Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security The Internet

Netsky Worm Variant Attacks P2P Services 472

Posted by timothy from the lack-of-attention-syndrome dept.
ee_moss points out this Washington Post article (via Yahoo!), excerpting "The latest variant of the Netsky worm directing infected computers to launch Web-based attacks against music- and file-trading Web services such as Kazaa, taking down at least one company's Web sites in the process. The worm, the 19th version of a bug that made its debut in February, is also targeting some Web sites that offer computer programs designed to illegally break or bypass copyright controls on software programs."
This discussion has been archived. No new comments can be posted.

Netsky Worm Variant Attacks P2P Services More

Netsky Worm Variant Attacks P2P Services

Comments Filter:

  • It's not that surprising . . . (Score:4, Insightful)

    by erick99 ( 743982 ) * <homerun@gmail.com> on Sunday April 11, 2004 @11:46PM (#8835224)
    I am not so surprised that a virus writer would go after P2P networks. There are so many viruses there anyway...why not just go after the whole enchilada? And, of course, spreading a virus must be easy with so many unprotected machines out there.

    Anyway, I know this sounds painfully obvious, but why don't folks take the simple step of running an antivirus program? I have McAfee VirusScan and I also have AdWatch running full time. Between the two, I feel fairly well protected from viruses and adware/spyware.

    And then you have folks that click on just about any attachment - from the article:

    The experts advised people not to click on strange attachments in e-mail, which can activate the worm, and to update their antivirus software frequently to ward off new threats.

    I have an agreement with family and friends to embedd a codeword in any document that contains a file attachment. It is usually a fairly esoteric work not likely to come up in casual conversation. However, I have damn near been fooled by a few emails because they seemd very legitimate. Oh, well.

    Anyway, I am preaching to the choir....and ranting a bit.

    Happy Trails!

    Erick

    • Re:It's not that surprising . . . (Score:4, Insightful)

      by upt1me ( 537466 ) on Sunday April 11, 2004 @11:52PM (#8835267) Homepage
      Anyway, I know this sounds painfully obvious, but why don't folks take the simple step of running an antivirus program? I have McAfee VirusScan and I also have AdWatch running full time. Between the two, I feel fairly well protected from viruses and adware/spyware.

      Why don't folks just run linux. Antivirus software has become so beloated these days. I run Norton Antivirus on my Windows machine and it turns it into a lag terminal.

      • Re:It's not that surprising . . . (Score:5, Insightful)

        by 1u3hr ( 530656 ) on Monday April 12, 2004 @06:07AM (#8836344)
        Antivirus software has become so beloated these days. I run Norton Antivirus on my Windows machine and it turns it into a lag terminal.

        If you are allowed to, turn off some of the checking. I think Norton by default scans every file you open, every app you run. Just set it scan stuff coming via email or web, and manually scan anything else. Set it on a complete scan when you go for lunch. If I just want to get work done I often disconnect from the network until I actually need to use it.

      • Try AntiVir XP (Score:3, Informative)

        by Quizo69 ( 659678 )
        "Antivirus software has become so beloated these days. I run Norton Antivirus on my Windows machine and it turns it into a lag terminal."

        Norton certainly behaves this way. when I visit a client that has Norton on their machine, I recommend that to speed up their machine, they uninstall Norton and install the freeware antivirus checker called AntiVir:

        www.free-av.com

        They are always amazed at how getting rid of Norton Antivirus suddenly speeds up their system about 200%.

        NAV used to be really good back in '

        • Re:Try AntiVir XP (Score:3, Informative)

          by nolife ( 233813 )
          The free version of AntiVir will not scan or protect from files opened or accessed from a network share. A fair compromise by them for an other wise very good free product but something you should be aware of if you have a home network with shared resources.

          You can test and verify this operation on any vendors antivirus product with the eicar test virus [eicar.org].

    • Re:It's not that surprising . . . (Score:5, Funny)

      by Dr Reducto ( 665121 ) * on Sunday April 11, 2004 @11:53PM (#8835272) Journal
      There is a term for this tye of thing: PEBCAK

      Problem Exists Between Chair And Keyboard

    • Re:It's not that surprising . . . (Score:5, Insightful)

      by Bz3rk ( 729797 ) on Sunday April 11, 2004 @11:54PM (#8835275) Homepage Journal
      OK put on your tin foil hats... the conspiracy theory is that these worms that target P2P are produced by or for the RIAA. They already flood the networks with fake or corrupt files, why wouldn't they take this next step? They have already shown they have no respect for the law anyway.
    • I have taken the simple step of not running Windows at any time. I installed Debian unstable on one computer and Testing on the other, about 2 months ago, and I haven't looked back. Once I got VLC to play itunes DRM'd files my wife was on board as well. Now if only Juk could play itunes music we would be in business.

      In fact, the only microsoft products I'm using now are my MS Intellimouse w/ IntelliEye 1.0 (discontinued) and my Microsoft Internet Keyboard. Oh, and Word 97 in wine, just because my job s
      • You haven't heard about the new Intellimouse worm? Does the scroll wheel sometimes act up a bit? Thought so.

        (j/k)

        Seriously though, I haven't had any trouble opening RTF files with Open Office. In fact, Open Office opens Word files that Word won't even open. I've never needed to resort to Wine for things like that. (although I suspect if there are macros in those documents they won't run in Open Office....on the other hand do you really WANT macros to run in a document when you open it?)

    • Re:It's not that surprising . . . (Score:5, Insightful)

      by Marvelicious ( 752980 ) on Sunday April 11, 2004 @11:55PM (#8835284)
      I have been wondering this for years myself! Why don't more people run antivirus programs? www.grisoft.com has a free version of avg antivirus. Free! I figure, if you use the internet, you have no good excuse not to use one! Did I mention its free. Granted, its a little clumsy and short on features, but it seems to work!

      • Re:It's not that surprising . . . (Score:4, Interesting)

        by Arctic Dragon ( 647151 ) on Monday April 12, 2004 @12:25AM (#8835438)
        My security unaware friends continuously have their PCs infected with viruses because they refuse to install virus scanners. The most common excuse is "too expensive" (which I disagree with; the minimal price is worth it).

        I give them a link to AVG Free Edition, and they still have virus problems afterwards when they refuse to install AVG. They'res no excuse for that. I guess people are just (very, very) stubborn.

        • Norton sucks! (Score:5, Interesting)

          by JPriest ( 547211 ) on Monday April 12, 2004 @04:09AM (#8836129) Homepage
          I hate Norton and Mcafee because they each run like 6 different processes when the system boots up. Who needs a virus when they have an anti-virus utility that causes more load and overhead than everything else combined. Not to mention their scare tactics to get people to spend more money. I think AVG and AVPE [slashdot.org] are fine solutions, just most people don't know they exist.

          • Re:Norton sucks! (Score:4, Informative)

            by JPriest ( 547211 ) on Monday April 12, 2004 @04:12AM (#8836134) Homepage
            Fixed link [free-av.com]

          • Re:Norton sucks! (Score:3, Informative)

            by mattgreen ( 701203 )
            What are you smoking? This is FUD. I am a gamer. I don't even notice the impact of running Norton. I did a quick 3DMark test way back and there was no difference between running it with NAV and without. Well, less than 30 marks on 3DMark 2000, but this easily falls within the standard deviation of repeated runs of 3DMark.

            Furthermore, I'll pull the CPU time figures from task manager. This is NAV Corp. edition 8.0 on XP:
            Cumulative uptime: 201:53:00 (system idle process)
            rtvscan.exe: 00:00:04 (real time scanni

          • Re:Norton sucks! (Score:3, Informative)

            by RESPAWN ( 153636 )
            I hate Norton and Mcafee because they each run like 6 different processes when the system boots up. Who needs a virus when they have an anti-virus utility that causes more load and overhead than everything else combined.

            I totally agree with you on that one. I was having issues with McAfee at one point, so I uninstalled it for a while. I couldn't believe how much faster my computer was starting up. Now, I'm sure that some of the slowdown had to do with McAfee doing some scanning on bootup, but it was am
      • Clumsy, no. Short on features, who cares. It uses waaaaaaaay less resources than either McAfee or Norton AV, and seems to catch more. Updated nearly every day, and has never broken a software install for me (when I was in tech support, you would not believe how many software installs were broken by Norton or McAfee sticking their noses into the process and screwing up the file writing or settings). Nice context menu option, easy integration to CLI. AVG is getting pretty close on to perfect... if it was
      • Well usually it's just laziness, cluelesness, or a false sense of invulnerability but not always.
        I only started regularly running one after upgradeing a windows box to xp which came down with a msblaster within 5 minutes of going online, this when the crappy lines out here barely support 28.8. This was only the second time I've ever gotten a virus, the first I got off of a 5.25" floppy back in the early 90's.
        I would rather not run one. Why? because I'm sick of programs that take over the system, l

    • Anyway, I know this sounds painfully obvious, but why don't folks take the simple step of running an antivirus program?

      Waste of money, IMHO. I've been using Windows for years without a virus scanner, and not once have I found a virus infecting my computer.

      • Windows with no virus scanner works okay, but only in certain environments. I'm a college student residing in a dorm. My subscription for Norton updates expires every year - last year I didn't want to pay the $30 for a new one, so I didn't have any updated virus definitions over the summer, while I was living at home with my parents, living on a 56K modem. In the fall, when I came back to school, I had no choice but to pay the $... too many people on the network to propagate viruses and worms and other bad
    • I have an agreement with family and friends to embedd a codeword in any document that contains a file attachment. It is usually a fairly esoteric work not likely to come up in casual conversation. However, I have damn near been fooled by a few emails because they seemd very legitimate. Oh, well.


      That sounds like a wonderfully good idea. I have converted most of my folks to mozilla to bypass most of the problems embedded within the e-mail but obviously if they click an dodgy attachment it is still an issu

    • antivirus programs are of limited value (Score:4, Insightful)

      by JoeBuck ( 7947 ) on Monday April 12, 2004 @12:09AM (#8835357) Homepage

      An antivirus program only finds known viruses, or variants of known viruses that trigger some common rule. They are useless against new viruses, particularly rapidly spreading new viruses.

      • I agree, however most AV software companies are very quick to respond once a virus is identified. If you keep your definitions up to date frequently, it potentially can only affect 100 users rather than a million. I might be overshooting it a bit here but statistically you're safer.

    • Re:It's not that surprising . . . (Score:4, Insightful)

      by ThisIsFred ( 705426 ) on Monday April 12, 2004 @09:27AM (#8836919) Journal
      Anyway, I know this sounds painfully obvious, but why don't folks take the simple step of running an antivirus program? I have McAfee VirusScan and I also have AdWatch running full time. Between the two, I feel fairly well protected from viruses and adware/spyware.

      I think the answer is this: Because of maintenance costs, there are very few companies with virus detection tools that don't charge a subscription fee of some sort in order to get updates. That means Joe Aol is going to have a non-functional virus scanner within 3 months to one year. He'll probably never run an update to the sig database, but that may be changing now, because the programs are getting better at nagging. Also, some programs request that the virus software be disabled while an installer runs. Some folks can't figure out how to do this, and end up temporarily uninstalling the virus scanner to install software (those miniature system tray icons on Windows are a pretty bad interface design choice). I also wouldn't feel so comfy with McAfee or Symantec: They aren't catching many of the newer (or rare) variants. My own experience on the job suggests that Grisoft AVG is better, and that Clam AV works nicely on servers (CAV's detection abilities improved by leaps and bounds these past couple of months). AVG is a subscription-based scanner, but CAV is too involved to be useful to the Joe Aols of the world.

      I like Ad Aware, but it doesn't catch all the malware programs, some of which now behave like viruses (planting spyware payloads, but remaining hidden inside the operating system).

      Unfortunately, no matter how many times I tell my users about clicking on attachments, they still do it. I've come to realize this is partly my fault: I have to figure out a way to explain how I tell the difference. But my method is mostly this: Context. People I know rarely send me executables, compressed archives, program info files or PCM data files.

      I think I'm going to author and test a trusted-sender e-mail client pretty soon. That seems to be the only way to minimize the effects of "spam" and viruses.

  • Oh hum. (Score:5, Funny)

    by Anonymous Coward on Sunday April 11, 2004 @11:48PM (#8835236)
    Another virus. Run in circle. Shout. Panic.

  • Human stupidity (Score:5, Insightful)

    by mindless4210 ( 768563 ) * on Sunday April 11, 2004 @11:48PM (#8835240) Homepage Journal
    The experts advised people not to click on strange attachments in e-mail, which can activate the worm...

    Of course, until you can teach people to be intelligent, these types of viruses will continue to circulate through the net.

    • Re:Human stupidity (Score:5, Insightful)

      by Amiga Lover ( 708890 ) on Monday April 12, 2004 @12:48AM (#8835521)
      I think it's not always a matter of intelligence, but apathy. People get a virus and... ...so what? I've cleaned relatives machines with dozens of viruses. They kept working for the most part, they worked before and they worked afterwards. A few resources were consumed, but consumer machines now are in the multi GHz speed range. Most viruses just don't affect the user enough for them to really give a shit about them. For an example, when mydoom hit so massively earlier this year it... made their machine one of hundreds of thousands targeting sco.com.

      Again, apathetic users, they don't notice and don't care. Until a virus comes along with the spreading power of mydoom, but sits and waits for a couple of weeks until it throws up gay porn onscreen and shouts out "HEY EVERYONE I'M WATCHING GAY PORN" while proceeding to delete EVERY SINGLE DAMNED FILE USERS HAVE... they're going to keep on not giving a damn about viruses.

      The general public sees viruses as something computers just get, and is as innocuous as a sniffle. If a few viruses came along and did the equivalent of schizophrenia, lung cancer and whole body pus filled sores to their computer, THEN they will take notice.

      • Re:Human stupidity (Score:4, Interesting)

        by geminidomino ( 614729 ) on Monday April 12, 2004 @12:57AM (#8835556) Journal
        Nitpick: Worm != Virus(though I don't deny that a given virmen can be both. Worms just make dropping the viral payload easier these days).

        Most of what you describe can be attributed to worms. Viruses infect exsisting binaries. The big one when I was in high school was "Nov 17." When you got THAT virus, you knew it, especially if you were running Win 3.1[1]. It would infect EMM386.EXE and all of a sudden you were back to 640k of memory again. :) It wasn't the computer equivalent of Ebola, but it kept us from playing Wolfenstein. :)

  • Bad reputation (Score:5, Interesting)

    by superpulpsicle ( 533373 ) on Sunday April 11, 2004 @11:50PM (#8835251)
    I have a couple relatives who are extremely nontechnical. Their windows installation has already been plagued by 2 worm viruses this year. When they think virus in windows, they think virus in computers. Basically these viruses are giving computers in general a bad reputation.

    I have suggested they try linux. But they are nearly at the point of no return. They fear computer, they fear the hassle, virus scans, repair etc. What's the world coming to.

    • Re:Bad reputation (Score:4, Insightful)

      by 00420 ( 706558 ) on Monday April 12, 2004 @12:02AM (#8835314)
      I have suggested they try linux. But they are nearly at the point of no return. They fear computer, they fear the hassle, virus scans, repair etc. What's the world coming to.

      If they are not dependant on any Windows-only software (that won't run in Wine) then why not offer to set up Linux for them. Give them Gnome or KDE with icons for everything they need on their desktop and in their "start menu." (And no other icons)

      And tell them that you will set it up so the only things they have to look at are the things they need.

      Then ssh into their computers anytime an update is necessary.

      I would imagine they would be pretty happy with a computer that was less prone to virus attacks.

    • Re:Bad reputation (Score:5, Informative)

      by Anonymous Coward on Monday April 12, 2004 @12:12AM (#8835372)
      If they MUST run windows, this is all you have to do:

      * Install Mozilla (Firefox and Thunderbird).
      * Install Ad-Aware. Pay for the pro version that also has Ad-Watch.
      * Install Spybot Destroyer.
      * Install a cheap linksys router.
      * Install Grisoft/AVG antivirus - or somethign equally as good.

      Now, nothing is going to get IN that shouldn't and probably won't get OUT. Even if they're wreckless and download/install everything they ever run across, Spybot Destroyer lets you prevent the installation of *hundreds* of known activex applications and other troublesome installers, lock your hosts file, prevent changing the MSIE start page, etc. And if they're stupid enough to install something after Ad-Watch/Ad-Aware and/or their antivirus software warns them about it, then they deserve what they get.

      Additionally:

      * Don't give them administrator accounts!
      * Set them up with a DynDNS address. This way you can connect to them remotely using VNC when necessary to do administrative tasks.
      * Setup regular user accounts for them. Or better - setup limited user accounts so they can't even install any software themselves. Tell them to come up with lists of things they need installed and to call you. Then you can VNC in, fire up the admin account and install them in a few minutes.

      It will lock them down, but shouldn't prevent them from doing most things they want to do and will save you a shitload of headache. And if they don't like it, then it should hopefully be enough reason for them to start actually LEARNING about the machine they're using rather than treating it like a god damn TV and then they can assume the responsibility.

      • I think you nailed it... (Score:5, Interesting)

        by zogger ( 617870 ) on Monday April 12, 2004 @01:02AM (#8835583) Homepage Journal
        ... to just millions of people, a computer is just a TV set with a lot of on demand "channels". That is exactly how they treat it, and why security isn't anything they should do, the "computer" should do it.. and really, it mostly SHOULD "do that".

        And there's no reason anymore for new computers to go out the door in any shop without those types of programs installed if they are going to use MS.

        shame on MS and shame on the box vendors

        And there's even less reason to let MS skate on this issue. They should have been class actioned all the way to the supreme court long ago on useability and security and internet interoperability issues.

        That EULA is an abomination. Maybe 20 years ago when desktop computing was really getting going they needed some time to get up to speed on coding, but not today, nope, EULAs that absolve the *seller* of all normal consumer warranty and protection should be stricken down. once and for all.

        If ACME front door and lock company made a product that consistantly over the years was shown to A not open or shut correctly and could be counted on to fall off the hinges and needed to be re hung every 6 months, B-which had no credible locking mechanism, and C-caused the purchasers to be invaded in their homes and robbed and inconvenienced for years and years because of A and B, they would have been put out of business.

        It's time to REALLY consider this EULA get out of any responsibility card they are allowed to use and profit from. It's absurd.

        Methinks a lot more proactive coding on their part over the years might have cost them X-billions more, but they got 50 bill in the bank now, they could have most likely made it a lot more secure and functional and still had many many billions in the bank. There's no excuse anymore beyond pure GREED on their part. I would agree with the assessment nothing can be coded perfect, but really.. there's ways to go about this, they just never did it,not near enough, they were AWARE of the issues just they didn't CARE about the issues enough because it would have cut into "profits". Not eliminate them, it just would have reduced them some. Big deal. they profit, everyone else has to jump through hoops and suffer over their inaction.

        They could have had BOTH, profitability plus more secure and functional design, they chose NOT TO. It was high level executive decision making that caused that, it was done on purpose. It wasn't that important to them as long as they could bully their way into mass acceptance and get away with it.

        Class action suit, I am surprised it has never happened yet.

        • That EULA is an abomination.

          I'm going to play devil's advocate here for a moment and tell you that although the EULA may be terrible, it's not Microsoft's responsibility to sign a good contract. If I wrote up a contract stipulating that you are required to give me 90% of your disposable income in exchange for me enlightening you, it certainly wouldn't be a fair contract. But if I were able to get you to sign, it would still be a binding contract, albeit a bad one.

          I am not a lawyer but I know that Microso

          • I am not a lawyer but I know that Microsoft does not engage in any sort of coersion to force its users to agree to their EULA.

            Sure they do.

            I go into Best Buy. I pay cash for a copy of Windows XP. I walk out of the store.
            (At this point I have all the legal rights necessary to run Windows XP.)

            I take the software home, go to install it and it tells me that I must agree to (XXX, YYY, and ZZZ) BEFORE I can acutally use my legally purchased RIGHT to run that software.

            They're bullying you because yo

        • He's right: A reply to your replies (Score:5, Insightful)

          by theLOUDroom ( 556455 ) on Monday April 12, 2004 @09:48AM (#8837046)
          Great explanation of just how irresponsible certain software manfacturers are being.

          Are lot of the reply's you're getting are in the vein of:
          "But you don't have to agree to the EULA"
          and "What about OSS"

          Okay guys, here's the difference:
          A MS EULA is like me going out, buying a house, and after closing on the house I come home to find a big sticker on the door that says,
          "by breaking this seal you agree to the following terms:
          -You do not really own this house, you're actually leasing it from us.
          -We are not responsible if this house turns out to have numerous major problems that we didn't tell you about.
          -You may only use this house for purposes X, Y and Z, any other use is strictly prohibited.
          -etc, etc, etc

          It's clearly stupid and not a legally binding contract. I can rip that sticker of my door without a worry in the world. The same needs to be true for software.
          A good example is disclaiming any and all warranty:
          This needs to be done BEFORE I give you my money.
          It's like a car manufacturer trying to sell a new car with absolutely no warranty by sticking a note in the glovebox when you're driving it off the lot.
          The deal is already done. The note means nothing. The manufacturer is still responsible for all normal, implied warranties.


          Now what about OSS?

          First off, I'm going to talk only about the GPL. (Other liscenses are typically very similar.)
          Now the key thing is that there are some very big differences with GPL'ed software:
          1) It's free. Free things are typically not legally required or assumed to carry warranties. There also don't seem to be many laws about disclaiming liability when I give you something for free. There's nothing that says the item must be provided in any form other than "as-is", unlike commercial/retail sales. I can give you a car with rusted out brakes for free and not have to fix them for you. If I was a car dealer, charging you money, I might have to fix those brakes (unless there was some agreement made about them at time of sale).
          2) The GPL is not a EULA. You do not have to agree to the GPL to use a GPL'ed program. A lot of people have trouble understanding this one. There are even programmers who make the GPL pop up when you run their program and force you the check "I agree". These people are all wrong. The GPL only governs redistribution. As such, it's not trying to get rid of any rights that you would normally have. In order to gain a right that you wouldn't normally have (redistribution of someone else's copyrighted work), you must agree that this new right is subject to a set of conditions. If you do not agree, you do not get those rights, not because to GPL says you don't, but because copyright law says you may not redistribute other's work without their permission.

          • You left out the part (Score:3, Insightful)

            by wurp ( 51446 )
            where if I buy a house from anyone else, all of the major retailers won't sell me plumbing, fixtures, or even dishes and none of the handymen know how to fix anything.

            Yeah, sure, the EULA is a contract I chose to sign. As opposed to all of the other choices I have out there.

            In fact, this is getting fixed. For many advanced users, Linux is perfectly capable of providing anything they need. But someone shouldn't be forced to "sign" a crazy contract because they're not a computer expert.

            That's ignoring t

      • Sadly... (Score:3, Informative)

        by mythosaz ( 572040 )
        I spent a 24 hour block at work on Thursday fighting an undetectable to McAfee/Norton/Trend version of Polybot/Gaobot/SDBot.

        The *bot line of worms spreads two ways. It uses both the RPC exploit (patched last year) and by using a laundry list of username/password combinations. While I'll be the first to admit that a STRONG local administrative password and 100% patched boxes would have evaded *this* worm, it won't be a defense against the next one that targets RPC-like-flaw-v2.0 or that includes our "stro
    • I have suggested they try linux. But they are nearly at the point of no return. They fear computer, they fear the hassle, virus scans, repair etc.

      Yes, I find a lot of people like that around here as well. However, their conclusion is that "this machine is too slow". Well, its too slow because its email Klez 5: The final spamteer to a million people an hour (including me). So they buy a new computer and I as the resident computer type fellow get the task of setting it up and moving their documents over.
    • You say this, mr relative.. If you choose to run
      windows I am unable and unwilling to support you. If you would like to run linux then I am more than willing to support you.

    • Re:Bad reputation (Score:3, Interesting)

      by WindBourne ( 631190 )
      I have moved 4 families over to Mandrake from Windows in the last year. For the first month, it is a hassle, but it gets much better. Linux is still missing many things that make life easier, but it is also not infected. All have said that you could not pay them to go back to Windows just due to this issue.

      If you use a KDE front-end, then consider giving them the "kiss the BSOD good bye" book. I gave it to the last 2 families and it made life much easier for me.

  • What we are supposed to do (Score:3, Insightful)

    by ObviousGuy ( 578567 ) <ObviousGuy@hotmail.com> on Sunday April 11, 2004 @11:50PM (#8835252) Homepage Journal
    The post doesn't say it, but it definitely insinuates that the nefarious RIAA and possibly the BSA is behind this latest worm. Unfortunately, that kind of knee-jerk reaction is counterproductive to finding the real virus spreaders.

    Someone is obviously trying to implicate the content monopolists in this by targetting the sharing networks. It is highly unlikely that the monopolists are doing this themselves because they have too much to lose by carrying out such an attack.

    Someone in the computer community is doing this and is hurting everyone in the process. Sometimes the geek community is its own worst enemy.
    • The post doesn't say it, but it definitely insinuates that the nefarious RIAA and possibly the BSA is behind this latest worm. Unfortunately, that kind of knee-jerk reaction is counterproductive to finding the real virus spreaders.

      This is Slashdot, which also assumes only SCO would write a virus that D-DOSes them.

      Basically, news of a D-DOS creates an accusation at whichever side Slashdot hates most, lack of fact notwithstanding.

      • Re:What we are supposed to do (Score:5, Interesting)

        by PacoTaco ( 577292 ) on Monday April 12, 2004 @12:39AM (#8835486)
        Don't forget to factor in reverse psychology.

        Maybe someone wrote this virus so we'd think the RIAA did it. Or maybe the RIAA wrote it so we'd think that someone wrote it to pin the blame on the RIAA. Or maybe someone wrote it so we'd think RIAA wrote it to make us think that someone wrote it to pin the blame on the RIAA. Or maybe the RIAA wrote it so we'd think that someone wrote it to make us think the RIAA wrote it so we'd think that someone wrote it to pin the blame on the RIAA. Or maybe...

    • Re:What we are supposed to do (Score:5, Insightful)

      by Lochin Rabbar ( 577821 ) on Monday April 12, 2004 @12:07AM (#8835341)

      The post doesn't say it, but it definitely insinuates that the nefarious RIAA and possibly the BSA is behind this latest worm.

      The post insinuates nothing of the sort, it just states what the trojan does. You jumped to that conclusion all by yourself.

      Unfortunately, that kind of knee-jerk reaction is counterproductive to finding the real virus spreaders.

      As is assuming that respectable business organisations are beyond suspicion. Especially when one of these organisations is on record as wanting immunity from prosecution if it does use such tactics. But then again you were just trolling weren't you.

      • Re:What we are supposed to do (Score:5, Interesting)

        by ScrewMaster ( 602015 ) on Monday April 12, 2004 @01:18AM (#8835636)
        And one of whose Congressional proteges', Orrin Hatch, is now on record stating that remotely destroying a copyright infringer's computer system should be a legitimate tactic for a respectable business organization. Huh. And I used to think he was okay as Congressrodents go. In any event, I think the key word here is respectable.

      • Re: (Score:3, Interesting)

        by account_deleted ( 4530225 )
        Comment removed based on user account deletion

    • Re:What we are supposed to do (Score:5, Informative)

      by elohim ( 512193 ) on Monday April 12, 2004 @12:08AM (#8835347)
      I think it's more likely to be the mp3 scene itself. And by mp3 scene I mean the releasing groups, couriers, and ftp site ops. They don't like their work getting to P2P networks; they rip music to have something to offer to sites they upload to, in exchange for whatever they want, be it wares or porn or whatever. If their product is not exclusive (e.g. available on P2P), they lose leverage. Ask any "scener" and they'll tell you they think P2P is bad for business.
    • It is highly unlikely that the monopolists are doing this themselves because they have too much to lose by carrying out such an attack.

      Like what? Money? They're already making cash hand over fist; a fine by the FTC or a lawsuit would hardly dent their income. Reputation? I think that was trashed when they sued the 12 (?) year old girl... and didn't drop the case.

      So what do they have to lose that they haven't already lost?

      ~UP
    • I actually wouldn't put it past the RIAA and BSA to do something like this. These days with outsourcing, its pretty gray concerning what an overseas company does. And givin the inherent scumminess that lies at the top of the music industry labels, I really wouldn't be surprised if a friend of a top exec called in a favor, etc.

      I know, tin foil hat.....but still....of all the people that could possibly be doing this.....I REALLY would look twice to see if its them.

    • You consider virus writers to be part of the "computer community"? Like rapist are part of the "dating community" and burglars are part of the "domestic community"?

  • What get's me... (Score:3, Insightful)

    by wobedraggled ( 549225 ) on Sunday April 11, 2004 @11:51PM (#8835261) Homepage
    I've noticed more and more windows users, have to install nearly 1/2 a dozen or so programs th protect thier pc's. Between Ad-aware, Spybot S&D, Norton/AVG/McAfee and a host of others, I ask... Why Bother? It's the reason I went 100% linux at home, no worries about such crap.

    • Re:What get's me... (Score:2, Insightful)

      by HillBilly ( 120575 )
      For now...

    • Re:What get's me... (Score:5, Informative)

      by Microlith ( 54737 ) on Monday April 12, 2004 @12:41AM (#8835498)
      Because they're paranoid.

      I've run XP for over a year and every once in a while, just for kicks, I install AVG and AdAware.

      Last time I ran AdAware 6 with the latest definitions, out of 90000+ items scanned, it found ONE registry key.

      And AVG has not once turned up an infection of any kind.

      So I ask the other windows users, what the hell are you doing to require this. And I ask all the self-righteous linux users to kindly keep your smart-ass comments to yourselves :)

      • Re:What get's me... (Score:5, Informative)

        by naelurec ( 552384 ) on Monday April 12, 2004 @01:34AM (#8835719) Homepage
        So I ask the other windows users, what the hell are you doing to require this. And I ask all the self-righteous linux users to kindly keep your smart-ass comments to yourselves :)

        Well here are some of the answers I received after cleaning up systems that were infected:

        1. I just wanted to install a game (about 18 spyware programs found)

        2. I thought the email was from the IT department (bagle ZIP encrypted virus)

        3. Internet Explorer prompted me to install something, I said yes (spyware, again..)

        4. I don't know (spyware, viruses, you name it..)

        5. Someone else used the computer..

        Needless to say, spyware and viruses are such a large problem that for most people, they are unable to determine where it comes from or how to prevent it from getting on their systems without something protecting them (antivirus, antispyware programs).

        Annoying, definitely, preventable with a little bit of knowledge? definitely.

    • Re:What get's me... (Score:5, Insightful)

      by evilviper ( 135110 ) on Monday April 12, 2004 @01:31AM (#8835708) Journal
      I've noticed more and more windows users, have to install

      Oh you have, noticed that have you?

      I ask... Why Bother? It's the reason I went 100% linux at home, no worries about such crap.

      The fact that you don't worry about that is going to be your downfall.

      Linux viri exist, and there doesn't seem to be anything in any Unix system that makes it inherently immune to viri. It wasn't long ago that the first Linux bugs came out, and I expect to see more and more. Plus you have to worry about script kiddies, and they're more numerous than viri and worms these days.

      Unix isn't immune, and we need something to come along that will actually solve that problem, lest we have to switch operating systems every 5 years to stay ahead of the malicious programs. Systrace is a great start, but it's not ideal, and not automatic. A little improvement could make it a great wall against all unknown viri/worms/kiddies, but it's important that somebody actually works on that, instead of assuming there's nothing to worry about.

      • Re:What get's me... (Score:3, Interesting)

        by LMCBoy ( 185365 )
        Linux viri exist

        Can you name one? One that had a non-negigible infection rate on Linux machines?

        I'm not saying it's impossible, but Linux users mostly don't run as root, and they don't generally use mail programs that open attachements without asking, so I really don't see how script-kiddie level virii can propagate on Linux.

  • Spin the wheel of motivations... (Score:5, Funny)

    by LostCluster ( 625375 ) * on Sunday April 11, 2004 @11:54PM (#8835279)
    Was the worm written by...

    A: The RIAA, to try to take down the P2P services.
    B: A disgruntled artist, who blames the P2P apps for why they can't get paid.
    C: The owner of unaffected P2P app trying to take down the competition.
    D: A random hacker, who doesn't have any interest in the music industry, but just wants to ruin people's fun.
    E: SCO. Because they're associated with anything Slashdot hates.
    F: Microsoft. Because they're associated with anything Slashdot hates.
    G: CowboyNeal, because he's a suspect on all Slashdot polls.

  • Netsky (Score:5, Insightful)

    by The_Mystic_For_Real ( 766020 ) on Sunday April 11, 2004 @11:55PM (#8835281)
    I don't really understand this virus, or more precisely, the people who wrote it. Although I can not speak from experience, I would have to imagine that spreading virii over P2P networks is like shooting fish in a barrel (hotpr0n.mpg.exe would probably take down half the computers on kazaa). So why are they trying to spread it through e-mail? I would think that since there is no challenge involved in spreading it that they would be moralists (like the people who disguise a program that reports people's ip address as warez) but they are not doing it over the networks themselves so they would have a potential for "collateral damage". Is the writer just a random skript kiddie or am I missing something?

  • Wider than just Kazaa and Edonkey, methinks (Score:5, Informative)

    by jwlidtnet ( 453355 ) on Monday April 12, 2004 @12:00AM (#8835304)
    Soulseek's been down all day, for example, even though I haven't seen any information specifically saying that this new Netsky targets said network (Kazaa and Edonkey are the two that I frequently see cited, as in the linked article). It's an odd choice of target--it's far smaller than Kazaa/FastTrack--but then again, Edonkey's not too high on the usual radar, either. Some bittorrent sites are also especially wobbly today, but that could be coincidence.

    Fascinatingly, I've also been getting absolute tons of emails infected with this variant of Netsky, many of which pretend to have been scanned for viruses and are "clean." This seems particularly lame as an "innovative" get-the-dupes-to-click-on-"document.doc .pif" strategy, but someone must be clicking on these things (verizon seems particularly affected, as every other Netsky spam I get seems to be from that domain).

    Ahh well. Hopefully, this particularly-obnoxious variant will be short lived (so we can, of course, begin the cycle anew in a few weeks' time with a new SoBig or...heck, I dunno, Klez? What letter are they up to there?)

  • New Virus Avenues (Score:5, Insightful)

    by MrNonchalant ( 767683 ) on Monday April 12, 2004 @12:02AM (#8835312)
    It can't be long before e-mail becomes so suspect that self-mailing viruses simply won't spread because everybody is so afraid of their inbox. It will be interesting to see where viruses go then. IM would be my first bet, as well as P2P networks, vulnerabilities in certain *cough* OSes we've already seen, and network shares but there has got to be other methods I'm not thinking of. This could be really interesting to watch. I've never taken the hard line view towards viruses that I see here, I see them as massive experiments with data and as kind of a spectator sport. Of course that could be because I've never really had a problem with them...

    • People just don't seem to learn. (Score:5, Interesting)

      by enosys ( 705759 ) on Monday April 12, 2004 @12:39AM (#8835485) Homepage
      Oh come on, they've been around long enough and they're still spreading like wildfire. E-mail is just too important and I can't imagine that it would be abandoned. Also people don't seem to even fear attachments. These sort of viruses have been around for a while and there are still lots of people who run the attachments and install viruses on their computers.

      I think things would only change if default setups of Windows were secure against this sort of thing.

  • Dispatch (Score:2, Informative)

    by Emperor Tiberius ( 673354 )
    The latest variant of the Netsky worm directing infected computers to launch Web-based attacks against music- and file-trading Web services such as Kazaa

    This one was probably sent out by the RIAA, or Orin Hatch himself.

  • Kazaa?? (Score:5, Interesting)

    by dj245 ( 732906 ) on Monday April 12, 2004 @12:08AM (#8835353) Homepage
    Does anyone actually use kazaa anymore? Seriously, after the RIAA, the viruses, (not just this latest one either) the fake files, the silly repeating songs, the cursed songs with phone tones in them, and the overall spyware nature of Kazaa (and don't mention kazaa lite please), Who actually uses Kazaa anymore?

    I switched P2P networks long ago. I have no silly business of fake files, or dial tones in my songs. There are viruses, but they are fairly obvious as they are often disguised as keymakers. The only thing I have to worry about is french movies not being labeled properly. At least they are the right movie. If only I could translate french on the fly...

    Only grandmothers and 10-year olds use KazAA. The unkempt geeks switched networks a while back.

    • Re:Kazaa?? (Score:4, Insightful)

      by the sabster ( 761831 ) on Monday April 12, 2004 @12:38AM (#8835483)
      The geeks may have jumped ship - High schoolers & students at humanities schools still use it... it has an easy to use interface, and there's a lot of files available on it. My sister, a freshmen in college, made a comment to me yesterday [talking about the chances of getting caught d/l music and movies] - "Well I downloaded a movie, but I deleted it afterwards so they couldn't catch me or know I downloaded it". Most of her friends have similar logic... It's not just grandmothers :)

    • Re:Kazaa?? (Score:3, Informative)

      by xandroid ( 680978 )
      Real geeks who dislike the RIAA and/or want to stick it to The Man use Mute [sourceforge.net], a free and anonymous filesharing program.

  • Equal Time? (Score:5, Interesting)

    by Can ( 21457 ) on Monday April 12, 2004 @12:11AM (#8835365)
    So, when the virus attacked SCO, all the reporters gleefully reported that it was probably an attack from "the Linux Community." What are the odds that those reporters will automatically jump to the conclusion that the RIAA wrote this virus, and then publish that opinion.

    My guess, is that these writers won't be quite so eager to jump to conclusions this time. But it might be worthwhile for those of us who were annoyed by those writers to point that fact out to them.

  • Stop the presses (Score:5, Insightful)

    by shaitand ( 626655 ) * on Monday April 12, 2004 @12:11AM (#8835366) Journal
    Remember how quick the media was to turn on the linux community when a worm appeared to be targeted at SCO.

    Let's show we are a couple notches above the media here and give this some time, maybe we can take this thing apart and make sure of it's TRUE intended victim. Not to say I'd put it past the RIAA, but we should make sure before flinging accusations.

  • Wasn't it the RIAA? (Score:3, Insightful)

    by Lord_Dweomer ( 648696 ) on Monday April 12, 2004 @12:18AM (#8835401) Homepage
    Wasn't it the RIAA who wanted to be legally enabled to attack computers they thought had copyrighted material on them? Or was it the MPAA. Regardless, I wouldn't be surprised if they just did it whatever the consequences were. Its not like M$ or any other big company hasn't done that before.

  • When will it end? (Score:4, Interesting)

    by mtnharo ( 523610 ) <greengeek AT earthlink DOT net> on Monday April 12, 2004 @12:27AM (#8835446) Homepage
    The thing that has been getting to me lately is the non-stop barrage of new viruses and worms these past few months. Come on the 19th variant of Netsky? How many is it going to take before people get a clue and protect their computers responsibly, or demand software and operating systems that don't leave the barn doors wide open?

    My feeling is that this won't stop until the virus creators actually start causing damage to individual user's computers, not just the bandwidth hogging and (D)DOS variety of the current crop. When getting hit with one of these bugs means that Joe Luser's stuff gets deleted and his system won't let him logon, you can be sure he will raise a ruckus wherever he can. Turning his box into a spam relay or a DDOS zombie doesn't cause nearly as much visible damage to the computer, other than it being a bit slower to use, another condition with which the average computer user has become too comfortable.

    The nagging question in my mind isn't "When will this happen?", it's "Why hasn't it happened yet?" Or possibly, "Will it ever happen?" And that last one makes me very sad.

  • RIAA (Score:5, Interesting)

    by Tensor ( 102132 ) on Monday April 12, 2004 @12:34AM (#8835471)
    Is it sooo improbable that this was somehow sponsored by the RIAA ? (or similar)

    On one hand i dont see it as too likely, on the other, lately my capacity for surprise has been worn down by strange lawsuits and laws (Can-Spam).

    and RIAA was, after all, seeking to make their hacking P2P-ers legal ...

  • Part of something larger? (Score:3, Interesting)

    by snStarter ( 212765 ) on Monday April 12, 2004 @12:46AM (#8835516)
    I keep wondering if there's more to all of this than merely a set of isolated viruses released into the wild.

    If you want to destabilize an economy, say the West, then go after the computer networks that bind it together and which make it both different, free, and vulnerable.

    There are lots of bits and pieces being assembled. What if this is part of something larger and we're only seeing the perfection of the pieces and a bit of guiding of the immune system toward another goal?

    Yeah, maybe I'm not wearing my tin hat, but some things seem to be acting too well...or too badly.

  • NetSky already did this? (Score:4, Informative)

    by pantycrickets ( 694774 ) on Monday April 12, 2004 @12:47AM (#8835518)
    Previous versions of NetSky copies itself to any folder containing the word "shared" in it. As in "My Shared Folder." To spread itself via Kazaa and other file sharing programs.

  • PIF - PDF (Score:5, Interesting)

    by nevek ( 196925 ) on Monday April 12, 2004 @12:54AM (#8835544) Homepage
    I cant tell you how many computers I've cleaned when people get PIF email attachments and open them thinking they were PDF's.

    They will pay me to remove the virus, but they wont buy a email scanning antivirus program, or even figure out that if the icon is the windows logo (double meaning here) Its probably not a good thing!!

    Back to the article, With all of the spyware, IE plugins, and other memory hogging garbage associated with these P2P programs, alot of users wont even notice a few extra viri thrown into the mix, they'll just run to techies faster.

    MOVE!!! (shameless Nick Burns Reference)

  • can't help but wonder (Score:4, Insightful)

    by geekoid ( 135745 ) <dadinportland&yahoo,com> on Monday April 12, 2004 @01:56AM (#8835789) Homepage Journal
    how many people have jobs because of spammers and computer infections?

  • It's a pain in the ass, (Score:4, Insightful)

    by NeuroManson ( 214835 ) on Monday April 12, 2004 @02:47AM (#8835953) Homepage
    Because someone who didn't know better opened the attachment.

    I've been getting delivery failure e-mails over the last few days because my e-mail addy is in their address book. And believe you me, I checked every conceivable virus scanner on the web.

    The specific worm in question is Worm.SomeFool.Gen-2 , according to the last dozen or so messages.

  • Mr. and Mrs. Blow (Score:5, Interesting)

    by Vexware ( 720793 ) on Monday April 12, 2004 @04:34AM (#8836177) Homepage

    What truely surprises me is the fact that this is the 19th incarnation of the Netsky virus, and the can be really quite revealing about how much "Joe and Jane Blow" really try to protect their computer, even after all the repeated assaults from multiple virii in recent times. I am sure some blinded, elitist geeks out there will point out that 'Joe and Jane Blow are too stupid so they get loads of virii instead of moving to Linux' before moving to the next discussion whih can sprout a pro-Linux, anti-Microsoft thread. Believe me, I do know a lot of Joe and Jane Blows, and if you do not then simply forget about your elitist argument, because for the most part they are not simple or stupid. They want to surf the Internet, check their e-mail, play some games and perhaps download music -- they do not want to program a database engine, do not own a Linux box for a hobby, do not start counting lists from '0' and think anyone who thinks learning Pi should perhaps see a doctor.

    So, they ask you for help because they think they have a virus or are feeling a slowdown. You do everything they should have done, that is install Ad-Aware, update it, scan for spyware -- and find some truckload of the bloatware eating up disk and registry space (and I'm not going to start on the RAM). That done, you download AVG Grisoft, update it, scan for virii -- and find several hundred files contaminated by virii, and that is quite a lot to clean up. Finally, you install a firewall -- preferably ZoneAlarm or Kerio Personal Firewall -- and set it up for them, so no more Blasters et al sneaking through some obscure system ports. The best option, on the long term at least, is to be sure to install a firewall with preconfigured program access rights (and I think Kerio Personal Firewall has this feature), and I shall tell you why: it may seem simple for any of us to simply check a checkbox for the firewall to remember to allow Half-Life Launcher to attack the Internet, and I truely thought this was the case for anybody -- after all, all the firewall does is ask a simple question, at least what seems like a simple question for most of us. Then, my grandma, who has barely touched a computer all her life, tried the new one she had bought to have a pastime during her six weeks' inability to walk. And the result was pretty surprising, to say the least. A new icon on the desktop, or even a pop-up, can get her panicking. So can you imagine this kind of non-techie, new user getting a firewall pop-up every minute for every program this user launches? This is why a preconfigured program access rights list is something good to have.

    Of course, anyone can go without an antivirus by simply installing a firewall and knowing what comes in their e-mail -- or, for those who grasp the technology a bit more, just block the ports manually; but Joe and Jane Blow have much more simple needs and don't want to have to learn loads of techniques simply to avoid virii and spyware, malware which they do not notice most of the time. In my opinion, the best way to prepare Mr. and Mrs. Blow against all this malware is to set up their software so at best, they can surf around and write emails totally unconscious of this protection, since in this case the software updates itself and does its job automatically. You can also give the user further tools against malware, such as replacing their browser and e-mail clients with Mozilla/Firefox and Eudora or Thunderbird. You should also set them simple guidelines, such as to always refuse anything whatsoever from a source they do not trust. Try and get them to buy commercial software (Norton Internet Security or McAfee Internet Security) as in general it offers better protection and a bit more tools that shall make everyone a happy bunny. Joe and Jane Blow want to know that they are protected against virii and spyware, but do not want to know how, and you'd be rather stubborn to get, what in their opinion is an extra worry, on the

  • That is my question and one have to answer that before one start bashing clueless users. In my opinion every OS out there should be as secure as possible out of the box. I dont like how windows has every feature known to man on by default as little as i like how linux dists keep having deamons started by default. The OS should be locked down and demand user intervention to be opened up. Not that it should be difficult to start things, thats not the goal. The goal should be that the user is not supposed to secure the machine they use, it should be secure by default and then opened up by the user if that is demanded.

    As linux becomes more used by newbs who hasnd any interest in locking it down it should be as secure as possible by default. That way if the box get hacked because of bad settings you can atleast put the blame on the one unsecuring it. Blaming a user who just installed it and never secured it is impossible and doesnt fly, thats why i dont listen to the people who say "they should have installed whatnot". Thats what the OS should do, provide basic services like security etc. If an OS demand an antivirus addon and adaware and things, maybe something is wrong in the OS?

    I hope linux gets proactive and riddens itself of the same bad decisions as MS have done. Dont trust the user to secure things bacause we have seen in the case of MS Windows that thats not going to happen.

  • Vaccine (Score:3, Interesting)

    by HeghmoH ( 13204 ) on Monday April 12, 2004 @09:26AM (#8836908) Homepage Journal
    Currently there isn't enough awareness of viruses because they don't do that much harm to the people who get infected. The network admins know about it, of course, and they go around lecturing and threatening people, but it's all way too abstract.

    In order to show people the problem, I propose a vaccine virus:

    It would spread using many different methods, but in the quietest way possible. Use e-mail attachments, buffer overflow exploits, everything that's being done, but keep it quiet. Don't scan a thousand machines a minute, or send out millions of e-mails. Make the e-mails look like other virus e-mails, scan slowly, etc. The idea is to get onto as many machines as possible before triggering. Once it triggers, wreak as much havoc as possible on the infected machines. Delete files, overwrite them to be sure. Target document files before OS files. Hit network shares. Wipe out partition maps. Trash the BIOS if you can.

    It would be a pretty terrible virus, but I bet people would get serious about prevention after the dust settled. But is the cure worse than the disease?

    (Disclaimer: I'm not actually advocating this! Please don't take me to jail. It's just some food for thought.)

Slashdot Top Deals

Genetics explains why you look like your father, and if you don't, why you should.

Close