WebTV/MSNTV Virus Dials 911 577
Semji Rkim writes: "Though not the first virus to direct modems at 911, ABC News is reporting a bug in WebTV (Now branded as MSNTV) units which causes the infected unit to hang-up and dial 911. The virus spreads via email and Microsoft officials are looking into how it is able to replicate and also control the modem. Affected users are advised to delete the email and call Microsoft at 1-800-469-3288."
Can't be true (Score:5, Funny)
Re:Can't be true (Score:2, Funny)
Re:KARMA... (Score:2, Funny)
This is serious (Score:5, Insightful)
Re:This is serious (Score:5, Funny)
I'd one up you on that, and advise WebTV users to take their WebTV out to the back yard with a baseball bat. You know like on Office space.
Then, call the MS 1800 number and say that you found a fix.
Re:This is serious (Score:4, Funny)
But, if there's a fire at the office, you're supposed to call 911...
Re:This is serious (Score:5, Informative)
Yeah Its wrong to tie up 911 but 911 is the only number which could fit into the command string for ATH0.
Yes its ATH0, not a virus.
ATH0 Exploit [timeless.co.zw]
ATH0 info [seclabs.org]
Re:This is serious (Score:2)
OTH this is proof that "Trusted Computing" won't fix anything.
Re:This is serious (Score:2, Informative)
Re:This is serious (Score:2, Troll)
Re:This is serious (Score:5, Interesting)
Re:This is serious (Score:3, Insightful)
Re:This is serious (Score:3, Interesting)
Re:This is serious (Score:3, Informative)
Re:This is serious (Score:2)
How about life in prison then?
Re:This is serious (Score:2, Interesting)
Oh, wait, except that the ex-microsoft chief seems to be blaming TCP/IP and power companies and traffic light manufacturers and, well, everyone except Microsoft, for how much of a problem these "zero-day worms" are, and very distantly implying a palladium style global user-distrust technology would be the answer, from looking at that article. Funny how this sort of thing (massive-scale destructive worms) never seems to happen anymore except through Microsoft products.. I personally wonder if we'd see less of this Code Red / Klez stuff if we had less of a computing monoculture.
Palladium (Score:2, Interesting)
Re:This is serious (Score:2, Interesting)
No, the director of the company who wrote the software should.
If I kick a wall and the building falls down, whose fault is it? mine or the architect's?
Hehe... (Score:4, Funny)
Don't be fooled! (Score:4, Funny)
It's just the poor MSN infected boxes crying out for help!!
Voice of Stephen Hawking.... (Score:4, Funny)
"Help Me. I have Web TV. Help Me"
well, yeah (Score:2)
ATH0 (Score:5, Informative)
Any knowledgeable hacker knows about ATH0, it effects around 50 percent of 56k/33/28 modems.
With this, I was able to hang up peoples connections and even make them dial phone numbers, you send the modem commands and because of a bug, the modems obey the commands.
Its not a virus, Its something thats been going on for years, its an old trick/exploit.hack
Re:ATH0 (Score:2)
Re:ATH0 (Score:3, Informative)
Re:ATH0 (Score:2)
Re:ATH0 (Score:3, Interesting)
Back when this was first "discovered", I was one of the people on Bugtraq discussing how this could be exploited.
I very stupidly posted what I typed to knock myself off, with my real nickname included:
For the longest time, I couldn't sign on IRC on any major network without someone actually typing that verbatim, and sending that to me.
In the past couple of years I've received thousands of those. Kinda funny.
Nice troll. (Score:2, Informative)
Otherwise, knowing about ATH0, ATA, ATDT and ATM0 (well, the last is useful if you're dialing late at night and don't want to wake others) isn't so much l33t as having paged through the manual while waiting to get an open line.
OTOH, figuring out that you can down a BBS you don't like by requesting a file named COM1:? That's getting warmer...
Re:Nice troll. (Score:4, Insightful)
If you translate the commands into hex and send it as a ping it works:
ping -p 2b2b2b415448300d -c 5 xxx.xxx.xxx.xxx
By the way, 2b2b2b415448300d = +++ATH0
The modem receives the command and doesn't even pass it up to the "higher" networking layers so it's virtually untraceable, as well.
Re:Nice troll. (Score:3, Informative)
If I read this right:
You send him a ping (ICMP echo request) with the modem command in the payload.
He sends you a ping response (ICMP echo reply) with that same modem command in the reply's payload. He just sent it to the modem.
If he's on a PPP/slip link it looks to the modem like a command embedded in the stream.
If the modem doesn't correctly ignore commands where there isn't a minimum half-second pause (with no transitions whatsoever - even start/stop bits) between the +++ and the ATH, you got him.
Of course if YOU'RE on PPP/slip on a serial link you have to be careful that YOUR modem doesn't hang up and dial 911, too. B-)
Re:ATH0 (Score:3, Insightful)
If you can make it hang up, can you make it dial (ATDT)?
Imagine some goon on IRC makes your modem dial his number so he can grab it on CallerId and then harass you.
Re:ATH0 (Score:2)
Granted - this article is rather light on detail. It doesn't specifically state that is what's going on - only that Microsoft tech support is reseting devices. It could simply be a mass emailing.
Of course, that might be the point HanzoSan was trying to make.
Re:ATH0 (Score:4, Informative)
Ah the old BBS days. I remember some fool on the local board I hung out on had some crappy term program that would hang up if it saw "NO CARRIER" at the start of a line. Now why would a communication program issue an ATH0 after the carrier had been dropped?
Re:ATH0 (Score:2)
Strangely, you don't get a lot of money pandering freeware programs.
It's actually somewhat of a neat program
Colour me impressed (Score:5, Funny)
Microsoft advises affected customers to delete the email and call 1-800-469-3288.
Suggestion for next iteration of virus: dial this number instead.
Re:Colour me impressed (Score:2)
Trustworthy Computing.... (Score:3, Funny)
Legal Consequences? (Score:2, Interesting)
Re:Legal Consequences? (Score:5, Funny)
Re:Legal Consequences? (Score:4, Funny)
Liability? (Score:2, Interesting)
Re:Liability? (Score:3, Insightful)
If it's anyone's liability it comes down to the person that wrote the virus. The same thing COULD be done on a linux system too, should linus be held liable? Should the whole open source community be held liable?
Your comment was stupid, I just wanted to point that out.
Re:Liability? (Score:2)
Can Microsoft be held liable for selling a product with a LONG-KNOWN vulnerability and NOT fixing it with the WebTV auto-updating functionality. Assuming that it is easy to fix, of course, which I am (of course) assuming.
And by the way, YES, WebTV has always been able to auto-update.
Re:Liability? (Score:3, Funny)
FBI: "The kid says your computer called 911. What the hell is going on, Bill? I woke up the president and told him we were under attack by the Russians. Do you have any idea what kind of an idiot that makes me look like?"
Bill: "David, machines don't call people."
Re:Liability? (Score:5, Funny)
Re:Liability? (Score:2)
Ever wonder why Microsoft systems are often targets of viruses? Virii's are often the products of a virus author going, "I'll show you your stupid ad campaigns about how secure your OS is are false!" They are the technical equivilent, in many cases, of an "I Told You So!"
Stupid comments like yours that claim Linux is infailable is what makes virii writers go after your box in the first place.
You're waving a target in the air, with the words "I Dare You" painted on it. Do not do the Linux community this vast disservice, thank you.
"The best way to get shot isn't to wave a gun." misses the point. The best way to be _noticed_ is
Re:Liability? (Score:2)
A virus packaged with a root kit for example would circumvent your little point and make your comment totally useless!
With the recent root exploit on apache, it probably won't be too long before someone writes a worm to look for all those unpatched apache boxes. Yours could be next!
Lets recap.
Worm that uses the apache exploit gains root (no rootkit needed)
Worm then makes modem dial 911, just ATDT 911 is needed, no ATH0 911
Get it? BTW your point of if you're running a linux box you're NOT running WebTV, which is how it propagates. is moot because this thread was about liability, not how the virus propegates.
Re:Liability? (Score:2)
Monkeys in africa should be held liable for being the first to contract aids?
My parents should be held accountable for every fuckup I ever did in my life?
Your biological virus argument has no basis in the silicon world. The only person who knowingly infected these boxes was the original virus writer, not MS.
By your logic we should hold god accountable for making humans compatible with aids.
Re:Liability? (Score:2)
The only person with the INTENT to spread the virus is the original virus writer himself. Maybe you just hate MS and can't look at the issue objectively enough?
Re:Yes, it could. (Score:2)
#1. Just a few days ago on
#2. It doesn't matter HOW it gets there, what matters is that it does, be it mail client exploit or service exploit.
#3. Your comment sounds along the lines of "LUNIX IS INVINCABLE!" Which it can be, unless there is a root exploit like the one I described above. This was very heavily discussed on slashdot about a week ago.
You can't blame MS for making a product with holes, it's their culture.
Re:Yes, it could. (Score:2)
Actually, apache _does_ run as root in the beginning to seize a priviledged port. But having a scriptkiddie romping around on your box as 'nobody' is just as bad. Did you know that local root exploits are more prevalent than remote root ones?
Re:Liability? (Score:2)
Compared to that I say BOLLOCKS to the small amount of taxpayer dollars it costs you.
Re:Liability? (Score:2)
OK, I'll bite.
What, exactly, does this have to do with ANYTHING the poster said?
Are you suggesting that nobody forced him to pay taxes? That's complete bunk.
He never mentioned anything about buying anything, nor did he say that he bought anything from MS.
He said: "can MS be held liable for wasting my tax dollars" - meaning "MS's negligence allowed this to happen, so can't they be held liable?"
Re:Liability? (Score:2)
His comment was dripping with "I hate Windows so I hope MS has to pay in some way or another.". It doesn't take a telepath to see that.
Re:Liability? (Score:2)
But it doesn't, because part of the responsibility really is Microsoft's.
MS made a product. They sold a product. Due to a defect in the product, it's possible for the product to cause harm to a third party.
I'm not saying that MS should be held solely responsible, but this isn't a new attack - this type of thing has been known for over 10 years, and yet MS didn't do anything about it. That makes them negligent, and therefore liable.
Re:Liability? (Score:2)
No, it's more like saying it's GM's fault that some vandal can pour sugar in the gas tank because the cap isn't locked behind a door.
Re:Liability? (Score:2)
Actually, it's more like some vandal pours sugar into your gas tank, and your car drives next door and siphons some of the gas into your neighbors car.
I think there is a real liability question. Not in the initial act of vandalism, but that the system can be considered faulty for allowing the vandalism to spread so easily.
Software manufacturers have gotten off the hook for crummy software for too long. Look at the kinds of recalls that happen in the auto industry. Somebody gets a rash from the dye they use to color a seat belt, and 100,000 cars get recalled at the manufacturers expense. Microsoft and others need to be accountable for quality, too.
Trustworthy Computing to the rescue! (Score:2)
Phone Firewall (Score:2)
Hmm I could block 911 & telemarketers...
Re:Phone Firewall (Score:2)
When your firewall is up, no one can hear you scream.
Re:Phone Firewall (Score:2)
Personally, I'd set the firewall to block anonymous calls heh.
Okay, Im way off topic here, but I do have a question: a friend of mine had it set up to where you HAD to dial a *XX number to disable anonymous calling or the call wouldn't go through. Anybody know what that service is called?
Re:Phone Firewall (Score:2)
Re:Phone Firewall (Score:2)
I want one.
Re:Phone Firewall (Score:2)
The next version? (Score:4, Funny)
Hmmm maybe the next virus can dial 1-800-469-3288?
=)Re:The next version? (Score:2)
I find it very remarkably that Microsoft is now offering customers so much support to deal with security problems in their software. Maybe they think: if we can't make it secure, let's make it agreeable to our customers.
Na, probably not.
Call for help? I dont think so. (Score:2, Funny)
WebTV Unit: "All your base are belong to us."
Or Do So Automagically! (Score:2)
"delete the email"? (Score:3, Funny)
but i must find out how to:
1. enlarge my penis.
2. lose those extra pounds
3. find the girl of my dreams or
4. see those insert random celebrity name here naked photos!
UNIVERSITY DIPLOMA TODAY! (Score:2)
And find old classmates you hated then and now...
How much longer until 1-900? (Score:5, Interesting)
Re:How much longer until 1-900? (Score:2)
--toq
Re:How much longer until 1-900? (Score:2)
On a side note, my modem init string was always ATH0M0.
Re:How much longer until 1-900? (Score:3, Interesting)
However these program come as some kind of trojan, usually springing up some "accept box" (only on install). However, these boxes often don't say that an expensive connection will be created - sometimes they even claim to be a "screensaver update"
Wouldn't work (Score:2, Informative)
Second, once the complaints came in, the phone company would quickly cease all payments to the operator, and turn their info over to the district attorney's office for prosecution.
Re:How much longer until 1-900? (Score:3, Informative)
It's been done. I remember reading in the newspapers about pr0n sites that asked you to download their special pr0n viewer program. The thing is, this viewer program actually did view the adult content. It also turned off your modem's speaker and dialed some pay-per-minute line in Russia. But since you were looking at pr0n, you would probably spend quite a while racking up charges without noticing anything was amiss until your next phone bill.
Ahh, yet another buggy virus. (Score:2, Funny)
Interm Solution (Score:5, Insightful)
"Services will not be availiable today because of a virus that affects webtv users. The virus takes control of the webTV modem and causes it to dial 911. Please unplug your webtv unit from the phone line until we can fix the problem. Please call 555-1212 if you suspect your webtv has been affected"
Clean up your mail servers. Install something to filter out the virus and any varients. Even the least tech savvy people will understand "It dials 911" and "Unplug your webtv"
Just some advice.
--toq
Re:Interm Solution (Score:2)
It doesn't make them any money. Right now many WebTV users probably don't consider WebTV to be a computer. Remember, computers are complex, buggy, get hacked, and get viruses therefore if WebTV is suseptible to viruses it is a computer. By sending out an alert to all their subscribers they will alert everybody to the fact that WebTV is a type of computer and will lower its popularity because of that. That being said it is an interesting test to see if M$ will stand to possibly lose a little PR in order to stop a life saving service from being tied up.
Re:Interm Solution (Score:2)
It's one less day they need phone support.
It's one less day they have to provide service.
It's one less day they have to do anything but have their top techs in the office fixing the problem (Who are probably in the office all the time anyways)
On top of all the less they have to provide for a day, they're still charging the customers money. So they don't really lose anything at all by doing this, they gain alot.
Add that all up, and I see black for that day.
Re:Interm Solution (Score:4, Insightful)
Near my 7th year, I became frustrated, started telling people how stupid I thought they were to their face (Usually after the 8th time of explaining something) And generally degraded into the self absorbed irritating prick that I am today.
2 years later i'm still recovering. Where I used to fix my friends and families computers for free I now charge the shit outta them till they don't wanna come back. Everytime the phone rings my hair still stands up on end because i'm afraid of yet another person saying, "Hey toq just wanted to ask you a quick question!" No it's never a quick question, it's a gateway into a line of questioning not even the worse murderer would be subjected to in a police interregation.
And you dare say was I ever a sysadmin, jeesh. I'd bet money I could w00p your arse in a contest of skills any day of the week. Trust me kid, you just haven't burned out yet, but you will. And when you do, that's where open source with the lack of stupid people and politics will be waiting.
--toq
Can we really call this a virus? (Score:2)
I personally find this alleged virus' behaviour entirely appropriate.
It's just trying to help.
Can't you see that?
Why not... (Score:3, Interesting)
Why don't the people who write viruses ever have a sense of humor?
Full service virus (Score:2, Interesting)
Hacking is a serious crime [slashdot.org].
The virus is just calling 911 to report itself.
It would be neat (Score:2)
Maybe the rolling stones "Start me up"..
How... timely (Score:4, Insightful)
Coincidence? Probably. But geez, you can bet they will spin this to their favor. Instead of apologizing for their incompetence, they will use it as evidence of the dangerous new world we live in, and request us to please bend over for all their new security initiatives.
Our infrastructure is under threat from hacker terrorists! The free world is at stake! Join up at your NET Guard recruiting office now!
Homer Jay Could Use This Virus....... (Score:2)
Re:Homer Jay Could Use This Virus....... (Score:2)
Its very simple to do this... (Score:3, Interesting)
A part of me actually finds the idea of Microsoft being held liable for the 911 calls pretty amusing. But the reality is that it costs money and unfortunately it could cost lives. I hope all of you people make sure to tell your moms/dads/grandparents/spouses/friends/etc. to disconnect their boxes from the phones lines.
Reminds me of a modem story... (Score:2, Interesting)
This went on for days. And no one really put it together until, one night, while listening to the dial-tones coming out the speak of his Avatar 2400 modem, he noticed that anytime the modem attempted to dial an 8, nothing would come out.
And one of the BBSs he dialed started thus:
(8)91-1xxx
Not a problem, really.... (Score:2)
That should be just about everyone on webtv...
Maybe that's why this hasn't hit other news outlets... hmmm...
--mandi
And this makes you wonder (Score:2, Funny)
IRC (Score:2, Interesting)
[1] maybe "like" is not the best word
WTF?!? (Score:2)
This virus only affects Microsoft WebTV/MSNTV units. Windows PCs, Macs, Unix, and Linux machines are unaffected.
Huh!? I thought viruses affected EVERY computer and email client the same! I mean they've never suggested anything different on the news before this?!? Do you mean that when checking my email on Red Hat using Pine I won't get klez or code red???
Well, it's a good thing (Score:4, Funny)
The real emergency number is 912.
*grin*
My only hope... (Score:5, Insightful)
Sometimes these pranks go too far.
The Big Question... (Score:4, Insightful)
And this is on a closed system (Score:4, Insightful)
Since this apparently affects pre-Microsoft WebTV boxes, though, it may be in code from the original WebTV people in Palo Alto. But that was a long time ago. Microsoft owns it now, and has to take the blame.
Is it actually running unauthorized code, or does the exploit just change what it dials?
Re:Wouldn't it be great... (Score:2, Insightful)
Re:Holy shit (Score:3, Funny)