Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Wikipedia Used To Spread Virus

Posted by Zonk on Sun Nov 05, 2006 02:33 PM
from the ware-the-internets dept.
Security The Internet
eldavojohn writes "The German Wikipedia has recently been used to launch a virus attack. Hackers posted a link to an all alleged fix for a new version of the blaster worm. Instead, it was a link to download malicious software. They then sent e-mails advising people to update their computers and directed them to the Wikipedia article. Since Wikipedia has been gaining more trust & credibility, I can see how this would work in some cases. The page has, of course, been fixed but this is nevertheless a valuable lesson for Wikipedia users."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Wikipedia Used To Spread Virus 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • in certain cases, this would be appropriate (Score:3, Funny)

    by krell (896769) on Sunday November 05 2006, @02:41PM (#16727465) Journal
    How better to teach about viruses than to have an actual virus found at the http://en.wikipedia.org/wiki/Virus [wikipedia.org] entry?

    • really? you want everyone that's slightly curious to be able to download a virus?

    • From the article:
      > "if there really is a new threat on the internet, you're likely to hear about it first from the security companies, not an online encyclopedia."

      Is that a challange?

      • No, this is not a challenge. Security companies are primary and secondary sources. Encyclopedias such as Wikipedia are tertiary sources, with policies that require articles to be verifiable through reliable sources.

        • "Encyclopedias such as Wikipedia are tertiary sources, with policies that require articles to be verifiable through reliable sources."

          No, it doesn't. This "requirement" is actually just a recommendation in practice. I don't know the percentage, but I see many articles that are not verified "through reliable sources."
          • I see many articles that are not verified "through reliable sources."

            Would you please provide a partial list so that I can go in and request a search for better sources?

          • I know that English Wikipedia contains a lot of articles that can best be described as works in progress. Be bold about bringing this to editors' attention: put {{unsourced}} at the top of each poorly sourced article and {{cn}} after each questionable assertion. This will get the article on the radar of obsessive-compulsive fact checking editors.

    • "This article is about a biological infectious particle; for the computer term, see computer virus."

      I don't think that type of virus fits through these tubes.

      If only it did...

      • Re: (Score:3, Funny)

        by krell (896769)
        "Why don't they publish Windows and Linux viruses side by side, for an objective comparison?"

        Did you know that there is an entire version of Wikipedia that contains an encyclopedia of Mac viruses? Unfortunately during a server move, someone downloaded it to a 2k memory segment on a flash drive. Someone sneezed and it got lost in the carpet and has not been recovered yet.
      • Speaking of M$ windows does that mean wikipedia is now no more or less reliable than the most used commercial operating system http://www.microsoft.com/windowsxp/home/eula.mspx [microsoft.com] ;-). They specifically do not warrant against the inclusion of viruses in the operating system.

  • come on (Score:3, Insightful)

    by Janek Kozicki (722688) on Sunday November 05 2006, @02:43PM (#16727481) Journal
    People with reasonable sense of life will not trust complete strangers. Any information from complete stranger (on the street, or from the wikipedia, what's the difference?) is just that - a information to consider. Ignore it, or verify if it's true before making some real use of it.

    OTOH dumb people will always get what they deserve. They will screw their life by trusting complete strangers and also they will screw their PCs, again - what's the difference?

    How come, dumb people can expect to be being protected from complete strangers. And by whom? By other stragers? That article is plain FUD.

    • People with reasonable sense of life will not trust complete strangers. ... dumb people will always get what they deserve. They will screw their life by trusting complete strangers and also they will screw their PCs, again

      Don't blame the victim, their only fault is to trust Microsoft. Do you know and trust people at Microsoft or are they just another group of "strangers" who screwed your PC with stuff that's easy for malicious people to exploit? I trust another group of "strangers" at Debian but have

      • to all who replied.

        thanks people, all your replies were indeed right. I stated my opinion too strongly, and now you are all streching it a bit more. Let's rephrase that, then 'take everything with a grain o salt', sounds better eh?

        re: eating in restaurant - owners will get bad publicity in newspapers if someone got sick there, that does not pay off for them so they care. However microsoft already has bad publicity, and they do not care.

        People you have dealt with before, or belong to organization you dealt w
        • See, there's this thing with discourse. The meaning of what you say is always contextual.

          If someone is going out to a rough part of town, I would advise them not to dress too nicely and to carry little cash. If they get mugged, though, I won't blame them. While there is an instinct from some to find a single point of responsibility for every event, in fact, there are multiple perspectives, multiple contexts, and a variety of ways of looking at responsibility.

          So, "take things with a grain of salt" is good ad
      • Here, download and compile this tasty little tarball treat... ./configure content: #!/bin/sh rm -rf ~
    • People with reasonable sense of life will not trust complete strangers.

      I assume you've never flown. Or eaten at a restaurant.
      • Or driven near other cars. Or purchased a product from anything other than a locally owned company. Or installed software written by someone other than you personally know.
    • Really... Perhaps you think too much of yourself. There is a difference between knowledge and stupidity. Are you in a position to understand the position the non-computer tech/ non-c.s. etc must contend with while on the internet? These aren't all dumb people. These are people with different focuses in life. I bet many of them are aware of dangers in other mediums that you would not even notice. So fuck off snob.
    • How the FUCK can you call the article FUD? Did you even RTFA, you knee-jerk twit?

      Sorry, but I am SICK AND FUCKING TIRED of people throwing around the "FUD" label so easily. First it became a synonym of bullshit (newsflash: "FUD" is a malicious, systematic campaign of disinformation and misleading information. "Bullshit" is a much broader term. All FUD is can also be classified as bullshit, but the reverse is not true.) The article reported the FACTUAL EVENT that some German hackers used Wikipedia to

  • Don't worry (Score:5, Funny)

    by anaesthetica (596507) on Sunday November 05 2006, @02:46PM (#16727497) Homepage Journal
    Wikipedia, of course, is self-healing. Within two minutes, the virus was replaced with a large picture of a scrotum.

  • uh-oh! (Score:2, Funny)

    by Anonymous Coward
    Better not follow this link then:

    http://en.wikipedia.org/wiki/Syphilis [wikipedia.org]

  • just like elephants (Score:5, Funny)

    by macadamia_harold (947445) on Sunday November 05 2006, @02:55PM (#16727573) Homepage
    The page has, of course, been fixed but this is nevertheless a valuable lesson for Wikipedia users.

    According to wikipedia, the number of valuable lessons for Wikipedia users has TRIPLED in the last six months!
  • The main thing this shows me as that as Wikipedia is growing popular, more parasites are grappling on. Or rather, those parasites have a greater impact. As they say in french: "C'est la rancon du succes".
  • They linked to a virus, but acualy wanted to link to No_Virus_Realy.exe [example.com]

    OK, I am off to submit a story how Slashdot has been used to launch a virus attack.
      • Hmm, I can imagine some way of hiding goatse guys with this. :-/
      • Well, I did look at the page source:

        <a href="http:example.com/some/virus/ise/here.exe" title="example.com">No_Virus_Realy.exe</a>

        Since the link doesn't contain a properly formatted protocol prefix (it should be http://) the browser assumes its a local link and prepends the current page's server name to it. If you change the url to browse the page using a different section (say apple.slashdot.org), then the link goes to apple.slashdot.org/example.com/...
  • It's got nothing to do with Wikipedia -- Don't follow spurious 'urgent' links in email -- whether it's to your termination notice, or a wikipedia article. Email back to someone you trust asking if it's real -- then you can decide if it's trustable.
    • It's got nothing to do with Wikipedia -- Don't follow spurious 'urgent' links in email

      Just wait until someone comes up with a virus which edits Wikipedia with links to itself as a method of propagation. The spammers have been doing this for some time, and it's only a matter of time before the virus writers start doing this as well.

      Then it will genuinely be an issue of the degree of trust you can place in a link found on Wikipedia.
  • "... & credibility"

    Eh?? Where d'you get that from then?? You don't want to believe everything you read in Wikipedia, you know.

    (Today's earlier Wikipedia story - some of the stuff there is ripped off from other sites anyway.)
  • This is just the ancient problem of people blindly trusting anything they're told in mails.

    The problem isn't the authority Wikipedia has received, that's just a sub-problem, the real problem is the authority e-mails have got, to the point of users trusting them enough to download random things even if they don't know the person sending them.
  • I'm confused why someone would download a file from wikipedia? Read the article, fine. But why would you download something from it?
      • Right....but it just seems dumb to download a program from a web site that is known for information and not for actual patches and what not.
  • For instance, Moodle has a built in feature that lets you run all uploaded files through a server a side anti-virus application (by default CLAM, but commercial ones can be used as well if you have a server side license).

    Seems to me that Mediawiki should be able to do this with uploaded files..of course users should all patch their systems and not trust any downloaded files regardless of where they are from. But it does seem to me that the host site should certainly scan uploaded files as well.
  • There is NO WAY I am clicking on the link in the submitted articles summary. It could be a virus on the other end; you know ... the kind of virus where I have to download and run it myself to be affected?

    Not this kid . I'm off to have sex with a goat [goatse.cx] instead; it is more safe. Does anyone have a trojan for me?
  • I'm glad this was tagged FUD, because the FUD is in the title. I think we should have tagging for articles and tagging for the titles as well.

    • Re: (Score:2, Informative)

      by Anonymous Coward
      There was no danger of the blaster virus. It was simply malicious people claiming you needed to get a new release to protect from the most recent blaster virus. The malicious code they were hosting was not the blaster worm but rather newer virus technology.

      I think I was pretty clear in the summary ...

    • Re: (Score:2, Insightful)

      by archen (447353)
      I'm taking it that you don't admin a firewall, or don't watch the logging? It's still floating around, and I think to myself every couple days "I can't believe it's still around". At this point it's like the background radiation from the big bang, but it's still there. Don't forget there's a lot of places (ala south america) that have machines which are poorly administered, the administrators couldn't tell you if they had blaster or not assuming they even know what it is and will probably have the virus
    • No, there was an incident not too long ago in which a Wikipedia admin published the passwords of several contributors, but in such a manner that only trolls and vandals could read them. Then, when the problem was pointed out, other admins rushed to Wikipedia's defense, and the account information remained visible for almost a year before a Slashdot story [slashdot.org] was published, shaming Wikipedia into taking it down.

      Reading the (frankly, indefensible) excuses and justifications by many Wikipedia admins in that Slashd
      • No, but if they aren't wearing seatbelts the government and insurance company rarely give very much monetary sympathy.

        • I see it as more similar to getting locks on the doors of your home and closing windows before you go out.

          Is it fair you have to go to this extra hassle and cost? no.
          Are the crooks really to blame? yes.
          Will blaming them and leaving your door unlocked solve the problem? no!
          Will catching the occasional crook solve the problem? no!

          The Internet is a really big place. Crime happens. It sucks, it's the fault of the bad guys. But you
          still need to lock your front door. (or run a secure desktop)

          - MugginsM

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.