A Worm's Worm

Carnildo writes "There's a new worm out, according to the Register, but one with a twist. This one, called 'Dabber', infects computers by exploiting a security hole in the Sasser worm."

Sasser exploit

[dresgarcia]

Its a shame that its come to the point where a worm will exploit another worm to screw stuff up. I am so glad I moved to linux.

geez

[killerface]

You know this seems at first to be really creative . But think he/she is just riding on sassers coattails

So, naturalists observe, a flea...

[jbuhler]

Hath smaller fleas that on him prey;
And these have smaller still to bite 'em;
And so proceed ad infinitum.

- Swift

what Microsoft is thinking

[Anonymous Coward]

maybe we should make a virus that causes everyone to hit up Windows Update and maybe we'll be alright.

Just like the Anti-HIV Virus!

[Cyberherbalist]

There was something on /. the other day about a team of biologists who built a virus based on HIV, that goes out to destroy HIV ability to turn to AIDS. Apparently, the Dabber developer took a page from that book --- in a twisted sort of way.

Re:Antivirus!

[r.jimenezz]

sounds like its doing some antivirus while its at it. Good!

Nah, let's not fool ourselves. This is probably just so that you can run a Sasser removal tool, find nothing and feel yourself at ease thinking your machine is clean :(

This is *almost* a wonderful thing

[Gribflex]

Dabber than installs itself and deletes the registry keys of Sasser and other viruses.

This is fantastic! It is a virus, that infects only virus infected machines, and then removes all other virii. What a great solution to rapidly spreading worms.

If users are too lazy or ignorant (in the nice sense of the word) to patch their systems, then just relase another virus to do it for them.

Except that...

It [then] creates a backdoor on infected machines on TCP port 9898 allowing hackers to download additional code...

They just couldn't stop at doing a good thing, could they...

Seems Like

[MrRuslan]

the windows RPC implimintation and the LSASS share some similar quilities with worms and back doors, One has to wonder how much more of windows has the same charictaristics of a virus.

Not really surprising

[cemaco]

In the last few years, the guys who write this stuff have become more and more like gangs. In the real world, gangs compete for terf. That includes undermining each other whenever possible.

Re:Ugh...

[inertialmatrix]

"most of these virus writers are not formally educated in programming, but able to hack together code snippets they find on the web. It's a wonder some of them work..."

heh.. sure, right. God knows that unless you have a masters in CS your only chance to program something like code red, blaster, or sasser is by hacking "together code snippets [you] find on the web" Christ, 3 years into a CS major, and aside from the calculus I have yet to make any large leaps in knowledge over what I already knew several years ago.

Maybe that's what grad school is for?

Re:Ugh...

[taped2thedesk]

A lot of schools used to offer as a electives in high school, but thanks to constant budget cuts, the "leave every child behind" act, etc, many have had to drop these classes. Pretty sad.

Re:This is *almost* a wonderful thing

[descil]

The thing about an infected system is that it's absolutely NO GOOD to anybody except the person who's infected it. So when you infect a machine, you want to make sure it's a CLEAN machine, so that you can use it. There's nothing benevolent about destroying the OTHER invading forces so that you can own the land.

Re:This is *almost* a wonderful thing

[Reivec]

You are missing a big point here. The worms effect us all in a much more annoying way. Internet traffic clogging up my connection speed. Why do I care if stupid people can't use their computer? If there was an "Anti-Worm" it would still cause tons of traffic scanning the networks and even if it helped infected people, I don't give a damn. They were too stupid and didn't protect their systems or use something besides windows, not my fault. So basically in my book, the cure would be just as bad as the problem.

Re:DMCA violation?

[spectre_240sx]

You jest, but I wouldn't be surprised if it was possible. Don't forget, this is the country where a buglar can sue his victims if he breaks his leg while breaking into their house and win.

Re:Ugh...

[John Hasler]

I imagine that many of these virus writers are professionals, well-paid by their spammer employers.

Re:Ugh...

[Anonymous Coward]

Indeed, fact is stranger than fiction!

Phages?

[Wtcher]

...it reminds me of the phage/bacteriophage, actually. If I recall, those viruses kill bacteria(judging from the name...) by infecting them.

This goes on to remind me of that recent anti-HIV virus that's been in the news.

Re:Actually sounds like somebody trying to fix thi

[Atmchicago]

Sounds like our new potential AIDS cure [slashdot.org].

Re:We've been down this road before

[k12linux]

Or the nachi/a worm which tried to remove msblast then download and install the patch for the hole from MS.

It was a misguided attempt to stop msblast but it caused a lot of problems itself. We never had a problem with msblast but nachi essentially shut down a couple of our routers and cost us plenty in man-hours to clean up.

I doubt that Dabber is the same deal though. If it were you would expect it to have an expiration date.

Re:Ugh...

[foobario]

>Maybe that's what grad school is for?

No, but the remainder of your undergraduate education will benefit if you continue to hope that this is true.

Every year in my EE and CS programs I figured that 'next year' would be the year I'd really learn something useful, but that day never arrived. Nonetheless I managed to graduate, get a high-paying job, and get laid off 20 months ago after 3 years of 15 hour days. Now I think about taking classes at the community college, welding maybe, but I just can't get up the energy to do it.

You see, you are wrong in assuming that calculus is the only thing you've learned so far. You've also learned The Secret a year earlier than most people.

You know those tests they do on rats, where they put them in a maze, and if they do the wrong thing they get an electric shock, but if they do the right thing they get the cheese?

The Secret is this:

You are the rat.
The electric shock is *always* on.
***There Is No Cheese***.

Re:This is *almost* a wonderful thing

[skasingularity]

I think this has been discussed before on slashdot, is it a good idea to write worms to take out worms?

There are a few problems with this, the main one being noone is taking responsibility for protecting their own machines. Another problem is that with people accepting certain worms to clean their computer, it would open up a (hate to say it, no pun intended) whole new can of worms. Some people would think "my computer has spyware on it, a worm is attacking me that says it will clean it up, ok!" Script kiddies would jump at a new header for e-mail viruses and such...

Why not?

[r_j_prahad]

Even if you try to be the good guy doing beneficial stuff like that, it'll still get you just as arrested, just as photographed, and just as incarcerated under existing law as if you had done the typical evil stuff.

If the outcome is gonna be the same, might as well be an asshole.

heh

[Anonymous Coward]

the enemy of my enemy is my friend

Re:Ugh...

[Kiryat Malachi]

Funny.

I learned lots of useful things in undergrad. I use them roughly 7-9 hours a day, doing a job I actually enjoy.

And I got an EE degree. Maybe it's because I'm not a programmer.

Maybe you just worked for a shitty company? (And before you get pissy about it, I work for a Fortune 100 company - it ain't just small company's that can be decent to work for.)

I dropped Comp Sci

[KalvinB]

After two years I've given up on it. I spent two years studying philosophy and didn't bother trying to get a degree for the same reason I'm switching majors now (secondary education). I got ahead of my math classes. I've always been ahead of the programming classes. And I can't stand physics (which I'm done with finally).

The fact is that if you challenge yourself you can learn everything you'd learn in college on your own for a lot less money. In the field of technology you have to be able to teach yourself anyway or you'll find you've become obsolete.

I switched to education because I think it'd be a more entertaining and fulfilling career than sitting behind a computer all day.

"Maybe that's what grad school is for?"

Save your money. If you want to learn how to program just buy the books and come up with projects.

The reason I know as many languages as I do is because I'm always coming up with ideas. I then figure out what language would be best to implement it and learn the language.

You're better off specializing in an area (like math or physics) and then learning how to program on the side so you can utilize that skill in your profession. You don't need a comp sci degree to write modeling programs for a chemistry application. You need a chemistry degree so you understand what the program needs to do. In programming knowing what you need to do is 90% of it. The other 10% can be learned as you build the program.

Think about it. Little kids can program. It's really not that hard. But little kids don't know enough about chemistry to use their programming skills to write chemistry programs.

If you don't understand chemistry nobody really cares if you can do magic in C++ because you don't have the knowledge to make your programs do what a chemistry program needs to do.

It's the same reason the FBI doesn't care if you were on a police force. An FBI agent needs to know things you can't learn being in the police force. And what you need to learn in the police force can easily be taught to you by the FBI.

Ben

Re:what Microsoft is thinking

[arkhan_jg]

This was already tried with Welchia/nachi.

It scanned for machines with the RPC blaster vulnerability or a webdav vulnerability, infected them, and then downloaded the RPC patch from windows update and installed. Next time the machine rebooted, you were secure. It also had a self kill on 1st jan 2004.

The perfect anti-worm, yes? Except it was very aggressive with the ping scanning, and a few infected machines on a network could end up cripping it. Add to that, if a machine got infected with nachi, yet windows update wasn't directly available (login proxy for example) then the amount of bandwidth consumed could be huge. From the ISP's point of view, welchia was a worse worm than blaster. From the managers point of view, at least it was obvious if someone had blaster. With welchia, if you didn't have competent inhouse IT staff (and an awful lot of small companies don't) it was hard to find why your network was running rather slow.

In response to just turning on autoupdate, corporates often don't use windows update, but SUS or ghost or the like to roll out patches - once they've been fully tested. Don't forget, microsoft patches regularly break other applicatons. LSASS (sasser) update, for example:

"According to the article problem may arise on Windows 2000 operating systems if any of three drivers (ipsecw2k.sys, imcide.sys, dlttape.sys) are loaded. People might experience lockups at boot time, the inability to log on, or 100% CPU utilization."

Antiworms are a possible solution, but as with this new one leaving a big backdoor, so far they've been as bad as the virus they supplant. What they should do, at most, is a popup every time you logon saying you are infected with virus bob, list the symptoms, and tell them they have to go to this location to get the patch and the removal tool.

Re:OS Popularity?

[Tim C]

To be honest, I wouldn't be surprised if that was the case.

On the other hand, though, I'd be utterly amazed if worm writers don't take apart existing worms when preparing to write a new one. Learn from what has gone before and all that. I'd expect that what's happened is not just that Sasser is so widespread that someone decided to exploit it, but that someone was studying it, noticed the exploit, and went for a quick and easy route to write a new worm.

Re:OS Popularity?

[Anonymous Coward]

> Does this situation imply that the sum total of Sasser-infected machines outnumber Macs and Linux boxes?

Why would that be surprising? If the installer base of Linux is 8% vs 80% Windows. Then only 10% of the Windows machines have to be affected to get an equal installer base. Ditto for the Mac.

Re:Ugh...

[Crayon Kid]

I'd say it's crazy. Dude, come on, C++ OO programming at 7? That's a little hard to believe unless you're a genius. At 7 you don't have the concepts needed to do advanced programming. Heck, most kids only learn to read at 6 or 7, and this is the bright kids. You can't say he's been alive for 7 years now, and C++ can be mastered in 2 years, so he should be a guru by now. It just doesn't work that way, you need to accumulate knowledge and develop the mind in a certain way.

Logo at 6 or 7 I can believe. Basic between 8 and 10, likewise. C++ and OO from 12 up, fine. But C++ and OO at 7, I don't believe.

I'm not saying that kids aren't bright enough. Yeah, a kid of 5 can be pretty damn bright, and they have logic. But they don't have the analitical thinking and the power of abstraction. You have to train for that and you will achieve along with other various concepts about computing and math and logic and a lot more. You can't just pound abstract thinking into a 7yr old, that's why Logo teaching uses the little leaping frog stories. Also, they can't teach themselves, like another commenter said, they have to be taught, they don't have the critical mass of knowledge that will allow a person to evolve by itself in a certain field.

I'm a fairly bright person. I learned Basic at 10, it was taught to me, and let me tell you, in the beginning half the time it was like floating through a haze, doing things intuitively rather than knowingly, with only glimpses of the abstractions behind it all. Took me another 3 or 4 years to finally get the hang of this whole programming thing and to gradually develope appropriate patterns of thought that eventually allowed me to move to C and other languages.

I'm not exactly Einstein, granted. Perhaps a gifted kid, with high IQ and talent for programming (some don't have it, no matter how smart they are), properly instructed in a proper learning curve (Logo, Basic, C) can make faster progress from a younger age. But let's not get crazy.