IRC Networks Unite in Fight Against Fizzer Worm 337
Dave writes "Over the past few days, IRC Networks across the internet have felt the brunt of the Fizzer worm. In an unusual display of geek solidarity, representatives from dozens of IRC Networks, including EFNet, IRCNet and DALnet, have gathered to create a Fizzer Task Force. Interesting, and mostly productive results have occurred so far from such a meeting of the IRC minds."
The battle has ended. You've got worms! (Score:3, Funny)
Now, miniscule web servers, you will feel the brunt of the Slashdot behemoth!
Interesting, and mostly productive results have occurred so far from such a meeting of the IRC minds.
And, once this story is published, we'll observe the various effects of futile desperation!
nah, fizzer stole your bots. (Score:2)
And, once this story is published, we'll observe the various effects of futile desperation!
If you want your bots back, tell him to push somethin
As Well They Should ... (Score:5, Insightful)
-A.M.
Re:As Well They Should ... (Score:2, Funny)
Re:As Well They Should ... (Score:3, Interesting)
I just idle in some rooms where i know the people. only file sharing i've done is to send a pic or two
As for KaZaA, i'm just not using it at all. I haven't heard how well Norton or McAfee protects against Fizzer over different media yet, so i'm just gonna lay low for a while. I suspect that many others will too.
This brings up another interesting idea. RIAA/MPAA designing virii to attack P2P networked computers (maybe with keywords like 'Usher' in their music files?). HIGHLY illegal, but what do they
Re:As Well They Should ... (Score:3, Interesting)
Re:As Well They Should ... (Score:4, Funny)
Rich
Re:As Well They Should ... (Score:2)
Re:As Well They Should ... (Score:3, Informative)
Re:As Well They Should ... (Score:5, Funny)
Re:As Well They Should ... (Score:3, Funny)
I suggest an immediate ban, and the sending of threatining letters to all CAT5 owners.
Re:As Well They Should ... (Score:2)
of course life is just a rehash..
and then there is hash
Yeah! (Score:3, Funny)
Let's help these guys out by /.'ing their co-ordinating page!
*Ahem* (Score:5, Funny)
Systems Not Affected: Macintosh, OS/2, UNIX, Linux
Heh. Clearly the work of an evil genius.
GF.
Re:*Ahem* (Score:3, Funny)
I guess that means BeOS is at risk? Oh no!
Re:*Ahem* (Score:4, Informative)
Seriously, wine is getting better every month and can run a wider lot of window$ software, it is not surprising that it will (could?) run windows worms/viruses (which are software written by human after all) and put our supposed-virus-free-OS [insert your preferred flavour of unix here] at the same level of risk than windoze users.
Please think about it if you install such a software...
possible perps (Score:4, Interesting)
Anyway, that's how I think with crimes, use flatfoot 101, "who profits?".
Re:possible perps (Score:2, Interesting)
Re:IRC is P2P (Score:3, Informative)
You obviously don't have a clue what a P2P network is. The most striking feature of a Peer to Peer network is its lack of a centralised server - you communicate with the network through a peer. IRC has centralised servers, and although it is possible to form a direct connection with another client, you cannot con
Re:IRC is P2P (Score:3, Informative)
Re:IRC is P2P (Score:2)
Uhm, no. Just because you want to call a horse a car doesn't make it more of a car. Get over your ego, sparky. Just admit you don't know what the hell you are talking about and move on. The whole reaso
Re:IRC is P2P (Score:3, Funny)
Change what subject? I'm responding to what you said.
I can discuss with people, just don't "do" insults, which I certainbly didn't start,so if you or anyone else want to talk to me, do it without insults or get ignored from here on out.
The original poster who corrected you didn't insult you at all [slashdot.org]. Go back and
Re:possible perps (Score:3, Insightful)
Re:possible perps (Score:2)
Perhaps this worm is a result of profiteering. However, many computer crimes do not follow this standard profile. "Traditional" (define that how you like) hacks n' cracks are most often done for motives other than profit (direct or indirect). I see no evidence to suggest this is changing.
death of irc? (Score:2, Redundant)
From the official Undernet note in the link:
"At this point, the future of the Undernet and IRC remains uncertain."
Re:death of irc? (Score:4, Informative)
Undernet also has... (Score:2)
How do I know this?
erm...
Re:death of irc? (Score:2)
It's a protocol, so how would it die?
The large ircnets are laggy and crap filled anyway, wouldn't be too much of a loss.
okay, time to update (Score:2)
if there is such thing...
Mainstream media seems to report that the virus comes out of Outlook attachments ONLY, which shows how ignorance can be dangerous if this worm is effectively spread through filesharing networks...
Re:okay, time to update (Score:5, Informative)
Re:okay, time to update (Score:3, Informative)
AVG [grisoft.com] appears to be another free one but I have not tried it.
I was using an older version of NAV Corporate but it seemed too bloated for some of my slower machines. I've also used the scaled down version of Trendmicro that normally comes packaged with new motherboards, it is limited to 3 months of updates unless you pay for a subscription but the price is reasonable if you want to keep using it.
Re:okay, time to update (Score:3, Informative)
Re:okay, time to update (Score:2)
I've had pretty good luck with fdisk. It's not exactly free, but it does come with your OS. But what it lacks in features it more than makes up for in savings.
--
mcpwhoowhookaaos
a free cure for the windows virus. (Score:4, Funny)
PEBCAK (Score:5, Insightful)
But even running around nekkid, I don't think I'd have caught more than a handful of viruses to begin with. Why the hell is it that people open up all the crap executable stuff they get? I think the best hope is a new generation that has grown up with SPAM, viruses etc. and don't fall for that kind of bullshit. Teaching old dogs new tricks doesn't work, but they will die eventually...
Kjella
user = id10t (Score:2, Interesting)
Non-system disk or disk error
Replace disk and press any key when ready.
I was caught totally off guard on that one, but I don't think that it indicates a user = id10t problem on my part.
Re:PEBCAK (Score:2)
Once, in the early ninties, I got the FORM virus from an infected floppy. It was mostly harmless, so I kept it on my machine, kind of like a pet. (Ahh, back when viruses were silly and harmless... Ogre aside). It never caused me any trouble.
Beyond my "pet," I've never have a Trojan, virus, worm, or exploit bother me. I don't blindly run executables, I don't boot from strange floppies...
It's hard to get a virus unless you're an idiot. That's just my opinion, but I hold to it. Te only peop
Re:PEBCAK (Score:2)
Re:PEBCAK (Score:3, Funny)
Re:PEBCAK (Score:5, Insightful)
You may object that things like Word macros (and their associated viruses) blur the line between files and executables. But that is another instance of the same problem: 'opening' such a document should be split into the two questions it implies: do you want to *view* the file contents? do you want to *execute* the instructions in the file?
If user interfaces and especially mail clients bothered to present this distinction to the user then a lot of the worm problems would go away. Some people would still have virus checkers, mostly companies who don't trust their employees not to execute dancing_elephants.exe. But even in those cases, it would be simple to lock down mail clients to not allow execution, as long as they bother to make a clear distinction between viewing and executing to start with. (And as long as the applications they launch, such as Word, do the same.)
One way of explaining this in non-technical language is: 'If I sent you a letter and it said "please jump off the nearest cliff" and you read it, would it do any harm to you? Why should the equivalent message sent to a computer be any different?'
more details, don't blame the user. (Score:2)
Don't forget to include an email client that does not run as root and does not execute stuff without asking the user! M$ thinks it so much more important to have email that "works" by blaring noises and flashing picutes at you. Even if these glaring problems could be fixed on Windoze, the lack of distinction you noticed still demands a co
vbs is supposed to run, but not through email! (Score:2)
Ah! Why can't the M$ dummies do like every other reasonable OS and implement file permisions and owners within the file system? An email client that does not make attachm
Re:vbs is supposed to run, but not through email! (Score:3, Informative)
What are you talking about? Windows has far more fine-grained access control, permissioning and user management than Unix. I'm no MS fanboy but it's a simple fact - the Unix mechanism with chmod and chown is really crude by comparison (although it's tried & tested).
Re:PEBCAK (Score:2, Insightful)
Users should *not* have to be scared of using their computer. The computer should simply stop them from doing anything wrong.
Users won't learn, so teach the computers instead.
Re:PEBCAK (Score:5, Insightful)
"Users should *not* have to be scared of using their computer. The computer should simply stop them from doing anything wrong."
Now how do you feel about that?
I'm not agreeing or disagreeing with you here - just food for though.
Re:PEBCAK (Score:2)
I agree with you - Outlook (and all programs by default) - should ship in thier 'safest' state. However, at some point, accountability comes to play. If you make outlook save files to disk first, the user will simply do that, then go and open it arbitrarily. I know my mom opens that damn 'elf bowling' proggie every time she gets it, no matter how many times I tell her not to. And, if you make a user jump through too many hoops to 'ge
You've missed something - (Score:4, Insightful)
Just because you don't think you have a virus doesn't mean you don't have one that's good at hiding. Try loading an AV and seeing what it finds. It might do you some good.
Personally, I have an updated one that I keep disabled most of the time except when I get up and leave it on; then I tell it to scan. Hasn't turned up anything. Good sign...
Not your usual "task force" (Score:5, Funny)
"task force"
Heh
Re:Not your usual "task force" (Score:5, Insightful)
And trust me you can cause more pain to more people by dumping thier net connection than you ever could with a swat team.
First there's the pain for lusers that find thier mail IM and file swappers don't work, then there's the pain in the call centre when harrased techs try to explain to consumers what's going on, then there's the pain felt by the BOFH's with management hovering over thier shoulder, then there is further pain caused by the many minor bumps and niggles and repeats as the systems cope (or not) with the backlog built up in the down time. And after all that, if it was a good one, there are the recriminations on support boards, the calls for compensation, customers leaving, no end of replanning from the management team.
Ahhhh
The beauty is that a good DDOS is a gift that just keeps on giving.
Truly Cthulhu is amongst us
Re:Not your usual "task force" (Score:2)
Re:Not your usual "task force" (Score:2)
(What was your IP again - purely for *ahem* research reasons)
Re:Not your usual "task force" (Score:2)
Lock em down (Score:3, Interesting)
Are there any programs that allow processes to be "locked on"? It would be useful to restrict attempts to kill certain processes, to people that can provide the root password.
There are probably heaps of this kind of thing, and another layer of security is always welcome.
cheap web site hosting [cheap-web-...ing.com.au] from 3 semi-mongrels a month
Re:Lock em down (Score:3, Informative)
Re:Lock em down (Score:2, Informative)
So even if you did "kill pid" it won't work.
Tom
Missing from the discussion so far: (Score:4, Insightful)
So, what did Microsoft do wrong that allowed this to happen? 200 words or less. 5 points off each for use of either "dancing monkeyboy" or "Borg".
Re:Missing from the discussion so far: (Score:2, Informative)
Re:Missing from the discussion so far: (Score:2)
The real bulk of the problem is with stupid users running attachments that they shouldn't.
Re:Missing from the discussion so far: (Score:2)
Re:Missing from the discussion so far: (Score:2)
missing for obvious reasons. (Score:2)
Re:Missing from the discussion so far: (Score:3, Informative)
I'll bite.
Having a very elaborate rights structure within their filesystem, much better than the Unix variants have had (imho), having an 'executable' in it, and then not using it!
Default to setting it off on software coming from network connections, have the user explicitly turn it on when necesarry. Unfortunatly this would go against the grain of 'easy computing for everyone' which is the core bussiness of Windows.
So basically the answer to your question is: Microsoft is doing something wrong by wantin
Re:Missing from the discussion so far: (Score:2)
Re:Missing from the discussion so far: (Score:4, Interesting)
Actually, it doesn't use the Windows address book. I know this because I (under firewalled, very controlled conditions) ran it to see how it worked. One thing I noticed is that it was sending e-mails out to addresses I did not know. That computer does not have an address book, nor any outlook express smtp/pop3 server settings (I never configured it).
Though the track record of OE and its address book is pretty bad, it isn't always to blame.
DMCA protects the virus data (Score:4, Insightful)
It stores encrypted data on your PC. You cannot use any method to decrypt this data to determine what keystrokes were collected and potentially transmitted.
Gotta love stupid laws.
Re:DMCA protects the virus data (Score:2)
Hmm.. if the DMCA lawsuit fines in favor of the writer, would any evidence gained from decrypting the file be made inadmissable for the prosecution of the writer?
Re:DMCA protects the virus data (Score:4, Interesting)
I hope noone takes this as a defense of the DMCA, it is an evil law. The DMCA makes it a crime to sit motionless and think certain thoughts. I really wish it would get struck down as unconstitutional already.
-
theory and practice. (Score:2)
Gotta love stupid laws.
Don't worry, the DMCA only applies to circumvention of encryption used to protect huge, rich, multinational coporations and other people trying to make a buck. I doubt anyone would care if you cirumvented encryption to recover your or other people's keystrokes. Britiany Spears's recorded music is protected. Her email, medical
I... (Score:3, Interesting)
This worm was hitting us badly. I personally spent at least six or seven hours slamming the fuck out of the clients (they connect with a very distinctive hostmask/realname/nick) since they started hitting us on Sunday, and we have ~1500 akills for distinctive IP's set up now.
As you may imagine, manual akills just wasn't cutting it after a while. We all have actual jobs, and sitting on IRC whamming worms is something we don't get paid for. We've fixed our problem with a small Perl script one of our server admins wrote. I don't have the link where he placed it online right now, but I'm sure he'd be okay with sharing if anyone's interested. At the very least, it'll give you some heuristics to work from (the fundamental pattern is a nick with one, two, or three numbers on the end, a real name consisting of two capitalized words, and an identd response made of those two words reversed and conglomerated).
If there's any other admins of networks out there, pop onto irc.kdfs.net and join #helpdesk. Mention that you're looking for Puffy (me) or Danzak (script writer) and you're interested in our virus client killing bot.
No false positives so far. :)
mIRC != IRC (Score:3, Informative)
And just sounds like people need to use some common sence, and update signatures.. None of these things should be a huge deal..
Symantec tool (Score:3, Informative)
Removal tool [symantec.com]
Cleaned up my office yesterday very nicely.
Info (Score:4, Informative)
Impact . . (Score:3, Interesting)
The point is that I've seen these botnets around for months and months now. Almost a year at this point with almost no coverage. I believe the days of smurf attacks are numbered, this is the new way to conduct DoS attacks. They're very effective as well, having seen the attacks targeting servers of mine.
Re:mIRC (Score:2, Insightful)
Re:mIRC (Score:4, Insightful)
Re:mIRC (Score:2)
Millions of Napster and Kazaa users prove you wrong.
Re:mIRC (Score:2)
Re:mIRC (Score:3, Insightful)
Netscape vs IE (Score:3, Insightful)
Check me on this: Didn't Microsoft start giving away IE BEFORE Netscape 4? If so:
Don't you think cutting off Netscape's revenue stream might have had something to do with the amount of Quality Assurance they could afford to do to their followon releases? In ad
Re:mIRC (Score:5, Informative)
The fizzer worm that's currently spreading, spreads through outlook and Kazaa. It also has a IRC backdoor, through which presumably the virus author can access infected computers. This IRC backdoor connects to a list of several irc servers, and sit in a channel.
As the number of infected computers (Please people, update your Anti Virus software!) is growing, this puts a higher load on the irc servers. This is what it's all about, to find a way to get rid of the trojans from the servers, so that nobody can abuse them for DDoS or looking for CC numbers or other private info on infected machines, in a way that doesn't put too much stress on the IRC servers.
Re:mIRC (Score:4, Interesting)
Re:mIRC (Score:3, Interesting)
Add the missing features, remove that bug that makes it easy(ish) to identify programmatically on IRC, voilá, killerworm of doom.
The real question is, how long before someone actually does this, creates a better worm?
Whoever created Fizzer was on the right track by adding AIM capability (according to f-secure), does AOL ha
Re:mIRC (Score:5, Funny)
That is compelling evidence, of course... the virus was written by Microsoft. Next week they plan to release Fizzer XP Service Pack 1 which will fix those issues.
Re:mIRC (Score:3, Interesting)
Eventually we had more bots than real users on the network (we're only small, so about 700 bots). With the Unreal fizzer-blocking module, we're close to having set around 10,000 local zlines.
Hopefully the admins on each network will notice them, and stop them being used for anything. After that, finding a way to remove the virus is less critical (if it becomes mostly useless).
parksie, ZiRC.
Re:mIRC (Score:3, Informative)
Re:method (Score:5, Funny)
Dammit, when are worms going to get interesting again? This "exploit the hell out of Outlook" routine is getting old.
Re:method (Score:2)
Re:method (Score:2, Informative)
Through outlook, and by the user downloading warez from Kazaa.
See this f-secure article [f-secure.com]
Re:Simple solution. (Score:2, Informative)
Re:My solution, presented years ago (Score:2)
There are way over one million IRC users today.
Re:My solution, presented years ago (Score:2)
Re:My solution, presented years ago (Score:2)
Re:My solution, presented years ago (Score:2)
No need to cut them off completely. What's clearly needed is some irc apartheid, where Macs can only talk to Macs, Linux boxes to their siblings, and Windows machines have to remain in their own Tribal Trustlands, far, far away from everyone else. Anyone found guilty of OS miscegenation will be publicly flogged and then outcast from their own OS community.
After ten years or so in this irc wilderness, songs will be written to Biko-like
Re:The majority of these worms, however... (Score:2)
identd is a bit past its time since the explosion of unix boxen that are administered by the very same end users. The age of trust(how silly) in the admins who run servers is long over.
Re:The majority of these worms, however... (Score:2, Interesting)
Name some good H4X0R t00lZ for windows. Not so easy, is it?
All the portscanners, eggdrops, warbots, and other bullshit is linux based.
I guarantee the fellow/group behind fizzer connects with his linux box to control all of his 7337 bots.
The windows users are the leghumpers who keep asking you "a/s/l".
So why ban the victims? Ban the jerks.
You should really ban any scriptable client to 'save IRC'. There are enough stupid
Re:The majority of these worms, however... (Score:2)
I use windows, and I advocate the change of IRC to at least ban the majority of script-based clients. Regardless of my views however, they are a far distance from that of a white supremecist; if you want to be recognized as having valid opinions, I suggest you stop making s
Re:Sure (Score:4, Insightful)
I mean, it propogates by dorks who download the exe and run it. If every Joe Dipshit ran linux, then it wouldn't change.
You'd just get a message box saying "you must install this hot sex program as root for the ultimate hot action!" and they'd happily comply.
Or people compiling or installing binaries without knowing what they are.
It's an exploit of the users, not so much the OS.
Re:Sure (Score:2, Insightful)
Ummm, and looking like windows xp is a good thing?
hehe (Score:2)
Re:Sure (Score:2)