Lycos Anti-Spam Screensaver Inspires Trojan

Even though it's been withdrawn, the Lycos anti-spam screensaver is not forgotten. Rollie Hawk writes "And with this, the 'What's Good for the Goose...' award goes to all those people trying to install that notorious spam-attacking Lycos screen saver but ended up with a Trojan horse instead. This trojan is spreading via email with the subject line 'Be the first to fight spam with Lycos screen saver,' tucked in an innocent-looking file called 'Lycos screensaver to fight spam.zip.' According to F-Secure, this trojan contains keylogger elements but little more has been specified. The only question I have is how long until the 'I promise to clean that trojan disguised as a DDoSing Lycos screen saver.exe' virus gets released."

tojans...

[utopianfiat]

Well isn't that the basis of most trojans?
"I promise to clean your room, do your homework, give you neck rubs, check for typos, and build a perpetual motion machine!"
If they really wanted to, they could have tacked on a trojan that had absolutely nothing to do with the screensaver and call it that anyway.
I'm actually surprised the trojan doesn't DDoS Lycos.

Well, that's what you get

[millwall]

Fighting back with the same measure is not always the solution.

Fighting violence with violence doesn't work. Why should fighting spam with spam work any better?

Philosophical Question...

[rdc_uk]

Does it still count as news, to be told something that you KNEW was going to happen, has happened?

Re:Futility

[Himring]

It's the price of complexity.

I whole-heartedly disagree. This shit we deal with on a daily basis that threatens our network, kills our switches and routers, makes management scramble and IT constantly try to fix/patch/protect against is not due to complexity alone. It is due to the POS OS called Windows that suffers from MSTD (Microsoft Transmitted/Terminal -- take your pick -- disease). Other OSes are complex, but they do not suffer the same horrific fate. I am constantly boggled at work as I try to sell Linux to be given the Microsoft-created line, "no OS is free -- there's cost involved." It took months for me convince management that we could use Linux without paying for licensing, but then they started using the new line (surely invented by MS) which is based off of the fact that you gotta pay for consultants/labor/research, blah, blah to use an OS (oh brother duh! let's forget the millions we dish out to the "Microsoft Tax"). Now, I'm trying to push Firefox over IE and I get the tried and true line, "well, as soon as Firefox becomes as proliferated as IE then it'll be just as bad." But, that's not proven yet, and there have been OSes, web browsers, that have been proliferated that have not suffered the same fate.

I'm saying stuff we all know in a forum that will appreciate it, but come on guy. You call yourself a /.er?

/endrant

Re:Well, that's what you get

[GoodNicsTken]

"Fighting violence with violence doesn't work."

Really? I think history has shown otherwise. Hitler comes to mind.

Spammers know what they are doing is wrong. They are simply modivated by money. This app will cost them money and eventually make Spam unprofitable.

The only concern I have is for innocent people that get misakenly tagged as Spammers and end up with a 10K bandwidth bill.

Re:Well, that's what you get

[KrancHammer]

Fighting violence with violence doesn't work.
Yeah. Right. This is manifestly not true, and proven by history to be untrue: see: World War II, American Civil War for starters.So why shouldn't fighting spam with ugly tactics not work?
Not that I am advocating such tactics, or that such tactics are best in this case; its just I don't like cliched generalities like that.

Re:OK, for the last time children...

[musikit]

2) Don't open email attachments from strangers.

that should be modified

2) don't open email attachments you weren't expecting from anyone

News?

[Renraku]

How many of you didn't see this coming?

Shady programs attract shady characters and shady tactics.

Doesn't matter if its by a major corporation or John Q. Crackdealer.

Re:Futility

[B'Trey]

Your first sentence is true but irrelevant. Just because you can't make a system completely foolproof doesn't mean you can't make it highly fool-resistant. The common security issues that are causing so much trouble have nothing to do with Goedel or complexity. The danger can be greatly reduced in the OS design phase if security is given any priority. Of course, security wasn't a priority in the design phase of the most popular OS, and now they're scrambling to attach it peice meal after the fact.

Re:Not Surprising

[oiarbovnb]

Absolutely no one can get free porn by sending cash to a mailbox...because then it is not free, duh!

:)

Re:Futility

[Lonesome Squash]

I can't believe I forgot to bash Microsoft. Okay, here it goes: Vulnerability is inevitable. As the sophistication of your defence grows, so does its complexity (generally) and therefore (generally) it creates new opportunities for attack.

But that level of vulnerability is in this case completely swamped by the utterly inexcusable inattention that MS has paid to basic security at the design and feature packaging phase.

To extend the analogy, it didn't take HIV to jeopardize the health of those who share needles or who have numerous, unprotected, anonymous, sexual contacts. Nonetheless, HIV like the spam-sending trojan anti-spam screensaver.

Re:Well, that's what you get

[HermanAB]

Fighting spam with email, is like fucking for virginity, but fighting violence with violence does work - you just have to kill everybody.