Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Hacked PCs Self-Destruct

Posted by timothy on from the fate-blesses-you-with-a-chance-to-reinstall dept.

An anonymous reader writes "From The Washington Post's Security Fix blog comes a tale that should make any Windows home user or system admin cringe. It seems the latest version of the Zeus Trojan ships with a command that will tell all infected systems to self-destruct. From the piece: 'Most security experts will tell you that while this so-called "nuclear option" is an available feature in some malware, it is hardly ever used. Disabling infected systems is counterproductive for attackers, who generally focus on hoovering as much personal and financial data as they can from the PCs they control. But try telling that to Roman Hüssy, a 21-year-old Swiss information technology expert, who last month witnessed a collection of more than 100,000 hacked Microsoft Windows systems tearing themselves apart at the command of their cyber criminal overlords.'"

26 of 418 comments (clear)

  1. Remember... by Archaemic · · Score: 5, Funny

    Hackers can turn your home computer INTO A BOMB

    1. Re:Remember... by Anonymous Coward · · Score: 5, Funny

      The article is slashdotted right now: are these malware authors calling the Windows self-destruct function, or did they roll their own?

    2. Re:Remember... by Killer+Orca · · Score: 5, Funny

      Great, between this and the looming threat of wireless routers, http://miscellanea.wellingtongrey.net/2007/05/27/the-truth-about-wireless-devices/ we're all doomed.

    3. Re:Remember... by TrebleMaker · · Score: 5, Funny

      Hackers can turn your home computer INTO A BOMB

      Yeah, let's see MacGyver do THAT!

      --
      In Soviet Russia a beowulf cluster of these things imagines you welcoming your new, neural-network overlords.
    4. Re:Remember... by Razalhague · · Score: 5, Funny

      Meh, MacGyver uses local exploits. It's a completely different matter to do it remotely.

    5. Re:Remember... by aetherworld · · Score: 5, Insightful

      Actually, telling people that hackers really can turn your computer into a bomb wasn't that bad an idea. At least people feared that possibility.

      Try telling a Windows user who hasn't updated his browser in almost 8 years that evil script kiddies can turn his machine into a spam relay. They won't care because they don't know what it means and what the implications are.

      I'm speaking from experience here...

    6. Re:Remember... by fredrik70 · · Score: 5, Funny

      OMG, that looks exactly like my wifi router back home! and my gf is working from home today!

      noes!

      --
      if (!signature) { throw std::runtime_error("No sig!"); }
    7. Re:Remember... by Shamenaught · · Score: 5, Funny

      Given the amount of porno on this machine, that'd be a dirty bomb :-O

      --
      mysql> SELECT * FROM `places` WHERE `place` LIKE 'home`; Empty set (0.00 sec)
    8. Re:Remember... by Lumpy · · Score: 5, Funny

      Only if you piss on it. You really need that urea to finish the explosives.

      how many people will stand up and piss all over the computer just because a pop-up tells them to?

      "Stand up and pee into your computer and enter to win $1,000,000!!!!!!"

      --
      Do not look at laser with remaining good eye.
  2. Hardly self-destruct by clickclickdrone · · Score: 5, Informative

    All it does is mess up the OS - the hardware is fine, hardly a 'nuclear option' or 'self-destruct'.

    --
    I want a list of atrocities done in your name - Recoil
    1. Re:Hardly self-destruct by wvmarle · · Score: 5, Insightful

      Try explaining that to Joe Sixpack. When Windows doesn't work for whatever reason, the computer is "broken" and needs to be taken to a shop for repair. They can not tell the difference between broken hardware or broken software (and software hick-ups may of course be caused by broken hardware that still mostly functions - it is not always that easy to tell, even by experts).

      Self-destruct is imho a very apt description.

      Maybe it should be used more. Then more people would feel the pain of being infected. Of those 100,000 computers I can not imagine they can actually use the data of more than a handful of people for serious crimes. All the rest of the people is not affected until the malware disables their computer.

    2. Re:Hardly self-destruct by Anonymous Coward · · Score: 5, Insightful

      When it leaves all your files intact.

      The thing whacks the registry. Hardly a "nuclear option"; all your files are intact. Running the repair tool off your install CD should fix this, or you can do a reinstall with "leave filesystem alone" option.

      I heard a Congressman once say, "reporters are fight promoters". If they keep overstating what's happening, we won't know how to really secure our machines.

    3. Re:Hardly self-destruct by Anachragnome · · Score: 5, Interesting

      It is far worse.

      A friend, just last night, showed me his highly-infected laptop (please, being serious here). Not only did he have one of those "Infect the "customer", then sell them a fake cure" scams, but he had what appeared to be an everyday Trojan, with one huge difference.

      It had created a hidden partition (I deduced this from HD size discrepency between reported size and actual), copied over enough "Windows" to run as a separate OS, then nuked his normal partition OS. When he reformatted, he wasn't paying attention (didn't know any better) and didn't delete that partition. The trojan was essentially maintained, right through a reformat (albeit, an incomplete one). It was an easy mistake to make considering how many Dell/Compaq built machines come with a separate 10-20GB partition that isn't always deleted on reformat, and for that reason the numbers for HD partition space don't always add up.

      Here is where the sneaky part comes in. They nuked his OS, right?

      NOW, after he thinks everything is groovy, he starts reinstalling applications, re-entering information and passwords and re-bookmarking sites. All while the trojan watches.

      THAT is what the "nuclear winter" is for in these cases, to lull the user into a false sense of security.

    4. Re:Hardly self-destruct by wvmarle · · Score: 5, Insightful

      It means a computer has become a commodity, an appliance, rather than a high-tech toy. And that in itself is a good thing. Joe Sixpack should not need to know how the internals of his computer work, just the basics. I do expect Joe Sixpack to know about Windows and preferably the existence of alternatives, about a hard disk and what it does and how big he should want it, what a processor speed roughly means and whether he would need 1GB or 2GB or 4GB of memory for his needs. I don't expect him to be able to install an operating system, hunt down drivers to make it all work, partition the hard disk in the process, care about whether it is NTFS or FAT or whatever, and be able to know what the information on a blue screen means. I don't know how the internals of my digital camera work, but I do know what the megapixel and zoom functions mean for example. But if there is a problem with it I go back to the shop.

      To add the obligatory car analogy: I don't know how an internal combustion engine works, but I do know what it means to have say a 1.6 diesel engine in your car. When something about the car is broken I call my garage, I'm not trying to have it fixed. I know I have to add fuel, have to check oil now and then (though in modern cars that's also less and less), and how to add water for the windscreen sprinklers (dunno how you call those things in English). That's enough.

      100 years ago you would have to be able to fix your own car: they were new technology, quite rare, and for a select audience only. Cars were technically simpler at the time which also helped a lot. The same for computers. 20 years ago we were working with DOS, people owning a computer and actually being able to use it could normally also install the OS, and do low-level operations. That is not necessary anymore.

      When a computer breaks down and can not start up anymore it is often NOT trivial to figure out what is wrong. An error message is not always caused by the direct error: some minor corruption in your video driver, and then the image on your screen starts playing up. Or is it really the monitor that is not good? It's not that easy.

      OK time to stop, I start rambling, I think the point is clear.

    5. Re:Hardly self-destruct by Huntr · · Score: 5, Insightful

      I don't know how to fix my car. I don't know how to fix my tv. I don't even know how to fix a lawn mower. If any of those break beyond something minor, someone else has to fix it for me. The computer is in the same niche for the vast majority of computer users.

    6. Re:Hardly self-destruct by MrMr · · Score: 5, Insightful

      Thanks for my favourite car analogy.
      Do we really allow everybody to take of in a 'commodity' car and cause uncontrolled damage?
      Or do we demand proof of a minimal level of control of the vehicle, and a good insurance if things go wrong?

    7. Re:Hardly self-destruct by plover · · Score: 5, Interesting

      Actually, by "normal use of a computer" your computer can indeed cause serious damage to other computers, or to property. That's what TFA is all about.

      Let's look at "normal use of a computer." And by "normal" I don't mean "geek normal", I mean "Joe Sixpack normal".

      Joe Sixpack goes to Best Buy and buys a computer. He doesn't spend the $50 for the anti-virus software ($50 a year? The hell I will!) or $50 for a firewall (I already pay the cable company for this blue box just like it), and he dismisses every single warning, checking the "don't show me this again" box because he didn't understand it the first time. And then he surfs to the porn sites. So what we'd consider reckless behavior is pretty much "normal use of a computer".

      There are no cops to give him a ticket for surfing on unsafe equipment, because it's not illegal. Nobody's going to protect him because he's not willing to pay extra for anti-virus. And we all know that his machine is going to be turned into a zombie within 15 minutes of connecting to the internet without a firewall.

      As far as the damage goes, his zombied computer may attack and infect others. The direct costs to Joe Sixpack may include PC troubleshooting and repair, loss of data, and dealing with the theft and abuse of personal banking information. Banks are held liable to cover any fraud losses that result, and they collectively spend billions annually. And for secondary effects, we know there have been suicides due to lost money and also due to computer harassment. I don't think you can simply say that a computer can't "hurt" anybody.

      ( And this isn't about assigning blame. There's plenty of that: Joe Sixpack may be as irresponsible as they come, and dumber than average. The malware writers are common thieves. Some operating system vendors sell Swiss cheese. And every vendor in the process is happy to take Joe's money without regard to the consequences to him. )

      If cars were as unregulated as computers, very few of us would safely return home on a daily basis.

      --
      John
  3. Re:All Versions of Windows affected by daid303 · · Score: 5, Funny

    You don't need any commands for that. Just let it run for a while.

  4. I can't wait to see.... by lordofthechia · · Score: 5, Funny

    The next "I'm a PC, I'm a Mac" commercial is gonna rule!

    Mac: Umm... PC.... why are you stabbing yourself repeatedly with that pen...

    --
    Georgia Tech, the leader in Chia(tm) technology.
  5. Upgrading the hard way by Virtually+Sane · · Score: 5, Funny

    The things Microsoft will do to make you upgrade to Vista :)

  6. Re:I hate to say it but... by arkhan_jg · · Score: 5, Informative

    This kind of destructive behaviour is what most ordinary people still associate with viruses; if it's not hosing the computer entirely, it's nothing to worry about. That they're partly responsible for the spam tsunami, and that their credit card details might be leaking all over the place, just simply doesn't seem to be on their radar.

    so they keep that 3 month trial of norton they got with the computer 3 years ago, and think they're safe because their computer hasn't blown up yet.

    Plus they have a remarkable tolerance for popups - the amount of pcs I get asked to look at because they're 'a bit slow' that are utterly riddled with spyware, maladware and a notification area that fills half the start bar, and are hitting swap space as soon as they boot up...

    --
    Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
  7. Re:I hate to say it but... by mcrbids · · Score: 5, Informative

    But if the trojan hoses the host PC along with all the family photographs and all the music they've paid good money for - ah, now that might actually make people realise that there's a problem.

    I take it you have no experience dealing with "the public" and computers. They get horked, they see weird popups, and have no idea that it's really unusual. It's all "black magic" to them, anyway, so they don't differentiate much between a "Are you sure you want to NNN" and "Sending bomb threat to Pres Obama" messages.

    If it has an OK button, they'll click on it to get it out of their face.

    Once, I was doing tech support, and the customer was complaining about a condition, and I was SURE that the instructions for how to fix the condition were being displayed to the end user, who adamantly denied it. I walked her through the process, step by step, and at the appropriate point, asked her if any warning box or anything showed up. She said she saw nothing.

    So I set up a remote desktop session, had the customer perform the software procedure again, slowly, so I could see what happened. She clicked slowly, step by step, and then, at the appropriate point, I saw a brief white flash before she told me that, once again, nothing had happened.

    So I told her to take her hand OFF THE MOUSE while I performed the sequence myself.

    This time, as expected, the dialog box popped up explaining what the problem was, and exactly what to do to fix it. When I asked if she'd ever seen it before, she said "Oh yeah, I just click OK whenever I see it". I pointed out to her the first sentence in the box, which was something like "WARNING: read this carefully or you will probably lose important data!". Somehow, "lose important data" was not the same as "Why isn't the program remembering what I typed?".

    And this was no idiot - she was a well trained, college/university graduated professional!

    There is lots of humor in society about the stupidity of the average Joe. Remember that, by definition, half of everybody is even dumber than that. Sad, when you think about it, huh?

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
  8. Re:Is physical destruction even possible? by Zapotek · · Score: 5, Informative

    There already are overclocking tools that do exactly that.
    Control the fans, the temperature threshold, cpu freq etc...
    I don't see why a worm or other malware can't do the same thing.

  9. Re:Auto destruct by noundi · · Score: 5, Funny

    Go home dad, you're drunk.

    --
    I am the lawn!
  10. Re:WTF by MrMr · · Score: 5, Funny

    The problem is the slashdotters are in an unresolvable emotional deadlock.
    Do we cheer for destroying 100000 infested Windows installations, or do rage at the crapware producers who make this possible...

  11. Re:I hate to say it but... by Bigjeff5 · · Score: 5, Funny

    And this was no idiot - she was a well trained, college/university graduated professional!

    Just pointing out that these two things are not mutually exclusive.

    Cheers!

    --
    Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller