score: 0
  
  Creating a virus could be like finding x > 0 such that f(x) = 0 where
  f(x) = sin(log(x)) [Windows]
  f(x) = 1 [Linux].
  I.e. it might not always be possible.
4. Re:The sick truth. by Baseclass · 2009-01-24 12:11 · Score: 1
  
  Uh huh, sure you are.
  
  If you were truly a Linux power user, then you'd know that the Linux/UNIX security model is not conducive to the spread of viruses since any program attempting to modify system files would require root access first.
  
  --
  ^^vv<><>BA
5. Re:The sick truth. by Breakfast+Pants · 2009-01-24 12:21 · Score: 1
  
  Moot point unless the only way you do anything as root is through a shell in one of the virtual terminalsor xdm. If you ever give your root password in a logged in X session, or as your user (su or sudo) your machine can be compromised. su, bash, etc. can all be replaced with sinister versions, and the next time you su to root, your password is captured.
  
  --
  
  --
  
  WHO ATE MY BREAKFAST PANTS?
6. Re:The sick truth. by Baseclass · 2009-01-24 12:32 · Score: 0
  
  I never said Linux couldn't be compromised, alas, I routinely need to install security patches because new exploits are discovered all the time.
  
  What I said was "the Linux/UNIX security model is not conducive to the spread of viruses". Getting rooted locally is quite a bit different then spreading viruses to other Linux machines that would also need to be exploited for the virus to get root access.
  
  --
  ^^vv<><>BA
7. Re:The sick truth. by Atlantis-Rising · 2009-01-24 13:00 · Score: 1
  
  And yet, the exact same security model is present in Windows Vista- users need to provide an administrative password to elevate security privileges for a process that requires administrator-level access, or, even if you are logged in as administrator, you need to provide confirmation to conduct administrator-flagged actions.
  This is the premise behind Vista's UAC.
  Notice how universally it is panned as being useless, despite being exactly the type of security model you advocate?
  
  --
  "It is possible to commit no errors and still lose. That is not a weakness. That is life." -Peak Performance
8. Re:The sick truth. by techno-vampire · 2009-01-24 13:37 · Score: 1
  
  Notice how universally it is panned as being useless, despite being exactly the type of security model you advocate?
  I've never had to deal with it, and as I don't "do" Windows, I probably never will. However, I get the impression that Vista's UAC is hated because it pops up that dialog for every, single, solitary change that's made while you're installing a program, even though you've already given the Administrator password. And, while I'm thinking of it, UAC may be based on the Linux security model, but it's certainly not a copy of it. In Linux, you give the password once, when the installation program starts, and and that's all the authorization needed. I've done system updates with forty or more packages being downloaded and installed, with old versions removed, and except for checking with me to make sure that I want it to go ahead (It asks me once, and once only, for the entire transaction.) It Just Works.
  
  --
  Good, inexpensive web hosting
9. Re:The sick truth. by Anonymous Coward · 2009-01-24 13:47 · Score: 0
  
  I don't remember Linux asking confirmation for every root-user action.
  Try again next week.
10. Re:The sick truth. by Anonymous Coward · 2009-01-24 14:04 · Score: 0
  
  Yup, it's effectively modeled on the "su" principle, but as you say it requests frequently rather than once per session/task or for say a timed period. The trouble is, as you say, it pops up so often it's actually more counter productive than useful.
  It's the first thing i disable, i don't enjoy it asking me twice for every minor change i do. I'll take the risks without it.
  Not only that, 90% of typical users do not want to be pestered all the time; they just want to use the damn computer..
11. Re:The sick truth. by drsmithy · 2009-01-24 14:46 · Score: 1
  
  If you were truly a Linux power user, then you'd know that the Linux/UNIX security model is not conducive to the spread of viruses since any program attempting to modify system files would require root access first.
  There's not much the average virus needs to do that requires "modifying system files".
  It's not the "security model" that's non-conducive to viruses spreading in Linux, it's the users.
12. Re:The sick truth. by Baseclass · 2009-01-24 16:33 · Score: 1
  
  Fail. Although Linux users are indeed generally more educated on the finer points of computing, there seems to be this persistent myth that Linux doesn't get viruses because it has such a small user base. Linux servers control a major portion of www. If those aren't prime targets then what is? Plain and simple, the Linux security model is superior.
  
  --
  ^^vv<><>BA
13. Re:The sick truth. by Anonymous Coward · 2009-01-24 16:44 · Score: 0
  
  Thanks to the internet, not only do I know that for some people that would not be a punishment,
  but that others wish they were the wolf.
  Well done. You've also just answered why 2/3 of Americans without broadband don't want it.
14. Re:The sick truth. by Atlantis-Rising · 2009-01-24 22:08 · Score: 1
  
  UAC does exactly what it is supposed to do- it pops an elevation prompt for every process that requires elevation. As far as I'm aware, you can't 'chain' processes (although whether or not you should be able to, IMNSHO, is debatable.)
  Things like requiring UAC confirmation to do things like delete certain desktop shortcuts? Probably not terribly useful if you're the user, but perfectly understandable in the security context. Those shortcuts are not located in the user's home folder, but in a common home folder the user does not have access to that places them on all user's desktops. Accessing that common folder requires elevation because it messes with all the users on the system.
  That said, if your system is properly configured, you shouldn't run into UAC prompts at most more than once or twice on an average day.
  The problem, as you say, is that 90% of typical users want to just use the computer. Which is why the typical user's computer is infested with crap; they don't care about security, and never will. The resulting mess is not so much the fault of the operating system, which does its best to warn the user (and which the user then dutifully goes ahead and ignores) but the fault of the user.
  Like this worm, for example- a security vulnerability for which a security patch was made available months ago. Any user who is still vulnerable is vulnerable because of their own lack of action.
  
  --
  "It is possible to commit no errors and still lose. That is not a weakness. That is life." -Peak Performance
15. Re:The sick truth. by Rockoon · 2009-01-24 22:24 · Score: 1
  
  What makes you think that a virus requires root access, or needs to modify system files?
  
  You have drunk some fairly ignorant koolaid, it seems.
  
  ..and before you go on that a virus can't do much to harm your system if it doesnt have root..
  The modern virus doesn't try to harm your system. Usualy they try to harm other peoples systems, or fill other peoples e-mail boxes and other such stuff, by using your system and network connection. They can do this using programs and services that your regular account has full rights to access and leverage, be it linux, windows, or os/x.
  
  The idea that this security model is somehow preventative is completely ignorant. You get these viruses by being stupid, and they don't need root privlidges for that. The odds are that if you are stupid you are going to give 'em the keys to the kingdom anyways, not that they need it.
  
  --
  "His name was James Damore."
16. Re:The sick truth. by drsmithy · 2009-01-25 00:16 · Score: 1
  
  Fail. Although Linux users are indeed generally more educated on the finer points of computing, there seems to be this persistent myth that Linux doesn't get viruses because it has such a small user base.
  That is an important factor. However, by far the biggest reason is - as I said - because Linux users don't represent anything like the exploitability as Windows users.
  It's not because there are fewer of them - although that certainly plays a non-trivial part - it's because Linux users are far (*FAR*) less likely to let a virus into their system, either by leaving known security holes unpatched, or by the more common method of being socially engineered into executing it.
  Linux servers control a major portion of www. If those aren't prime targets then what is?
  Desktop PCs run by ignorant end users outnumber Linux servers tens of thousands to one. Why would you try to aim a virus whose success is largely predicated on a low level of knowledge and experience from the victim, at systems run by seasoned professionals ?
  Or, to put it another way, not only will you be able to exploit something like 50,000+ desktop PCs to every web server, when you do exploit the average desktop PC, chances are extremely low it will ever be detected, so you basically have the run of the machine. However, if you exploit the average web server, chances are extremely high your intrusion will be detected and fixed within a matter of hours or days.
  Plain and simple, the Linux security model is superior.
  The classic UNIX security model (as used by most Linux installs) is demonstrably inferior to Windows NT's.
17. Re:The sick truth. by Super_Z · 2009-01-25 05:13 · Score: 1
  
  . They can do this using programs and services that your regular account has full rights to access and leverage, be it linux, windows, or os/x.
  In order for a 'virus' to work, it has to inject code into a binary or a script. The parents point is that a regular account does *not* have write-rights to any of the programs and services he uses.
18. Re:The sick truth. by Super_Z · 2009-01-25 05:20 · Score: 1
  
  The classic UNIX security model (as used by most Linux installs) is demonstrably inferior to Windows NT's.
  Given the lacklustre security history of NT servers and desktops, the world eagerly awaits your demonstration.
19. Re:The sick truth. by the_B0fh · 2009-01-25 05:40 · Score: 1
  
  You know, as a guy who learnt to install solaris before he learnt to install windows 3.1, and a linux user since 1995, and openbsd sine 1997 or so, I count myself as a pretty knowledgeable unix person.
  And it makes me cringe everytime I see some newbie spout these lines.
  Here are some facts to enlighten you:
  1) The Morris worm did not run on windows.
  2) Dr. Cohen, you know, the guy who did the original research on computer viruses, did his research on unix and vms.
  Now, I will grant you that the situation has improved since then, but certainly not to the extent that you're now treating it as snake oil - no, UNIX will not fix everything and make you coffee as well.
20. Re:The sick truth. by drsmithy · 2009-01-25 06:07 · Score: 1
  
  Given the lacklustre security history of NT servers and desktops, the world eagerly awaits your demonstration.
  Per-user ACLs vs User/Group/Other.
  All OS objects have ACLs, vs applying permissions only via filesystem abstractions.
  Superuser vs none.
21. Re:The sick truth. by Baseclass · 2009-01-25 08:22 · Score: 1
  
  Newbie huh? I work in information security at a fortune 100 company. I manage 1000 Solaris 10 servers and have been running Linux (Slackware) exclusively for nearly a decade.
  Sure, Linux viruses do in fact exist. Are they widespread? No they are not, because they are not easily spread to other Linux boxes.
  
  FYI, worms and a viruses are not the same thing. Although Linux worms are also uncommon.
  
  --
  ^^vv<><>BA
22. Re:The sick truth. by Anonymous Coward · 2009-01-25 08:46 · Score: 0
  
  So what is a "Siberian wolf blowjob" then? I googled the phrase and your comment was the only result.
23. Re:The sick truth. by the_B0fh · 2009-01-25 10:00 · Score: 1
  
  Yup, newbie. If you can't even take the time to read Dr. Cohen's PhD dissertation to understand why the "security model" you were talking about did not work (and what has changed to reduce that issue in recent years), but instead tell me that you manage 1000 servers and so on, you're a newbie or a pfy. Working in a F100 company in security is not such a big fucking deal, I have that on my resume too, 5 years of that shit. So what?
  And I understand the differences between worms and viruses. But you're splitting hairs.
24. Re:The sick truth. by Cro+Magnon · 2009-01-26 03:17 · Score: 1
  
  The NT kernel might have better security than Unix, but none of that is available to most NT users (pre-Vista). I don't know about XP Pro, but XP Home has very limited flexibility for permissions.
  
  --
  Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Thank you Mickeysoft! by Anonymous Coward · 2009-01-24 11:22 · Score: -1, Redundant

And a big FUCK YOU to you too!
Technical examination by Prune · 2009-01-24 11:36 · Score: 5, Informative

There's a more technical examination of the virus at https://forums.symantec.com/t5/Malicious-Code/Downadup-Small-Improvements-Yield-Big-Returns/ba-p/381717

--
"Politicians and diapers must be changed often, and for the same reason."
AIDS figures by Anonymous Coward · 2009-01-24 11:58 · Score: 1, Informative

You mean Africa, with 20% of population infected with AIDS.
Taiwan has 0.1% of population infected.
This computer worm is indeed trickly. It inserts code via vulnerabilities, guesses passwords, spreads via domains if possible, and so on.
Downadup vs Morris - which one will prevail?
Round One, Fight!
1. Re:AIDS figures by Jerry+Smith · 2009-01-24 20:45 · Score: 1
  
  You mean Africa, with 20% of population infected with AIDS.
  Taiwan has 0.1% of population infected.
  Untrue, http://www.washingtonpost.com/wp-dyn/content/article/2006/04/05/AR2006040502517.html False positives play a rather big part in this money-hugging world. Same goes for the AV-world, that recently has been shaken up by the news from Intego that a critical worm has appeared for OS X. They're all in it for the money. The end-user is not important, they are just expected to pay.
  
  --
  All those moments will be lost in time, like tears in rain. Time to die.
Microsoft... by ConceptJunkie · 2009-01-24 11:59 · Score: 4, Insightful

"From where do you want to get pwned today?"
It's 2009... I can't believe we're still dealing with this crap in 2009.

--
You are in a maze of twisty little passages, all alike.
1. Re:Microsoft... by Anonymous Coward · 2009-01-24 13:09 · Score: -1, Flamebait
  
  "From where do you want to get pwned today?"
  It's 2009... I can't believe we're still dealing with this crap in 2009.
  Nothing will change until Microsoft execs face jail time for putting out such crap.
2. Re:Microsoft... by ConceptJunkie · 2009-01-24 13:42 · Score: 1
  
  Well, since the DoJ (as well as Congress) is their bitch, no one at Microsoft will ever suffer for anything the company does.
  
  --
  You are in a maze of twisty little passages, all alike.
3. Re:Microsoft... by GF678 · 2009-01-24 14:28 · Score: 1
  
  It's 2009... I can't believe we're still dealing with this crap in 2009.
  What makes 2009 a special year?
  Worms like this are so valuable to organized crime that they cannot be stopped entirely. Particularly since this has all happened due to social engineering rather than technical reasons (ie. people not updating Windows for a variety of reasons).
4. Re:Microsoft... by drsmithy · 2009-01-24 14:47 · Score: 1
  
  It's 2009... I can't believe we're still dealing with this crap in 2009.
  "We" will be dealing with it so long as ignorant end users can execute arbitrary code.
5. Re:Microsoft... by bit01 · 2009-01-24 16:37 · Score: 1
  
  "We" will be dealing with it so long as ignorant end users can execute arbitrary code.
  "We" will still be dealing with it, and have been dealing with it for decades, until certain companies start designing their software for their intended audience, rather than some fictional perfect being that never makes a mistakes.
  ---
  "It is difficult to get a man to understand something when his job depends on not understanding it." - Upton Sinclair
6. Re:Microsoft... by symbolset · 2009-01-24 18:24 · Score: 1
  
  What makes 2009 a special year?
  Why, it's the year Antivirus 2009 was released, of course!
  
  --
  Help stamp out iliturcy.
7. Re:Microsoft... by Wildclaw · 2009-01-24 22:36 · Score: 1
  
  Correction. We will be dealing with it so long as we keep using a heavily outdated rights system where programs have the same rights as the user executing the program.
  Modern OS security is based around mainframes and coorporate networks running a few programs from trusted sources. This has proven to be a complete failure, because there is very often a need or want to run programs from less trusted sources. And even those programs that are considered trusted can cause serious problems if they have bugs that can exploited.
  Blaming the ignorant end users is just bad form, when even a power user like myself feel uneasy every time I install a new application. And, no. Not having system rights doesn't help. My personal files are just as important as the system and they are always exposed to bad software. I actually take extra security measures using sandboxie to sandbox many of the less trusted programs that I run, but it is not really a smooth process, and not something you can expect an end user to do.
8. Re:Microsoft... by drsmithy · 2009-01-25 07:52 · Score: 1
  
  "We" will still be dealing with it, and have been dealing with it for decades, until certain companies start designing their software for their intended audience, rather than some fictional perfect being that never makes a mistakes.
  I'm not aware of any company designing its software to be resistant to end user ignorance.
9. Re:Microsoft... by drsmithy · 2009-01-25 07:55 · Score: 1
  
  Correction. We will be dealing with it so long as we keep using a heavily outdated rights system where programs have the same rights as the user executing the program.
  Limiting the rights of applications won't help, because lazy developers will just configure the system during installation so their application can do anything it wants.
  Exhibit A: Windows applications needing Administrator privileges. It's been over a decade since the necessary infrastructure was in place to deprecate this, yet *still* applications are released today that must be run as Admin for no good reason.
  Blaming the ignorant end users is just bad form [...]
  I'm not blaming them - "ignorant" is an assessment of their knowledge, not their intelligence. So long as you want the ignorant end users - ie: end users who lack the knowledge and/or experience to make good decisions - to be able to decide what a given program can and can't do, then malicious programs have a trivially-exploited entry point into the system.
Re: Downadup Worm â" When Will the Next Shoe by Anonymous Coward · 2009-01-24 11:59 · Score: 0

I wasn't aware that worms wore shoes. Lucky this thing isn't a centipede, or worse a millipede. We'd never hear the end of those other shoes dropping if it were!
it's my worm by Errtu76 · 2009-01-24 11:59 · Score: 1

And I'm using it to 'infect' their pc's with Linux. It'll stop all future virii as well as creating a wave of happiness. Dark purposes, it's all how you look at it. Sure they'll hate me for a while, but then they'll love me and i'll reveal my identity and be a hero!
1. Re:it's my worm by nathan.fulton · 2009-01-24 12:07 · Score: 2, Funny
  
  I knew it! Those linux folks are all virus writers! They even infect the copyright system with their dirty viruses!
2. Re:it's my worm by Eudial · 2009-01-24 12:17 · Score: 1
  
  And I'm using it to 'infect' their pc's with Linux. It'll stop all future virii as well as creating a wave of happiness. Dark purposes, it's all how you look at it. Sure they'll hate me for a while, but then they'll love me and i'll reveal my identity and be a hero!
  Here I was hoping the virus would start correcting the spelling in you tube comments. Maybe the next virus that comes along will realize my grammar nazi utopia, then...
  
  --
  GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
3. Re:it's my worm by El_Oscuro · 2009-01-24 12:31 · Score: 1
  Rent a bot net with the worm on it.
  
  Instruct each zombie to Bittorent and install Wubi.
  
  ???
  
  Profit!
  --
  "Be grateful for what you have. You may never know when you may lose it."
A small niggle... by rickb928 · 2009-01-24 12:10 · Score: 3, Interesting

But it's "Ukraine", not "The Ukraine".
At least, that's what Ukrainians say.
Just sayin... And that's what the Ukrainian rocket scientist I know says also.

--
deleting the extra space after periods so i can stay relevant, yeah.
1. Re:A small niggle... by Cyberax · 2009-01-24 12:34 · Score: 1
  
  Don't worry. Ukraine is going to split into several parts real soon or at least become a federation. And then you'll be able to call it "the Ukraine" again. :)
2. Re:A small niggle... by feelbad_feelsgood · 2009-01-24 13:11 · Score: 2, Interesting
  
  If you wonder why people (esp. Americans) insist on referring to Ukraine as "The Ukraine," I believe the answer lies with the Parker Bros. board game "Risk". Their wikipedia entry http://en.wikipedia.org/wiki/Risk_(game)#Territories doesn't say this, but I'm pretty sure older boards had a space that was not called Ukraine, but "The Ukraine". Corroboration from Seinfeld: http://www.seinfeldscripts.com/TheLabelMaker.html If you're wondering if Americans learned geography from any source more reliable than a board game, well, you already know the answer.
3. Re:A small niggle... by rickb928 · 2009-01-24 14:41 · Score: 1
  
  I knew where Ukraine was before I knew about Risk.
  American public education wasn't always such a failure.
  
  --
  deleting the extra space after periods so i can stay relevant, yeah.
4. Re:A small niggle... by Anonymous Coward · 2009-01-24 17:08 · Score: 0
  
  Both are considered correct in English.
  Russia isn't called Russia by the Russians either, are you going to call us on that?
5. Re:A small niggle... by gwbennett · 2009-01-24 19:33 · Score: 0
  
  Wait... I thought it was "The Ukraine and everywhere like Such As.." Are you telling me my MAP is wrong??
  
  --
  Where is this free beer everyone on Slashdot keeps talking about?
6. Re:A small niggle... by feepness · 2009-01-24 19:58 · Score: 1
  
  I like how someone claims that ignorant people (esp. Americans) get their information from a board game, and then corroborates it by linking to Seinfeld.
  
  Oh my sweet irony.
7. Re:A small niggle... by Anonymous Coward · 2009-01-24 20:59 · Score: 0
  
  yeah, that's right, i'm ukrainian and i can confirm this
8. Re:A small niggle... by plisskin · 2009-01-25 02:27 · Score: 1
  
  I always guessed it was Britain's fault. People say "The UK" which makes sense. The UK and The Ukraine both have identical sounds so Ukraine was retrofitted with "The" I know I've said The Ukraine in the past and I have never played Risk until just a few weeks ago.
The zookeeper says: ... by Savage-Rabbit · 2009-01-24 12:16 · Score: 1

Windows is actually far more secure than Linux. Get the facts, people.
... Please don't feed the trolls.

--
Only to idiots, are orders laws.
-- Henning von Tresckow
1. Re:The zookeeper says: ... by troll8901 · 2009-01-24 18:45 · Score: 1
  
  ... Please don't feed the trolls.
  I'm hungry, you insensitive clod!
  Actually, most of us make jokes on the troll's expense.
  You've switched off your "karma bonus" option, haven't you? You deserve a +3 in your past articles. They're pretty good and well-researched, if a bit heavy to read.
Remove it script? by brxndxn · 2009-01-24 12:32 · Score: 1

Where do I go to get a script that searches for it and removes it?
I'm sure I have coworkers that need this removed from their computers at work..

--
--- We need more Ron Paul!
1. Re:Remove it script? by anss123 · 2009-01-24 12:47 · Score: 1
  
  I'm sure I have coworkers that need this removed from their computers at work../quote The hole the virus exploits was closed last year, before Conflicker started spreading, so if your company machines are up to date they should be safe. Microsoft also has a "malicious Software Removal tool" that can remove the virus.
2. Re:Remove it script? by techno-vampire · 2009-01-24 13:45 · Score: 2, Funny
  
  Microsoft also has a "malicious Software Removal tool"
  Is that a tool for removing malicious software, or a malicious tool for removing software? Enquiring minds want to know!
  
  --
  Good, inexpensive web hosting
3. Re:Remove it script? by transporter_ii · 2009-01-24 14:18 · Score: 2, Informative
  
  bleepingcomputer.com - combofix.exe. Used this at work to remove it from multiple laptops. Works good and didn't have any trouble with it. Leave the USB thumb drive in while you run it, and it will clean the infection from it as well.
  
  --
  Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
4. Re:Remove it script? by InsertWittyNameHere · 2009-01-24 14:43 · Score: 1
  
  After running that so called malicious software removal tool, it recommends you run another antivirus program... so save yourself some time and just run an antivirus program to begin with...
So when.. by Arafel65 · 2009-01-24 12:39 · Score: 1

Is the movie coming out?
Complacency is a disease by David+Gerard · 2009-01-24 12:39 · Score: 4, Funny

A computer worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users blitheringly stupid enough to still think Windows is not ridiculously and unfixably insecure by design.
Despite many years' warnings that Microsoft regards security as a marketing problem and has only ever done the absolute minimum it can get away with, millions of users who click on any rubbish they see in the hope of pictures of female tennis stars having wardrobe malfunctions still fail to believe that taking Windows out on the Internet is like standing bent over in the street in downtown Gomorrah, naked, arse greased up and carrying a flashing neon sign saying "COME AND GET IT."
Microsoft cannot believe people have not applied the patch for the problem, just because they keep trying to use Windows Genuine Advantage to break legally-bought systems. "Don't they trust us?" asked marketing marketer Steve Ballmer.
Millions of smug Mac users and the four hundred smug Linux users pointed and laughed, having long given up trying to convince their Windows-using friends to see sense. "There's a reason the Unix system on Mac OS X is called Darwin," said appallingly smug Mac user Arty Phagge.
"It can't be stupid if everyone else runs it," said Windows user Joe Beleaguered, who had lost all his email, business files, MP3s and porn again. "Macs cost more than Windows PCs."
"Yes," said Phagge. "Yes, they do."
Ubuntu Linux developer Hiram Nerdboy frantically tried to get our attention about something or other, but we can't say we care.

--
http://rocknerd.co.uk
1. Re:Complacency is a disease by Anonymous Coward · 2009-01-24 17:38 · Score: 0
  
  Wow, lame.
Get a Mac by Anonymous Coward · 2009-01-24 12:49 · Score: 0, Flamebait

Just get a Mac already. Seriously.
Don't be so down. by Anonymous Coward · 2009-01-24 13:07 · Score: 0

the worm is capable of downloading second-stage code for darker purposes.
Don't be so down. On the up side, it is also capable of downloading cheerfully singing chipmunks.
Yeah heteroculture! by Anonymous Coward · 2009-01-24 13:40 · Score: 0

I think the parent just dissed homoculture. No pun intended, mentioning "parent" in this sentence.

Seriously, to continue the metaphor, mixed environments may be safer for the herd, but it still sucks if YOUR family gets stricken, even if for the greater good.
The facts ma'am, just the facts by Anonymous Coward · 2009-01-24 15:10 · Score: 0

Is that the site that compares smoking pot to shooting heroin?
Could we get a "duh!" tag? by Opportunist · 2009-01-24 15:14 · Score: 1

An infected system can be updated to get a more destructive payload. No, really? Now that's new, no worm or trojan ever did that before!
A compromised system is open for additional infections to be chosen by the one that compromised it. C'mon, people, at least you here should react with a "no shit, sherlock!"

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Just provide a SOLUTION please! by Anonymous Coward · 2009-01-24 15:31 · Score: 0

Every time we have something like this, there's a scream, a panic, a pity party. Hey, how about someone provides some SOLID information, like a reputable link to a means of checking and clearing YOUR system, a list of AV providers who have updated their detection. Otherwise you read this and you are left wondering and worrying. Maybe this should be a mandatory part of any such posting - here is "Problem A" or "Threat B" _and_ a link to how the flaming duck to check if you have it.
1. Re:Just provide a SOLUTION please! by Anonymous Coward · 2009-01-24 16:20 · Score: 0
  
  http://en.wikipedia.org/wiki/Downadup
  Also interesting: http://en.wikipedia.org/wiki/Autorun#The_AutoRun_disable_bug.
I've seen that for real by Charles+Dodgeson · 2009-01-24 17:08 · Score: 1

Back in the nineties, I encountered a worm whose payload was to steal cycles on machines to participate in one of the RSA factoring challenges. I got a call just as Christmas break started from someone at another university saying that someone on our network was trying to brute force machines on their net.
The culprit was a new SGI machine with a default root password that had been installed without the knowledge of anyone in the computer centre. When I checked to see what it was doing, it was (a) trying to spread itself, and (b) participating in a public RSA factoring challenge.

--
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
1. Re:I've seen that for real by HTH+NE1 · 2009-01-26 06:25 · Score: 1
  
  That reminds me of an SGI machine at a previous workplace that reportedly had been infected with a rootkit. I was to do a clean reinstall of the operating system with the hardware isolated from the net. Unfortunately, it became clear that the installer itself required connecting to the net to complete the installation. It was allowed a connection only for as long as necessary, and the system was installed and disconnected from the net.
  It still tested positive for a rootkit afterward.
  I never heard anything more about it.
  
  --
  Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
It simply does not matter! by erroneus · 2009-01-24 18:03 · Score: 4, Insightful

It doesn't matter how bad and unsafe Windows is. Microsoft Windows is like the air. People are going to keep breathing it no matter who farted in the room. People live in the most polluted places because that's where they live, that's where they work, that's where they play. I could tell you all day long about this other place... with clean air, that's safe, that's stable and all that... and most people might be intrigued but very few will vacation there and even fewer will actually move there. This is how people work.
Linux needs an Apple logo before the masses will move to it.
1. Re:It simply does not matter! by RAMMS+EIN · 2009-01-24 23:34 · Score: 2, Interesting
  
  Linux has a logo, and it's cute and cuddly, so I think that's all good. It's just nowhere to be seen.
  Computers (and embedded systems) coming with Linux carrying the penguin logo on their packaging, hardware that works with Linux and software that works with Linux (but what version of what distro?) carrying the penguin logo would be a start.
  The logo alone isn't enough. It would be great if it were out there, but people also need to know why they want it. Something like Compiz's spinning cubes works wonders here. The trick here is finding something that Linux does much better than the competition and that makes people go "wow" before their attention span runs out.
  And honestly, I think this is difficult. What I like about my distro of choice is that it lets me just _use_ my computer, without losing lots of time on maintenance. Updates, upgrades, software installation, hardware installation, it all Just Works. But how do you show that in 5 seconds and how many people will care, given that they probably virtually never do these things, anyway? The Worm of the Week doesn't bother me, but I think that goes for most people, too, even if their system does fall victim to it.
  Having said that, what really helps is raising awareness that there is a choice to be made. These days, you _can_ use a Mac and you _can_ run Linux or BSD, without isolating yourself from the rest of the computer-using world. And if you do, you will have to worry a lot less about the malicious software that is constantly attacking every computer on the Internet. If you choose Linux or BSD, you don't even have to buy a new computer. You can install it yourself or you can have your local wizkid do it for you. You can get free updates for life, you'll be free of artificial restrictions (you _can_ play the songs you bought on every device you own), and the effort of learning the new system doesn't have to be more than the effort of learning the next version of Windows.
  
  --
  Please correct me if I got my facts wrong.
2. Re:It simply does not matter! by erroneus · 2009-01-25 01:40 · Score: 1
  
  I'm sorry, by saying that short sentence, what I meant to actually say is that Linux would need to have marketing muscle, style and appeal similar to that of Apple before anyone notices Linux. IBM's commercials were a great start but they didn't keep it up.
3. Re:It simply does not matter! by mlwmohawk · 2009-01-25 02:14 · Score: 2, Interesting
  
  People live in the most polluted places because that's where they live, that's where they work, that's where they play.
  Within reason, of course. When there is no place to go, they stay. However, history shows that where there are alternatives, people migrate to cleaner/better environments. The Navaho and Anaszi would pack up and leave a whole city and build a new one. In the 1800s people flocked to the west for a better life. Europeans flocked to the Americas for a cleaner/better life.
4. Re:It simply does not matter! by Phil06 · 2009-01-25 10:52 · Score: 0
  
  BSD had an Apple logo, doesn't do much for them
  
  --
  "...and yet, I blame society" Duke - Repo Man
5. Re:It simply does not matter! by W2k · 2009-01-25 20:02 · Score: 1
  
  And honestly, I think this is difficult. What I like about my distro of choice is that it lets me just _use_ my computer, without losing lots of time on maintenance. Updates, upgrades, software installation, hardware installation, it all Just Works.
  I believe this is why many people use Windows, actually. You may be "fluent" in Linux, so that switching to any other OS would cause a big loss in productivity. But for others, myself included, it's the other way around. While I know enough Linux to find my way around in it, I keep getting annoyed by all the little things that are Just Different(TM). I spend nearly no time on maintaining Windows because I've gotten it running just like I want it already. And when it comes down to what I actually use my computer for - writing code, drawing graphics and playing games, mostly - there's really no practical advantage to switching anyway. And I don't do ideology when it comes to tech.
  
  --
  Quality, performance, value; you get only two, and you don't always get to pick.
6. Re:It simply does not matter! by W2k · 2009-01-25 23:19 · Score: 1
  
  Sorry for replying twice to the same post, but I forgot to reply to one thing.
  
  you _can_ play the songs you bought on every device you own
  It is simply not true that switching to Linux will free you from DRM restrictions on music. If you already own DRM restricted media that works on Windows, you'll need a player with DRM to play that on Linux. What on Linux can actually play DRM'd Windows Media or iTunes files? So switching to Linux would deny you access you your legally purchased music in this case.
  
  Second possibility is that you own no DRM restricted media. In that case switching to Linux will make no difference. Numerous players are available for virtually all types of non-DRM media for Linux as well as Windows. Of course, if you make the mistake of buying such crippled media, you will be in the same situation as above (won't play on Linux, might work on Windows).
  
  The third possible interpretation of your words is that using Linux will magically remove DRM restrictions on media. Citation needed! Nothing in Windows prevents you from doing whatever you want with legally purchased, DRM-free media. Linux has NO advantage over Windows here (except if you believe that the support for DRM in Windows somehow "bloats" the OS even if you don't use DRM'ed media, an argument unsupported by fact).
  
  --
  Quality, performance, value; you get only two, and you don't always get to pick.
7. Re:It simply does not matter! by Anonymous Coward · 2009-01-25 23:26 · Score: 0
  
  Linux needs an Apple logo before the masses will move to it.
  Doesn't it already have an Apple logo ... ?
  "Unlike its predecessors, Mac OS X is a Unix-based operating system (...)"
  "Linux (...) is a generic term referring to Unix-like computer operating systems"
  Both from wikipedia.org
8. Re:It simply does not matter! by RAMMS+EIN · 2009-01-26 08:19 · Score: 1
  
  ``> you _can_ play the songs you bought on every device you own
  It is simply not true that switching to Linux will free you from DRM restrictions on music. If you already own DRM restricted media that works on Windows, you'll need a player with DRM to play that on Linux.''
  You are right, of course. But what I was thinking is that no Linux distro I am aware of contains code specifically written to enforce others' DRM restrictions. And if your distro does, you can edit it out. I don't know if any version of Windows currently contains DRM-enforcing code, but I have been told Vista does. And you are not allowed to edit the code. So, it is conceivable that a current or future version of a proprietary operating system would disallow you to copy a file to your portable media player, whereas with Linux, you can do same just fine.
  ``The third possible interpretation of your words is that using Linux will magically remove DRM restrictions on media.''
  This is, of course, not the case. Nothing will magically remove DRM restrictions. What I meant is the inverse: that Windows does (or at least could) enforce restrictions that Linux doesn't. For example, a file might have a magic header that says "you are not allowed to copy me". This would have to be enforced, because, normally, you would be able to copy the file just like you can copy any other file. This is the sort of restriction that Linux doesn't have (assuming you have full control of the computer).
  
  --
  Please correct me if I got my facts wrong.
a SOLUTION by symbolset · 2009-01-24 18:33 · Score: 1

You can find a complete and total permanent fix here or here. There are other sources, but you get the picture. We're 23 years into this Microsoft Malware problem and it's only getting worse.
Any other answer you get to this question is completely bogus.

--
Help stamp out iliturcy.
2008: ~2 *mainstream* privilege escalations by Mathinker · 2009-01-24 19:07 · Score: 1

Did some research to try to quantify that "many"...
Based on a search at secunia.com there were a total of 10 Linux privilege escalation bugs reported for 2008.
Of those, 5 were in proprietary software packages for Linux: Acrobat Reader, MaxDB, Avaya, SSH Tectia Client, and Red Hat Enterprise Linux. Not interesting for ordinary desktop users.
Of the other 5, 1 was in KDE, so that wouldn't affect 100% of Linux users, let's be generous (the most popular free distros use Gnome) and say that's 50% of users.
Of the other 4, 1 seems to work on general Linux systems (sys_remap_file_pages() bug).
Of the other 3, 1 requires the USBLCD driver to be used or only gives group privilege escalation, 1 requires Intel G33 series or newer chipset, and 1 requires that the kernel is running as VMI guest on a x86 system. How many boxes does that cover? Not many, except perhaps for the Intel chipsets --- let's say another 50% (because I have no idea what market share Intel has).
So that's something like 2, maybe 2.5 bugs in all of 2008. Is that "many"? Matter of opinion.
Noscript by Don_dumb · 2009-01-24 21:22 · Score: 1

I can't believe people still haven't heard of Noscript
It (along with adblock plus) is the reason Firefox is the most secure browser.

--
If this were really happening, what would you think?
Noscript... by js_sebastian · 2009-01-24 21:45 · Score: 1

WARNING: dont click on this link, just copy the wget command to a shell. Dont say I didn't warn you...
I don't care. I don't let random pages execute scripts. In fact, I have a policy of strictly not enabling scripts on any page linked from slashdot...
'unpatched' my ass by pugugly · 2009-01-24 22:47 · Score: 1

I've just moved my sister over to Ubuntu after she got infected with this POS mess - We've been trying to clean her Windows partition for a week and a half now, and the damn thing seems to be just about unkillable.
The interesting thing is - I set up her PC, and at this point we have no idea how the damn thing got in. She *did* have automatic updates turned on, antivirus, doesn't own a USB key, spybot, ad aware, the whole nine yards, even unto having a secure password.
And at this point, it looks as if the windows partition will need reformatted and re-done from the ground up.
Whatever it used, it sure wasn't something patched in October of '08.
Pug

--
An Invisible Entity of Vast Power whose existence must be taken on faith alone: Liberal Media
1. Re:'unpatched' my ass by EastCoastSurfer · 2009-01-25 04:01 · Score: 1
  
  Having managed quite a few servers I have found that turning on automatic updates doesn't always work. Either it misses updates or just never does the automatic install no matter how many times you pick a time and tell it to.
Remove the link then. by HoppQ · 2009-01-24 23:16 · Score: 3, Insightful

If you're warning against clicking the link, don't include it in your own post. Thank you.

--
My sig will be released in 2015 third quarter. Rating pending.
No by bagsc · 2009-01-25 00:41 · Score: 1

THIS is a Dick Roll.

--
http://www.accountkiller.com/removal-requested
practice a little proper surf handling by couzei · 2009-01-25 03:12 · Score: 1

practice a little proper surf handling and you wont even need a anti virus software or spyware. Firefox scans downloads, and you can see the ftp origins anyways before you download it. Where you go what you do has a lot to do with protecting your PC, and antivirus programs are bloated and useless for the most part. Activate your drive logs and use SDfix or combo fix (http://www.myantispyware.com/2007/11/09/sdfix-free-trojan-remover-tool/ )if need be firefox has a little window that shows you all your cookies. If you don't want to relog on to all your accounts by deleting all your cookies...
What the mystic keeps pople using Windows? by alukin · 2009-01-25 03:28 · Score: 2, Interesting

Every time new virus or worm hits about half of PC world I wonder what the mystic keeps people using Windows. I think it is a kind of mental disaster that may be compared to drug addiction. Is it market inertia? Is it some kind of world domination conspiracy of American government? Or what it could be? People think that worms and viruses are normal for any computer and no one from i.e. Apple of FOSS community do not bother to explain that viruses and worms can live only in Windows.
Who can explain why people still buying that piece of crap?
Dontchaknow by Anonymous Coward · 2009-01-25 06:12 · Score: 0

Fact: Did you know that if you haven't applied the patch then the worm exploits the service itself and no password cracking is required?
Did you know this isn't the first exploit on this service? Don't you think it's reasonable to expect there will be another one?
get the major isps to firewall it. by cheekyboy · 2009-01-25 16:36 · Score: 1

Surely the major isps which hold 99% of all users, could just block the ips/dns names/hosts that the bad guys use in eastern europe/russia.
Personally, unless you have friends in said country, I would firewall *ALL* of ips in said countries at the client/business level.
Is there a country based block configurator? or whitelist western countries only, if there was a simple gui app that did this for windows/linux/routers and made free, it would help a lot of users be protected.
Or the ISP could ask you on application of account - block all of russia/china/EastEU ?

--
Liberty freedom are no1, not dicks in suits.
Wrong name? by Muad'Dave · 2009-01-26 03:42 · Score: 1

Not to be a total pedantic ass, but isn't the name of the virus "Cornficker", not "CornFLicker"? Cornficker is bad enough, but I must say Cornflicker makes the mind reel...

--
Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
This thing is obnoxious. by Anonymous Coward · 2009-01-29 05:47 · Score: 0

I'm a local repair shop computer tech and I've seen this twice in the last 3 months. This virus is horrible to try and get rid of. So far no damage done to files, but note to anyone who is looking to remove it if gotten it part of the infection installs itself as a device driver for the machine. So enable hidden device drivers in the device manager and there will be one that sticks out under non-plug and play devices. I don't recall the name but it shows a .sys at the end which the others don't...