Today's Windows Virus - MyDoom / Novarg 847
Oddster writes "There is a new virus out by the name of Novarg which can infect all Windows versions from 95 to XP. It has two interesting features - first, in addition to mass mailing, it also distributes itself via the P2P network Kazaa. Second, it can perform a denial-of-service against www.sco.com. Details at Symantec
and F-Secure, although neither seems to have finished their analysis." Other readers have sent in links to coverage at CNET and Security Response, and Russ Nelson provides a sample message.
Oh no (Score:0, Insightful)
Bad example... (Score:1, Insightful)
Re:Serves people right.. (Score:5, Insightful)
This should make us look very professional. (Score:5, Insightful)
Great. This will give SCO some good PR ammo. Thanks guys.
Re:Dark Side of Linux Developers (Score:3, Insightful)
What goes on?
http://www.cert.org/advisories/CA-2003-21.html
http://news
http://www.trusecure.com/kno
I see a pattern forming and it ain't pretty.
DDoS (Score:5, Insightful)
Obviously, SCO has many ennemies. Most of them are probably nix users and the public knows that. If we want to have the public favor OSS, reputation is also important.
Just my 0.02$
This is not a good thing (Score:5, Insightful)
Re:Oh no (Score:5, Insightful)
Why on earth would you assume that it would be some fringe Linux zealot? It could be a pissed off SCO employee, an investor, someone from IBM, any number of UNIX developers. SCO pissed off a lot of people and you don't actually HAVE to use Linux or even care about it to be smart enough to exploit a dumbass Windows user's gullibility.
The only thing more blatantly paranoid than YOUR comment would be to say that Darl himself wrote and released it to make people like you say things like that. Except, Darl is a meathead and I doubt he can spell his own name, so I doubt he wrote it.
Re:DDoS (Score:2, Insightful)
This will work well for SCO from a PR standpoint.
Re:DOS huh? (Score:3, Insightful)
A threat? Really? (Score:5, Insightful)
1) It has a simple text message plus a binary payload attachment.
2) It uses no M$ exploits (patched or unpatched) to install itself.
3) It depends on someone opening the attachment to start an infection.
And after all this time, people are still clicking on binary attachments? Great googly moogly. At least this sucker is only 20-40K. I'm sick of the 140-160K ones swamping my hotmail account. This one will barely be an annoyance.
To quote Evil Willow Rosenberg: "Bored now."
Re:Great! (Score:4, Insightful)
Even though I do not approve of SCO's actions against Linux and the open source movements, the spread of a DOS attack against SCO's website is downright wrong. You should be ashamed of the fact that you place yourself one the side of the people who think it is indeed funny to take a company's site down. Does it really matter if they are a hated group? A DOS attack is just plain wrong. In fact, it might be the lowest form of 'revenge' out there.
If you continue to support these crackers, then SCO is no longer the big Goliath, and SCO's allegations about the dirty open source movement have some validity. The statement, "hey, it's SCO" proves that we are indeed as worse as McBride. If we want to be victorious in the open source/Linux vs. SCO, then we must hold ourselves higher than supporting DOS attacks against SCO.
Quick to judge (Score:5, Insightful)
Absence of data, hmmm....You guys wouldn't happen to work for sco would you?
Re:Oh no (Score:5, Insightful)
I'm not so sure, this was obviously done by a WINDOWS hacker. Most of the Linux hackers I know have no freaking idea about MS Windows internals and they honestly don't even care for that sort of "knowledge".
This isn't what the Linux community wants (Score:1, Insightful)
Although I admire the authors conviction and obvious disliking for SCO, this is not what the OSS community needs. In fact, this probably hurts us more then it does SCO.
Hell, given the factors I'd almost wonder if SCO themselves weren't responsible for this in yet ANOTHER attempt to discredit the OSS community.
On the other hand, many say fight fire with fire. I can't imagine anything more comparable to SCO then a worm. *laughs*
Trolling /. with viruses? (Score:5, Insightful)
First off, why do you assume that the person who wrote the virus is reading Slashdot?
Second, how do you know he or she isn't cackling with glee over the froth you guys are working up?
Third, what exactly the hell am I supposed to do about this virus, given that I didn't write it and most likely don't know the person who did write it? Feel bad for SCO?
If I were a script kiddie, this is exactly the effect I'd go for; try to piss off Windows users and Linux users all in one shot.
Face it, the "Linux community" is made up of lots and lots of different people, and it only takes a handful to make life harder for the rest of us. But scolding Slashdot isn't going to do anything other than make yourself feel good.
Jay (=
Re:This is not a good thing (Score:3, Insightful)
Doesn't matter, unless they catch the writer and prove it to be something else. As you showed with the SCO conspiracy theory it's the Linux community that is going to catch the flack.
Re:A threat? Really? (Score:4, Insightful)
But..... (Score:4, Insightful)
Oh nevermind
It might be usefull to SCO (Score:5, Insightful)
SCO just started yet another lawsuit, this time with Novell. Now the financial types could be recalculating how many quarters until SCO runs out of cash and has to cease operations. Let's not let them get distracted by stupid email tricks.
Re:DOS huh? (Score:5, Insightful)
Also, does the virus target by IP address, or does it do a full DNS lookup? If it's just IP, it will be easy for them to change the www record, and the servers address. 60 seconds later, everyone apart from the virus will be able to access the site.
Re:DDOS SCO (Score:4, Insightful)
Re:DOS huh? (Score:3, Insightful)
Re:Procmail to the rescue (Score:3, Insightful)
Darl the hacker? (Score:3, Insightful)
Re:Mom (Score:5, Insightful)
Then you're obviously failing to communicate to your mother the gravity of the situation. In all the years my mother used a Windows machine her computer did not have one virus. The rules are very simple. I also have no trouble at the office. With the exception of the H.R. guy who must open attachments (primarily Word documents) in order to read people's resumes it's been a long time since we had any viruses running on any machines in the Hampton office. Furthermore, through a mistake either my boss or I had made we hadn't set his machine to update virus definitions automatically so I give the H.R. guy a lot of credit for having avoided viruses without it.
It certainly doesn't hurt to have a Symantec Anti-Virus Corporate Edition and to be running Novell GroupWise instead of Microsoft Outlook^WOutbreak but it's not the end-all of virus protection either. Proper user education is an important part of running a network. I keep the users at the office informed about how viruses work and how they propagate. I let them know that I've done all I can and that it's up to them to use their good judgement. I remind them that message headers are just as easily forgeable as the return address on an envelope.
It's worth the time. I'm not saying I just wrote one message and all viruses were gone. I wrote several. I talked face to face with people in the office about it. I ask them what they think about viruses and spam. I give them the information they need to make informed decisions. In the end, it makes my life a lot easier.
The simple problem is that people don't know unless you tell them. They only hear what Tom Brokaw or Katie Couric tells them. Tell them how it really works and they will understand and try their best. A few will slip up. Don't be mad at them, just explain things again so they understand.
The only case where this won't work is if you have a high employee turnover. If you do then let your boss know that viruses are simply another cost of high employee turnover. If you do that then he will have the information he needs to make an informed business decision. Maybe he'll decide it's worth taking some measures to keep people around. Put it in terms of dollars. Do whatever it takes but viruses can become a thing of the past if more companies started to do this.
Re:This is not a good thing (Score:3, Insightful)
The "Linux community" did not write this virus. At least, I don't recall seeing the "Let's Write Viruses" thread on LKML. There's no "Anti-SCO DDOS Virus" project on Sourceforge.
This DDOS virus was probably written by a lone individual. The Linux community is not responsible for the actions of individuals.
I consider it just as likely that the virus was written by SCO to garner sympathy. Their stock is in decline (again) and they need something to talk about in their next stock-pumping press release.
Re:Oh no (Score:3, Insightful)
It'd be moronic for a Linux zealot to not be at the top of the suspects list for what happened here.
There's absolutely no reason to believe that. While I wouldn't be surprised if some fringe looney tune did release it, I'd be equally unsurprised to discover it was a disgruntled SCO employee or just somebody looking to make Linux users in general look bad publicly.
Or, to put it another way, until there's evidence pointing at someone, I'm not going to go jumping off the conclusion cliff like so many of the other folks here have already done.
Re: not hard to beat Norton anyway.... (Score:5, Insightful)
I've removed a *bunch* of back-door trojan horse programs (MovieWorld and so forth) from Windows PCs that were running Norton AntiVirus 2003 with all the latest signature updates being "Live Updated". The freeware AVG Anti-Virus personal edition found them, as did a relatively unknown scanner called Avast.
Why is it people have to pay $30+ per year for a subscription renewal for a big-name, commercial scanner that can't even find things the freeware packages find and remove?
Subject is not just the first few words (Score:1, Insightful)
What does?
But anyway, perhaps these are people who DO run AV software, but it's out of date. Or they DO run it at work, but don't realize that it didn't come already installed at home. In either of these situations, they might have a false sense of security, might think that anything that the computer lets them run should be perfectly safe.
But then I remember some of the people I'm related to, and istm that, for a lot of people, all higher-level thinking just shuts off as soon as they sit down at a computer. Perhaps they think that there's no way they'd understand it all, so there's no point in trying to understand any of it.
Re:Mom (Score:3, Insightful)
Re:Finally! (Score:5, Insightful)
Re:Finally! (Score:4, Insightful)
I thought something like 'ooh' when I read it spreads by kazaa too. I thought maybe it was connecting to the fasttrack network and being a fake kazaa node, but, it just seems to be copying itself to the default kazaa shared folder - so it will only spread via kazaa if you actually use kazaa.
Re:DOS huh? (Score:1, Insightful)
As every
Filtered or not, 129.66.100.74 is still taking a whole bunch of traffic in, and sending rejection packets back, all of which takes bandwidth, and processing time on that router.
Eventually, the folks at API Digital are going to get rather mad about it. But knowing
So, it's a nice prank now, but wait til the feds wave the Patriot Act in your face, as your thrown into a black van for destinations classified. It doesn't matter how much you plead with them, you've just brought yourself into the ranks of a clueless cyber-terrorist wanna-be, punishable by an indefinate time in jail before even seeing your lawyer.
Enjoy, dumbass.
Re:Great! (Score:2, Insightful)
Re:I would like to see a study done (Score:5, Insightful)
that aims to define exactly who it is that is opening email, saving attachments, opening the attachment, running the payload, and is not using AV software.
Mac users fit that defintion. Why should they care about attachments, really? There will be, one day, I'm sure, a virus that infects Macs--just as there have been in the past. And that will be a day of reckoning, as millions of Mac users scramble to get virus-smart. But the last 4 years of being virus-free, without any A/V software, and blithely opening attachments has made most Mac users pretty carefree, and careless.
Re:How does this make open source look bad again? (Score:5, Insightful)
Darl will say Linux supporters must have done it, and the media will quote him, and clueless people will read it and associate whoever did it with us. So while we know it wasn't "one of us" and we don't support it (except in jest), people will read otherwise. We unfortunately don't get to choose who the public associates us with.
Re:Serves people right.. (Score:3, Insightful)
I'd have thought the warning was akin more to one on nuts that says "Ingesting these nuts through your nose while driving may be hazardous". I mean they know its an iron and that irons are hot, that's their point. Be different if they grabbed a box at Walmart labled "Clothes Flattening Device" and they had never used an iron before.
Re:DDoS (Score:3, Insightful)
Please. The average Joe knows nothing about OSS. We have no way to inform him as to our motives and principles, because he will be told what those in power want him to know. There is no PR angle we can take to affect that public perception, because we do not have the required power.
I just think it's funny... (Score:4, Insightful)
Hell, my Outlook won't even let those attachments through to begin with. "BUT IT'S A WINDOWS VIRUS!!1"