What Does a Spreading Worm Look Like? 233
quibbs0 writes "When a new worm spreads around the world, people want to know if they are protected. How fast is it? How does it spread? A new simulation program developed by Symantec Research Labs not only has the answers, it also provides pictures."
What a spreading worm *really* looks like. (Score:5, Funny)
What Does a Spreading Worm Look Like?
This [moviegoods.com] is what a spreading worm looks like.
^_^
Comment removed (Score:4, Funny)
Re:What a spreading worm *really* looks like. (Score:2)
Re:What a spreading worm *really* looks like. (Score:3, Interesting)
Re:What a spreading worm *really* looks like. (Score:3, Funny)
"When a new worm spreads around the world, people want to know if they are protected."
Well, I suppose that depends on whether it's an endangered species or not.
Re:What a spreading worm *really* looks like. (Score:2)
When you say spreading.... (Score:2)
launching a windows executable from a link (Score:5, Insightful)
Re:launching a windows executable from a link (Score:5, Interesting)
Re:launching a windows executable from a link (Score:5, Funny)
Is it a coincidence that the only platform, for which one can get programs simulating the spread of worms, is MS Windows?
Re:launching a windows executable from a link (Score:2)
No. Who else will it matter to, except those just trying to convert people to another OS or an admin?
Re:Mac Worms (Score:3, Informative)
Second, Opener/Renepo IS NOT a virus or a worm. It doesn't spread and can not self-replicate. Opener/Renepo can cause damage to a Mac OS X system, but only if the user running it has permission to run it, and grants the app permission to run and perform the damage. It can't traverse the network, spread to others machines, or run without explicit per
Re:launching a windows executable from a link (Score:2)
Re:launching a windows executable from a link (Score:2)
You mean... (Score:2, Insightful)
Re:launching a windows executable from a link (Score:2, Troll)
Fastest way to spread a worm... (Score:5, Insightful)
Re:Fastest way to spread a worm... (Score:4, Funny)
boaworm$ ls -l *.msi
-rw-r--r-- 1 boaworm boaworm 2022400 28 Apr 17:16 SRL_Worm_Simulator.msi
mirage:~/Desktop boaworm$ chmod a+x SRL_Worm_Simulator.msi
mirage:~/Desktop boaworm$
-bash:
mirage:~/Desktop boaworm$
Poor me, my Panther cant even get that worm to RUN... i't should be dead scared, should it not ? Perhaps I need Tiger..
Re:Fastest way to spread a worm... (Score:3, Funny)
Great thing for a security company to encourage (Score:5, Funny)
and ALT-F4 will activate "ultra mode"
Re:Great thing for a security company to encourage (Score:2)
Appropriate packaging (Score:4, Insightful)
Perhaps Symantec figure the only ones who would want to look at a spreading worm are those most affected by it??
real plot? (Score:3, Interesting)
What Does a Spreading Worm Look Like? (Score:5, Funny)
How appropriate.
Re:What Does a Spreading Worm Look Like? (Score:2)
You were saying?
Spreading Worm? (Score:2)
Hey, at least I'm not trying to launch an executable on you.
Re:Spreading Worm? (Score:2)
msi (Score:2)
screenshots, anyone?
Re:msi (Score:2)
I installed it on a sacrificial Windows machine, and the results were something like this [google.com]. Eww!
Re:msi (Score:2, Informative)
*watches website get
Haydn.
You want us to install a program? (Score:5, Funny)
That would be like me going to the doctor and having him ask me if I know how HIV is spread and then asking me to take my pants off.
Re:You want us to install a program? (Score:2)
Remember, this is coming from Symantec:
it would be more like going to a Glaxo Marketing Rep's office, and having him demonstrate how HIV is spread, by bending you over his desk. Then charging you the $300 or so a day for the next ten years for AIDS meds his company makes.
Torren (Score:2, Informative)
http://dload.digitalriviera.com/SRL_Worm_Simulato
Re:Torren (Score:2)
Re:Torren (Score:2)
I'm being ungrateful, just pointing out the ever-increasing irony.
Interesting article in IEEE spectrum (Score:5, Informative)
Re:Interesting article in IEEE spectrum (Score:2)
Re:Interesting article in IEEE spectrum (Score:2)
http://www.fish-hawk.net/tips/texas/worm7.jpg [fish-hawk.net]
Snake Oil for sale (Score:5, Insightful)
Next you'll probably want me to go ask the Bush camp if we should invade Iran or the Democrats if we should repeal the two term law and re-elect Clinton again. On my way I'll stop by the car dealership and see if my current car is okay or if I should get a new one just to be safe.
Re:Snake Oil for sale (Score:3, Insightful)
Re:Snake Oil for sale (Score:2)
Re:Snake Oil for sale (Score:2)
Re:Snake Oil for sale (Score:3, Insightful)
It would be more interesting to see a study of computer-based virii versus biological ones. How about some real epidemiologists take a crack at it? Perhaps they already have..
Anyone? Anyone? Bueller?
Re:Snake Oil for sale (Score:2)
Re:Snake Oil for sale (Score:2)
Re:Snake Oil for sale (Score:2)
don't you have to turn down security levels on IE to see those things? if more and more content is provided that way, more people will put their browser in the 'hole-ridden' setting... and therefore will need more symantec software
Comment removed (Score:3, Insightful)
Re:*Yawn* (Score:2, Insightful)
Goodbye Slashdot. (Score:2, Insightful)
However this farcical link to a
Goodbye.
Re:Goodbye Slashdot. (Score:5, Insightful)
anyway, don't let the door hit you on the way out!
Re:Goodbye Slashdot. (Score:4, Funny)
Re:Goodbye Slashdot. (Score:4, Funny)
Re:Goodbye Slashdot. (Score:2)
Can you post your account on eBay?
#56 here I come!
Re:Goodbye Slashdot. (Score:3, Funny)
Re:Goodbye Slashdot. (Score:2)
Re:Goodbye Slashdot. (Score:2)
Re: (Score:2)
Agent USA (Score:4, Insightful)
Re:Agent USA (Score:2)
Are you sure about that [corewar.co.uk]? It seems like that claim could easily go to Agent USA or Corewars (or something else entirely - Lisp hackers are notorious for inventing clever amusements (like Emacs (which probably has a Corewars-mode (oh, it does [sourceforge.net])))).
Under OSX it looks like this ... (Score:2)
Running OS X 10.3.9, I get:
1. "No default application specified for SRL_Worm_Simulator.msi"
2. "Cannot play back the file. File format is invalid"
[Is SRI hinting at something???]
Re:Under OSX it looks like this ... (Score:2)
Re:Under OSX it looks like this ... (Score:2)
(MSI=MicroSoft Installer)
Re:Under OSX it looks like this ... (Score:2)
Ah, maybe so ... but a well-designed program, when asked to open a data file it cannot recognize, might suggest alternative courses of action, perhaps even comparing the extension (...or whatever they call it these days...) to a list of standard extensions .... at least those used by the program's own vendor.
I can't believe that I'm that much smarter than the largest software vendor in the world ....
Slammer/Sapphire (Score:5, Interesting)
Slammer [caida.org]
Pay attention to the time and infected hosts data at the bottom.
CAIDA did this for earlier worms... (Score:5, Informative)
end to end linkage (Score:3, Informative)
In other words, a computer can only infect other computers through being infected itself (unless if the system is just serving files). Worms can't move through unsupported systems. Once it hits OS X or Linux system, it can't move anywhere. Windows is the only OS with critical mass high enough to achieve this. Symbian for mobile devices. This is why you won't see any Windows CE worms unless if it gains in terms of marketshare.
Re:end to end linkage (Score:3, Insightful)
It's not hard at all to find whatever flavor of UNIX system you want in huge con
Re:end to end linkage (Score:2)
you're wrong (Score:2)
The Witty worm could only infect Windows machines running a specific version of specific firewall software. The vulnerable population was about 12000 machines worldwide. It infected virtually the entire vulnerable population in under an hour.
If/when there's a worm for MacOS X or Linux, there will be more than enough m
Anyone figure out? (Score:4, Interesting)
Re:Anyone figure out? (Score:2, Funny)
In other news... (Score:3, Funny)
Up next, Symantec issues a warning to the Mac/UNIX community saying that their computers are too safe from Windows-based viruses. "We can no longer support operating systems that flaunt their security in face of corporate IT managers everywhere when millions of starving children are dying of malnutrition."
The Weekly World News news service will be right back after this message from our sponsor, Symantec. Ensuring your fear, uncertainty and doubt since 1982.
Brek Girl Simulation (Score:3, Interesting)
"I [infected] two friends.
And they [infected] two friends.
And so on.
And so on.
And so on."
Withe the screen splitting at each phrase and winding up with 32 versions of the cute girl, it's much more visually entertaining than this demo.
Re:Brek Girl Simulation (Score:2)
I remember using that stuff as it was in our bathroom- I can still remember the smell. I remember thinking 'Why the hell would you put honey in a shampoo? To attract insects?'
Yellow? (Score:2, Funny)
Tell me Symantec hasn't trademarked a shade of yellow.
From TFA (Score:2, Insightful)
Translation:
We invented a new, computer-assisted sales pitcher. It could also be used as a FUD spreader on TV.
Missing some factors (Score:5, Interesting)
But within 20 days, there were no infected nodes, anywhere; as someone who works in a penetration testing lab without a firewall, I really have to say that this is not real. And within 52 days, 100% of the world was patched. What? It was more than 95% within 30 days too, and I don't believe that either. There's no accounting for new systems coming out of the box (and onto the net) without patches, and no representation for the fact that there will never, ever be 100% coverage for any patch.
That said, it is a pretty interesting tool to see how things spread, both globally and within an organization. You just have to keep in mind that it doesn't tell the whole story.
Re:Missing some factors (Score:2)
Re:Missing some factors (Score:2)
they believe if you use norton av, then the maximum # of days your computer can be affected is 20days (the maximum time they forsee themselves to write a patch a
Re:Your Missing a factor! (Score:2)
No service packs, and a difficult time getting them to actually work on it if you download them.
I know plenty of people who would think nothing of downloading and installing this on their system. Heck, I know of a few business that think nothing of downloading and installing this, then selling the system.
Real data: Analysis of the Witty worm (Score:4, Interesting)
Speaking of spreading worms... (Score:2, Interesting)
Today an internal customer asked me why Slashdot seemed to be broken. I check the firewall logs and, lo and behold, discover 66.35.250.150 triggered the firewall's IDS for tweaking port 2000/TCP.
Why was /. poking at that port on my firewall, particularly
considering
what's usually there [sans.org]?
Are you protected (Score:3, Interesting)
Do you understand computers and how to run one securely? Yes/No if Yes continue, if no then you arn't.
Is a patch finished and installed? If yes then you're fine. If no then you arn't protected.
Obviously opening strange program files comes under number 1, but they may make it three points if you wish.
Make the "pictures" a PowerPoint presentation... (Score:2, Funny)
It's a virus!!! (Score:2)
Seriously, this is exactly how this shit spreads - get someone to download something "cool" - one reason why I never get crack patches from the warez sites...
an even better question: ... (Score:3, Funny)
What does a spreading Worm Simulator look like?
Thanks to the Slashdot effect, I think we're gonna find out.
-S
Sober (Score:2)
Sober, installs itself by tricking naive people in opening the Trojan disguised as
Sorta like the MSI link in this article....
I wonder, will I get drunk when opening it on my Windows 2003 Terminal Server?
If so, I might be inclined.
Thanks Symantec! (Score:2)
Why?
Because their software breaks every machine it touches.
Worse, the computers they are installed on have not just one Virus, but many.
I tell my customers its like selling a condom with a hole in it.
You could have had so much more fun without the protection they weren't providing in the first place.
A false sense of security is worse than no security at all.
Screenshot (Score:2, Informative)
http://www.jeanhaines.com/tmp/wormSim.html [jeanhaines.com]
Haydn.
p.s: thank god I'm at work so I can open
the funny thing so far (Score:2, Informative)
According to the sim.. (Score:2)
Unbiased? (Score:2, Interesting)
Comment removed (Score:4, Informative)
Hmmmm. Interesting... (Score:2)
--snip--
WARNING: SRL_Worm_Simulator.msi is infected with the W32/WormSimulator.B@mm virus!
ACTION: Clean/Delete threat.
It looks like you're attempting to run a competitor's program. Stop it, you insensitive clod.
--snip--
That was a weird virus warning I got when I downloaded that
It looks like a web page linking to an executable! (Score:2)
Let's see. How does a spreading worm look? Perhaps it looks like users blindly downloading an EXECUTABLE program for Windows after essentially being told that "this is a safe download" becuase it is linked to from the front page a major website.
I'm not sure whether to laugh or cry at the humor or the irony.
If this thing is a virus that Norton has preprogrammed its antivirus product to ignore, I'll be laughing myself into an early grave...
how come i can't stop the earth from spinning? (Score:2)
Re:Darn Linux (Score:3, Informative)
Re:Darn Linux (Score:2)
Of course this automatically leads me to think about how to get around the difficulties virii might encounter using Wine. Which in turn causes me stop, hit my head and shout "DOH!" because I realize I'm trying to troubleshoot a virus for proper functionality and I really have much better things I should be doing.
You win.
Re:Don't Download it (Score:5, Funny)
I should be safe.
ps:
ps2: Note to moderators: this is funny, not informative!
Re:Don't Download it (Score:2)
"When Mods Go Bad." Next on Fox.