Netsky Worm Variant Attacks P2P Services 472
ee_moss points out this Washington Post article (via Yahoo!), excerpting "The latest variant of the Netsky worm directing infected computers to launch Web-based attacks against music- and file-trading Web services such as Kazaa, taking down at least one company's Web sites in the process. The worm, the 19th version of a bug that made its debut in February, is also targeting some Web sites that offer computer programs designed to illegally break or bypass copyright controls on software programs."
It's not that surprising . . . (Score:4, Insightful)
Anyway, I know this sounds painfully obvious, but why don't folks take the simple step of running an antivirus program? I have McAfee VirusScan and I also have AdWatch running full time. Between the two, I feel fairly well protected from viruses and adware/spyware.
And then you have folks that click on just about any attachment - from the article:
The experts advised people not to click on strange attachments in e-mail, which can activate the worm, and to update their antivirus software frequently to ward off new threats.
I have an agreement with family and friends to embedd a codeword in any document that contains a file attachment. It is usually a fairly esoteric work not likely to come up in casual conversation. However, I have damn near been fooled by a few emails because they seemd very legitimate. Oh, well.
Anyway, I am preaching to the choir....and ranting a bit.
Happy Trails!
Erick
Re:It's not that surprising . . . (Score:4, Insightful)
Why don't folks just run linux. Antivirus software has become so beloated these days. I run Norton Antivirus on my Windows machine and it turns it into a lag terminal.
Re:It's not that surprising . . . (Score:5, Insightful)
If you are allowed to, turn off some of the checking. I think Norton by default scans every file you open, every app you run. Just set it scan stuff coming via email or web, and manually scan anything else. Set it on a complete scan when you go for lunch. If I just want to get work done I often disconnect from the network until I actually need to use it.
Try AntiVir XP (Score:3, Informative)
Norton certainly behaves this way. when I visit a client that has Norton on their machine, I recommend that to speed up their machine, they uninstall Norton and install the freeware antivirus checker called AntiVir:
www.free-av.com
They are always amazed at how getting rid of Norton Antivirus suddenly speeds up their system about 200%.
NAV used to be really good back in '
Re:Try AntiVir XP (Score:3, Informative)
You can test and verify this operation on any vendors antivirus product with the eicar test virus [eicar.org].
Re:It's not that surprising . . . (Score:5, Funny)
Problem Exists Between Chair And Keyboard
Re:It's not that surprising . . . (Score:3, Funny)
Re:It's not that surprising . . . (Score:5, Funny)
Re:It's not that surprising . . . (Score:5, Insightful)
Re:It's not that surprising . . . (Score:2, Interesting)
In fact, the only microsoft products I'm using now are my MS Intellimouse w/ IntelliEye 1.0 (discontinued) and my Microsoft Internet Keyboard. Oh, and Word 97 in wine, just because my job s
Re:It's not that surprising . . . (Score:3, Informative)
(j/k)
Seriously though, I haven't had any trouble opening RTF files with Open Office. In fact, Open Office opens Word files that Word won't even open. I've never needed to resort to Wine for things like that. (although I suspect if there are macros in those documents they won't run in Open Office....on the other hand do you really WANT macros to run in a document when you open it?)
Re:It's not that surprising . . . (Score:5, Insightful)
Re:It's not that surprising . . . (Score:4, Interesting)
I give them a link to AVG Free Edition, and they still have virus problems afterwards when they refuse to install AVG. They'res no excuse for that. I guess people are just (very, very) stubborn.
Norton sucks! (Score:5, Interesting)
Re:Norton sucks! (Score:4, Informative)
Re:Norton sucks! (Score:3, Informative)
Furthermore, I'll pull the CPU time figures from task manager. This is NAV Corp. edition 8.0 on XP:
Cumulative uptime: 201:53:00 (system idle process)
rtvscan.exe: 00:00:04 (real time scanni
Re:Norton sucks! (Score:5, Interesting)
Really, 4 seconds of CPU time given that I've been up for over 8 days is completely unnoticeable. Ever checked how much Winamp uses by comparison for 'simple' MP3 decoding?
Re:Norton sucks! (Score:3, Informative)
I totally agree with you on that one. I was having issues with McAfee at one point, so I uninstalled it for a while. I couldn't believe how much faster my computer was starting up. Now, I'm sure that some of the slowdown had to do with McAfee doing some scanning on bootup, but it was am
Re:It's not that surprising . . . (Score:3, Interesting)
Re:It's not that surprising . . . (Score:3, Interesting)
I only started regularly running one after upgradeing a windows box to xp which came down with a msblaster within 5 minutes of going online, this when the crappy lines out here barely support 28.8. This was only the second time I've ever gotten a virus, the first I got off of a 5.25" floppy back in the early 90's.
I would rather not run one. Why? because I'm sick of programs that take over the system, l
Re:It's not that surprising . . . (Score:5, Informative)
These 'email viruses' that require a user to click on them aren't really viruses, they're trojans. They don't have a means to copy themselves into another program, they just send off a bunch of mails and hope somebody activates them. They have a propogation mechanism that depends on human stupidity. I would call them 'self replicating' but they have a rather uninteresting replication mechanism.
A real virus
Which brings us to worms, which are self replicating, but actively break into other machines and directly cause copies of themselves to start executing.
As far as viruses go, people install and run infected programs because they want the functionality of an uninfected program and do not know the infection (the 'undesired behavior') is there. Hence the need to scan for viruses before you install any program.
Re:It's not that surprising . . . (Score:3, Interesting)
Funny, my old 1 GHz Duron with 512 MB of memory doesn't experience any noticeable slowdown when F-Prot is running... Heck, my old k6-2 300 MHz didn't experience any noticeable slowdown !
Just what kind of sneeze pump are you running your games on ?-)
Re:It's not that surprising . . . (Score:5, Funny)
Anyway, I know this sounds painfully obvious, but why don't folks take the simple step of running an antivirus program?
Waste of money, IMHO. I've been using Windows for years without a virus scanner, and not once have I found a virus infecting my computer.
Re:It's not that surprising . . . (Score:3, Insightful)
Re:It's not that surprising . . . (Score:4, Interesting)
Re:It's not that surprising . . . (Score:3, Informative)
Do yourself a favour, and use webmail instead of your own pop client. Let M$/Yahoo pay Norton and keep their virus clients up to date. I have never felt the need to use Outlook, Outlook Express. At home, I've never needed to store many e-mails, plus Yahoo has 6MB, and Hotmail has 2.
I've got 10MB on my ISP's mail server, and if I don't delete messages off the server I run out of room in two weeks. I get very little spam. I also don't delete any email from my mail client. Never know when I'll need to gre
Re:It's not that surprising . . . (Score:3, Insightful)
That sounds like a wonderfully good idea. I have converted most of my folks to mozilla to bypass most of the problems embedded within the e-mail but obviously if they click an dodgy attachment it is still an issu
antivirus programs are of limited value (Score:4, Insightful)
An antivirus program only finds known viruses, or variants of known viruses that trigger some common rule. They are useless against new viruses, particularly rapidly spreading new viruses.
Re:antivirus programs are of limited value (Score:3, Insightful)
Re:It's not that surprising . . . (Score:4, Insightful)
I think the answer is this: Because of maintenance costs, there are very few companies with virus detection tools that don't charge a subscription fee of some sort in order to get updates. That means Joe Aol is going to have a non-functional virus scanner within 3 months to one year. He'll probably never run an update to the sig database, but that may be changing now, because the programs are getting better at nagging. Also, some programs request that the virus software be disabled while an installer runs. Some folks can't figure out how to do this, and end up temporarily uninstalling the virus scanner to install software (those miniature system tray icons on Windows are a pretty bad interface design choice). I also wouldn't feel so comfy with McAfee or Symantec: They aren't catching many of the newer (or rare) variants. My own experience on the job suggests that Grisoft AVG is better, and that Clam AV works nicely on servers (CAV's detection abilities improved by leaps and bounds these past couple of months). AVG is a subscription-based scanner, but CAV is too involved to be useful to the Joe Aols of the world.
I like Ad Aware, but it doesn't catch all the malware programs, some of which now behave like viruses (planting spyware payloads, but remaining hidden inside the operating system).
Unfortunately, no matter how many times I tell my users about clicking on attachments, they still do it. I've come to realize this is partly my fault: I have to figure out a way to explain how I tell the difference. But my method is mostly this: Context. People I know rarely send me executables, compressed archives, program info files or PCM data files.
I think I'm going to author and test a trusted-sender e-mail client pretty soon. That seems to be the only way to minimize the effects of "spam" and viruses.
Oh hum. (Score:5, Funny)
Re:Oh hum. (Score:5, Funny)
Re:Oh hum. (Score:5, Insightful)
Re:Oh hum. (Score:4, Interesting)
Human stupidity (Score:5, Insightful)
Of course, until you can teach people to be intelligent, these types of viruses will continue to circulate through the net.
Re:Human stupidity (Score:5, Insightful)
Again, apathetic users, they don't notice and don't care. Until a virus comes along with the spreading power of mydoom, but sits and waits for a couple of weeks until it throws up gay porn onscreen and shouts out "HEY EVERYONE I'M WATCHING GAY PORN" while proceeding to delete EVERY SINGLE DAMNED FILE USERS HAVE... they're going to keep on not giving a damn about viruses.
The general public sees viruses as something computers just get, and is as innocuous as a sniffle. If a few viruses came along and did the equivalent of schizophrenia, lung cancer and whole body pus filled sores to their computer, THEN they will take notice.
Re:Human stupidity (Score:4, Interesting)
Most of what you describe can be attributed to worms. Viruses infect exsisting binaries. The big one when I was in high school was "Nov 17." When you got THAT virus, you knew it, especially if you were running Win 3.1[1]. It would infect EMM386.EXE and all of a sudden you were back to 640k of memory again.
Bad reputation (Score:5, Interesting)
I have suggested they try linux. But they are nearly at the point of no return. They fear computer, they fear the hassle, virus scans, repair etc. What's the world coming to.
Re:Bad reputation (Score:4, Insightful)
If they are not dependant on any Windows-only software (that won't run in Wine) then why not offer to set up Linux for them. Give them Gnome or KDE with icons for everything they need on their desktop and in their "start menu." (And no other icons)
And tell them that you will set it up so the only things they have to look at are the things they need.
Then ssh into their computers anytime an update is necessary.
I would imagine they would be pretty happy with a computer that was less prone to virus attacks.
Re:Bad reputation (Score:5, Informative)
* Install Mozilla (Firefox and Thunderbird).
* Install Ad-Aware. Pay for the pro version that also has Ad-Watch.
* Install Spybot Destroyer.
* Install a cheap linksys router.
* Install Grisoft/AVG antivirus - or somethign equally as good.
Now, nothing is going to get IN that shouldn't and probably won't get OUT. Even if they're wreckless and download/install everything they ever run across, Spybot Destroyer lets you prevent the installation of *hundreds* of known activex applications and other troublesome installers, lock your hosts file, prevent changing the MSIE start page, etc. And if they're stupid enough to install something after Ad-Watch/Ad-Aware and/or their antivirus software warns them about it, then they deserve what they get.
Additionally:
* Don't give them administrator accounts!
* Set them up with a DynDNS address. This way you can connect to them remotely using VNC when necessary to do administrative tasks.
* Setup regular user accounts for them. Or better - setup limited user accounts so they can't even install any software themselves. Tell them to come up with lists of things they need installed and to call you. Then you can VNC in, fire up the admin account and install them in a few minutes.
It will lock them down, but shouldn't prevent them from doing most things they want to do and will save you a shitload of headache. And if they don't like it, then it should hopefully be enough reason for them to start actually LEARNING about the machine they're using rather than treating it like a god damn TV and then they can assume the responsibility.
I think you nailed it... (Score:5, Interesting)
And there's no reason anymore for new computers to go out the door in any shop without those types of programs installed if they are going to use MS.
shame on MS and shame on the box vendors
And there's even less reason to let MS skate on this issue. They should have been class actioned all the way to the supreme court long ago on useability and security and internet interoperability issues.
That EULA is an abomination. Maybe 20 years ago when desktop computing was really getting going they needed some time to get up to speed on coding, but not today, nope, EULAs that absolve the *seller* of all normal consumer warranty and protection should be stricken down. once and for all.
If ACME front door and lock company made a product that consistantly over the years was shown to A not open or shut correctly and could be counted on to fall off the hinges and needed to be re hung every 6 months, B-which had no credible locking mechanism, and C-caused the purchasers to be invaded in their homes and robbed and inconvenienced for years and years because of A and B, they would have been put out of business.
It's time to REALLY consider this EULA get out of any responsibility card they are allowed to use and profit from. It's absurd.
Methinks a lot more proactive coding on their part over the years might have cost them X-billions more, but they got 50 bill in the bank now, they could have most likely made it a lot more secure and functional and still had many many billions in the bank. There's no excuse anymore beyond pure GREED on their part. I would agree with the assessment nothing can be coded perfect, but really.. there's ways to go about this, they just never did it,not near enough, they were AWARE of the issues just they didn't CARE about the issues enough because it would have cut into "profits". Not eliminate them, it just would have reduced them some. Big deal. they profit, everyone else has to jump through hoops and suffer over their inaction.
They could have had BOTH, profitability plus more secure and functional design, they chose NOT TO. It was high level executive decision making that caused that, it was done on purpose. It wasn't that important to them as long as they could bully their way into mass acceptance and get away with it.
Class action suit, I am surprised it has never happened yet.
Re:I think you nailed it... (Score:3, Insightful)
That EULA is an abomination.
I'm going to play devil's advocate here for a moment and tell you that although the EULA may be terrible, it's not Microsoft's responsibility to sign a good contract. If I wrote up a contract stipulating that you are required to give me 90% of your disposable income in exchange for me enlightening you, it certainly wouldn't be a fair contract. But if I were able to get you to sign, it would still be a binding contract, albeit a bad one.
I am not a lawyer but I know that Microso
Re:I think you nailed it... (Score:3, Insightful)
Sure they do.
I go into Best Buy. I pay cash for a copy of Windows XP. I walk out of the store.
(At this point I have all the legal rights necessary to run Windows XP.)
I take the software home, go to install it and it tells me that I must agree to (XXX, YYY, and ZZZ) BEFORE I can acutally use my legally purchased RIGHT to run that software.
They're bullying you because yo
He's right: A reply to your replies (Score:5, Insightful)
Are lot of the reply's you're getting are in the vein of:
"But you don't have to agree to the EULA"
and "What about OSS"
Okay guys, here's the difference:
A MS EULA is like me going out, buying a house, and after closing on the house I come home to find a big sticker on the door that says,
"by breaking this seal you agree to the following terms:
-You do not really own this house, you're actually leasing it from us.
-We are not responsible if this house turns out to have numerous major problems that we didn't tell you about.
-You may only use this house for purposes X, Y and Z, any other use is strictly prohibited.
-etc, etc, etc
It's clearly stupid and not a legally binding contract. I can rip that sticker of my door without a worry in the world. The same needs to be true for software.
A good example is disclaiming any and all warranty:
This needs to be done BEFORE I give you my money.
It's like a car manufacturer trying to sell a new car with absolutely no warranty by sticking a note in the glovebox when you're driving it off the lot.
The deal is already done. The note means nothing. The manufacturer is still responsible for all normal, implied warranties.
Now what about OSS?
First off, I'm going to talk only about the GPL. (Other liscenses are typically very similar.)
Now the key thing is that there are some very big differences with GPL'ed software:
1) It's free. Free things are typically not legally required or assumed to carry warranties. There also don't seem to be many laws about disclaiming liability when I give you something for free. There's nothing that says the item must be provided in any form other than "as-is", unlike commercial/retail sales. I can give you a car with rusted out brakes for free and not have to fix them for you. If I was a car dealer, charging you money, I might have to fix those brakes (unless there was some agreement made about them at time of sale).
2) The GPL is not a EULA. You do not have to agree to the GPL to use a GPL'ed program. A lot of people have trouble understanding this one. There are even programmers who make the GPL pop up when you run their program and force you the check "I agree". These people are all wrong. The GPL only governs redistribution. As such, it's not trying to get rid of any rights that you would normally have. In order to gain a right that you wouldn't normally have (redistribution of someone else's copyrighted work), you must agree that this new right is subject to a set of conditions. If you do not agree, you do not get those rights, not because to GPL says you don't, but because copyright law says you may not redistribute other's work without their permission.
You left out the part (Score:3, Insightful)
Yeah, sure, the EULA is a contract I chose to sign. As opposed to all of the other choices I have out there.
In fact, this is getting fixed. For many advanced users, Linux is perfectly capable of providing anything they need. But someone shouldn't be forced to "sign" a crazy contract because they're not a computer expert.
That's ignoring t
Sadly... (Score:3, Informative)
The *bot line of worms spreads two ways. It uses both the RPC exploit (patched last year) and by using a laundry list of username/password combinations. While I'll be the first to admit that a STRONG local administrative password and 100% patched boxes would have evaded *this* worm, it won't be a defense against the next one that targets RPC-like-flaw-v2.0 or that includes our "stro
Re:Bad reputation (Score:2, Funny)
Yes, I find a lot of people like that around here as well. However, their conclusion is that "this machine is too slow". Well, its too slow because its email Klez 5: The final spamteer to a million people an hour (including me). So they buy a new computer and I as the resident computer type fellow get the task of setting it up and moving their documents over.
Do what I do (Score:2)
windows I am unable and unwilling to support you. If you would like to run linux then I am more than willing to support you.
Re:Bad reputation (Score:3, Interesting)
If you use a KDE front-end, then consider giving them the "kiss the BSOD good bye" book. I gave it to the last 2 families and it made life much easier for me.
Re:Bad reputation (Score:5, Insightful)
To hack into the Gentoo, Gnome, Debian and GNU servers, the crackers had to sit down and work at it. It didn't come for free. But write a new worm variant and several million p2p and outlook users will deliver it to your victims for free.
Think of your home's security. Anyone with a sledgehammer can break into your home, regardless of the quality of your deadbolts. That's what happened to those servers. But in the windows world we get a bunch of houses with hollow veneer front door with a brass flip latch for a lock, and no back door at all, just a wide open portal.
Even with a steel door and twenty deadbolts, eardrum destroying alarm, and a pair of Rottweilers, you could still get broken into. But that's no reason to encourage the burglars with cardboard doors and a lawn sign that says "if it's not too much trouble, could you please not break into my home tonight".
What we are supposed to do (Score:3, Insightful)
Someone is obviously trying to implicate the content monopolists in this by targetting the sharing networks. It is highly unlikely that the monopolists are doing this themselves because they have too much to lose by carrying out such an attack.
Someone in the computer community is doing this and is hurting everyone in the process. Sometimes the geek community is its own worst enemy.
Re:What we are supposed to do (Score:2)
This is Slashdot, which also assumes only SCO would write a virus that D-DOSes them.
Basically, news of a D-DOS creates an accusation at whichever side Slashdot hates most, lack of fact notwithstanding.
Re:What we are supposed to do (Score:5, Interesting)
Maybe someone wrote this virus so we'd think the RIAA did it. Or maybe the RIAA wrote it so we'd think that someone wrote it to pin the blame on the RIAA. Or maybe someone wrote it so we'd think RIAA wrote it to make us think that someone wrote it to pin the blame on the RIAA. Or maybe the RIAA wrote it so we'd think that someone wrote it to make us think the RIAA wrote it so we'd think that someone wrote it to pin the blame on the RIAA. Or maybe...
Re:What we are supposed to do (Score:3, Funny)
Re:What we are supposed to do (Score:5, Insightful)
The post doesn't say it, but it definitely insinuates that the nefarious RIAA and possibly the BSA is behind this latest worm.
The post insinuates nothing of the sort, it just states what the trojan does. You jumped to that conclusion all by yourself.
Unfortunately, that kind of knee-jerk reaction is counterproductive to finding the real virus spreaders.
As is assuming that respectable business organisations are beyond suspicion. Especially when one of these organisations is on record as wanting immunity from prosecution if it does use such tactics. But then again you were just trolling weren't you.
Re:What we are supposed to do (Score:5, Interesting)
Re: (Score:3, Interesting)
Re:The most likely culprit (Score:5, Informative)
You can take your downloaded keygen or whatever and run it completely seperated "in a bottle" so to speak, so you can use it without any fear that it will wreak havok on you. Disable networking support, COM ports, and any shared access to harddisks and you're safe.
Very handy.
N.
Re:What we are supposed to do (Score:5, Informative)
Re:What we are supposed to do (Score:3, Insightful)
Like what? Money? They're already making cash hand over fist; a fine by the FTC or a lawsuit would hardly dent their income. Reputation? I think that was trashed when they sued the 12 (?) year old girl... and didn't drop the case.
So what do they have to lose that they haven't already lost?
~UP
Re:What we are supposed to do (Score:3, Insightful)
I know, tin foil hat.....but still....of all the people that could possibly be doing this.....I REALLY would look twice to see if its them.
The "computer community"? (Score:4, Interesting)
What get's me... (Score:3, Insightful)
Re:What get's me... (Score:2, Insightful)
Re:What get's me... (Score:5, Informative)
I've run XP for over a year and every once in a while, just for kicks, I install AVG and AdAware.
Last time I ran AdAware 6 with the latest definitions, out of 90000+ items scanned, it found ONE registry key.
And AVG has not once turned up an infection of any kind.
So I ask the other windows users, what the hell are you doing to require this. And I ask all the self-righteous linux users to kindly keep your smart-ass comments to yourselves
Re:What get's me... (Score:5, Informative)
Well here are some of the answers I received after cleaning up systems that were infected:
1. I just wanted to install a game (about 18 spyware programs found)
2. I thought the email was from the IT department (bagle ZIP encrypted virus)
3. Internet Explorer prompted me to install something, I said yes (spyware, again..)
4. I don't know (spyware, viruses, you name it..)
5. Someone else used the computer..
Needless to say, spyware and viruses are such a large problem that for most people, they are unable to determine where it comes from or how to prevent it from getting on their systems without something protecting them (antivirus, antispyware programs).
Annoying, definitely, preventable with a little bit of knowledge? definitely.
Re:What get's me... (Score:5, Insightful)
Oh you have, noticed that have you?
The fact that you don't worry about that is going to be your downfall.
Linux viri exist, and there doesn't seem to be anything in any Unix system that makes it inherently immune to viri. It wasn't long ago that the first Linux bugs came out, and I expect to see more and more. Plus you have to worry about script kiddies, and they're more numerous than viri and worms these days.
Unix isn't immune, and we need something to come along that will actually solve that problem, lest we have to switch operating systems every 5 years to stay ahead of the malicious programs. Systrace is a great start, but it's not ideal, and not automatic. A little improvement could make it a great wall against all unknown viri/worms/kiddies, but it's important that somebody actually works on that, instead of assuming there's nothing to worry about.
Re:What get's me... (Score:3, Interesting)
Can you name one? One that had a non-negigible infection rate on Linux machines?
I'm not saying it's impossible, but Linux users mostly don't run as root, and they don't generally use mail programs that open attachements without asking, so I really don't see how script-kiddie level virii can propagate on Linux.
Spin the wheel of motivations... (Score:5, Funny)
A: The RIAA, to try to take down the P2P services.
B: A disgruntled artist, who blames the P2P apps for why they can't get paid.
C: The owner of unaffected P2P app trying to take down the competition.
D: A random hacker, who doesn't have any interest in the music industry, but just wants to ruin people's fun.
E: SCO. Because they're associated with anything Slashdot hates.
F: Microsoft. Because they're associated with anything Slashdot hates.
G: CowboyNeal, because he's a suspect on all Slashdot polls.
Re:Spin the wheel of motivations... (Score:3, Funny)
They're behind this somehow.
Re:Spin the wheel of motivations... (Score:5, Interesting)
A: Conspiracy Theorists (Communist)
B: General Wackos (this one isn't realistic as I understand it--musician/script kiddie? That's too outlandish a secret identity)
C: Conspiracy Theorists (Capitalist)
D: ?
E: SCO Bashers
F: Microsoft Bashers (Apple and Linux)
G: Didn't read this article/loves the CowboyNeal option
Netsky (Score:5, Insightful)
Wider than just Kazaa and Edonkey, methinks (Score:5, Informative)
Fascinatingly, I've also been getting absolute tons of emails infected with this variant of Netsky, many of which pretend to have been scanned for viruses and are "clean." This seems particularly lame as an "innovative" get-the-dupes-to-click-on-"document.doc
Ahh well. Hopefully, this particularly-obnoxious variant will be short lived (so we can, of course, begin the cycle anew in a few weeks' time with a new SoBig or...heck, I dunno, Klez? What letter are they up to there?)
New Virus Avenues (Score:5, Insightful)
People just don't seem to learn. (Score:5, Interesting)
I think things would only change if default setups of Windows were secure against this sort of thing.
Dispatch (Score:2, Informative)
This one was probably sent out by the RIAA, or Orin Hatch himself.
Kazaa?? (Score:5, Interesting)
I switched P2P networks long ago. I have no silly business of fake files, or dial tones in my songs. There are viruses, but they are fairly obvious as they are often disguised as keymakers. The only thing I have to worry about is french movies not being labeled properly. At least they are the right movie. If only I could translate french on the fly...
Only grandmothers and 10-year olds use KazAA. The unkempt geeks switched networks a while back.
Re:Kazaa?? (Score:4, Insightful)
Re:Kazaa?? (Score:5, Interesting)
If it reached court and took her computer, it would be easy. Deleting the file only clobbers metadata, most of the file is still on the disk. Even when data is overwritten by normal use of the disk, it is possible to extract. (It's recoverable until about 7 overwrites.) If they found even one block of the movie on her disk, they could tell the court there was only a 1 in 1.318x10^1204 chance she didn't do it.
Re:Kazaa?? (Score:4, Interesting)
You know, I just happened to read a FAQ [altavista.com] written by techs from the data recovery company (in Nizhny Novgorod, Russia) and they say it's bullshit. They quote Gordon Hughes, the director of Magnetic Recording Research at the University of California:
So until I see some better evidence, I am tempted to believe that even wiping the file contents with zeros once should be enough.
Re:Kazaa?? (Score:3, Informative)
Equal Time? (Score:5, Interesting)
My guess, is that these writers won't be quite so eager to jump to conclusions this time. But it might be worthwhile for those of us who were annoyed by those writers to point that fact out to them.
Stop the presses (Score:5, Insightful)
Let's show we are a couple notches above the media here and give this some time, maybe we can take this thing apart and make sure of it's TRUE intended victim. Not to say I'd put it past the RIAA, but we should make sure before flinging accusations.
Wasn't it the RIAA? (Score:3, Insightful)
When will it end? (Score:4, Interesting)
My feeling is that this won't stop until the virus creators actually start causing damage to individual user's computers, not just the bandwidth hogging and (D)DOS variety of the current crop. When getting hit with one of these bugs means that Joe Luser's stuff gets deleted and his system won't let him logon, you can be sure he will raise a ruckus wherever he can. Turning his box into a spam relay or a DDOS zombie doesn't cause nearly as much visible damage to the computer, other than it being a bit slower to use, another condition with which the average computer user has become too comfortable.
The nagging question in my mind isn't "When will this happen?", it's "Why hasn't it happened yet?" Or possibly, "Will it ever happen?" And that last one makes me very sad.
Re:When will it end? (Score:4, Insightful)
Oh, and if a virus does `real' damage, then they can forget about getting off the hook if they're caught. Someone will throw a book at'em if they're really nasty (and aren't just kidding).
Re:When will it end? (Score:4, Interesting)
RIAA (Score:5, Interesting)
On one hand i dont see it as too likely, on the other, lately my capacity for surprise has been worn down by strange lawsuits and laws (Can-Spam).
and RIAA was, after all, seeking to make their hacking P2P-ers legal
Part of something larger? (Score:3, Interesting)
If you want to destabilize an economy, say the West, then go after the computer networks that bind it together and which make it both different, free, and vulnerable.
There are lots of bits and pieces being assembled. What if this is part of something larger and we're only seeing the perfection of the pieces and a bit of guiding of the immune system toward another goal?
Yeah, maybe I'm not wearing my tin hat, but some things seem to be acting too well...or too badly.
NetSky already did this? (Score:4, Informative)
PIF - PDF (Score:5, Interesting)
They will pay me to remove the virus, but they wont buy a email scanning antivirus program, or even figure out that if the icon is the windows logo (double meaning here) Its probably not a good thing!!
Back to the article, With all of the spyware, IE plugins, and other memory hogging garbage associated with these P2P programs, alot of users wont even notice a few extra viri thrown into the mix, they'll just run to techies faster.
MOVE!!! (shameless Nick Burns Reference)
can't help but wonder (Score:4, Insightful)
It's a pain in the ass, (Score:4, Insightful)
I've been getting delivery failure e-mails over the last few days because my e-mail addy is in their address book. And believe you me, I checked every conceivable virus scanner on the web.
The specific worm in question is Worm.SomeFool.Gen-2 , according to the last dozen or so messages.
Mr. and Mrs. Blow (Score:5, Interesting)
What truely surprises me is the fact that this is the 19th incarnation of the Netsky virus, and the can be really quite revealing about how much "Joe and Jane Blow" really try to protect their computer, even after all the repeated assaults from multiple virii in recent times. I am sure some blinded, elitist geeks out there will point out that 'Joe and Jane Blow are too stupid so they get loads of virii instead of moving to Linux' before moving to the next discussion whih can sprout a pro-Linux, anti-Microsoft thread. Believe me, I do know a lot of Joe and Jane Blows, and if you do not then simply forget about your elitist argument, because for the most part they are not simple or stupid. They want to surf the Internet, check their e-mail, play some games and perhaps download music -- they do not want to program a database engine, do not own a Linux box for a hobby, do not start counting lists from '0' and think anyone who thinks learning Pi should perhaps see a doctor.
So, they ask you for help because they think they have a virus or are feeling a slowdown. You do everything they should have done, that is install Ad-Aware, update it, scan for spyware -- and find some truckload of the bloatware eating up disk and registry space (and I'm not going to start on the RAM). That done, you download AVG Grisoft, update it, scan for virii -- and find several hundred files contaminated by virii, and that is quite a lot to clean up. Finally, you install a firewall -- preferably ZoneAlarm or Kerio Personal Firewall -- and set it up for them, so no more Blasters et al sneaking through some obscure system ports. The best option, on the long term at least, is to be sure to install a firewall with preconfigured program access rights (and I think Kerio Personal Firewall has this feature), and I shall tell you why: it may seem simple for any of us to simply check a checkbox for the firewall to remember to allow Half-Life Launcher to attack the Internet, and I truely thought this was the case for anybody -- after all, all the firewall does is ask a simple question, at least what seems like a simple question for most of us. Then, my grandma, who has barely touched a computer all her life, tried the new one she had bought to have a pastime during her six weeks' inability to walk. And the result was pretty surprising, to say the least. A new icon on the desktop, or even a pop-up, can get her panicking. So can you imagine this kind of non-techie, new user getting a firewall pop-up every minute for every program this user launches? This is why a preconfigured program access rights list is something good to have.
Of course, anyone can go without an antivirus by simply installing a firewall and knowing what comes in their e-mail -- or, for those who grasp the technology a bit more, just block the ports manually; but Joe and Jane Blow have much more simple needs and don't want to have to learn loads of techniques simply to avoid virii and spyware, malware which they do not notice most of the time. In my opinion, the best way to prepare Mr. and Mrs. Blow against all this malware is to set up their software so at best, they can surf around and write emails totally unconscious of this protection, since in this case the software updates itself and does its job automatically. You can also give the user further tools against malware, such as replacing their browser and e-mail clients with Mozilla/Firefox and Eudora or Thunderbird. You should also set them simple guidelines, such as to always refuse anything whatsoever from a source they do not trust. Try and get them to buy commercial software (Norton Internet Security or McAfee Internet Security) as in general it offers better protection and a bit more tools that shall make everyone a happy bunny. Joe and Jane Blow want to know that they are protected against virii and spyware, but do not want to know how, and you'd be rather stubborn to get, what in their opinion is an extra worry, on the
Whats the target oudience of windows? (Score:4, Interesting)
As linux becomes more used by newbs who hasnd any interest in locking it down it should be as secure as possible by default. That way if the box get hacked because of bad settings you can atleast put the blame on the one unsecuring it. Blaming a user who just installed it and never secured it is impossible and doesnt fly, thats why i dont listen to the people who say "they should have installed whatnot". Thats what the OS should do, provide basic services like security etc. If an OS demand an antivirus addon and adaware and things, maybe something is wrong in the OS?
I hope linux gets proactive and riddens itself of the same bad decisions as MS have done. Dont trust the user to secure things bacause we have seen in the case of MS Windows that thats not going to happen.
Vaccine (Score:3, Interesting)
In order to show people the problem, I propose a vaccine virus:
It would spread using many different methods, but in the quietest way possible. Use e-mail attachments, buffer overflow exploits, everything that's being done, but keep it quiet. Don't scan a thousand machines a minute, or send out millions of e-mails. Make the e-mails look like other virus e-mails, scan slowly, etc. The idea is to get onto as many machines as possible before triggering. Once it triggers, wreak as much havoc as possible on the infected machines. Delete files, overwrite them to be sure. Target document files before OS files. Hit network shares. Wipe out partition maps. Trash the BIOS if you can.
It would be a pretty terrible virus, but I bet people would get serious about prevention after the dust settled. But is the cure worse than the disease?
(Disclaimer: I'm not actually advocating this! Please don't take me to jail. It's just some food for thought.)
Re:**AA Cartels (Score:3, Insightful)
Re:The one bad thing about OSS.... (Score:3, Insightful)
Little programs, like worms, can be analyzed at the most basic level (asm code) by a competent programmer with some common tools. What they do can then be changed by adding or replacing code.
This doesn't work for huge, complicated programs, but it certainly does for things like viruses and worms.
Re:The one bad thing about OSS.... (Score:2)
How are viruses and OSS even remotely related?
I'm not trying to be a dick or anything, I just truly don't understand your comment.
Re:Worms VS. Viruses (Score:4, Funny)
Worm = Requires security vunerability in the computer's OS or some running software program to infect said computer.
Virus = Requires security vunerability between the chair and keyboard to infect said computer.