Posted by
Roblimo
on from the who-opened-the-cage-door? dept.
Neil Andriessen writes "Wired has released a story that tells of how Bubbleboy is now in the wild. It was found on an unnamed Japanese website. The Bubbleboy virus was mentioned in this discussion on Slashdot. A patch is now available from Microsoft.
I wonder were it will go from here."
In essence, something like this would be a virus OS, rather than a conventional virus. Conventional viruses can be dealt with, but a virus OS is a much greater challange.
Soo... You're saying you're waiting for someone to write a smaller version of Win98??
Re:Dark side of the force (Re:what I'm wondering..
by
Troed
·
· Score: 1
I wrote a viruskiller on the good old Atari ST. Basically we just had the Ghost virus to deal with, but I made the viruskiller self-replicating in a better way than the virus itself could replicate so in the end I ended up with my killer "infecting" all my disks.
However, I guess I can look at the bright side. I've been worried, for a long time, that a virus writer would exploit file dead-space. There's plenty of room at the end of most binary files to tuck a routine or two, then all you'd need is a bootstrap and some way to re-assemble the fragments in the correct order. A trivial task.
But what about the "bootstrap"? The virus has to be started, and the code for that needs to be in a place where stuff is normally executed, and that's where virus scanners are looking. If you hide a virus too well, it never gets executed and is no virus at all.
--
The illegal we do immediately. The unconstitutional takes a little longer. --Henry Kissinger
OK, I know it was a joke, but really... There just isn't enough damage to an individual to warrant an action, class or not. On the other hand, the (Federal?) "Public Nuisance" legislation is designed explicitly to handle the case of, well, nuisances, who do a small amount of damage to a large number of people. A letter to your State Attorney, suggesting an encore for the anti-trust case, anyone? (:-) {- maybe???}
Re:Microsoft ultimately responsible for viruses
by
Tom+Christiansen
·
· Score: 2
The concepts of protection and security are relatively new concepts in the personal computer world.
First of all, that really depends on your definition of a personal computer. It seems clear that this means a computer used by one person, not merely a Wintel box. You yourself cite other non-Wintel PCs.
My first personal computer was a Sun-1, followed by a Microvax. I've since moved on to various brands of Sparc and Intel chips, but those are still mine and mine alone. And I assure you that they all run free anti-viral software loosely referred to as Unix.:-)
This was back in the early and mid-80s, and I don't ever recall there being any problem hooking one computer up to another as you mention. Certainly ethernet and ftp/telnet were easier than serial lines and uucp/uux, but it was hardly black magic.
If you want to discuss business computers, those too had operating systems once upon a time. I never had much fun with Sperry UNIVACs, HP 3000s, or MVS boxes, but you can't say that business has always been accustomed to the negligently insecure systems foisted upon them today.
Second of all, I'm not sure that this would be exculpatory. Just because Microsoft and Apple have inured or lulled hapless consumers into accepting an explosive situation would not appear to my mind to get them off the hook. Yes, it is a wonder that notions of security are not end. Anything else is madness.
Re:RSysadmins don't have unlimited time...
by
Wonko42
·
· Score: 2
Hehehe, silly sysadmin...
You think you'll have fewer problems with Netscape? Wow. Take a look at Netscape 4.7, why dontchya'. It's the biggest steaming pile of crap that's ever been dumped on the web. And if you think it'll be easier (much less more secure) than IE, ha, think again.
And as for Outlook...wouldn't it be much easier just to install the patch than to go install a new mailreader on a zillion machines and then educate everyone on how to use it? Besides, Outlook is by far the best mail-reader for corporate Windows-based environments.
Re:It isn't an antimicrosoft conspiracy
by
Tom+Christiansen
·
· Score: 2
Most computer users use Microsoft's products. Most virus writers will, therefor, statistically use Microsoft's products. Most virus writers will target systems with which they are familiar, which happens to be Microsoft's products. Thus, most virus/worm/trojan products target Microsoft products.
I see what you're saying, but I still think those who argue as you doing are playing right into the hands of the Evil Empire spin machine by turning a needlessly blind eye to the root cause of this situation: that Microsoft has negligently foisted off on endless droves of consumers a system which is fundamentally unsound insofar as security is concerned, that they did this knowingly, and that they continue to ignore the underlying cause of this tragedy with a neverending series of post-facto band-aids and duplicitous finger-pointing.
There just isn't enough damage to an individual to warrant an action, class or not.
Are you sure? Consider all money paid by people to buy and install anti-virus software plus all the costs associated with the damages caused by viruses. Once you prove that Microsoft knowingly negligent, then it seems that triple damages aren't far off. Even if you can't prove the knowingly part, there are still simple damages.
It was Microsoft's fault, so they need to cover the costs others have incurred because of them. It's as if a car manufacturer would they shipped a car with an insecure gas line. They'd have to pay to fix the problem, and any damages as well. And if it could be shown that they knew they were shipping such, boy, the feeding frenzy would not be a pretty sight.
Then again, if the menu were to feature Lord Bill's Evil Empire pummelled, diced, and stewed, this might be a pretty sight after all.
Just something to think about.:-)
Re:WARNING!!!!!!! INTERNET VIRUS
by
BurritoWarrior
·
· Score: 1
>Obviously you've only been using the Internet for >a few weeks (how are those 50 free hours holding >up?) so I'll do you a favor and fill you in.
Ah, childish comments. Bravo.
That aside, somehow posting the entire Good Times hoax, and then stating "ah yes. it's true what they say about fiction becoming reality. and we have microsoft to thank.:)" doesn't strike me as particularly 'insightful'.
Maybe I am wrong, but, to me, that looks like a post that has a great chance of confusing those readers that are less enlightened than yourself. Why do you think the Good Times hoax has ended up in your mailbox so many times? Literally, your post says "The Good Times virus is no longer fiction, but fact, thanks to MS". That is much different from "It is no longer true that you can't get a virus by simply reading an email." Things that are obvious to you, aren't obvious or even "fairly obvious" to others. I think it is wiser to write with specificity, and not make assumptions that the readership will be able to "read between your lines".
PS - Try to refrain from the immature little attacks in the future. Oops, gotta go, that "You've got mail" wav file just went off...
admire viruses for the right reasons...
by
stewart.hector
·
· Score: 1
people who write such viruses, are normally very good programmers and have a lot of knowledge about machine code and a pc's workings. You have to admire how much they can squeeze into such a small space of code
Unfortunately, Viruses authors are misguided, and just cause hassle for all. They would probably make good low level programmers
However, they do provide a market place... for norton, Mcaffee and the other companies who sell virus apps... so, in a way they do provide jobs for people... however, at the end of the day, there is no justification for making misery for people.
Instead of releasing viruses in to the wild, why not a "virus competition", that way they can show off to fellow virus writer geeks!!!!
Viruses will become more important during war time as well... hack into the enemies network, and put a virus on their networks.. much like Misilla (spelling) virus which can render machines to useless piles of metal by trashing the bios. Of course, you can also corrupt data as well as hard discs.
No I'm not justifying viruses.. but in a way, they can be useful... in the right conditions... and in some ways, you have to admire viruses for what they can do... viruses destructive nature is just stupid.. virus authors should grow up!
--
Re:what I'm wondering...
by
Anonymous Coward
·
· Score: 0
welcome back shill boy. It's good to see you ! I was wondering what happened to you since the big FoF came down. I missed your angry MS shill boy remarks. I thought maybe since your pithy little company has been declared an illegal monopoly that you gave up spamming us zealots. But alas..
Funny thing, if you MS lemmings weren't so full of hubris and bs I doubt that all of the tech savy people would have such disdain for you and your shamefull company. We would probably just ignore you instead of despising you.
Now...run along you pithy little troll boy... I'm sure you have much work to do
Re:This doesn't belong on slashdot
by
Tom+Christiansen
·
· Score: 2
I'd bet the majority of/. readers use MS at work and a Linux box at home.
Only the miserable ones stuck in a shitty job under inhuman conditions. Are you really telling me that you believe most people are so afflicted? God help them if they are so desperate as to put up with that kind of bullshit. If they're talented, they walk away from that kind of abuse. If they're not, oh well.
Now that you mention it, I guess in some senses my own situation is similar. It's just that I use Linux network at work (save for firewall etc, which are BSD), but at home am fortunate enough to use BSD for everything.:-)
Re:WARNING!!!!!!! INTERNET VIRUS
by
rebrane
·
· Score: 1
I don't think any intelligent reader, cogniscent of what the article was about, would misinterpret my post. I'm not going to worry about the idiot fringe who might misunderstand, and I'm not responsible for anything they might do because of misunderstanding (especially since reading the comments carries an implicit prerequisite of understanding the article). Bottom line, I'm not going to water my posts down so that they're `safe' for the lowest common denominator. As a side note: if you run valiantly to the defense of the lowest common denominator, don't be surprised when you're mistaken for one of them.
Ok, I understand your point. But it is more likely that the author was showing off the code and someone else published it. Instead of just going off and sending it to other people. s?he did the right thing to give it to the security agency first, so that if it gets out, then there will be a defense against it. The person is still a [h(cr)]acker, but with a conscience. Steven Rostedt
Good point. I found the previous message SEARCHING/. if somebody actually noted this. And it looks that nobody here is discussing how epidemics depend on population distribution. And market share is a BIG issue for MS now.
I thought everybody (on the media as well) would have discussed ages about how this splits the net in 2 (insecure and mostly safe) communities.
Perhaps IE has become the browser of choice for/.ers waiting for mozilla?
Re:Dark side of the force (Re:what I'm wondering..
by
Hanno
·
· Score: 1
"Fighting fire with fire - burning down the house."
This one is too late
by
Anonymous Coward
·
· Score: 0
This particular virus appeared too late. Microsoft has had a fix available for the particular exploit it uses for weeks now. Anybody who goes to Windows Update regularly and applies all critical security fixes as they become available is immune to it.
In fact, it's possible that this virus only exists because the exploit became known due to Microsoft's fix. Only people who don't use Windows Update are vulnerable.
So it's a sign that Microsoft is getting better, more proactive toward security issues. Not that a lot of the anti-Microsoft crowd will be overjoyed...
Re:This one is too late
by
Anonymous Coward
·
· Score: 0
*****Sheesh, what FUD! Yep. If you have a Windows machine that is running in Dork Mode ("Dork Mode" is defined as meaning that some putz has been in the registry editor screwing around without a clue) then it's dangerous to do anything with it. I know people who carry on endlessly about how "unstable" Windows is. Then you find out afterwards that they've applied their "expert" changes to it, because they "know how to tame windows." Putzes.******
Gee... what a surprise... a true MS shill answering a supposed FUD post with pure unadulterated MS homegrown FUD. A true MS fudster will always blame the many problems of windows on one of two things: 1) Bad hardware 2) A Bad sysadmin -note that a bad OS is never an option.
I agree it's good they got the patch out and all that. But I have two problems with what you're saying.
1. Going to Windows Update isn't always a really safe idea, I've seen a perfectly fine computer (or at least it seemed fine) go to Windows Update and come back a corrupted mess
2. This hole should never have happened in the first place. Okay, Java/VbScript enabled HTML mail should never have happened in the first place either.
All I'm saying is that MS should do a bit more thinking/research before they release potentially dangerous features into their software. This is not even close to the first time nor will it be the last time.
Re:This one is too late
by
Anonymous Coward
·
· Score: 0
Going to Windows Update isn't always a really safe idea, I've seen a perfectly fine computer (or at least it seemed fine) go to Windows Update and come back a corrupted mess
Sheesh, what FUD! Yep. If you have a Windows machine that is running in Dork Mode ("Dork Mode" is defined as meaning that some putz has been in the registry editor screwing around without a clue) then it's dangerous to do anything with it.
I know people who carry on endlessly about how "unstable" Windows is. Then you find out afterwards that they've applied their "expert" changes to it, because they "know how to tame windows." Putzes.
Re:Illegal to write a worm?
by
-brazil-
·
· Score: 1
Well, if its a worm, it spreads, and that spreading consumes resources - oten a lot of resources. This resource usage alone can be declared a crime. Still, if you spread a non-malicious virus and get caught, you'll usually be let off with a much lighter punishment.
--
The illegal we do immediately. The unconstitutional takes a little longer. --Henry Kissinger
Bad fixes.
by
Anonymous Coward
·
· Score: 0
It seems to me that every time a new virus comes out, a fix is quickly created. Patch after patch after patch is sent out and needed in order to keep safe. This reminds me of patching a house which is falling apart. Eventually, you'll have to just tear it down and start over. It's also a pain to re-install software since you have to install all the patches that are available (kind of like re-installing Win98 and having to then go to the Windows update page and download all those updates...although the same thing exists with Linux, you must install the MS updates while online...not fun on a 56k).
While this may seem less secure (you may be infected by a virus during the waiting period) maybe software developers should wait until enough fixes are needed and then release an entirely new version of the software. Now, this would really only work well if there were reliable uninstall procedures and you had a working files drive/partition and a system files/programs drive/partition.
Maybe I'm wrong. If you think so, why? Maybe I'm only partially wrong...could someone think of something better?
(I would log in but I'm not at home and haven't remembered my randomly-assigned/. password yet..)
(I wish/. posted comments in this courier/fixed width font.)
No, you aren't wrong. In fact, you're exactly right.
You have to treat the cause, not the symptoms. The viruses are the symptom. Microsoft's inability to design a robust, security-minded operating system is the cause. And installing one of the innumerable Linuces, a BSD, or various commerical Unixen (yes, those are bogoplurals:-) is the most cost-effective cure. It's difficult to imagine Microsoft ever escaping from the single-user ghetto mentality in which they have sequestered themselves for all these years.
Re:Bad fixes.
by
Anonymous Coward
·
· Score: 0
It reminds me of patching a Linux Kernel source tree.
Or maybe it reminds me of... A particulary patchy httpd we all know and love (the name "Apache" originated because in the early days it was literally a big wad of patches.)
Take a look at the assembler code for some older dos viruses (like stoned/monkey-B, AIDS, etc) you'll realize the complexity and be amazed at the fact that 150 bytes can destroy your system so silently and quickly.
(OT: do they still sell cd's of virus code anymore?)
Virii writers of old are the exploit writers of today, yes they sound childish and act like dipshits, but they are very smart people and should be respected, as they are responsible for a good deal of security advancements in today's computing world.
-Erik-
Re:what I'm wondering...
by
Anonymous Coward
·
· Score: 0
To protect against "Bubbleboy" you can also apply the security fixes available at the Windows Update website. They were available before Bubbleboy was set loose.
Carry on with your usual propaganda claiming Microsoft is always behind on protection from these things. They're becoming more proactive all the time.
Installed the patch - gee, now I'm safe!
by
Anonymous Coward
·
· Score: 0
My company has a stupid policy that we _must_ use outlook or I would move to a different client in no time.. But now the patch is installed and I for one feel soooo safe (sarcasm intended!)
Oh I know the old virii were complicated and clever, but todays macro virii etc, aren't, and shouldn't be "respected", and I doubt if the people writing them are half as clever as the old DOS/Amiga/ST virii writers.
Re:Eyedog
by
Anonymous Coward
·
· Score: 0
The fix was the prevent the control from ever loading in the first place. They didn't patch it.
Bubbleboy smubbleboy
by
Anonymous Coward
·
· Score: 0
this has been around for about 2 yrs, you haven't seen anything yet
Well Most of linux software is open source.. I know I dont get any closed source apps , and I know alot of people dont , so it would be harder to make a virii for linux.
Any recursively enumerable set of hunks of code can be checked for by a virus scanner, regardless of the size of those hunks of code. The code you describe is not too small for a virus scanner to search for, and is probably (these things can never be exact) unique enough not to conflict with existing code.
I recall this issue having come up in Phrack, in essays on "mutating" code. A way to make viruses "mutate," it was argued, would be to keep the main virus instructions "encrypted" (obfuscated, really), and wrap encryption/decryption code around that (usually this was very small XOR "encryption", not very large code at all). The problem was that a virus scanner could check for this encryption code and thus detect the virus. The same dillema would exist with bootstrapping code.
Doctors amputate Turkish earthquake survivor's arm [This story contains video]
Well, half seriously thinking about it, I figure you could make a case for $50 for the software. Then with time to download patches and the occasional damage done by the vir{us/es/ii/a/i/um/doh/take your pick} you could justify another $100-$200. So whose going to go through the hassle of a court case that will drag on for years (decades?). A lawyer wouldn't bother unless there was serious money at stake, which means at least 10^5 people. Who is going to find them all? Apathy alone will probably win for M$.
On the other hand, the government could use the public nuisance statutes to sue on behalf of everyone affected, with or without their permission. Let's see, that's $100 a pop (to be very conservative) times say 20 million (ditto) over say 5 years (again) for a total of $10 billion, again with tripple damages possible. I think the feds. might just be tempted. I'm sure some states (California, hint, hint) would. Like you said, just something to think about.
BTW, you *have* been busy on this thread, haven't you.:-)
All these viruses that take advantage of holes in MS products, are they being written just for the sake of writing a virus (a stupid occupation if ever I heard one) or are they specifically targetting MS products in order to speed up their downfall? It can't be doing the MS PR engine a lot of good to have to continously fix these "little glitches"...
Re:what I'm wondering...
by
Anonymous Coward
·
· Score: 0
Almost no one knows assembly these days, people stick to VB/Perl, even less people know exactly how OS works, and because of that they can understand only how macro-stuff works. And yes, guys who did poly- stuff are really smart, not that I support their activities though, but they deserve a credit.
And i'm just wondering when the last time you actually tried to uninstall IE4/5 from Windows 98 was.
You need Revenge of Mozilla. It completely removes IE from Win98, although you will need three files from later versions of Win95. Personally, I removed IE4 and then installed IE3. You get a good web browser, a fast and stable desktop without all the cheesy web integration, and IE3 provides the libraries needed to run Office 97. Win98 with Revenge of Mozilla is faster than Win95; without ROM it's much slower.
-- --
Ed Avis
ed@membled.com
Re:what I'm wondering...
by
Anonymous Coward
·
· Score: 0
Use your brain, man. Of course MS is going to represent the lion's share of virus targets. It is by FAR the most widely available OS out there, making it the most visible target. And what do virus writers want? Attention. If you want attention, you're not going to write a virus for an OS only 1% of the population uses. Not to mention the fact that most virus authors are probably Linux zealots who look for any chance to "stick it to The Man"
Re:what I'm wondering...
by
Carnage4Life
·
· Score: 1
Could it be because the so called technology press (especially at ZDNet) were among the first to fall to MSFT. They probably believe that it isn't possible to read email, view pictures or breathe without MSFT software.
If the virus writer wants to attack Unix, assembler and a knowledge of the OS is a must.
Ah, and precisely which assembly language would that be? I'd dearly love to see the machine language virus that someone is going to use to attack my Sparc/OpenBSD system, my PowerPC/MkLinux(Mach) system, and my Intel/Redhat system all at once. Even if they get over the extreme and proven hurdles that I, a mundane user, am not privileged enough to take pot shots at random bits of memory or disk, they still have dramatically different kernels and instruction sets to contend with. It's not just inherent security keeping the script kiddies out of our recta.
Even if we were the idiots in Unix the way they are in slobbering consumerist MicroAppleSoft-land--and as some predict will inevitably occur if we `win'-- our hybrid vigor makes us strong. Their monoculture is an accident waiting to happen. And happen. And happen.
Apple figured this out, and are moving to a BSD platform. I've played with it, and it's nifty.
Wrong, contrary to what Microsoft tells you (or told the judge at the trial for that matter), it is quite trivial to completely remove I.E. from Win98. See the above post by Ed Davis to find the software to do it.
I used the original Revenge of Mozilla and ran Win98 with I.E. 3.02 instead of 4.
I don't agree. I think its not the attention that brings these particular brands of viruses (virii?).
You were right the first time. The answer to your question is that in English, it's viruses. Pretentious pseudo-intellectual script kiddies cursed with "3133t"-speak are prone to using whimsically invented forms, either out of out of ignorance or playful "k3w1ness".
But lest you think these people peculiar in this, notice please how virtually every definable sub-group delights in forming their own invented jargon, and that these sociopaths (crackers) are no different in this regard. Why? Because an "in-speak" serves to separate the "them" from the "us". Anybody who thinks about it for half a second can come up with numerous examples in each of the discrete groups that they belong to. It's just something that we humans do. We like to know who's who, and who's not. It's part of defining the sub-group. The use of the k3w1t0k (yes, that word is an autolog:-) *virii is one such marker.
the fact that MS left the door wide open that keeps these 'viruses' circulating
Bingo! That's exactly right. Microsoft is guilty of selling a system that they know is designed to be easy for anybody to blow up. It is missing the customary and expected safety mechanisms that have been common knowledge for several decades now. I'd like to see Ford Motors get away with this sort of complete negligence. I wish as many people were as upset with the utterly unreliable crapware (speaking of subgroup-specific neologisms:-) that Microsoft keeps foisting off on the public as so many of us are with the monopoly problem.
Ah, and precisely which assembly language would that be?
There is truth in that. No matter what, the virus would fail on some percentage of the machines attacked due to being for the wrong archetecture/instruction set. That would make things much harder for them. So far, only 'THE WORM' has gotten around that problem to my knowledge.
Re:what I'm wondering...
by
Anonymous Coward
·
· Score: 0
The plural of virus is viruses. Really.
Re:what I'm wondering...
by
Anonymous Coward
·
· Score: 0
Doesn't mean you have to USE it. The problem isn't whether IE is installed or not, but what Email software you are using. If you use Netscape's email, or Eudora, or something besides Outlook, Outlook Express, or Exchange (and Notes I think) then you won't have this problem. If IE is integrated, so what? Don't use MS Email apps. They are the problem.
MS attracts the most virus writers because it's an easy target. All you have to do to wipe out the system is get your code executed (and there are MANY ways to do that). In Unix, (where there is real memory protection, and the GUI isn't running in the same ring as the OS) you have to get your code run as root to do much damage.
By no means do I claim that Unix is virus proof (it certainly isn't!) but it's a harder target to hit. If the virus writer wants to attack Unix, assembler and a knowledge of the OS is a must. Macro and VB writers need not apply.
I suppose the real difference is that the Unix world designs to minimise the risk of such things, and MS designs for whiz-bang features and then band-aids over the holes.
when you are running win98- IE is also running, whether you want it or not. it shits itself into memory when you boot up, thats why win98 with ie has a much larger memory footprint than win95 or win98 without ie, and is also why everyone claims that ie loads up faster than netscape, because it is already loaded up.
i found this rather funny too, thanks for the pick me up: "You can't uninstall IE on Windows '98. Its security holes are seamlessly integrated with the operating system. Did you miss the Microsoft trial, or what?"
Virii (Viruses?) that do this are just seem to be written for the sake of it, and cos the author wants some recognition for being "Leet" from their "Leet" IRC "hacker" friends, and they can't actually do anything useful.
Maybe they'll grow out of it, but it's unlikely. Not that I'm a definitive source or anything.
What amazes me is that the press isn't at all latching on to the fact that the problem is mostly with *MS* products. I think in a couple of these cases Lotus Notes is affected as well, but I've yet to hear of Netscape, Eudora, or any Linux based mail programs being affected. They make it sound like everyone should run for cover, when all one really has to do is UNINSTALL IE (and outlook). Sheesh
I don't agree. I think its not the attention that brings these particular brands of viruses (virii?). Its the fact that its so damn *easy* to write a virus for MS email products. Their products guarantee that your attachment will get processed. This was found with melissa, and each permutation is exploring just how insecure MS left their email.
The fact that gets my goat is that the media establishment seems to keep saying that this will affect everyone, when in fact there are large parts of the population that do not have to worry about getting infected from an unopened email. No one has yet blown the whistle that the problem isn't the viruses but the company that makes email so insecure that it actually took many hours to get it that insecure. They had to *work* at it.
The attention doesn't hurt, but its the fact that MS left the door wide open that keeps these 'viruses' circulating.
Re:what I'm wondering...
by
spazimodo
·
· Score: 1
Notes is not affected. Possibly something yucky could happen if Notes with IE is turned on in your location doc, but thats IE thats causing the problem.
I think another issue here is how come all this garbage has been added into e-mail clients? Why the hell do I need to be able to execute code in e-mail messages? When I traded messages on FidoNet, I could fully convey whatever it was I wanted to say, without being able to imbed an applet with a running animation of rush limbaugh fellating a goat or something. I think its time to evaluate e-mail, and what does and does not qualify under that heading.
-Spazimodo
Fsck the millennium, we want it now.
--
Fsck the millennium, we want it now. Millennium Crisis Line: 0890 900 2000 [calls cost 50p/min]
IIRC, Eudora was affected by some java problems or viruses, recently. Weren't Outlook, Eudora, and Netscape Mail the three programmes that have had problems with bad email?
MS seems to be the only people who have such security holes in their products. Thats their fault. If crackers take advantage of those holes then MS shouldn't have left them in the first place.
Re:what I'm wondering...
by
Lonesmurf
·
· Score: 1
And i'm just wondering when the last time you actually tried to uninstall IE4/5 from Windows 98 was.
I worry about this win98 auto update feature. This looks to me like an extremely exploitable feature! Has anyone tried to DNS poison a domain and get the auto update program to install a virus that way? This scares me! Mike
-- Mike Mangino Consultant, Analysts International
If the author sent it directly to the security boys 'n' girls, how did it get into the wild? Either the author isn't on the side of the angels after all or there's a trojan horse in the anti-virus world. Which would be ironic.
The other thing I noted in the story was that it's patchable if you go to the microsoft site. This places the onus on users to make sure they're not infected; Microsoft can say 'look, it's available; it's not our fault if you don't download it.' I don't want to start another anti-MS diatribe (I hate windows, not MS), but unless I'm over-inferring, this is another example of passing the buck; MS bring out the OS, it's up to the users to use it responsibly.
Re:How'd it get out?
by
Anonymous Coward
·
· Score: 0
if the author sent it directly to the security boys 'n' girls, how did it get into the wild? Either the author isn't on the side of the angels after all or there's a trojan horse in the anti-virus world. Which would be ironic.
I figure that if one person could figure out the hole, someone else could as well. Especially considering that there were enough "hints" in the various and sundry articles notifying the world of the existence of the hole in the first place. Conspiracies aren't necessarily everywhere.
The other thing I noted in the story was that it's patchable if you go to the microsoft site. This places the onus on users to make sure they're not infected; Microsoft can say 'look, it's available; it's not our fault if you don't download it.' I don't want to start another anti-MS diatribe (I hate windows, not MS), but unless I'm over-inferring, this is another example of passing the buck; MS bring out the OS, it's up to the users to use it responsibly.
Compare it to a root-exploit for a Linux-box. The patch/fix is out in no time but it's up to the user to install those patches... Whose responsibility is it now when that box is cracked using that exploit?
As you state it, it would be Redhat's or suse's...
The other thing I noted in the story was that it's patchable if you go to the microsoft site. This places the onus on users to make sure they're not infected; Microsoft can say 'look, it's available; it's not our fault if you don't download it.
Uhm, isn't that exactly what all the Linux distributions do when a security issue is found? I remember one of those "hack this box" PR things where everyone complained that they hadn't gone to the Red Hat site and installed the security-related updates.
"Whose responsibility is it now when that box is cracked using that exploit? As you state it, it would be Redhat's or suse's..."
you are joking right? well maybe not, since most people just rpm stuff in their box and dont read any README's or.c files, maybe this 'snippet will change your mind, and who knows, maybe you or someone else has seen it around before:
------------------------------------------------ -- NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS ------------------------------------------------ --
hint: its starts with "G" ends in "L" and has a "P" in the middle.
the distro, the daemons, and the gnutilities included with it are covered by this license, so its up to the user to realize the security and application of security patches/updates, and if you get screwed its your fault.
Oh and if you read the MicroSoft EULA, its not thier fault either if your licensed copy of thier Operating System gets hosed through accident or malicious activities, whether or not they come around with a security patch or not.
As you state it, it would be Redhat's or suse's... Fair point. But both redhat and suse have at least attempted to make their systems secure. Apart from the ridiculously unpowerful and badly targetted poledit, there's nothing that you can do to windows to ensure that your systems has any pretentions to security, apart from removing the modem, floppy drive and keyboard. If you buy/download Linux, you can be sure that you've got a system that at least tries to be secure, and manages it most (in fact, nearly all) the time.
Um, if you read the story, it was posted on a Japanese web site. That's hardly informative. "The FBI have discovered what happened to Egyptair 990. It crashed."
I really believe this is the fault of Microsoft. As much as I love computers (and dis-like windows), I don't like spending my time downloading patches and being worried.
Would you like to feel like your walking down a dark alley where there could be an attacker from nowhere whenever you use your computer?
Not for me sir, and I'm very happy whenever a new bug that affects M$ products comes out, because I've got more to support my argument to ignorant Windows users that Windows is NOT that great. I'm suprised it works, in fact, I've got an installation, and it almost doesn't, it's always a battle to even use it as an alarm clock (the traditional ones are just not loud enough, and there are no Linux sound card drivers for my sound card:(, my next computer purchase will be a linux-compatable sound card.
I really believe this is the fault of Microsoft. As much as I love computers (and dis-like windows), I don't like spending my time downloading patches and being worried.
I just wish Microsoft would think before releasing new gizmos. Why can't they just explore the possibilities of, say, HTML mail before releasing the damn product. Sure, it's the user's fault for not patching, but Microsoft could do a lot to make it not so bloody easy to write these things.
Re:Microsoft
by
Anonymous Coward
·
· Score: 0
I think its because outlook automatically runs javascript, and vbscript on any html email. I could be wrong, but I don't know of a way to stop it, except for changing IE's security level. I am suprised this hasn't happened before.
Re:Microsoft ultimately responsible for viruses
by
GaspodeTheWonderDog
·
· Score: 1
Wow, one of the Perl gods whose name graces several of my books shelves and I am here to split hairs.
Please don't confuse the use of personal computer between a marketing term for a wintel system and what a consumer uses a device for. If you want to call a Sun-1 or a Microvax a personal computer and put them in the class of Wintel boxes and iMacs then I honestly think you are doing a grave injustice to both Sun and Digital ( well what's left of it here ).
-- This space for sale
Re:DON'T use the MS Patch
by
Zonker+Harris
·
· Score: 1
>Installing the MS patch will start a string of error messages and BSODs that will make you pull >your hair out!
Actually, the patch is irrelevant to these particular symptoms.
P.S. The point is, you don't even have to open the attachments, dumbass. I'm looking forward to lots more viruses like this that exploit the stupid "executable-as-document" thing M$ likes to promote.
--
Zonker Harris
"There is not, nor ought there be, any food more exalted on the face of god's grey earth, than that
Did anybody ever doubt it would be?
by
jht
·
· Score: 3
I, for one, never had a moment's doubt that Bubbleboy would make it out into the open. If nothing else, the arms race between virus writers and anti-virus companies guarantees that viruses will show up in public. I wouln't even blink if you told me that it was spread by one of the antvirus companies (even by accident), because what will happen as a result?
That's right - more antivirus sales. And now that Macs are popular again, there's even viruses that affect them: for years, Mac users could putter away in safety knowing that not even virus writers developed for the platform. Now Macs aren't even safe.
I'm sorry, viruses are just not a sufficient reason (yet) to switch my whole company over to Linux.
I guess I'm just a hardened cynic. Oh well, time to go make sure I remembered to set the filter on Groupshield...
- -Josh Turiel
--
-- Josh Turiel
"2. Do not eat iPod Shuffle."
Re:Did anybody ever doubt it would be?
by
mjpk
·
· Score: 1
Right.. the companies have share holders to cater to. The more viruses, the higher the share price.
This from Finland, where the principle owner of Data Fellows suddenly became nation's second richest person after an IPO just days ago. Suspicious minds again wonder about various meanings of shareholder value.
Re:Did anybody ever doubt it would be?
by
Anonymous Coward
·
· Score: 0
I have gotten more viruses on a Mac that Windows.
Most of the viruses I got on the Mac was back in 1993 (about 4, I also stopped sing Macs back then)
Feel free to moderate me down if this is irrevelant, but I'm not sure what kind of news that is. The person who submitted this post linked to the original Slashdot article, which included all of the information it now pretends to report.
And, yes, the moment the virus was reported on Slashdot, it was already in the wild because of that Japanese website, and that story could be found on every major news website a week ago. Wired is just incredibly late.
Additionally: the patch was actually available before the virus broke out. It's a patch for another vulnerability, and BubbleBoy is actually a late-comer in exploiting that fault. It's the manner in which it does that's interesting.
That being said, the threat level of this virus is minimal, and it's just another public scare. It's a mail bomb-type virus a la Melissa, and it's the proof-of-concept that's scary, not the outbreak of a proto-virus.
"The wages of sin is death but so is the salary of virtue, and at least the evil get to go home early on Fridays."
It's not "Easy to patch"
by
Anonymous Coward
·
· Score: 0
The code that it brings down has to be digitally signed by Microsoft's key, or it won't be trusted to be installed. So not only would you have to spoof the DNS, you would also have to run code on the local machine to disable to signature check (or you have to crack Microsoft's key). And if you could run code on the local machine, then you've already *got* your virus installed, don't you? So it's more secure than you think.
MacOS is now doing this too
by
Chris+Johnson
·
· Score: 2
Not mine: I run system 8.1. However, the new version of Sherlock (impressive search tool) does network activity without asking and tries to update its plugins, MS apps try to autoupdate and there are other system software components that try to autoupdate. That's where I get off, frankly: I _will_ _not_ go along with that. If that means I run system 8 until it can't be usefully used and then go with Linux, so be it: it's absolutely true that it's an exploitable feature, but what you are not acknowledging is how unhealthy it can be even WITHOUT virii being installed. Supposing all the Lotus Notes users had NT autoupdate the NT fixpack that 'happened to' kill Lotus Notes? This whole scenario _might_ be permissible if all commercial developers were responsible and did extensive compatibility testing (HA!), but as things are, it's a recipe for rapidly losing control of your machine, not knowing why it's increasingly broken, and not having the power to even fix it, even if you know all kinds of things about the machine and can debug the installation and troubleshoot it infallibly. We're talking sort of plug and play hassle at the software level- instead of cards fighting you every step of the way, it's the potential for software itself to get into fights with other software, and every time you turn around something downloaded an update which turns out to break something else. That's an absolute nightmare waiting to happen, and as I said, I could easily see it driving me to Linux fulltime in the long run if people don't STOP trying to do this insane behavior. Auto update assumes that the newer a version or update is, the better. Almost any computer user can identify cases where the opposite is true. I was forced to stop using iCab and return to Netscape _because_ newer versions became hopeless crashfests- and I'm not using a newer version of Netscape, either, I'm using a particular version that seemed to like my machine more than usual. And it only takes _one_ autoupdate to a broken or conflicting application to hose you- in the case of system software or always-resident software, it can cripple you entirely.
The other thing I noted in the story was that it's patchable if you go to the microsoft site. This places the onus on users to make sure they're not infected; Microsoft can say 'look, it's available; it's not our fault if you don't download it.'
with win98 you have a nice feature called "windows update" which brings you to a page listing all the critical patches, and other dowloads (such as new themes and new versions of media player and whatnot). All you have to do is check a box and click a button. This patch was on windows update as a "critical update" a month ago. It wasn't that hard to download.
------------- The following sentence is true.
-- The following sentence is true.
The preceding sentence was false.
Why didn't she call the virus "Good Times"? It would have been a lot funnier. And she could have attached to the "Good Times" spam (which isn't quite spam now is it?) that goes around every few years?
-RossB
The Chicken and the Egg !
by
Anonymous Coward
·
· Score: 0
Check the dates.
It seems that the author of the virus was actually triggered by the patch !
The patch for the sciptlet/Eyedog vulnerability has been out since the beginning of September.
However, the virus using this vulnerability appeared first time in the beginning of November.
So the Slashdot story comment of "A patch is now available from Microsoft.", is slightly misleading. It's been there all the time.
But well, what do you care, it's just FUD, right ?
A buffer overrun works because nothing is checking to see if the buffer is full. In that case, data written past the end of buffer will be in some other segment of memory, and *possibly* executable. However, if you write your code to keep an eye on the buffer, you can handle the overflow safely. (Increase the buffer size, stop accepting more data, etc...)
Re:This doesn't belong on slashdot
by
deefer
·
· Score: 2
"Most of us just sit and watch in amusement as the MS world infects itself." Most? I'd bet the majority of/. readers use MS at work and a Linux box at home. So quit the "I'm alright, Jack" mentality, OK? Just because you don't get affected, don't assume everybody else won't - I don't mean you getting directly infected, but having to clean up after John Luser got sent something. You've obviously never been infected by any quickly replicating virus; when that happens, you say goodbye to your next 48 hours. Fine if it's your PC, not so good if it's your office's network. "It really isn't interesting, so why post about it?" Depends on what you do. If you wear sandals, have a beard, and are horrendously condescending, then you probably run SCO or Solaris and are not interested in the machinations of MS and "the MS world", apart from some smug sort of justification of your OS. Face it, someone you know must run MS. Would you rather know about this, so you can help other people who might not be so IT savvy, or assume your granny who runs W98 (so she can play Unreal:) knows there's a threat to her PC?
"neither news for nerds?" You've obviously never read up on viruses. Get a book, read up. Plenty of nerd material there; self modifying programs, mutating code, understanding & exploiting OS features & holes. Just because you think you've got a handle on your security, doesn't mean everybody else does. Slashdot is read by all people from all walks of life; grow up a bit and start accepting not all people on Slashdot are IT gurus, and realise that/. is a far more interesting place for it.
--
Strong data typing is for those with weak minds.
Improvements Welcome
by
Anonymous Coward
·
· Score: 0
I'm angry at M$ because of their shoddy service, slow reaction times to exploits and bugs and charging for bug fixes. They've gotten a money mentality rather than a product mentality. If our critisizm has caused them to rethink their position in any way, then I'm happy. If they start being quick on fixes, more proactive on improvements and more customer minded, I'd be tickled pink. Not that I expect that to happen - too long have they been on their path of profiteering to make such a radical change, even with the help of the DoJ. Fortunantly, we have Linux, *BSD and other OS's that do take pride on the product. I've yet to use BeOS, but it looks like there's a lot of product satisfaction there too. Depending on the actions of the DoJ, any one of these could very well become the next major OS and revolutionize the way we use computers...
Re:Improvements Welcome
by
Anonymous Coward
·
· Score: 0
I'm angry at M$ because of their shoddy service, slow reaction times to exploits and bugs and charging for bug fixes.
You have several choices available to you:
1. Adopt the "robot from Lost In Space" approach. Flail your arms around saying "I am angry, I am angry"....
2. Adopt the "Marvin the Martian" approach. Exclaim over and over in a little nasal voice "You are making me very, very angry!"
Either one would be amusing.
Carry on!
Re:Microsoft and patching
by
Anonymous Coward
·
· Score: 0
Actually, all you have to do is go to the Windows Update site and download the "automatically notify me of critical updates" patch (a daemon of some sort). Then, anytime a new critical security update becomes available, next time you are online a dialogue pops up automatically notifying you that the patch is available and asking if you want it.
If Linux had a feature like this, people would be crowing all over the place about what a great thing it is. Since it's Microsoft, there's just a lot of sullen silence on Slashdot about it.
Re:It isn't an antimicrosoft conspiracy
by
Edwin+Oostra
·
· Score: 1
Plus! If you're capable enough to write stuff like that, and you use linux, you have far more interesting options, like help develop te OS:) You don't need to stop these people you just gotta direct their energy to something useful.
Windows Update takes care of all of this. Unfortunately, in my experience, this feature is like the vast majority of windows features..it looks great on paper, on the side of the box, and everywhere else, until it crashes unexplainedly when you try to use it.
Personally I wouldn't hate M$ so much if they just fixed the programs they have instead of releasing new versions with more (buggy) features, but that's what you can do when you're a monopoly and quality doesn't count only the need to be percieved as innovative, and to get a "new" product on the shelves.
BTW, NT is impervious to this attack, so keep that in mind while M$ bashing.
Re:it's the "integration" that gets you
by
Anonymous Coward
·
· Score: 0
Nobody holds Microsoft accountable for this. How can we, as the Slashdot community, get some grassroots press release and technical writing campaign going to publicize this fact? Where is the stump we need to stand on?
Any ideas, anyone? I'm no genius, but I'd be willing to participate however I could. Down with FUD! Give them facts!
This is a point which ought to be aired! Who should be the natural group to call Microsift to account for this mis-engineering?
Why, the anti-virus industry, of course. But not many people want to down-size the industry that employs and enriches them. Those that do are called mad, or Bob Young.
And anyone who has seen the Michelangelo virus bullshit knows that fud can come from other sources than Redmond.
Re:What about Linux?
by
Anonymous Coward
·
· Score: 0
Well Most of linux software is open source.. I know I dont get any closed source apps , and I know alot of people dont , so it would be harder to make a virii for linux.
But do you check the code, or do you just compile and run. (like me and most other people I know).
Tommy
Re:Microsoft ultimately responsible for viruses
by
user
·
· Score: 1
You seem to have misunderstood a crucial element: Microsoft is ultimately responsible for these so-called viruses because of their negligence in systems design.
Ignoring for the moment opinions on the quality of MS software, this touches on a question I've often had about Open Source. If there's a gaping hole in, for example, Outlook, and a company loses all its email for the year, they have someone to blame, and potentially hold legally liable. (Assuming that they company wasn't negligent in applying patches, etc). If, however, the same company were to use, oh, for example, Linux, and have the same thing happen, then what? If they downloaded the source from RH's servers and installed it... er... where would they look for legal redress? The multitude of unidentifiable coders who generously gave their time and expertise to write what is, on the whole, an amazing product? Do they *have* anyone to turn to? If, on the otherhand, they bought a copy of the RH distro, and used that, *then* can they sue RH? How about the OEM who sold them the server with Linux pre-loaded? I guess it just seems to me that, along with the product, when you buy an MS product (or most other pieces of software) you're also purchasing the right to blame...
I know I've drifted some from the original topic, but this is one of the aspects of group developed open-source projects which I don't really understand....
-User
--
Emacs is for experts. Pico is for beginners. VI is a disease.
How would having source to your apps and OS protect you from this sort of email virus? Assuming that there is a Linux email reader which can auto-execute embedded code, you'd still be vulnerable if you had that feature turned on - regardless of any code auditing.
I believe in a previous/. article someone described such a mail reader - I'm thinking emacs but I'm not sure. Anyone know?
Re:Language lives: its Virii
by
Carnage4Life
·
· Score: 1
2) It IS color, not colour. I'm afraid this isn't the U.K.
If this isn't the U.K. then where exactly is here??? Hint: It's not the U.S. dogbreath.
Bad Command Or File Name
Re:Microsoft ultimately responsible for viruses
by
Imperator
·
· Score: 2
And I assure you that they all run free anti-viral software loosely referred to as Unix.:-)
I'm not quite sure why you assume that Unix is immune to viruses. If I send you a script: #!/bin/sh rm -rf/ and you run it as root, there's no antivirus software to intercept the unlinks and ask you if you're really sure you'd like to go ahead with it. Almost every aspect of a Unix system assumes that the human is fully aware of all security problems--even today, many Linux distros run finger, portmap, telnet, and the like by default. Unix's "immunity" to viruses is based on the awareness of security issues among Unix software developers and Unix users.
I'd venture that in a few years when enough nontechnical users are running as root on their home systems, Unix viruses will become more prevailant.
--
Gates' Law: Every 18 months, the speed of software halves.
This DOES belong on slashdot
by
beamin
·
· Score: 1
Since it's entirely possible that some of the 'nerds' out there have to support MS-based enterprises (or friends that treat them like a personal help desk:0( ), it's good to know about this kind of information. As a Domino/Notes admin who has to work with Win32 all the time (no Linux client, as has been discussed ad nauseum), I don't have to worry about infection, but see how it can be relevant to many readers of this site.
AFAIK, slashdot is not the "linux-only news for nerds" site, and I hope it stays that way.
This is considered a "new kind of virus"... People never learn from history, it would seem. This type of virus has existed with DEC VMS 5.5, and probably both earlier and later versions. Don't learn from history, and you'll sooner or later repeat it.
Sorry, I've never used VMS, so I don't know what viruses were made for it or how they might have worked. You seem to be suggesting (absurdly) that VMS had ActiveX controls and supported JavaScript in HTML-formatted email messages. If this is not what you mean, would you please elaborate?
However, I guess I can look at the bright side. I've been worried, for a long time, that a virus writer would exploit file dead-space. There's plenty of room at the end of most binary files to tuck a routine or two, then all you'd need is a bootstrap and some way to re-assemble the fragments in the correct order. A trivial task.
You'd still need to be able to get control to flow to that bootstrap routine, though. A virus scanner might think it strange if a program's start address was beyond the end of its image, or if the program began with a jump to such an address. That would be a dead giveaway that something fishy was going on.
I think this is an interesting point here...veiled, but its there nonetheless.
Basically, rather than needing to have an intimate knowledge of the operating system to write a virus, now that there are sufficient API's in higher level (middleware as Judge Jackson and others have called them) you can fully write viruses in these middleware "languages". This requires intimate knowledge of the middleware, but not of the underlying OS really. Its interesting as the heralded promise of cross-platform programs to increase productivity, is also potentially bringing about the spectre of cross-platform virii...a concept that was just mind-boggling less than 3 years ago.
I think a lot of the posts casting aspersions on Microsoft, have some significant points (I don't *totally* agree, but I do think they bring about some good points). The "security" of these middleware applications have been largely overlooked (primarly by Microsoft...some of the other middleware APIs...java, javascript, etc...at least have given some thought to security). Personally, this is one of the main reasons at this point that I don't want to hassle with MicroSoft software. Originally I didn't want to support the company as an ethical stand, and I thought the software just sucked. Now, the potential hassle of running the software and dealing with the security whole of the day introduced by the latest 'feature' of the day is just more than I want to deal with.
Jeff
Someone to sue...not really
by
copito
·
· Score: 2
It is a common idea that buying a commercial product should give you "someone to sue" if something goes wrong. Indeed this is true for most classes of products, especially if there was provable negligence. It is not true for any software that I am aware of, and certainly not for Windows. If you read the Windows EULA (or GPL for that matter) you'll see that they deny any liability or warranty. So there is, in fact, no one to sue in either case.
There have been some questions raised about the legality of such "shrink-wrap" licences, but I don't know of any case in which they have been overturned. In any case the UCITA, which will soon by passed by the states, barring divine intervention, will put these licences on unassailable footing.
The way big companies protect their truly expensive hardware and software is with on-site support contracts with guaranteed uptime. These contracts tend to limit liability as well, and are available for open source as well as proprietary offerings (including Microsoft).
In short, if you want assurance about a software product, you need to spend a lot of money on a support contract or trust your staff to build reliable systems and support them well, no matter who made the software.
I suppose that my children aren't free because they are not free to sell their children into slavery? --
--
"L'IT c'est moi!"
Re:DON'T use the MS Patch
by
puppet10
·
· Score: 1
The problem here is that the virus is NOT an attachment so the old adage "Don't open attachments and you'll be OK" doesn't apply to this type of virus mearly selecting the message and previewing it can infect your machine without opening any attachments. You need to do one of the following, download the patch, set the email reader to high security settings (so active scripting etc. is not excecuted), or change to read mail in plain text rather than HTML format. Which solutions work depend on which version of Outlook is being used.
-- --------
This space intentionally left blank
--------
Re:Microsoft ultimately responsible for viruses
by
Tom+Christiansen
·
· Score: 2
If you think I automatically run any program upon its mere receipt, let alone doing so as the superuser, then perhaps you'd be interested in some beachfront property in Florida.
To do out of ignorance those things is to be idiotic. Microsoft and the mindless morons who produce software for that crapware non-O/S platform encourage people to do both. This passes beyond the idiotic into a realm that is negligent at the best, and criminal at the worst.
Re:No pity for those that cant learn the lesson
by
Anonymous Coward
·
· Score: 0
Don't use bloated software with obfuscated, arcane, behind-the-curtain scripting languages built in.
But how will I run psychoanalyze-pinhead?
E_Megas, is that you??
by
Anonymous Coward
·
· Score: 0
I knew you'd post anonymously! Still mad about pokey the penguin?
Re:Illegal to write a worm?
by
Anonymous Coward
·
· Score: 0
What would this "non-malicious" worm do? Terminate itself and delete it's file?
I work with MS Windows (as a developer), and I am forced to use Outlook 2000 (by the company I'm at). If it hadn't seen this newsstory, I wouldn't have innoculated myself until the IT folks sent out a technical builiten... and that could be weeks. Thus for people in my situation, this is very helpful. Incase you didn't notice there are Linux, BSD, Mac, Amiga, Palm AND Windows folks here. That's what tolerating differences is all about.
A lot of people on/. are also system administrators who need to make stuff like this known to their (l)users, and be able to answer questions about the latest and greatest virus scare.
Finally, this is news. This is the first (reported) email/web virus that doesn't require the user to actually run something. (Yes, viruses that didn't require execution existed before, but this one is the first (reported) web-virus.)
--
Myddrin
Re:Another Black Eye For Microsoft (ABEFMS)
by
Anonymous Coward
·
· Score: 0
More FUD. Outlook does NOT automatically process attachments. It will automatically show email in the preview pane (which is how BubbleBoy operates). BUT YOU CAN TURN IT OFF in one of the top level menus. Problem solved.
That's true, but virus scanners look for unique pieces of code. The bootstrap can afford to be extremely small - it only needs to check if the end of a sector contains a virus routine, then copy that into a block of reserved memory, based on routine number * size of routines.
That's too small a piece of code for a virus scanner to recognise. There's nothing that's unique, to identify.
-NOW-, many virus scanners also detect changes to files. -This- could successfully recognise the bootstrap, no matter how small or how carefully disguised it was. As you say, it has to be executable. But this assumes you have a record of what the file -should- look like. If you've got a disk or a file that's infected, you won't know until it starts infecting other files.
-- It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
VMS had the curious property that you could put shell scripts inside regular e-mails (such as the subject line, or the main message). These would get executed when viewed.
As Dec Mail would (by default) display the subject line of the message, when you received an e-mail, this means that you didn't even need to open the message to be infected. Receiving it was enough.
Whilst not quite as powerful as ActiveX or Javascript, the Dec shell scripting language was, nonetheless, very powerful. Easily enough to do everything BubbleBoy can do.
-- It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Someone please tell Roblimo to stop posting about Windows viruses. They're neither news for nerds, nor stuff that matters. Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them. Most of us just sit and watch in amusement as the MS world infects itself. It really isn't interesting, so why post about it?
I couldn't disagree more. Now, there are lots of reasons why I think this is interesting and worth talking about, but disregarding all of those, the simple fact is that/. is not a Linux site, or even a non-MS site. Even if most/.ers hate their guts, a very large portion of them works with Windows networks as part of their job, and even more are employed at places where most of their coworkers use Windows. Important viruses like Bubbleboy are vital news for a large contingent of/. readers.
Beyond that, Bubbleboy isn't just any old virus; it's the first self-executing email virus, and probably the closest any virus has come to the 'ideal' of infecting a machine despite the user not doing anything wrong (no, running Windows doesn't count). Indeed, your assertion that "Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them," is precisely why this story needs to be run--because Bubbleboy turns the conventional wisdom on viruses on its head a little bit. (Of course, one could argue that that's because most viruses don't actually target OS bugs, but rather legitimate functions; in some sense, Bubbleboy is more of an exploit than a virus.)
In the end, I think (and not that I haven't felt like posting "does this really belong on/." posts every once in a while) that, with the possible exception of the decision to interview John Vranesevich, it's usually not too appropriate to second guess the/. staff for posting an article. If you don't find it interesting, don't read it, and post on it. If lots of people don't find it interesting, then there won't be many posts on that subject, and eventually Rob and Roblimo and Hemos will figure it out. Furthermore, if the discourse of whatever posts there are is no good, they'll eventually catch on to that, too. And they'll be less likely to post on that subject on the future.
The thing is, it doesn't hurt you one bit for this article to be here. If the subject doesn't interest you, then fine: move along. But don't automatically presume that everyone agrees with you. Just because (wow--just clicked on your user info) you were around when/. was just a couple thousand strong doesn't mean that you automatically speak for the entire/. community now. Just because this may not have been "the sort of thing that got posted in the olden days" doesn't mean it's not what should get posted now. Besides, I may not have been around as long as you, but I've frequented/. for a decent amount of time, and certainly wouldn't have been at all surprised to see this story, or even a similar but less important one posted, say, a year ago.
I suppose what I'm trying to say is, let the people in charge of/. do their job. I think we'll both agree they make the right decisions most of the time, and when they don't, they're good enough to figure it out on their own.
AMEN- Moderators UP the rating on this one!
by
Svartalf
·
· Score: 1
I've been about since it was born- before that I was a frequenter of Chips and Dips (it's predecessor!) and this joker doesn't speak for me.
While I'm a Linux coder/admin, the place I work for has standardized on Outlook/Exchange for their e-mail; this is a frigging nightmare for us to have to endure (Thank the Lord I've got daily backed up CVS repositories for our code- it's the only thing that saved places like Dell when they got ravaged by Melissa (MS lost months of work in some cases- Dell lost only a day's worth of work.)). All of you might think a catastrophe or even a scare caused by something like this would wise them up- you're dead wrong. The management types (the clueful and the PHB variety) don't usually think the same way you do and they won't automatically make the connection to blame the true cause, MS- so don't cop the attitude that you're ok and everyone else can just go to Hell in a handbasket because they basically did it to themselves (Yes, I know that it is these people's fault- but the best solution is to prevent the catastrophe and show them via this problem the error of their ways!).
Almost everything that has shown on this site belonged here. Not everyone here is a Linuxhead- it's wrong to assume that this is the case. If someone wants primarily Linux-only news, might I suggest LWN or Linux Today instead of/. You'll be a hell of a lot happer, believe me.
-- I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Second, the method seems to be taking advantage of the fact that a preview pane has to open code somewhat.
Sort of. The Preview pane isn't really required; opening the message will do just as well. The Preview pane just makes it happen a little more automatically.
I'm not sure what you mean by "somewhat". In order to display the message at all, whether in the Preview pane or a message window, the mail client has to process the HTML and execute any embedded scripts. This is how the virus is activated.
Re:This doesn't belong on slashdot
by
Anonymous Coward
·
· Score: 0
My point was meant to be that/. isn't a virus alert forum.
Hey, maybe it's a slow news day. Rob has to put something up here to keep the hit counts high.
The answer to your parenthetical English uses viruses. If you were curious what the Romans appear to have used, the short answer is that they didn't.:-) A longer answer is also available.
Re:More than one virus
by
Anonymous Coward
·
· Score: 0
latin in school... hehe. i *had* to take latin classes for 6 years over here in europe, thats what they call general education:) virus is an irregular noun, so plural nom is not virus, but as i cited above obviously vira (which sounds weird, i know). And i agree, some day we'll see virae as well, but this is wrong as wrong can be...
Re:More than one virus
by
Anonymous Coward
·
· Score: 0
I can`t go along with that. According to the Perseus Project the correct roman form for the plural would be vira. But for english use, you are perfectly right: viruses.
That's very interesting. The last time I looked this up in Perseus, they considered it an indeclinable form. In fact, they still do. Curious.
I looked through the vira entries that your cite referenced as well, but of those that one could pull up via a link, none actually used that form. I don't have the non-linked source at hand. How do you explain Ammian?
I'm still looking for more sources, and will happily update my document if and when new research turns up, as it did recently.
And I'll still use viruses when writing English.:-)
As far as I remember this is the fourth declension. So that would make the nominative plural virus.
But maybe such a thing is too hard to grasp elsewhere in the world, so we end up with inventions like viri, virii, vira, viruses. (At least that one seems straightforward so we might as well stick with it.) Have not seen virae yet, but that is only a matter of time.
Microsoft ultimately responsible for viruses
by
Tom+Christiansen
·
· Score: 2
Use your brain, man. Of course MS is going to represent the lion's share of virus targets. It is by FAR the most widely available OS out there, making it the most visible target.
You seem to have misunderstood a crucial element: Microsoft is ultimately responsible for these so-called viruses because of their negligence in systems design. An operating system is supposed to provide a protected interface to the hardware. MS-DOS does not do that. This notion of carefully controlled, mediated access to the computer's underlying raw resources is hardly a new concept today, nor was it back when Multics was doing rings of protection -- which, you will note, antedates Unix significantly.
The primary reason we don't have viruses for Unix operating systems is because of our security model. The primary reason you do have viruses for Microsoft's soi-disant operating systems is their lack of a sound security model. There are others reasons, but this is the crux upon which hang untold zillions of dollars of needless costs.
Re:Microsoft ultimately responsible for viruses
by
Imperator
·
· Score: 2
If you think I automatically run any program upon its mere receipt, let alone doing so as the superuser, then perhaps you'd be interested in some beachfront property in Florida.
s/I/a user who doesn't understand their computer/ s/Florida/Florida/ (perhaps you originally meant Colorado?:)
While I think your attack of Microsoft is just a wee bit of a stretch, I agree that MS OSs have negligible security. They were built for non-networked computers, where physical security is the most important type of security. (Not that fdisk/MBR c: was much fun.:)
--
Gates' Law: Every 18 months, the speed of software halves.
Re:Microsoft ultimately responsible for viruses
by
Tom+Christiansen
·
· Score: 2
MS OSs have negligible security. They were built for non-networked computers, where physical security is the most important type of security.
Unix was originally built for non-networked computers. Your point? MS has stuck most of the unsuspecting world with a form of technology that was already out of date before they came on the scene. And they've developed an entire culture in which people now expect this sort of shoddy craftsmanship. And then they wonder why they get burnt. There comes a time to throw out the old crap and do it right. That time is long, long, long past.
Re:Microsoft ultimately responsible for viruses
by
Mr+Z
·
· Score: 2
An operating system is supposed to provide a protected interface to the hardware. MS-DOS does not do that. This notion of carefully controlled, mediated access to the computer's underlying raw resources is hardly a new concept today, nor was it back when Multics was doing rings of protection -- which, you will note, antedates Unix significantly.
The concepts of protection and security are relatively new concepts in the personal computer world. Microsoft has never really embraced these concepts either, it would seem, and I imagine it's because most of their customers don't care. (Or, at least didn't care.) Rather, they seem to be more interested in the opposite -- integrating everything with everything else and separating nobody from anything.
Part of the reason for this, I imagine, is that the original user base for PCs and related equipment really didn't want anything in the way between themselves and the machine. The OS was a glorified boot loader that additionally provided some useful routines. Look at the Apple ][, Commodore 64, IBM PC, etc. at their inception. The only machine that truly insulated you from the hardware (TI-99/4 and TI-99/4A) died earliest.
I remember someone musing around this time (early/mid 80s) that the hardest thing you could try with your computer was to hook it up to another computer. This remained largely truly until the last decade, and for the bulk of non-business computers, the last few years. Is it any wonder that the notions of security and paranoia just aren't built in?
So what? It's on the authors Web site anyway!
by
Anonymous Coward
·
· Score: 0
The source code for this worm/virus was posted on the authors (Zulu's) Web site some time ago.
So posting it to another web site is no big deal.
Now if anyone is silly enough to e-mail it to someone.....
Regards
Zed --
Re:WARNING!!!!!!! INTERNET VIRUS
by
BurritoWarrior
·
· Score: 1
Why is this moderated up as 'insightful'? This is a HOAX. The FCC does NOT release statements regarding virus threats. "Warn your friends and local system users of this newest threat to the Internet! It could save them a lot of time and money." The aboive is a sure fire tip off to a hoax. Now break out your moderation points and blast that sucker down to -1, where it belongs.
What've You Got Against Humour Pieces?
by
Anonymous Coward
·
· Score: 0
You said it yourself:
Most of us just sit and watch in amusement as the MS world infects itself.
So what's the problem? Personally, I enjoy a good laugh every once-in-a-while.
It's interesting that viruses are now described as "going wild" or "escaping". Could this be indicative of a trend? Consider the following. As new network connections are laid down each host on the internet has the potential to connect to and accept connections from a rapidly growing number of other hosts. Network services are being automated more and more often. We are seeing a proliferations of tools which aid in cross platform execution different tasks. This is the perfect breeding ground for an organism. Good ecological diversity, lots of cover/protection from predators, lots of resources, and it's condusive to easy transportation. It shouldn't be to hard to create a virus (or worm) which would reproduce sexually rather than asexually. We did something similar in simulated environments and we got some amazing results. Agents (the individual organisms) would even evolve to work with other agents and display group behavior. Sometimes we would get dominant populations using algorithms that we hadn't even predicted. I think the biology analogy for viruses is going to get alot clearer in the next few years.
Re:The patch
by
Anonymous Coward
·
· Score: 0
The English plural for what is 'viruses.'
Language is something that develops out of usage. It isn't 'owned' by stuffed shirts in an academy somewhere.
The plural of "self-replicating infectious computer code" can be whatever society calls it. Stop shoving your dictionary at us, please.
I've been worried, for a long time, that a virus writer would exploit file dead-space.
This has been done. As a matter of fact, one of these came across as a/. story about a half year ago. The virus took advantage of internal fragmentation on FAT fs's. I'll look for the url...here it is. The informational link from there doesn't appear to be valid anymore, but that virus hid itself in files without changing their size through the method you mention.
-- Pax -- Ob
SHUT UP!
by
Anonymous Coward
·
· Score: 0
Go away you Micro$erf!!!
LINUX RULEZ!!!!
Bubbleboy, MS OS and IE
by
Anonymous Coward
·
· Score: 0
This is a direct lift from the MS site:
The Microsoft VM is a virtual machine for the Win32® operating environment. It runs atop Microsoft Windows® 95, 98 or Windows NT®. It ships as part of each operating system, and also as part of Microsoft Internet Explorer.
Funny that, I thought IE was an integral part of the OS???
The older I get the better I was.
Female viruses?
by
Anonymous Coward
·
· Score: 0
Would Mellissa be declined differently than bubbleboy? I took two years of optional Latin in H.S. here in the US, but unfortunately I sort of forgot most of it without anywhere to practice...
Already been done...
by
Anonymous Coward
·
· Score: 0
There was a virus on the Apple II which did this.. Joe Dellinger wrote a little bit about it in Risks Digest. It would hide in unused sectors and patch the OS to call it. It checked for modifications and if the virus got overwritten then it would remove itself.
Re:The patch
by
Anonymous Coward
·
· Score: 0
Yes, MS was very quick to respond.
They actually responded 2 months before the virus was written !
If they would just be as quick with Win 2000, we would have had it last year !
Installing the MS patch will start a string of error messages and BSODs that will make you pull your hair out! I had to uninstall IE 5 and my antivirus prog to exsize the evil patch, then reload both to get back to normal. Believe me if I could get away from using Win/Lose 95 and 98 at work I would! I am stuck however with this loser device that breaks on a regular basis anyway. I should have learned my lesson the last time that a MS patch broke the damn thing. Rule number one, "If it ain't broke, don't fix it." I have never had a problem w/ viruses using windows because I don't open the attachments.
Later Y2k Flunky
-- --Somewhere there is a village missing an idiot.
Uh, you're insane. I manage my school's network, and I installed the patch on all their Win98 machines with no problems. Also on my home and work machines, still no problems. You must've done something weird.
Re:The patch
by
Anonymous Coward
·
· Score: 0
You wrote: "Considering how quickly MS responds to potentially dangerous virii". But there are no "virii". That's illiterate script kiddie talk. The English plural is "viruses". Or are you intentionally trying to sound like a script kiddie out to do evil and understanding nothing?
Re:This doesn't belong on slashdot
by
Anonymous Coward
·
· Score: 0
Backpedal, you jerk.
Yes, backpedal!
Re:Ah, for the days of VCL
by
Anonymous Coward
·
· Score: 0
There are no "cross-platform virii". As tchrist just pointed out, you mean viruses.
Re:WARNING!!!!!!! INTERNET VIRUS
by
rebrane
·
· Score: 1
Obviously you've only been using the Internet for a few weeks (how are those 50 free hours holding up?) so I'll do you a favor and fill you in.
Although it's fairly obvious from actually reading the comment anyway, the Good Times virus warning has been around for who knows how long. I first got it about 6 years ago, I think (and have gotten it 5 or 6 times since). Practically everyone who has an e-mail address has gotten it. Yes, it's a hoax. It's obviously a hoax. It's the oldest hoax in the virus hoax book, and countless debunkings have been written, centering around the very important point:
"You can't get a virus just from reading an e-mail message."
Oops. Microsoft certainly is redefining the way we think about computing...
Lets face facts Microsoft Windows is a Virus . What else can cause a computer to crash on a semi -regular basis.I would complain to Micro$oft but lets be real.It's not in their best intrest to fix their own piss-poor programming.Talk about planned obsolesence.
Re:M/S
by
Anonymous Coward
·
· Score: 0
Let's face it, the GPL is a virus. What else can cause a perfectly viable piece of code to become useless for any commercial purpose because it has to be stripped naked and paraded down main street before it can be distributed?
Why Not *Any* 'Nix?
by
Anonymous Coward
·
· Score: 0
... keep hearing all these virus outbreaks on Windows...
Why not Linux, or any 'nix, you ask? Good question. Made me chuckle. At the place I used to work, I once explained to the production manager how X-terminals could save the company tons o' money. How most employees needed nothing more than some pretty straight- forward productivity apps, email, etc. How X-terminals truly are plug-n-play. Literally. No virus issues (email or otherwise). He asked "Well then, why don't we use them?" I just laughed and suggested he ask the "powers that be" that question, because I honestly had no answer that made any kind of sense whatsoever.
I don't know if he ever asked. I know if he did he got no coherent explanation. In any event: I don't care anymore. I no longer work there. I now work for a place that understands the expense of desktop PCs and is looking to go more "thin client" than we already are.
Re:Microsoft released this patch in August, people
by
Anonymous Coward
·
· Score: 0
But anywhow, I just wanted to point out that Microsoft released the patch for this vulnerability in August. That was a few months ago; way before any viruses had actually made use of the hole.
Wasn't this a fix for a previous Active X exploit?
And what percentage of M$ users installed this fix when it was released? Most people don't patch/fix things until they're broken.
Is this really a virus?!?
by
Anonymous Coward
·
· Score: 0
I mean. A script needing two MS products(Word, look out), using wellknown "features" of those programs. Well, if i would start "Word", it would certainly not because i wanted to code some VB, even though it allows you to. And executes "Documents" containing these. If these are only the known "backdoors", then what about the undocumented ones ?
I installed that patch (yesterday? two days ago? I need to adopt a regular wake/sleep cycle...) I found a few things interesting in the text on the download page. They say that Express, 98 and 2000 are all vulnerable, but they make a point of saying that 2000 won't activate the worm unless the mail is actually opened. Even when they're plugging holes, they market the new product. (They also seem to imply that you can delete the mail safely in Express or 98 if the preview pane is off.)
Considering how quickly MS responds to potentially dangerous virii that exploit the security holes they otherwise ignore, I have to say that I'm glad there are people out there writing malicious code. If MS keeps falling further behind on Win 2000, they may wind up with something that's reasonably secure. (Sure, it'll still be a ugly kludge, but maybe it'll be safe to use.)
The English plural for what is 'viruses.' Language is something that develops out of usage. It isn't 'owned' by stuffed shirts in an academy somewhere. The plural of "self-replicating infectious computer code" can be whatever society calls it. Stop shoving your dictionary at us, please.
Do you post this everytime a "its cracker not hacker" war breaks out?
Another Black Eye For Microsoft (ABEFMS)
by
Anonymous Coward
·
· Score: 0
Due to their insistence on making Outlook automatically process attachments, Microsoft has taken a servicable mail client and turned it into the "virus" writer's best friend. I remember the days in which it was utterly, completely impossible to get a virus by email. And then, Outlook's auto-decode (and execute) attachments feature turned it all around. I wonder why nobody is emphasizing, "Only users of Microsoft Outlook are affected"...probably because that's the only email client Windows users will use.
I seem to recall that the Microsoft patch page said something like
Eyedog is used by diagnostic packages to collect hardware information on the machine that they are running on.
I'm wondering.. how are they going to re-code it to control The unchecked buffer in Eyedog ? How does one do that? Isn't that similar to the buffer overflows people talk about when trying to crack into a box? (i'm lost here)
Last Saturday at around 3:30 am (according to the timestamp on the email) one of the IT guys sent an all-company email advising them about the virus. At about 7:30 am Saturday, I had another email in my inbox, and it had the friggin' virus! I'm on a Mac using Eudora, so it didn't affect me at all. But I found it amusing nonetheless. I got another email on Monday with the "Check This" subject line and body text, but there was no attachment. I almost feel sorry for the poor slobs whose companies decide to "standardize" on MS products. Almost.
Pope
-- It doesn't mean much now, it's built for the future.
This is considered a "new kind of virus"... People never learn from history, it would seem. This type of virus has existed with DEC VMS 5.5, and probably both earlier and later versions. Don't learn from history, and you'll sooner or later repeat it.
However, I guess I can look at the bright side. I've been worried, for a long time, that a virus writer would exploit file dead-space. There's plenty of room at the end of most binary files to tuck a routine or two, then all you'd need is a bootstrap and some way to re-assemble the fragments in the correct order. A trivial task.
This would give you an almost undetectable virus, as many virus scanners check files, not sectors, and the files themselves would be unaffected.
Even if you -did- write something that could detect a fragment, all you do is clear that fragment. It'd be child's play for anyone to re-write a single routine. The bootstrap/saver routine could probably do that.
In essence, something like this would be a virus OS, rather than a conventional virus. Conventional viruses can be dealt with, but a virus OS is a much greater challange.
-- It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Re:This doesn't belong on slashdot
by
Tet
·
· Score: 2
Interesting to see the number of replies that assume I'm running Linux, and was complaining because it's not a Linux related story. As it happens, I run many OSes (of which, yes, Linux is one). My point was meant to be that/. isn't a virus alert forum. There are plenty of other places that are meant for that sort of thing. Yes, the first mention of this particular virus was vaguely interesting because it uses a new method of transmission. However, I stand by my view that the fact it's out in the wild is neither news for nerds nor stuff that matters.
-- "The invisible and the non-existent look very much alike." -- Delos B. McKown
Re:Illegal to write a worm?
by
Wonko42
·
· Score: 2
Bubbleboy is non-malicious, takes up very little space (and therefore does not use a lot of resources), and makes everyone's day just a little bit more exciting. Not to mention that McAfee is having a blast with all the software purchases they're getting off this.;)
(Sorry this is a bit offtopic) I keep hearing all these virus outbreaks on Windows... Are there any viruses that affect Linux? The only one I know of that affects *nix systems was the Internet Worm, but that's a long time ago. There are occasional security problems like root exploits, DoS, etc., but it seems that most of these have to be carried out by a *person*. Are there any "automated" exploiters around (ala IWorm) that affect Linux? Just curious...
there was an article a few days ago discussing this topic, and they basically concluded that if linux was to become as popular was windows then there would inevitably be virus' under linux... i suggest you try and find that article because it was very good.
Microsoft released this patch in August, people!
by
Wonko42
·
· Score: 4
It seems that a lot of you are jumping to some pretty dumb conclusions, bashing Microsoft when you really shouldn't be. As usual...
But anywhow, I just wanted to point out that Microsoft released the patch for this vulnerability in August. That was a few months ago; way before any viruses had actually made use of the hole. In fact, I also remember a Slashdot post being made about the patch, and it got quite a lot of media coverage. Yes, Microsoft was alerted of a vulnerability, and they fixed it, months before anything actually exploited that vulnerability.
And yes, if you use a vulnerable flavor of Windows and were too stupid to upgrade, you deserve to have your computer's Owner name and Company info reset. Heh, geez people, it's not like BubbleBoy is malicious or anything...;)
Language lives: its Virii
by
Anonymous Coward
·
· Score: 0
if we were talking about medical viruses you would be right.
but we're not. the goofballs who write these things refer to the plural as virii. therefore, being english is a living and user-defined language, computer virus, pluralled, is virii.
oh, and its colour, not color. heh. whatever.
Re:Language lives: its Virii
by
Anonymous Coward
·
· Score: 0
Haha. Moron.
Two things.
1) It's viruses. Get a dictionary.
2) It IS color, not colour. I'm afraid this isn't the U.K.
So sorry.
Re:Language lives: its Virii
by
Anonymous Coward
·
· Score: 0
Haha. Moron.
Two things.
1) It's viruses. Get a dictionary.
2) It IS color, not colour. I'm afraid this isn't the U.K.
So sorry.
But, heh, whatever, right?
No pity for those that cant learn the lesson
by
RomulusNR
·
· Score: 1
I think by now you should have learned.
Don't use bloated software with obfuscated, arcane, behind-the-curtain scripting languages built in. This includes almost anything from MS.
If, after tons of Word viruses adding dirty words to your term papers or calling you a big stupid jerk, you haven't learned not to use that junk, you might as well also book a trip on a third world airline for midnight, New Year's Eve. (I hear Cuba will be having great fireworks.)
-- Terrorists can attack freedom, but only Congress can destroy it.
Re:It isn't an antimicrosoft conspiracy
by
sjames
·
· Score: 2
Based on their behaviour, I'm inclined to believe that MS really doesn't care about security. One of yesterday's articles showed that WinCE XORs your NT password against a FIXED KEY in it's registry. That's about as secure as rot-13 in usenet. If they had the slightest bit of concern for security, they wouldn't do that. I would have thought they had learned in the 80's when they used roughly the same sort of scheme to password protect word documents and a cracker program came out that could retrieve the password in under a second.
There are two Linux Viruses
by
Cardinal
·
· Score: 1
There are exactly two Linux viruses known to exist, as far as I know. They are Bliss, found in February of 97, and Staog, found in the fall of 96.
Neither are serious threats, of course. Both can be located by looking for a hex string.
This doesn't belong on slashdot
by
Tet
·
· Score: 1
Someone please tell Roblimo to stop posting about Windows viruses. They're neither news for nerds, nor stuff that matters. Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them. Most of us just sit and watch in amusement as the MS world infects itself. It really isn't interesting, so why post about it?
-- "The invisible and the non-existent look very much alike." -- Delos B. McKown
Re:This doesn't belong on slashdot
by
Anonymous Coward
·
· Score: 0
I strongly agree. The only news worth posting are DOJ-related.
Re:This doesn't belong on slashdot
by
Erik+Hollensbe
·
· Score: 2
I'm a self-proclaimed nerd.
I also had to look at the previous link to see what bubbleboy was, and I'm glad I did considering the windows boxes that I use have both of these components, not to mention my GF's machine, who probably is more than likely to find this surfing.
In other words, please, leave your definition of "news" out of the subject.. This is an issue for many computer users AND nerds.
Is it just me or has the "I don't know how to filter content or not click on the links therefore I'll just be lazy and complain to rob" quota jumped through the roof lately?
Rob has an email address. The article pos(t)ers all have email addresses, just click on their names. Please, please, please, don't send your bandwidth wasting flames and complaints to the forums, where they won't be read by the posters who probably have a small amount of time in the first place. Send it to THEM.
:)
-Erik-
Re:This doesn't belong on slashdot
by
-brazil-
·
· Score: 1
Ah, but gloating over MS' incompetence is so much fun!
--
The illegal we do immediately. The unconstitutional takes a little longer. --Henry Kissinger
Ah, for the days of VCL
by
Anonymous Coward
·
· Score: 0
Anyone remember when a virus writer actually had to have skills? You had to understand how the operating system worked, and take advantage of when it opened files, etc, to spread your work. I remember the first time I got ahold of VCL (Virus Creation Laboratory) I was ecstatic...no ASM knowledge required! But even VCL was a difficult, user-unfriendly tool to use. Compare that to a Word Macro Virus, for instance.
Re:Microsoft and patching
by
Just+Some+Guy
·
· Score: 3
Sure, it's the user's fault for not patching...
I have to disagree with that. If the user is informed, yet choses not to follow up, then it is their fault. However, a lot of us here tend to forget that: 1. Not everyone is a computer expert, and a lot of people don't know what a patch is, let alone where to get one or what to do with it. 2. There's nothing wrong with that.
My sister bought a new computer last year and is happily browsing and ICQ'ing away. She doesn't know Jack about security, nor do I believe she should be expected to. I mean, should every newbie make support.microsoft.com their home page, and check it for new misfeatures every time they go online? That's not reasonable. The vast majority of users simply want to get on the 'net and run around without having to bother with all of this, in much the same way that they want to use the phone without knowing the difference between packet-switched and circuit-switched networks.
Yes, I think that people should learn more about their new computers than most people usually do. However, I think that patching goes beyond the skills and abilities that the average user should be expected to know.
To make an analogy, have you checked to see if there's a recall on your car? No? Why not? Consumer Reports lists current recalls in the back of their magazine, so it's publicly accessible information, but I'd dare to state that not many people bother to check. So, if someone's defective car causes an accident, was it their fault for not taking it in for a "patch"? I guess, technically, it may be. In reality, though, I don't think that's a reasonable expectation.
-- Dewey, what part of this looks like authorities should be involved?
it's the "integration" that gets you
by
dammitjim
·
· Score: 1
This, to me, is the primary reason that the Microsoft tactic of integrating their software is so bad - more than the anticompetitive stuff. Why is there no press about this?
Everybody says "Well, yes, I hate Windows, too, but I love how all the Microsoft software works together so well," but it's precisely that integration (plus the fact that the people in the "new feature" department have so much more control over product development than the people in the "make sure it doesn't break" department) that opens these HUGE security holes in everybody's computers.
Nobody holds Microsoft accountable for this. How can we, as the Slashdot community, get some grassroots press release and technical writing campaign going to publicize this fact? Where is the stump we need to stand on?
Any ideas, anyone? I'm no genius, but I'd be willing to participate however I could. Down with FUD! Give them facts!
And this is a bad thing??
by
ArthurDent
·
· Score: 1
Computer software is going through growing pains in terms of security. The more we can learn from viruses now, the better prepared we'll be in the future in terms of what not to do. I'd rather have a temporary problem now and learn how to prevent them from happening in the future. The discipline of CS has had to fight off larger problems before, and this one will be solved too.
It isn't an antimicrosoft conspiracy
by
FreeUser
·
· Score: 4
Most computer users use Microsoft's products.
Most virus writers will, therefor, statistically use Microsoft's products.
Most virus writers will target systems with which they are familiar, which happens to be Microsoft's products.
Thus, most virus/worm/trojan products target Microsoft products.
The fact that such an overwhelming number of these attacks are successful, indeed devistating, is a testiment and real world demonstration of just how severely flawed Microsofts entire security paradigm continues to be. That the so-called "service" packs and security fixes generally break more than they fix (whether maliciously or through negligence) is a strong indication of how flawed Microsoft's development process and QA/QC procedures are.
Two points I've found interesting about bubbleboy. First, it doesn't affect all Windows - NT is immune. Second, the method seems to be taking advantage of the fact that a preview pane has to open code somewhat. This implies that variations may create vulnerabilities in other readers with this feature - Eudora coming to mind for one.
Re:Microsoft and patching
by
Stonehand
·
· Score: 2
It does; search for an 'autoRPM' daemon. It's not exactly an MS creation (although it MIGHT be to promote e-mail clients that execute everything in sight with minimal concept of permissions...)
-- Only the dead have seen the end of war.
Re:Illegal to write a worm?
by
Stonehand
·
· Score: 2
Like the infamous RTM worm?
I'm sure it's been written up, and IIRC there were some charges that actually stuck...
-- Only the dead have seen the end of war.
Ahh windows the swiss cheese of operating systems
by
Anonymous Coward
·
· Score: 0
Bubbleboy in the wild, Huh?. Funny. You'd think someone who's been confined to a bubble all his life wouldn't make it out in the wild.
I'm guessing the moniker of Bubbleboy is a sham. It's all a plot to give other bubblefolk hope that one day they too will be able to run in the wild.
-- Reality is like a Suitcase, we only take it out of storage when needed. -penfold
RSysadmins don't have unlimited time...
by
retep
·
· Score: 1
You know us sysadmins don't have unlimited time... Fixing security holes on a handfull of servers is one thing. But these desktop security holes force you to upgrade whole offices of Windows desktops. I don't have time for that.
At work there is a good chance we'll be switching to Netscape now because of this and many other holes in IE and Outlook.
Dark side of the force (Re:what I'm wondering...)
by
Hanno
·
· Score: 3
Years ago back in high school, I wrote a "virus" that basically just copied a short segment of source code to GW-Basic programs it found on the hard disk - yes, GW-Basic, that old thing for DOS 2.11 that existed before Visual Basic and Turbo Basic were known.
It didn't do any harm, it didn't "infect" EXE files and I did it just to find out if it was possible and what writing a virus is like.
Scary thing though that this simple program (just a few lines of code), despite being harmless and doing its task clearly seen in the open light (is that an English phrase, anyway) followed all the requirements to be called a virus. Today's macro viruses actually do exactly the same thing.
While I never spread "my virus", it was an interesting experience. From a pathetic viewpoint, those virus writers could be called seduced by the dark side of the force; being among crackers, script kiddies and other menaces to IT society must be like being in a street gang. They have their own set of values of what is "cool" and what gives you "respect" among the peers.
It sure would be nicer if those talented hackers (which they often are) would use their talent for something useful and write "good" software to gain a kind of respect that's actually worth gaining...
To answer your other question, I doubt that MS itself is the target. A virus must find a common platform as a host to spread itself, and Microsoft software, both Dos/Windows operating systems and Office/Outlook application software, are commonplace. This makes an obvious target.
WARNING!!!!!!! INTERNET VIRUS
by
rebrane
·
· Score: 3
The FCC released a warning last Wednesday concerning a matter of major importance to any regular user of the Internet. Apparently a new computer virus has been engineered by a user of AMERICA ONLINE that is unparalleled in its destructive capability. Other more well-known viruses such as "Stoned", "Airwolf" and "Michaelangelo" pale in comparison to the prospects of this newest creation by a warped mentality.
What makes this virus so terrifying, said the FCC, is the fact that no program needs to be exchanged for a new computer to be infected. It can be spread through the existing e-mail systems of the Internet. Once a computer is infected, one of several things can happen. If the computer contains a hard drive, that will most likely be destroyed. If the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop -which can severely damage the processor if left running that way too long.
Unfortunately, most novice computer users will not realize what is happening until it is far too late. Luckily, there is one sure means of detecting what is now known as the "Good Times" virus. It always travels to new computers the same way in a text email message with the subject line reading "Good Times". Avoiding infection is easy once the file has been received- not reading it! The act of loading the file into the mail server's ASCII buffer causes the "Good Times" mainline program to initialize and execute.
The program is highly intelligent- it will send copies of itself to everyone whose e-mail address is contained in a receive-mail file or a sent-mail file, if it can find one. It will then proceed to trash the computer it is running on. The bottom line here is - if you receive a file with the subject line "Good Times", delete it immediately! Do not read it" Rest assured that whoever's name was on the "From" line was surely struck by the virus. Warn your friends and local system users of this newest threat to the Internet! It could save them a lot of time and money.
--- cut here ---
ah yes. it's true what they say about fiction becoming reality. and we have microsoft to thank.:)
--neil
Illegal to write a worm?
by
TheTomcat
·
· Score: 1
I know this is a little OT, but I'm wondering what the legal technicalities are regarding worm-writing. If a hypothetical person were hypothetically to write a NON-MALICIOUS worm, would that be illegal? I know there are moral rammifications, but is it illegal? Maybe this would be a good 'ask slashdot'.
Slashdot Mirror
In essence, something like this would be a virus OS, rather than a conventional virus. Conventional viruses can be dealt with, but a virus OS is a much greater challange.
Soo... You're saying you're waiting for someone to write a smaller version of Win98??
Kintanon
Check out JoshJitsu.info for Brazilian Ji
I had serious problems getting rid of it!
Today I think before I code. I hope.
it's in my head
But what about the "bootstrap"? The virus has to be started, and the code for that needs to be in a place where stuff is normally executed, and that's where virus scanners are looking. If you hide a virus too well, it never gets executed and is no virus at all.
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
Class action lawsuit, anybody? :-)
OK, I know it was a joke, but really... There just isn't enough damage to an individual to warrant an action, class or not. On the other hand, the (Federal?) "Public Nuisance" legislation is designed explicitly to handle the case of, well, nuisances, who do a small amount of damage to a large number of people. A letter to your State Attorney, suggesting an encore for the anti-trust case, anyone? (:-) {- maybe???}
My first personal computer was a Sun-1, followed by a Microvax. I've since moved on to various brands of Sparc and Intel chips, but those are still mine and mine alone. And I assure you that they all run free anti-viral software loosely referred to as Unix. :-)
This was back in the early and mid-80s, and I don't ever recall there being any problem hooking one computer up to another as you mention. Certainly ethernet and ftp/telnet were easier than serial lines and uucp/uux, but it was hardly black magic.
If you want to discuss business computers, those too had operating systems once upon a time. I never had much fun with Sperry UNIVACs, HP 3000s, or MVS boxes, but you can't say that business has always been accustomed to the negligently insecure systems foisted upon them today.
Second of all, I'm not sure that this would be exculpatory. Just because Microsoft and Apple have inured or lulled hapless consumers into accepting an explosive situation would not appear to my mind to get them off the hook. Yes, it is a wonder that notions of security are not end. Anything else is madness.
You think you'll have fewer problems with Netscape? Wow. Take a look at Netscape 4.7, why dontchya'. It's the biggest steaming pile of crap that's ever been dumped on the web. And if you think it'll be easier (much less more secure) than IE, ha, think again.
And as for Outlook...wouldn't it be much easier just to install the patch than to go install a new mailreader on a zillion machines and then educate everyone on how to use it? Besides, Outlook is by far the best mail-reader for corporate Windows-based environments.
It was Microsoft's fault, so they need to cover the costs others have incurred because of them. It's as if a car manufacturer would they shipped a car with an insecure gas line. They'd have to pay to fix the problem, and any damages as well. And if it could be shown that they knew they were shipping such, boy, the feeding frenzy would not be a pretty sight.
Then again, if the menu were to feature Lord Bill's Evil Empire pummelled, diced, and stewed, this might be a pretty sight after all.
Just something to think about. :-)
>Obviously you've only been using the Internet for >a few weeks (how are those 50 free hours holding >up?) so I'll do you a favor and fill you in.
:)" doesn't strike me as particularly 'insightful'.
Ah, childish comments. Bravo.
That aside, somehow posting the entire Good Times hoax, and then stating "ah yes. it's true what they say about fiction becoming reality. and we have microsoft to thank.
Maybe I am wrong, but, to me, that looks like a post that has a great chance of confusing those readers that are less enlightened than yourself. Why do you think the Good Times hoax has ended up in your mailbox so many times? Literally, your post says "The Good Times virus is no longer fiction, but fact, thanks to MS". That is much different from "It is no longer true that you can't get a virus by simply reading an email." Things that are obvious to you, aren't obvious or even "fairly obvious" to others. I think it is wiser to write with specificity, and not make assumptions that the readership will be able to "read between your lines".
PS - Try to refrain from the immature little attacks in the future. Oops, gotta go, that "You've got mail" wav file just went off...
Unfortunately, Viruses authors are misguided, and just cause hassle for all. They would probably make good low level programmers
However, they do provide a market place... for norton, Mcaffee and the other companies who sell virus apps... so, in a way they do provide jobs for people... however, at the end of the day, there is no justification for making misery for people.
Instead of releasing viruses in to the wild, why not a "virus competition", that way they can show off to fellow virus writer geeks!!!!
Viruses will become more important during war time as well... hack into the enemies network, and put a virus on their networks.. much like Misilla (spelling) virus which can render machines to useless piles of metal by trashing the bios. Of course, you can also corrupt data as well as hard discs.
No I'm not justifying viruses.. but in a way, they can be useful... in the right conditions... and in some ways, you have to admire viruses for what they can do... viruses destructive nature is just stupid.. virus authors should grow up!
welcome back shill boy. It's good to see you ! I was wondering what happened to you since the big FoF came down. I missed your angry MS shill boy remarks. I thought maybe since your pithy little company has been declared an illegal monopoly that you gave up spamming us zealots. But alas..
...run along you pithy little troll boy... I'm sure you have much work to do
Funny thing, if you MS lemmings weren't so full of hubris and bs I doubt that all of the tech savy people would have such disdain for you and your shamefull company. We would probably just ignore you instead of despising you.
Now
Now that you mention it, I guess in some senses my own situation is similar. It's just that I use Linux network at work (save for firewall etc, which are BSD), but at home am fortunate enough to use BSD for everything. :-)
--neil
Ok, I understand your point. But it is more likely that the author was showing off the code and someone else published it. Instead of just going off and sending it to other people. s?he did the right thing to give it to the security agency first, so that if it gets out, then there will be a defense against it. The person is still a [h(cr)]acker, but with a conscience.
Steven Rostedt
Steven Rostedt
-- Nevermind
Good point. /. if somebody actually noted this.
/.ers waiting for mozilla?
I found the previous message SEARCHING
And it looks that nobody here is discussing how epidemics depend on population distribution.
And market share is a BIG issue for MS now.
I thought everybody (on the media as well) would have discussed ages about how this splits the net in 2 (insecure and mostly safe) communities.
Perhaps IE has become the browser of choice for
"Fighting fire with fire - burning down the house."
(Think of Tom Jones)
------------------
------------------
You may like my a cappella music
This particular virus appeared too late. Microsoft has had a fix available for the particular exploit it uses for weeks now. Anybody who goes to Windows Update regularly and applies all critical security fixes as they become available is immune to it.
In fact, it's possible that this virus only exists because the exploit became known due to Microsoft's fix. Only people who don't use Windows Update are vulnerable.
So it's a sign that Microsoft is getting better, more proactive toward security issues. Not that a lot of the anti-Microsoft crowd will be overjoyed...
Well, if its a worm, it spreads, and that spreading consumes resources - oten a lot of resources. This resource usage alone can be declared a crime. Still, if you spread a non-malicious virus and get caught, you'll usually be let off with a much lighter punishment.
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
It seems to me that every time a new virus comes out, a fix is quickly created. Patch after patch after patch is sent out and needed in order to keep safe. This reminds me of patching a house which is falling apart. Eventually, you'll have to just tear it down and start over. It's also a pain to re-install software since you have to install all the patches that are available (kind of like re-installing Win98 and having to then go to the Windows update page and download all those updates...although the same thing exists with Linux, you must install the MS updates while online...not fun on a 56k).
/. password yet..)
/. posted comments in this courier/fixed width font.)
While this may seem less secure (you may be infected by a virus during the waiting period) maybe software developers should wait until enough fixes are needed and then release an entirely new version of the software. Now, this would really only work well if there were reliable uninstall procedures and you had a working files drive/partition and a system files/programs drive/partition.
Maybe I'm wrong. If you think so, why? Maybe I'm only partially wrong...could someone think of something better?
(I would log in but I'm not at home and haven't remembered my randomly-assigned
(I wish
Take a look at the assembler code for some older dos viruses (like stoned/monkey-B, AIDS, etc) you'll realize the complexity and be amazed at the fact that 150 bytes can destroy your system so silently and quickly.
(OT: do they still sell cd's of virus code anymore?)
Virii writers of old are the exploit writers of today, yes they sound childish and act like dipshits, but they are very smart people and should be respected, as they are responsible for a good deal of security advancements in today's computing world.
-Erik-
To protect against "Bubbleboy" you can also apply the security fixes available at the Windows Update website. They were available before Bubbleboy was set loose.
Carry on with your usual propaganda claiming Microsoft is always behind on protection from these things. They're becoming more proactive all the time.
My company has a stupid policy that we _must_ use outlook or I would move to a different client in no time.. But now the patch is installed and I for one feel soooo safe (sarcasm intended!)
Oh I know the old virii were complicated and clever, but todays macro virii etc, aren't, and shouldn't be "respected", and I doubt if the people writing them are half as clever as the old DOS/Amiga/ST virii writers.
The fix was the prevent the control from ever loading in the first place. They didn't patch it.
this has been around for about 2 yrs, you haven't seen anything yet
Well Most of linux software is open source.. I know I dont get any closed source apps , and I know alot of people dont , so it would be harder to make a virii for linux.
I recall this issue having come up in Phrack, in essays on "mutating" code. A way to make viruses "mutate," it was argued, would be to keep the main virus instructions "encrypted" (obfuscated, really), and wrap encryption/decryption code around that (usually this was very small XOR "encryption", not very large code at all). The problem was that a virus scanner could check for this encryption code and thus detect the virus. The same dillema would exist with bootstrapping code.
Doctors amputate Turkish earthquake survivor's arm [This story contains video]
"Whatever happened to fair use?"
-- Duff-Man
Just something to think about. :-)
:-)
Well, half seriously thinking about it, I figure you could make a case for $50 for the software. Then with time to download patches and the occasional damage done by the vir{us/es/ii/a/i/um/doh/take your pick} you could justify another $100-$200. So whose going to go through the hassle of a court case that will drag on for years (decades?). A lawyer wouldn't bother unless there was serious money at stake, which means at least 10^5 people. Who is going to find them all? Apathy alone will probably win for M$.
On the other hand, the government could use the public nuisance statutes to sue on behalf of everyone affected, with or without their permission . Let's see, that's $100 a pop (to be very conservative) times say 20 million (ditto) over say 5 years (again) for a total of $10 billion, again with tripple damages possible. I think the feds. might just be tempted. I'm sure some states (California, hint, hint) would. Like you said, just something to think about.
BTW, you *have* been busy on this thread, haven't you.
All these viruses that take advantage of holes in MS products, are they being written just for the sake of writing a virus (a stupid occupation if ever I heard one) or are they specifically targetting MS products in order to speed up their downfall? It can't be doing the MS PR engine a lot of good to have to continously fix these "little glitches"...
I worry about this win98 auto update feature. This looks to me like an extremely exploitable feature! Has anyone tried to DNS poison a domain and get the auto update program to install a virus that way? This scares me!
Mike
--
Mike Mangino Consultant, Analysts International
Mike Mangino
mmangino@acm.org
If the author sent it directly to the security boys 'n' girls, how did it get into the wild? Either the author isn't on the side of the angels after all or there's a trojan horse in the anti-virus world. Which would be ironic.
The other thing I noted in the story was that it's patchable if you go to the microsoft site. This places the onus on users to make sure they're not infected; Microsoft can say 'look, it's available; it's not our fault if you don't download it.' I don't want to start another anti-MS diatribe (I hate windows, not MS), but unless I'm over-inferring, this is another example of passing the buck; MS bring out the OS, it's up to the users to use it responsibly.
I really believe this is the fault of Microsoft. As much as I love computers (and dis-like windows), I don't like spending my time downloading patches and being worried.
:(, my next computer purchase will be a linux-compatable sound card.
Would you like to feel like your walking down a dark alley where there could be an attacker from nowhere whenever you use your computer?
Not for me sir, and I'm very happy whenever a new bug that affects M$ products comes out, because I've got more to support my argument to ignorant Windows users that Windows is NOT that great. I'm suprised it works, in fact, I've got an installation, and it almost doesn't, it's always a battle to even use it as an alarm clock (the traditional ones are just not loud enough, and there are no Linux sound card drivers for my sound card
Wow, one of the Perl gods whose name graces several of my books shelves and I am here to split hairs.
Please don't confuse the use of personal computer between a marketing term for a wintel system and what a consumer uses a device for. If you want to call a Sun-1 or a Microvax a personal computer and put them in the class of Wintel boxes and iMacs then I honestly think you are doing a grave injustice to both Sun and Digital ( well what's left of it here ).
This space for sale
>your hair out!
Actually, the patch is irrelevant to these particular symptoms.
P.S. The point is, you don't even have to open the attachments, dumbass. I'm looking forward to lots more viruses like this that exploit the stupid "executable-as-document" thing M$ likes to promote.
Zonker Harris "There is not, nor ought there be, any food more exalted on the face of god's grey earth, than that
I, for one, never had a moment's doubt that Bubbleboy would make it out into the open. If nothing else, the arms race between virus writers and anti-virus companies guarantees that viruses will show up in public. I wouln't even blink if you told me that it was spread by one of the antvirus companies (even by accident), because what will happen as a result?
That's right - more antivirus sales. And now that Macs are popular again, there's even viruses that affect them: for years, Mac users could putter away in safety knowing that not even virus writers developed for the platform. Now Macs aren't even safe.
I'm sorry, viruses are just not a sufficient reason (yet) to switch my whole company over to Linux.
I guess I'm just a hardened cynic. Oh well, time to go make sure I remembered to set the filter on Groupshield...
- -Josh Turiel
-- Josh Turiel
"2. Do not eat iPod Shuffle."
And, yes, the moment the virus was reported on Slashdot, it was already in the wild because of that Japanese website, and that story could be found on every major news website a week ago. Wired is just incredibly late.
Additionally: the patch was actually available before the virus broke out. It's a patch for another vulnerability, and BubbleBoy is actually a late-comer in exploiting that fault. It's the manner in which it does that's interesting.
That being said, the threat level of this virus is minimal, and it's just another public scare. It's a mail bomb-type virus a la Melissa, and it's the proof-of-concept that's scary, not the outbreak of a proto-virus.
"The wages of sin is death but so is the salary of virtue, and at least the evil get to go home early on Fridays."
The code that it brings down has to be digitally signed by Microsoft's key, or it won't be trusted to be installed. So not only would you have to spoof the DNS, you would also have to run code on the local machine to disable to signature check (or you have to crack Microsoft's key). And if you could run code on the local machine, then you've already *got* your virus installed, don't you? So it's more secure than you think.
Not mine: I run system 8.1. However, the new version of Sherlock (impressive search tool) does network activity without asking and tries to update its plugins, MS apps try to autoupdate and there are other system software components that try to autoupdate.
That's where I get off, frankly: I _will_ _not_ go along with that. If that means I run system 8 until it can't be usefully used and then go with Linux, so be it: it's absolutely true that it's an exploitable feature, but what you are not acknowledging is how unhealthy it can be even WITHOUT virii being installed. Supposing all the Lotus Notes users had NT autoupdate the NT fixpack that 'happened to' kill Lotus Notes? This whole scenario _might_ be permissible if all commercial developers were responsible and did extensive compatibility testing (HA!), but as things are, it's a recipe for rapidly losing control of your machine, not knowing why it's increasingly broken, and not having the power to even fix it, even if you know all kinds of things about the machine and can debug the installation and troubleshoot it infallibly. We're talking sort of plug and play hassle at the software level- instead of cards fighting you every step of the way, it's the potential for software itself to get into fights with other software, and every time you turn around something downloaded an update which turns out to break something else.
That's an absolute nightmare waiting to happen, and as I said, I could easily see it driving me to Linux fulltime in the long run if people don't STOP trying to do this insane behavior. Auto update assumes that the newer a version or update is, the better. Almost any computer user can identify cases where the opposite is true. I was forced to stop using iCab and return to Netscape _because_ newer versions became hopeless crashfests- and I'm not using a newer version of Netscape, either, I'm using a particular version that seemed to like my machine more than usual. And it only takes _one_ autoupdate to a broken or conflicting application to hose you- in the case of system software or always-resident software, it can cripple you entirely.
The other thing I noted in the story was that it's patchable if you go to the microsoft site. This places the onus on users to make sure they're not infected; Microsoft can say 'look, it's available; it's not our fault if you don't download it.'
with win98 you have a nice feature called "windows update" which brings you to a page listing all the critical patches, and other dowloads (such as new themes and new versions of media player and whatnot). All you have to do is check a box and click a button. This patch was on windows update as a "critical update" a month ago. It wasn't that hard to download.
-------------
The following sentence is true.
The following sentence is true. The preceding sentence was false.
Why didn't she call the virus "Good Times"? It would have been a lot funnier. And she could have attached to the "Good Times" spam (which isn't quite spam now is it?) that goes around every few years?
-RossB
It seems that the author of the virus was actually triggered by the patch !
The patch for the sciptlet/Eyedog vulnerability has been out since the beginning of September.
However, the virus using this vulnerability appeared first time in the beginning of November.
So the Slashdot story comment of "A patch is now available from Microsoft.", is slightly misleading. It's been there all the time.
But well, what do you care, it's just FUD, right ?
A buffer overrun works because nothing is checking to see if the buffer is full. In that case, data written past the end of buffer will be in some other segment of memory, and *possibly* executable. However, if you write your code to keep an eye on the buffer, you can handle the overflow safely. (Increase the buffer size, stop accepting more data, etc...)
"Most of us just sit and watch in amusement as the MS world infects itself." /. readers use MS at work and a Linux box at home. So quit the "I'm alright, Jack" mentality, OK? Just because you don't get affected, don't assume everybody else won't - I don't mean you getting directly infected, but having to clean up after John Luser got sent something. You've obviously never been infected by any quickly replicating virus; when that happens, you say goodbye to your next 48 hours. Fine if it's your PC, not so good if it's your office's network. :) knows there's a threat to her PC?
/. is a far more interesting place for it.
Most? I'd bet the majority of
"It really isn't interesting, so why post about it?"
Depends on what you do. If you wear sandals, have a beard, and are horrendously condescending, then you probably run SCO or Solaris and are not interested in the machinations of MS and "the MS world", apart from some smug sort of justification of your OS. Face it, someone you know must run MS. Would you rather know about this, so you can help other people who might not be so IT savvy, or assume your granny who runs W98 (so she can play Unreal
"neither news for nerds?"
You've obviously never read up on viruses. Get a book, read up. Plenty of nerd material there; self modifying programs, mutating code, understanding & exploiting OS features & holes.
Just because you think you've got a handle on your security, doesn't mean everybody else does. Slashdot is read by all people from all walks of life; grow up a bit and start accepting not all people on Slashdot are IT gurus, and realise that
Strong data typing is for those with weak minds.
I'm angry at M$ because of their shoddy service, slow reaction times to exploits and bugs and charging for bug fixes. They've gotten a money mentality rather than a product mentality. If our critisizm has caused them to rethink their position in any way, then I'm happy. If they start being quick on fixes, more proactive on improvements and more customer minded, I'd be tickled pink. Not that I expect that to happen - too long have they been on their path of profiteering to make such a radical change, even with the help of the DoJ. Fortunantly, we have Linux, *BSD and other OS's that do take pride on the product. I've yet to use BeOS, but it looks like there's a lot of product satisfaction there too. Depending on the actions of the DoJ, any one of these could very well become the next major OS and revolutionize the way we use computers...
Actually, all you have to do is go to the Windows Update site and download the "automatically notify me of critical updates" patch (a daemon of some sort). Then, anytime a new critical security update becomes available, next time you are online a dialogue pops up automatically notifying you that the patch is available and asking if you want it.
If Linux had a feature like this, people would be crowing all over the place about what a great thing it is. Since it's Microsoft, there's just a lot of sullen silence on Slashdot about it.
Plus! If you're capable enough to write stuff like that, and you use linux, you have far more interesting options, like help develop te OS :) You don't need to stop these people you just gotta direct their energy to something useful.
Beware of Wight Supremacists!
Windows Update takes care of all of this. Unfortunately, in my experience, this feature is like the vast majority of windows features..it looks great on paper, on the side of the box, and everywhere else, until it crashes unexplainedly when you try to use it.
Personally I wouldn't hate M$ so much if they just fixed the programs they have instead of releasing new versions with more (buggy) features, but that's what you can do when you're a monopoly and quality doesn't count only the need to be percieved as innovative, and to get a "new" product on the shelves.
BTW, NT is impervious to this attack, so keep that in mind while M$ bashing.
+&x
Any ideas, anyone? I'm no genius, but I'd be willing to participate however I could. Down with FUD! Give them facts!
This is a point which ought to be aired! Who should be the natural group to call Microsift to account for this mis-engineering?
Why, the anti-virus industry, of course. But not many people want to down-size the industry that employs and enriches them. Those that do are called mad, or Bob Young.
And anyone who has seen the Michelangelo virus bullshit knows that fud can come from other sources than Redmond.
--
Anonymous, and proud!
Looks over at copy of Perl Cookbook
heh cool.
Nice work
---CONFLICT!!---
But do you check the code, or do you just compile and run. (like me and most other people I know).
Tommy
Ignoring for the moment opinions on the quality of MS software, this touches on a question I've often had about Open Source. If there's a gaping hole in, for example, Outlook, and a company loses all its email for the year, they have someone to blame, and potentially hold legally liable. (Assuming that they company wasn't negligent in applying patches, etc). If, however, the same company were to use, oh, for example, Linux, and have the same thing happen, then what? If they downloaded the source from RH's servers and installed it... er... where would they look for legal redress? The multitude of unidentifiable coders who generously gave their time and expertise to write what is, on the whole, an amazing product? Do they *have* anyone to turn to? If, on the otherhand, they bought a copy of the RH distro, and used that, *then* can they sue RH? How about the OEM who sold them the server with Linux pre-loaded? I guess it just seems to me that, along with the product, when you buy an MS product (or most other pieces of software) you're also purchasing the right to blame...
I know I've drifted some from the original topic, but this is one of the aspects of group developed open-source projects which I don't really understand....
-User
Emacs is for experts. Pico is for beginners. VI is a disease.
How would having source to your apps and OS protect you from this sort of email virus? Assuming that there is a Linux email reader which can auto-execute embedded code, you'd still be vulnerable if you had that feature turned on - regardless of any code auditing.
I believe in a previous /. article someone described such a mail reader - I'm thinking emacs but I'm not sure. Anyone know?
Your right to not believe: Americans United for Separation of Church and
2) It IS color, not colour. I'm afraid this isn't the U.K.
If this isn't the U.K. then where exactly is here??? Hint: It's not the U.S. dogbreath.
Bad Command Or File Name
I'm not quite sure why you assume that Unix is immune to viruses. If I send you a script: /
#!/bin/sh rm -rf
and you run it as root, there's no antivirus software to intercept the unlinks and ask you if you're really sure you'd like to go ahead with it. Almost every aspect of a Unix system assumes that the human is fully aware of all security problems--even today, many Linux distros run finger, portmap, telnet, and the like by default. Unix's "immunity" to viruses is based on the awareness of security issues among Unix software developers and Unix users.
I'd venture that in a few years when enough nontechnical users are running as root on their home systems, Unix viruses will become more prevailant.
Gates' Law: Every 18 months, the speed of software halves.
Since it's entirely possible that some of the 'nerds' out there have to support MS-based enterprises (or friends that treat them like a personal help desk :0( ), it's good to know about this kind of information. As a Domino/Notes admin who has to work with Win32 all the time (no Linux client, as has been discussed ad nauseum), I don't have to worry about infection, but see how it can be relevant to many readers of this site.
AFAIK, slashdot is not the "linux-only news for nerds" site, and I hope it stays that way.
Uh oh. Now you have a virus.
Anything you feel you need to do to cope with your inadequacies, by all means do.
Sorry, I've never used VMS, so I don't know what viruses were made for it or how they might have worked. You seem to be suggesting (absurdly) that VMS had ActiveX controls and supported JavaScript in HTML-formatted email messages. If this is not what you mean, would you please elaborate?
You'd still need to be able to get control to flow to that bootstrap routine, though. A virus scanner might think it strange if a program's start address was beyond the end of its image, or if the program began with a jump to such an address. That would be a dead giveaway that something fishy was going on.
I think this is an interesting point here...veiled, but its there nonetheless.
Basically, rather than needing to have an intimate knowledge of the operating system to write a virus, now that there are sufficient API's in higher level (middleware as Judge Jackson and others have called them) you can fully write viruses in these middleware "languages". This requires intimate knowledge of the middleware, but not of the underlying OS really. Its interesting as the heralded promise of cross-platform programs to increase productivity, is also potentially bringing about the spectre of cross-platform virii...a concept that was just mind-boggling less than 3 years ago.
I think a lot of the posts casting aspersions on Microsoft, have some significant points (I don't *totally* agree, but I do think they bring about some good points). The "security" of these middleware applications have been largely overlooked (primarly by Microsoft...some of the other middleware APIs...java, javascript, etc...at least have given some thought to security). Personally, this is one of the main reasons at this point that I don't want to hassle with MicroSoft software. Originally I didn't want to support the company as an ethical stand, and I thought the software just sucked. Now, the potential hassle of running the software and dealing with the security whole of the day introduced by the latest 'feature' of the day is just more than I want to deal with.
Jeff
It is a common idea that buying a commercial product should give you "someone to sue" if something goes wrong. Indeed this is true for most classes of products, especially if there was provable negligence. It is not true for any software that I am aware of, and certainly not for Windows. If you read the Windows EULA (or GPL for that matter) you'll see that they deny any liability or warranty. So there is, in fact, no one to sue in either case.
There have been some questions raised about the legality of such "shrink-wrap" licences, but I don't know of any case in which they have been overturned. In any case the UCITA, which will soon by passed by the states, barring divine intervention, will put these licences on unassailable footing.
The way big companies protect their truly expensive hardware and software is with on-site support contracts with guaranteed uptime. These contracts tend to limit liability as well, and are available for open source as well as proprietary offerings (including Microsoft).
In short, if you want assurance about a software product, you need to spend a lot of money on a support contract or trust your staff to build reliable systems and support them well, no matter who made the software.
--
"L'IT c'est moi!"
I suppose that my children aren't free because they are not free to sell their children into slavery?
--
"L'IT c'est moi!"
The problem here is that the virus is NOT an attachment so the old adage "Don't open attachments and you'll be OK" doesn't apply to this type of virus mearly selecting the message and previewing it can infect your machine without opening any attachments. You need to do one of the following, download the patch, set the email reader to high security settings (so active scripting etc. is not excecuted), or change to read mail in plain text rather than HTML format. Which solutions work depend on which version of Outlook is being used.
-------- This space intentionally left blank --------
To do out of ignorance those things is to be idiotic. Microsoft and the mindless morons who produce software for that crapware non-O/S platform encourage people to do both. This passes beyond the idiotic into a realm that is negligent at the best, and criminal at the worst.
But how will I run psychoanalyze-pinhead?
I knew you'd post anonymously! Still mad about pokey the penguin?
What would this "non-malicious" worm do? Terminate itself and delete it's file?
Anything else can be interpreted as malicious.
I work with MS Windows (as a developer), and I am forced to use Outlook 2000 (by the company I'm at). If it hadn't seen this newsstory, I wouldn't have innoculated myself until the IT folks sent out a technical builiten... and that could be weeks. Thus for people in my situation, this is very helpful. Incase you didn't notice there are Linux, BSD, Mac, Amiga, Palm AND Windows folks here. That's what tolerating differences is all about.
/. are also system administrators who need to make stuff like this known to their (l)users, and be able to answer questions about the latest and greatest virus scare.
A lot of people on
Finally, this is news. This is the first (reported) email/web virus that doesn't require the user to actually run something. (Yes, viruses that didn't require execution existed before, but this one is the first (reported) web-virus.)
Myddrin
More FUD. Outlook does NOT automatically process attachments. It will automatically show email in the preview pane (which is how BubbleBoy operates). BUT YOU CAN TURN IT OFF in one of the top level menus. Problem solved.
That's too small a piece of code for a virus scanner to recognise. There's nothing that's unique, to identify.
-NOW-, many virus scanners also detect changes to files. -This- could successfully recognise the bootstrap, no matter how small or how carefully disguised it was. As you say, it has to be executable. But this assumes you have a record of what the file -should- look like. If you've got a disk or a file that's infected, you won't know until it starts infecting other files.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
As Dec Mail would (by default) display the subject line of the message, when you received an e-mail, this means that you didn't even need to open the message to be infected. Receiving it was enough.
Whilst not quite as powerful as ActiveX or Javascript, the Dec shell scripting language was, nonetheless, very powerful. Easily enough to do everything BubbleBoy can do.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Someone please tell Roblimo to stop posting about Windows viruses. They're neither news for nerds, nor stuff that matters. Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them. Most of us just sit and watch in amusement as the MS world infects itself. It really isn't interesting, so why post about it?
/. is not a Linux site, or even a non-MS site. Even if most /.ers hate their guts, a very large portion of them works with Windows networks as part of their job, and even more are employed at places where most of their coworkers use Windows. Important viruses like Bubbleboy are vital news for a large contingent of /. readers.
/." posts every once in a while) that, with the possible exception of the decision to interview John Vranesevich, it's usually not too appropriate to second guess the /. staff for posting an article. If you don't find it interesting, don't read it, and post on it. If lots of people don't find it interesting, then there won't be many posts on that subject, and eventually Rob and Roblimo and Hemos will figure it out. Furthermore, if the discourse of whatever posts there are is no good, they'll eventually catch on to that, too. And they'll be less likely to post on that subject on the future.
/. was just a couple thousand strong doesn't mean that you automatically speak for the entire /. community now. Just because this may not have been "the sort of thing that got posted in the olden days" doesn't mean it's not what should get posted now. Besides, I may not have been around as long as you, but I've frequented /. for a decent amount of time, and certainly wouldn't have been at all surprised to see this story, or even a similar but less important one posted, say, a year ago.
/. do their job. I think we'll both agree they make the right decisions most of the time, and when they don't, they're good enough to figure it out on their own.
I couldn't disagree more. Now, there are lots of reasons why I think this is interesting and worth talking about, but disregarding all of those, the simple fact is that
Beyond that, Bubbleboy isn't just any old virus; it's the first self-executing email virus, and probably the closest any virus has come to the 'ideal' of infecting a machine despite the user not doing anything wrong (no, running Windows doesn't count). Indeed, your assertion that "Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them," is precisely why this story needs to be run--because Bubbleboy turns the conventional wisdom on viruses on its head a little bit. (Of course, one could argue that that's because most viruses don't actually target OS bugs, but rather legitimate functions; in some sense, Bubbleboy is more of an exploit than a virus.)
In the end, I think (and not that I haven't felt like posting "does this really belong on
The thing is, it doesn't hurt you one bit for this article to be here. If the subject doesn't interest you, then fine: move along. But don't automatically presume that everyone agrees with you. Just because (wow--just clicked on your user info) you were around when
I suppose what I'm trying to say is, let the people in charge of
I've been about since it was born- before that I was a frequenter of Chips and Dips (it's predecessor!) and this joker doesn't speak for me.
/. You'll be a hell of a lot happer, believe me.
While I'm a Linux coder/admin, the place I work for has standardized on Outlook/Exchange for their e-mail; this is a frigging nightmare for us to have to endure (Thank the Lord I've got daily backed up CVS repositories for our code- it's the only thing that saved places like Dell when they got ravaged by Melissa (MS lost months of work in some cases- Dell lost only a day's worth of work.)). All of you might think a catastrophe or even a scare caused by something like this would wise them up- you're dead wrong. The management types (the clueful and the PHB variety) don't usually think the same way you do and they won't automatically make the connection to blame the true cause, MS- so don't cop the attitude that you're ok and everyone else can just go to Hell in a handbasket because they basically did it to themselves (Yes, I know that it is these people's fault- but the best solution is to prevent the catastrophe and show them via this problem the error of their ways!).
Almost everything that has shown on this site belonged here. Not everyone here is a Linuxhead- it's wrong to assume that this is the case. If someone wants primarily Linux-only news, might I suggest LWN or Linux Today instead of
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Sort of. The Preview pane isn't really required; opening the message will do just as well. The Preview pane just makes it happen a little more automatically.
I'm not sure what you mean by "somewhat". In order to display the message at all, whether in the Preview pane or a message window, the mail client has to process the HTML and execute any embedded scripts. This is how the virus is activated.
My point was meant to be that /. isn't a virus alert forum.
Hey, maybe it's a slow news day. Rob has to put something up here to keep the hit counts high.
The primary reason we don't have viruses for Unix operating systems is because of our security model. The primary reason you do have viruses for Microsoft's soi-disant operating systems is their lack of a sound security model. There are others reasons, but this is the crux upon which hang untold zillions of dollars of needless costs.
The source code for this worm/virus was posted on the authors (Zulu's) Web site some time ago.
So posting it to another web site is no big deal.
Now if anyone is silly enough to e-mail it to someone.....
Regards
Zed
--
Why is this moderated up as 'insightful'? This is a HOAX. The FCC does NOT release statements regarding virus threats. "Warn your friends and local system users of this newest threat to the Internet! It could save them a lot of time and money." The aboive is a sure fire tip off to a hoax. Now break out your moderation points and blast that sucker down to -1, where it belongs.
Most of us just sit and watch in amusement as the MS world infects itself.
So what's the problem? Personally, I enjoy a good laugh every once-in-a-while.
It's interesting that viruses are now described as "going wild" or "escaping". Could this be indicative of a trend? Consider the following. As new network connections are laid down each host on the internet has the potential to connect to and accept connections from a rapidly growing number of other hosts. Network services are being automated more and more often. We are seeing a proliferations of tools which aid in cross platform execution different tasks. This is the perfect breeding ground for an organism. Good ecological diversity, lots of cover/protection from predators, lots of resources, and it's condusive to easy transportation. It shouldn't be to hard to create a virus (or worm) which would reproduce sexually rather than asexually. We did something similar in simulated environments and we got some amazing results. Agents (the individual organisms) would even evolve to work with other agents and display group behavior. Sometimes we would get dominant populations using algorithms that we hadn't even predicted. I think the biology analogy for viruses is going to get alot clearer in the next few years.
The English plural for what is 'viruses.'
Language is something that develops out of usage. It isn't 'owned' by stuffed shirts in an academy somewhere.
The plural of "self-replicating infectious computer code" can be whatever society calls it. Stop shoving your dictionary at us, please.
This has been done. As a matter of fact, one of these came across as a /. story about a half year ago. The virus took advantage of internal fragmentation on FAT fs's. I'll look for the url...here it is. The informational link from there doesn't appear to be valid anymore, but that virus hid itself in files without changing their size through the method you mention.
Pax -- Ob
Go away you Micro$erf!!!
LINUX RULEZ!!!!
This is a direct lift from the MS site:
The Microsoft VM is a virtual machine for the Win32® operating environment. It runs atop Microsoft Windows® 95, 98 or Windows NT®. It ships as part of each operating system, and also as part of Microsoft Internet Explorer.
Funny that, I thought IE was an integral part of the OS???
The older I get the better I was.
Would Mellissa be declined differently than bubbleboy? I took two years of optional Latin in H.S. here in the US, but unfortunately I sort of forgot most of it without anywhere to practice...
There was a virus on the Apple II which did this.. Joe Dellinger wrote a little bit about it in Risks Digest. It would hide in unused sectors and patch the OS to call it. It checked for modifications and if the virus got overwritten then it would remove itself.
They actually responded 2 months before the virus was written !
If they would just be as quick with Win 2000, we would have had it last year !
Installing the MS patch will start a string of error messages and BSODs that will make you pull your hair out! I had to uninstall IE 5 and my antivirus prog to exsize the evil patch, then reload both to get back to normal.
Believe me if I could get away from using Win/Lose 95 and 98 at work I would! I am stuck however with this loser device that breaks on a regular basis anyway. I should have learned my lesson the last time that a MS patch broke the damn thing.
Rule number one, "If it ain't broke, don't fix it." I have never had a problem w/ viruses using windows because I don't open the attachments.
Later
Y2k Flunky
--Somewhere there is a village missing an idiot.
You wrote: "Considering how quickly MS responds to potentially dangerous virii". But there are no "virii". That's illiterate script kiddie talk. The English plural is "viruses". Or are you intentionally trying to sound like a script kiddie out to do evil and understanding nothing?
Backpedal, you jerk.
Yes, backpedal!
There are no "cross-platform virii". As tchrist just pointed out, you mean viruses.
Although it's fairly obvious from actually reading the comment anyway, the Good Times virus warning has been around for who knows how long. I first got it about 6 years ago, I think (and have gotten it 5 or 6 times since). Practically everyone who has an e-mail address has gotten it. Yes, it's a hoax. It's obviously a hoax. It's the oldest hoax in the virus hoax book, and countless debunkings have been written, centering around the very important point:
"You can't get a virus just from reading an e-mail message."
Oops. Microsoft certainly is redefining the way we think about computing...
--neil
Lets face facts Microsoft Windows is a Virus . What else can cause a computer to crash on a semi -regular basis.I would complain to Micro$oft but lets be real.It's not in their best intrest to fix their own piss-poor programming .Talk about planned obsolesence.
Why not Linux, or any 'nix, you ask? Good question. Made me chuckle. At the place I used to work, I once explained to the production manager how X-terminals could save the company tons o' money. How most employees needed nothing more than some pretty straight- forward productivity apps, email, etc. How X-terminals truly are plug-n-play. Literally. No virus issues (email or otherwise). He asked "Well then, why don't we use them?" I just laughed and suggested he ask the "powers that be" that question, because I honestly had no answer that made any kind of sense whatsoever.
I don't know if he ever asked. I know if he did he got no coherent explanation. In any event: I don't care anymore. I no longer work there. I now work for a place that understands the expense of desktop PCs and is looking to go more "thin client" than we already are.
Wasn't this a fix for a previous Active X exploit?
And what percentage of M$ users installed this fix when it was released? Most people don't patch/fix things until they're broken.
I mean. A script needing two MS products(Word, look out),
using wellknown "features" of those programs. Well, if
i would start "Word", it would certainly not because
i wanted to code some VB, even though it allows you
to. And executes "Documents" containing these. If these
are only the known "backdoors", then what about the
undocumented ones ?
Amiga. Because it makes me feel good.
I installed that patch (yesterday? two days ago? I need to adopt a regular wake/sleep cycle...) I found a few things interesting in the text on the download page. They say that Express, 98 and 2000 are all vulnerable, but they make a point of saying that 2000 won't activate the worm unless the mail is actually opened. Even when they're plugging holes, they market the new product. (They also seem to imply that you can delete the mail safely in Express or 98 if the preview pane is off.)
Considering how quickly MS responds to potentially dangerous virii that exploit the security holes they otherwise ignore, I have to say that I'm glad there are people out there writing malicious code. If MS keeps falling further behind on Win 2000, they may wind up with something that's reasonably secure. (Sure, it'll still be a ugly kludge, but maybe it'll be safe to use.)
Intolerant people should be shot.
Due to their insistence on making Outlook automatically process attachments, Microsoft has taken a servicable mail client and turned it into the "virus" writer's best friend. I remember the days in which it was utterly, completely impossible to get a virus by email. And then, Outlook's auto-decode (and execute) attachments feature turned it all around. I wonder why nobody is emphasizing, "Only users of Microsoft Outlook are affected"...probably because that's the only email client Windows users will use.
I seem to recall that the Microsoft patch page said something like
Eyedog is used by diagnostic packages to collect hardware information on the machine that they are running on.
I'm wondering.. how are they going to re-code it to control The unchecked buffer in Eyedog ? How does one do that? Isn't that similar to the buffer overflows people talk about when trying to crack into a box? (i'm lost here)
Insert mind here.
Last Saturday at around 3:30 am (according to the timestamp on the email) one of the IT guys sent an all-company email advising them about the virus.
At about 7:30 am Saturday, I had another email in my inbox, and it had the friggin' virus!
I'm on a Mac using Eudora, so it didn't affect me at all. But I found it amusing nonetheless.
I got another email on Monday with the "Check This" subject line and body text, but there was no attachment.
I almost feel sorry for the poor slobs whose companies decide to "standardize" on MS products.
Almost.
Pope
It doesn't mean much now, it's built for the future.
However, I guess I can look at the bright side. I've been worried, for a long time, that a virus writer would exploit file dead-space. There's plenty of room at the end of most binary files to tuck a routine or two, then all you'd need is a bootstrap and some way to re-assemble the fragments in the correct order. A trivial task.
This would give you an almost undetectable virus, as many virus scanners check files, not sectors, and the files themselves would be unaffected.
Even if you -did- write something that could detect a fragment, all you do is clear that fragment. It'd be child's play for anyone to re-write a single routine. The bootstrap/saver routine could probably do that.
In essence, something like this would be a virus OS, rather than a conventional virus. Conventional viruses can be dealt with, but a virus OS is a much greater challange.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Interesting to see the number of replies that assume I'm running Linux, and was complaining because it's not a Linux related story. As it happens, I run many OSes (of which, yes, Linux is one). My point was meant to be that /. isn't a virus alert forum. There are plenty of other places that are meant for that sort of thing. Yes, the first mention of this particular virus was vaguely interesting because it uses a new method of transmission. However, I stand by my view that the fact it's out in the wild is neither news for nerds nor stuff that matters.
"The invisible and the non-existent look very much alike." -- Delos B. McKown
Bubbleboy is non-malicious, takes up very little space (and therefore does not use a lot of resources), and makes everyone's day just a little bit more exciting. Not to mention that McAfee is having a blast with all the software purchases they're getting off this. ;)
(Sorry this is a bit offtopic) I keep hearing all these virus outbreaks on Windows... Are there any viruses that affect Linux? The only one I know of that affects *nix systems was the Internet Worm, but that's a long time ago. There are occasional security problems like root exploits, DoS, etc., but it seems that most of these have to be carried out by a *person*. Are there any "automated" exploiters around (ala IWorm) that affect Linux? Just curious...
mikre he sophia he tou Mikrosophou.
But anywhow, I just wanted to point out that Microsoft released the patch for this vulnerability in August. That was a few months ago; way before any viruses had actually made use of the hole. In fact, I also remember a Slashdot post being made about the patch, and it got quite a lot of media coverage. Yes, Microsoft was alerted of a vulnerability, and they fixed it, months before anything actually exploited that vulnerability.
And yes, if you use a vulnerable flavor of Windows and were too stupid to upgrade, you deserve to have your computer's Owner name and Company info reset. Heh, geez people, it's not like BubbleBoy is malicious or anything... ;)
if we were talking about medical viruses you would be right.
but we're not. the goofballs who write these things refer to the plural as virii. therefore, being english is a living and user-defined language, computer virus, pluralled, is virii.
oh, and its colour, not color. heh. whatever.
I think by now you should have learned.
Don't use bloated software with obfuscated, arcane, behind-the-curtain scripting languages built in. This includes almost anything from MS.
If, after tons of Word viruses adding dirty words to your term papers or calling you a big stupid jerk, you haven't learned not to use that junk, you might as well also book a trip on a third world airline for midnight, New Year's Eve. (I hear Cuba will be having great fireworks.)
Terrorists can attack freedom, but only Congress can destroy it.
Based on their behaviour, I'm inclined to believe that MS really doesn't care about security. One of yesterday's articles showed that WinCE XORs your NT password against a FIXED KEY in it's registry. That's about as secure as rot-13 in usenet. If they had the slightest bit of concern for security, they wouldn't do that. I would have thought they had learned in the 80's when they used roughly the same sort of scheme to password protect word documents and a cracker program came out that could retrieve the password in under a second.
There are exactly two Linux viruses known to exist, as far as I know. They are Bliss, found in February of 97, and Staog, found in the fall of 96.
Neither are serious threats, of course. Both can be located by looking for a hex string.
Someone please tell Roblimo to stop posting about Windows viruses. They're neither news for nerds, nor stuff that matters. Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them. Most of us just sit and watch in amusement as the MS world infects itself. It really isn't interesting, so why post about it?
"The invisible and the non-existent look very much alike." -- Delos B. McKown
Anyone remember when a virus writer actually had to have skills? You had to understand how the operating system worked, and take advantage of when it opened files, etc, to spread your work. I remember the first time I got ahold of VCL (Virus Creation Laboratory) I was ecstatic...no ASM knowledge required! But even VCL was a difficult, user-unfriendly tool to use. Compare that to a Word Macro Virus, for instance.
Sure, it's the user's fault for not patching...
I have to disagree with that. If the user is informed, yet choses not to follow up, then it is their fault. However, a lot of us here tend to forget that:
1. Not everyone is a computer expert, and a lot of people don't know what a patch is, let alone where to get one or what to do with it.
2. There's nothing wrong with that.
My sister bought a new computer last year and is happily browsing and ICQ'ing away. She doesn't know Jack about security, nor do I believe she should be expected to. I mean, should every newbie make support.microsoft.com their home page, and check it for new misfeatures every time they go online? That's not reasonable. The vast majority of users simply want to get on the 'net and run around without having to bother with all of this, in much the same way that they want to use the phone without knowing the difference between packet-switched and circuit-switched networks.
Yes, I think that people should learn more about their new computers than most people usually do. However, I think that patching goes beyond the skills and abilities that the average user should be expected to know.
To make an analogy, have you checked to see if there's a recall on your car? No? Why not? Consumer Reports lists current recalls in the back of their magazine, so it's publicly accessible information, but I'd dare to state that not many people bother to check. So, if someone's defective car causes an accident, was it their fault for not taking it in for a "patch"? I guess, technically, it may be. In reality, though, I don't think that's a reasonable expectation.
Dewey, what part of this looks like authorities should be involved?
This, to me, is the primary reason that the Microsoft tactic of integrating their software is so bad - more than the anticompetitive stuff. Why is there no press about this?
Everybody says "Well, yes, I hate Windows, too, but I love how all the Microsoft software works together so well," but it's precisely that integration (plus the fact that the people in the "new feature" department have so much more control over product development than the people in the "make sure it doesn't break" department) that opens these HUGE security holes in everybody's computers.
Nobody holds Microsoft accountable for this. How can we, as the Slashdot community, get some grassroots press release and technical writing campaign going to publicize this fact? Where is the stump we need to stand on?
Any ideas, anyone? I'm no genius, but I'd be willing to participate however I could. Down with FUD! Give them facts!
Computer software is going through growing pains in terms of security. The more we can learn from viruses now, the better prepared we'll be in the future in terms of what not to do. I'd rather have a temporary problem now and learn how to prevent them from happening in the future. The discipline of CS has had to fight off larger problems before, and this one will be solved too.
Most computer users use Microsoft's products.
Most virus writers will, therefor, statistically use Microsoft's products.
Most virus writers will target systems with which they are familiar, which happens to be Microsoft's products.
Thus, most virus/worm/trojan products target Microsoft products.
The fact that such an overwhelming number of these attacks are successful, indeed devistating, is a testiment and real world demonstration of just how severely flawed Microsofts entire security paradigm continues to be. That the so-called "service" packs and security fixes generally break more than they fix (whether maliciously or through negligence) is a strong indication of how flawed Microsoft's development process and QA/QC procedures are.
The Future of Human Evolution: Autonomy
Two points I've found interesting about bubbleboy. First, it doesn't affect all Windows - NT is immune. Second, the method seems to be taking advantage of the fact that a preview pane has to open code somewhat. This implies that variations may create vulnerabilities in other readers with this feature - Eudora coming to mind for one.
It does; search for an 'autoRPM' daemon. It's not exactly an MS creation (although it MIGHT be to promote e-mail clients that execute everything in sight with minimal concept of permissions...)
Only the dead have seen the end of war.
Like the infamous RTM worm?
I'm sure it's been written up, and IIRC there were some charges that actually stuck...
Only the dead have seen the end of war.
need I say more?
I'm guessing the moniker of Bubbleboy is a sham. It's all a plot to give other bubblefolk hope that one day they too will be able to run in the wild.
Reality is like a Suitcase, we only take it out of storage when needed. -penfold
You know us sysadmins don't have unlimited time... Fixing security holes on a handfull of servers is one thing. But these desktop security holes force you to upgrade whole offices of Windows desktops. I don't have time for that.
At work there is a good chance we'll be switching to Netscape now because of this and many other holes in IE and Outlook.
Years ago back in high school, I wrote a "virus" that basically just copied a short segment of source code to GW-Basic programs it found on the hard disk - yes, GW-Basic, that old thing for DOS 2.11 that existed before Visual Basic and Turbo Basic were known.
It didn't do any harm, it didn't "infect" EXE files and I did it just to find out if it was possible and what writing a virus is like.
Scary thing though that this simple program (just a few lines of code), despite being harmless and doing its task clearly seen in the open light (is that an English phrase, anyway) followed all the requirements to be called a virus. Today's macro viruses actually do exactly the same thing.
While I never spread "my virus", it was an interesting experience. From a pathetic viewpoint, those virus writers could be called seduced by the dark side of the force; being among crackers, script kiddies and other menaces to IT society must be like being in a street gang. They have their own set of values of what is "cool" and what gives you "respect" among the peers.
It sure would be nicer if those talented hackers (which they often are) would use their talent for something useful and write "good" software to gain a kind of respect that's actually worth gaining...
To answer your other question, I doubt that MS itself is the target. A virus must find a common platform as a host to spread itself, and Microsoft software, both Dos/Windows operating systems and Office/Outlook application software, are commonplace. This makes an obvious target.
------------------
------------------
You may like my a cappella music
The FCC released a warning last Wednesday concerning a matter of major importance to any regular user of the Internet. Apparently a new computer virus has been engineered by a user of AMERICA ONLINE that is unparalleled in its destructive capability. Other more well-known viruses such as "Stoned", "Airwolf" and "Michaelangelo" pale in comparison to the prospects of this newest creation by a warped
:)
mentality.
What makes this virus so terrifying, said the FCC, is the fact that no program needs to be exchanged for a new computer to be infected. It can be spread through the existing e-mail systems of the Internet. Once a computer is infected, one of several things can happen. If the computer contains a hard drive, that will most likely be destroyed. If the program is not stopped, the computer's processor will be placed in
an nth-complexity infinite binary loop -which can severely damage the processor if left running that way too long.
Unfortunately, most novice computer users will not realize what is happening until it is far too late. Luckily, there is one sure means of detecting what is now known as the "Good Times" virus. It always travels to new computers the same way in a text email message with the subject line reading "Good Times". Avoiding infection is easy once the file has been received- not reading it! The act of loading the file into the mail server's ASCII buffer causes the "Good Times" mainline program to initialize and execute.
The program is highly intelligent- it will send copies of itself to everyone whose e-mail address is contained in a receive-mail file or a sent-mail file, if it can find one. It will then proceed to trash the computer it is running on. The bottom line here is - if you receive a file with the subject line "Good Times", delete it immediately! Do not read it" Rest assured that whoever's name was on the "From" line was surely struck by the virus. Warn your friends and local system users of this newest threat to the Internet! It could save them a lot of time and money.
--- cut here ---
ah yes. it's true what they say about fiction becoming reality. and we have microsoft to thank.
--neil
I know this is a little OT, but I'm wondering what the legal technicalities are regarding worm-writing. If a hypothetical person were hypothetically to write a NON-MALICIOUS worm, would that be illegal?
I know there are moral rammifications, but is it illegal?
Maybe this would be a good 'ask slashdot'.