Posted by
Roblimo
on from the who-opened-the-cage-door? dept.
Neil Andriessen writes "Wired has released a story that tells of how Bubbleboy is now in the wild. It was found on an unnamed Japanese website. The Bubbleboy virus was mentioned in this discussion on Slashdot. A patch is now available from Microsoft.
I wonder were it will go from here."
This is considered a "new kind of virus"... People never learn from history, it would seem. This type of virus has existed with DEC VMS 5.5, and probably both earlier and later versions. Don't learn from history, and you'll sooner or later repeat it.
However, I guess I can look at the bright side. I've been worried, for a long time, that a virus writer would exploit file dead-space. There's plenty of room at the end of most binary files to tuck a routine or two, then all you'd need is a bootstrap and some way to re-assemble the fragments in the correct order. A trivial task.
This would give you an almost undetectable virus, as many virus scanners check files, not sectors, and the files themselves would be unaffected.
Even if you -did- write something that could detect a fragment, all you do is clear that fragment. It'd be child's play for anyone to re-write a single routine. The bootstrap/saver routine could probably do that.
In essence, something like this would be a virus OS, rather than a conventional virus. Conventional viruses can be dealt with, but a virus OS is a much greater challange.
-- It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Microsoft released this patch in August, people!
by
Wonko42
·
· Score: 4
It seems that a lot of you are jumping to some pretty dumb conclusions, bashing Microsoft when you really shouldn't be. As usual...
But anywhow, I just wanted to point out that Microsoft released the patch for this vulnerability in August. That was a few months ago; way before any viruses had actually made use of the hole. In fact, I also remember a Slashdot post being made about the patch, and it got quite a lot of media coverage. Yes, Microsoft was alerted of a vulnerability, and they fixed it, months before anything actually exploited that vulnerability.
And yes, if you use a vulnerable flavor of Windows and were too stupid to upgrade, you deserve to have your computer's Owner name and Company info reset. Heh, geez people, it's not like BubbleBoy is malicious or anything...;)
It isn't an antimicrosoft conspiracy
by
FreeUser
·
· Score: 4
Most computer users use Microsoft's products.
Most virus writers will, therefor, statistically use Microsoft's products.
Most virus writers will target systems with which they are familiar, which happens to be Microsoft's products.
Thus, most virus/worm/trojan products target Microsoft products.
The fact that such an overwhelming number of these attacks are successful, indeed devistating, is a testiment and real world demonstration of just how severely flawed Microsofts entire security paradigm continues to be. That the so-called "service" packs and security fixes generally break more than they fix (whether maliciously or through negligence) is a strong indication of how flawed Microsoft's development process and QA/QC procedures are.
Slashdot Mirror
However, I guess I can look at the bright side. I've been worried, for a long time, that a virus writer would exploit file dead-space. There's plenty of room at the end of most binary files to tuck a routine or two, then all you'd need is a bootstrap and some way to re-assemble the fragments in the correct order. A trivial task.
This would give you an almost undetectable virus, as many virus scanners check files, not sectors, and the files themselves would be unaffected.
Even if you -did- write something that could detect a fragment, all you do is clear that fragment. It'd be child's play for anyone to re-write a single routine. The bootstrap/saver routine could probably do that.
In essence, something like this would be a virus OS, rather than a conventional virus. Conventional viruses can be dealt with, but a virus OS is a much greater challange.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
But anywhow, I just wanted to point out that Microsoft released the patch for this vulnerability in August. That was a few months ago; way before any viruses had actually made use of the hole. In fact, I also remember a Slashdot post being made about the patch, and it got quite a lot of media coverage. Yes, Microsoft was alerted of a vulnerability, and they fixed it, months before anything actually exploited that vulnerability.
And yes, if you use a vulnerable flavor of Windows and were too stupid to upgrade, you deserve to have your computer's Owner name and Company info reset. Heh, geez people, it's not like BubbleBoy is malicious or anything... ;)
Most computer users use Microsoft's products.
Most virus writers will, therefor, statistically use Microsoft's products.
Most virus writers will target systems with which they are familiar, which happens to be Microsoft's products.
Thus, most virus/worm/trojan products target Microsoft products.
The fact that such an overwhelming number of these attacks are successful, indeed devistating, is a testiment and real world demonstration of just how severely flawed Microsofts entire security paradigm continues to be. That the so-called "service" packs and security fixes generally break more than they fix (whether maliciously or through negligence) is a strong indication of how flawed Microsoft's development process and QA/QC procedures are.
The Future of Human Evolution: Autonomy