Forgot your password?
typodupeerror
Security Spam IT

Lycos Anti-Spam Screensaver Inspires Trojan 167

Posted by timothy
from the this-gets-confusing dept.
Even though it's been withdrawn, the Lycos anti-spam screensaver is not forgotten. Rollie Hawk writes "And with this, the 'What's Good for the Goose...' award goes to all those people trying to install that notorious spam-attacking Lycos screen saver but ended up with a Trojan horse instead. This trojan is spreading via email with the subject line 'Be the first to fight spam with Lycos screen saver,' tucked in an innocent-looking file called 'Lycos screensaver to fight spam.zip.' According to F-Secure, this trojan contains keylogger elements but little more has been specified. The only question I have is how long until the 'I promise to clean that trojan disguised as a DDoSing Lycos screen saver.exe' virus gets released."
This discussion has been archived. No new comments can be posted.

Lycos Anti-Spam Screensaver Inspires Trojan

Comments Filter:
  • by Anonymous Coward
    Trojan maaaan! Trojan maaaaan!
  • tojans... (Score:4, Insightful)

    by utopianfiat (774016) on Wednesday December 08, 2004 @09:54AM (#11031301) Journal
    Well isn't that the basis of most trojans?
    "I promise to clean your room, do your homework, give you neck rubs, check for typos, and build a perpetual motion machine!"
    If they really wanted to, they could have tacked on a trojan that had absolutely nothing to do with the screensaver and call it that anyway.
    I'm actually surprised the trojan doesn't DDoS Lycos.

    • I promise to clean your room, do your homework, give you neck rubs, check for typos, and build a perpetual motion machine!

      Wow, that's fantastic... where can I download this stuff?
    • Re:tojans... (Score:1, Informative)

      by Anonymous Coward
      Of course the enormous joke here is
      http://info.lycos.com/pressroom/100604_press.a sp

      and you just go check a mail server log who administrates the netblocks that pump the most spam ...

      uhh... that's right, daum / kornet

    • I want to take a hit with this first post. I should probably be at 80% insightful, 20% misspelled.
    • Wow. Sounds almost as good as having a girl/boyfriend!
    • Idunno, when I read the headline I was hoping for the reverse - that is, a trojan email virus that would use luser computers to DDOS spammers. Instead of white-hats vs. black-hats, we'd have black-hats vs. blacker-hats.
      • Or at least go for the maximum irony and turn infected machines into spam-flinging zombies.

        I mean, seriously. No sense of style.
  • Futility (Score:5, Interesting)

    by Lonesome Squash (676652) on Wednesday December 08, 2004 @09:54AM (#11031302)
    Every formal system has its Goedel sentence; every immune system has its HIV. It's the price of complexity.

    Of course, that doesn't make formal systems, immune systems, or anti-spam screen savers useless.

    • Re:Futility (Score:2, Insightful)

      by Himring (646324)
      It's the price of complexity.

      I whole-heartedly disagree. This shit we deal with on a daily basis that threatens our network, kills our switches and routers, makes management scramble and IT constantly try to fix/patch/protect against is not due to complexity alone. It is due to the POS OS called Windows that suffers from MSTD (Microsoft Transmitted/Terminal -- take your pick -- disease). Other OSes are complex, but they do not suffer the same horrific fate. I am constantly boggled at work as I try to
      • You forgot to blame Microsoft for HIV and Gödelian incompleteness -- come on guy. You call yourself a /.er?
      • Re:Futility (Score:3, Insightful)

        I can't believe I forgot to bash Microsoft. Okay, here it goes: Vulnerability is inevitable. As the sophistication of your defence grows, so does its complexity (generally) and therefore (generally) it creates new opportunities for attack.

        But that level of vulnerability is in this case completely swamped by the utterly inexcusable inattention that MS has paid to basic security at the design and feature packaging phase.

        To extend the analogy, it didn't take HIV to jeopardize the health of those who share ne

      • I love how they say "Well we have to pay for consultants/sysadmins/etc. if we run Linux!" and use that as an excuse to run it.

        Hellooooo, the company's already paying for an IT staff; why not just let them learn Linux? They'll then be even more flexible, capable of administrating both Windows and Linux, and at the least you may have to give them a small pay increase for their troubles.

        This especially applies to big companies with dedicated IT staff; what's wrong with letting them train to administer Linux
        • Ha. Did you miss the last ten years or what? Every business in the US has been scrambling to replace competent admins with trained monkeys, based solely on those ridiculous Windows commercials that show a twelve-year-old saving the company millions of dollars with systems that run themselves.

          The idea of now paying to train those idiots in Linux would provide more entertainment than value.

      • hmm, which non IE web browser had almost 10 years of >90% market penetration again ?

        • Oh come on - the original poster was completely over the top in blaming MS for all the ills of the Internet, but can you honestly claim that IE is not a rotten piece of software. I'm not talking about market share here, I'm talking ease of use and features and security - IE was better than Netscape during those awful 4.x releases, but at this point IE is a solid last as far as browsers go.
          • If IE was as bad as you make out, everybody would be clamouring to get an alternative. I'm no IE fan (Firefox all the way), but for the vast majority of home users it is perfect. It's easy to use, shields them from a lot of stupid bits of the internet and is a lot more secure than people say (although definately not perfect. XPSP2 helped a lot.)

            Why is it so badly thought of? Because 90% of IE users are stupid with regards to the internet. If a box comes up, they will click 'Yes' regardless. Is this the fau
            • IE is only perfect for home users because they don't believe they have a choice. MS did a great job in taking the opportunity provided by Netscape fumbling so badly and providing a much better product - but they knew they could lose the lead with just a superior product and proceeded to use their position as provider of the OS to get a lock as the only possible choice. Now that they have lost their superiority their lock in is the only thing keeping users with IE.

              IE is currently "good enough" for home use

              • I used IE for years even after knowing the alternatives. Mozilla came with crap I didn't need, Opera ground against me, and Netscape was just abysmal. Firefox is the only thing I've seen which is a far better all-rounder when browsing and actually had an interest in it beyond a few people sat in a lab.
                • Every person I've seen try Safari or Firefox has become a true believer in no time. Mozilla is too damn big - but had tabs, and spellcheck, pop-up blocking and hooks to add new features long before anyone else - the browser-only install was well worth using till Firefox came along. I've never really considered Opera an option in the browser market, regardless of how good or bad it was - there was no place for a for a non-free commercial web browser by 1997.
      • Now, I'm trying to push Firefox over IE and I get the tried and true line, "well, as soon as Firefox becomes as proliferated as IE then it'll be just as bad." But, that's not proven yet, and there have been OSes, web browsers, that have been proliferated that have not suffered the same fate.

        I'm all in favor of Firefox. But you just explained why your company doesn't listen to your suggestions. Your arguments are not rational.

        When you tell them "Other web browsers have been proliferated that have not

    • GOEDEL's THEOREM

      For any consistent formal system F purporting to settle, prove or disprove all statements of arithmetic, there exists an arithmetical proposition that can be neither proved nor disproved in this system; therefore, the formal system F is incomplete
    • Re:Futility (Score:3, Insightful)

      by B'Trey (111263)
      Your first sentence is true but irrelevant. Just because you can't make a system completely foolproof doesn't mean you can't make it highly fool-resistant. The common security issues that are causing so much trouble have nothing to do with Goedel or complexity. The danger can be greatly reduced in the OS design phase if security is given any priority. Of course, security wasn't a priority in the design phase of the most popular OS, and now they're scrambling to attach it peice meal after the fact.
    • exactly. lycos is no way responsible for this so why play the blame-game on them...
  • by iBod (534920) on Wednesday December 08, 2004 @09:56AM (#11031313)
    I wonder though, just how many people are going to want to fight spam using an attachemnt that arrives in a spam email?
    • Hopefully anyone knowledgeable enough to know what the Lycos Screensaver did would not run an unsolicited email attachment.
      - However, there seems to be no limit to human gullibility so we shall have to see..
    • Hmm, that's interesting. I used to get a lot of spam advertising anti-spam services (which may or may not have involved trojans or phishing ploys). However, of the 53 spams in my spam folder right now none are for anti-spam stuff. - Maybe those spammers gave up, in which case their targets can't be as dumb as I thought...
    • Q: How many people are going to think they can grow their private parts...get a date with a beautiful woman...get a degree...get free p0rn...etc. by sending cash to a mailbox in Timbuktu? A: Lots, welcome to the world of the stupid!!
    • I wonder though, just how many people are going to want to fight spam using an attachemnt that arrives in a spam email?

      It's beautiful marketing; what will make you say "ARGH, stupid spammers!" as much as spam? All you need is for one ordinary, intelligent person to get mad and not think straight for five minutes ...

    • They could stuff the trojan into a password-encrypted ZIP and some dummies would still carefully follow the directions to unzip and install/execute it. They could title the email "This is the trojan program the government wanted to surpress!" and some people would still install it.
    • I wonder though, just how many people are going to want to fight spam using an attachemnt that arrives in a spam email?

      The same people that click on pop-up ads to buy pop-up blocking software. This intraweb is a crazy world, son....
  • by millwall (622730) on Wednesday December 08, 2004 @09:56AM (#11031314)
    Fighting back with the same measure is not always the solution.

    Fighting violence with violence doesn't work. Why should fighting spam with spam work any better?
    • I think this is a case of people ignoring history. We have a vast reservior of previous experiences from which we can learn from and instead someone ignores it all figuring this time will be different.
    • I find that fighting violence with violence does wonders.

      One night coming home from the cinema, this guy walks up to me, says 'give me your wallet'. I say 'fuck you and give my best to your mother'. He pulls a knife. I kick him in the balls. I walk home with his wallet and knife.

      Violence doesn't work? Pftui I say. It's even profitable.
    • by GoodNicsTken (688415) on Wednesday December 08, 2004 @10:10AM (#11031437)
      "Fighting violence with violence doesn't work."

      Really? I think history has shown otherwise. Hitler comes to mind.

      Spammers know what they are doing is wrong. They are simply modivated by money. This app will cost them money and eventually make Spam unprofitable.

      The only concern I have is for innocent people that get misakenly tagged as Spammers and end up with a 10K bandwidth bill.
    • Fighting violence with violence doesn't work.
      Yeah. Right. This is manifestly not true, and proven by history to be untrue: see: World War II, American Civil War for starters.So why shouldn't fighting spam with ugly tactics not work?
      Not that I am advocating such tactics, or that such tactics are best in this case; its just I don't like cliched generalities like that.
      • Yeah. Right. This is manifestly not true, and proven by history to be untrue: see: World War II, American Civil War for starters

        If we were to see an objective graph where the outcome of wars has been good for people and worth the casualties, and when it hasn't, do you think you would come to the same conclusion?
      • Fighting violence with violence doesn't work. Yeah. Right. This is manifestly not true, and proven by history to be untrue: see: World War II, American Civil War for starters.So why shouldn't fighting spam with ugly tactics not work?

        Those wars must have worked because there is no violence anymore right?
    • Good, so, what _is_ the solution?

      (Not just for you but for the whole Net, I should add).
    • by HermanAB (661181) on Wednesday December 08, 2004 @10:35AM (#11031635)
      Fighting spam with email, is like fucking for virginity, but fighting violence with violence does work - you just have to kill everybody.

    • "If violence doesn't solve your problems, you aren't using enough of it"

      I think that's from The Art of War but I can't remember, did a quick google but no answer in the first 3 pages
    • Right! We need to fight spam with violence! Or is it violence with spam ? Both!
    • Fighting violence with violence doesn't work. Why should fighting spam with spam work any better?

      The screensaver didn't send spam.

      If this trojan proves that the Lycos thing was a bad idea, do the Microsoft patch trojans prove that patching Windows is a bad idea? Did the Anna Kournikova trojan prove that nude pictures of Anna would be a bad thing? I can't see how the existence of a trojan proves anything.

  • by rdc_uk (792215) on Wednesday December 08, 2004 @10:01AM (#11031359)
    Does it still count as news, to be told something that you KNEW was going to happen, has happened?
  • by hackstraw (262471) * on Wednesday December 08, 2004 @10:05AM (#11031388)

    1) Don't take candy from strangers.

    2) Don't open email attachments from strangers.

    -Mom and Dad
  • We all need a SCREENSAVER to fight spam for us. Never mind doing the traditional boring things like not posting your email address everywhere and using proper filters.

    What's next, a hot new game that is also an anti-virus tool? Reminds me of the old SNL bit "It's a floor wax. It's a dessert topping. Actually it's BOTH!".

    • I don't think that Lycos had the right idea here, but honestly I feel that we shouldn't have to do things like implement filters, maintain secondary email accounts for signing up with services, etc.
      Reality sucks.
  • News? (Score:4, Insightful)

    by Renraku (518261) on Wednesday December 08, 2004 @10:15AM (#11031474) Homepage
    How many of you didn't see this coming?

    Shady programs attract shady characters and shady tactics.

    Doesn't matter if its by a major corporation or John Q. Crackdealer.
    • by ceeam (39911)
      Of course, it's not that shady programs do NOT attack non-shady characters and non-shady tactics.
  • Semantics (Score:5, Informative)

    by Meostro (788797) on Wednesday December 08, 2004 @10:18AM (#11031490) Homepage Journal

    Will everyone please use the proper terms for these objects? "Misnaming Viruses" would've been my choice for the peeve poll [slashdot.org]:

    A virus [wikipedia.org] is a self-replicating program that spreads by inserting copies of itself into other executable code or documents.

    A Trojan [wikipedia.org] is a malicious program that is disguised as legitimate software.

    A computer worm [wikipedia.org] is self-replicating, but is self-contained and does not need to be part of another program to propagate itself.

    So most of the so-called viruses [linuxmafia.com] that are out there are really Trojans - they claim to be one thing, but are actually something else. Once you delete the original(s), you're finished; they don't generally infect your other files to propagate, they just make several copies of themselves independent of your programs. Other than macro viruses [wikipedia.org], there are very few true viruses in the wild these days.

    • Ok, I'll nitpick: do email messages qualify as "documents" from your first bullet definition? Doesn't that make email... "viruses" viruses?
    • Also, I'd like to add:

      A Root Kit [wikipedia.org] is a set of tools used after cracking a system that hide logins, processes, and logs as well as usually sniff terminals, connections, and the keyboard.

      Malware [wikipedia.org] is any software developed for the purpose of doing harm to a computer system.

      Lots of people misnamed the "Opener" root kit for Mac OS X [slashdot.org] as "The First Virus for Mac OS X", when in fact it had no way of spreading itself, and the script needed to be executed with root privileges.

  • Wine? (Score:5, Funny)

    by raistphrk (203742) on Wednesday December 08, 2004 @10:19AM (#11031495)
    Does the "screen saver" work in Wine? I want the benefits of the trojan without the overhead of an antivirus program.
    • If you'll get it, please, send it to me.
      I wanna infect my FreeBSD box with this trojan.
      E-mail me at: root@hotmail.com
  • Increasingly I'm thinking that the only option to stay truly safe on the net or to keep from getting frustrated from the never-ending battle of "white hats vs. black hats" so-to-speak, is not to play at all.

    I mean, if it's spreading like wildfire that means people are still just as uneducated OR want to harm the spammers and do something stupid because of it. No matter how much I try to educate people in our department about opening attachements before scanning them, or to ask themselves "do I know the g

    • I think if you just use common sense then you don't have to play the hat game or even worry too much about your own computer.

      The only thing that worries me is the growing number of people I know that don't care about being careful. They practically give their computer to the zombie networks! Though unless these zombies can launch DOS attacks on all of my favorite sites 24-7 so I can never access them, I don't think it will ever be more than an occasional annoyance to me.

    • what I think is that "attachments are evil"

      If you want to have a file, send me a URI to your FTP server.

      That's the way email started, and thats the way it should have finished.

      Whoever thought of MIME want's strangling with a rusty wire.

      • You are kidding yourself if you think that this would have any impact.

        URI/URL is no more secure than MIME, because the problem is the ignorant monkey sitting between the keyboard and the screen who has been conditioned to click anything.

        It's pretty clear that the spammers and the people writing the various trojans, worms, etc. are more than capable of compromising FTP servers or using zombies as FTP servers. Once they have the zombie, they can turn off fire walls, scanners, etc. so that they can get acce
    • What I can't understand is why so many otherwise intelligent people are so easily fooled. I mean, I've never once seen a worm e-mail/attachment that I didn't immediately recognize for what it was. It's not like it takes some specialized technical knowledge to understand. Once you know what these worms do, it should be the simplest thing in the world to spot the pattern.
  • So how much longer till someone gets so torq'd by spam that they write a worm to DDOS the spammers.

    Considering the way most spam gets sent by zombies, this might be a worm that targets zombie machines ... you can imagine the rest.

    Zombie gets told to send spam, calls his zombie friends, then they DDOS the box that sent the request, then they do some evil to "alert" the owner that they're box is corrupted.

    I think the only reason we haven't seen this is all the good worm writers are writing the worms to mak
    • they DDOS the box that sent the request

      They send requests via IRC, and the zombies are connected to some channel to listen for orders. This makes it difficult to know where the requests come from.
    • You know which sites are spamvertised. They're in your emails. But if you need a little help getting started:

      #!/bin/bash
      while :;
      do
      wget -O - --timeout=15 http://random.seeitfr33trial.biz/cheap/?man=spamm i ng > /dev/null
      wget -O - --timeout=15 http://www.bhex.com/rep/rolx/ > /dev/null
      wget -O - --timeout=15 http://www.avtechcomputers.com > /dev/null
      done


      Of course, I don't actually run this--spam apologists might think it's illegal or unethical to drain bandwidth from spammers.

  • In case you've forgotten, these days it is spammers who write (or fund the writing of) worms/viruses. The screen saver "took it up a notch" in the battle, and the spammers are just responding in the only way they know how; spamming :)
  • ... an innocent-looking file called 'Lycos screensaver to fight spam.zip.

    It's a matter of personal experience, but if a distributed file has an unsubtle and self-describing (yet imprecise) name like "screensaver to fight spam", it's automaticallly suspect. Legitimate programs just aren't named like that.
  • Fortunately with the retirerment of the Anti-spam screensaver the developer's now have time to work on the Anti-Trojan screensaver...
  • ... how long until we can begin summary executions for spammers. At this point, I don't care about the intrusion, I want retribution. I think the Lycos idea was one of the best I had heard of in a long time -- hit them where it hurts(bandwidth costs).

    I have said the same thing here before... "slashdot the spammer's sites so they melt like a stick of butter"... I never thought of the even better idea "slashdot the spammer's sites to within an inch of their capacity so they stay online accrueing bandwidth
  • by Anonymous Coward
    ... instead to fight the damn scammers and scammers:

    http://www.aa419.org/ladvampire.html [aa419.org]

    open in your favourite webrowser and run it on huge broadbandconnections all day long 24/7 if you dont pay for bandwidth. dont use http-proxies for this page.

    it will generate huge traffic for the scam/spam sites, and hopefully providers to shut down those damn pages.

    thank you
  • >> tucked in an innocent-looking file called
    >>'Lycos screensaver to fight spam.zip.'

    In other news, a man in Reseda, CA, was shocked to discover that he'd been fleeced by a fraudulent business who's innocent-looking byline was:
    "US Grreen CarrRd L0ttery 2005"

    Seriously -- doesn't this seem like further proof that the people writing these lame-ass virii are really only interested in duping the dumbest of the dumb? I mean, they could've given it the exact same name as the real executable and caugh
  • It would give a quick tutorial question on Windows security and won't let you out until you get it right.
  • The real solution for this remains application level security, something neither Windows nor Linux has.

    An untrusted application, regardless of if it is built from source, received by e-mail, or appears on your hard drive from God himself needs to be viewed with sceptisism until you can verify the source.

    So long as operating systems depend solely on user level security to prevent attacks, the brainless monkeys sitting between the keyboard and the screen will click and run the applications.

    Is it an issue o
  • Lets see how that virus turns out...
  • Rolex is being hurt [com.com] by the billions of Rolex spams. All they really have is their "luxury" reputation; their watch movements are made by Swatch. [myconsumeradvantage.com] Some fake Rolexes have authentic movements. The "case carved out of a single block of stainless steel" today means "made on a CNC milling machine". The embarassing thing about the "luxury" market is that quite often, the manufacturing costs are low.

    A billion spams a day really trashes the "exclusive" image.

    Next status symbol target: Tiffany's. The spam is o

"Never give in. Never give in. Never. Never. Never." -- Winston Churchill

Working...