Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Bug Operating Systems Software Windows

New Microsoft Worm Coming Soon? 497

Seft sent in a solid article running on the BBC discussing the next potential worm explosion on the heels of a recent Security Bulletin from Microsoft. The article is a somewhat general topic piece on worms in general.
This discussion has been archived. No new comments can be posted.

New Microsoft Worm Coming Soon?

Comments Filter:
  • by RobertB-DC ( 622190 ) * on Thursday September 18, 2003 @03:44PM (#6997796) Homepage Journal
    From the article:
    US computer security firm iDefense discovered the code being circulated from Chinese websites. It said some computers were already being broken into using the new exploit code.

    This puts a bit of a different spin on the previous story, in which Taiwan accused China [slashdot.org] of organizing a cyber-attack. I think this validates the position that Taiwan's government was simply disseminating a little cross-channel FUD... there may indeed be Chinese hackers trying to break into Taiwanese systems, but they're doing it on an ad-hoc basis, not as part of a government-sponsored attack.

    Think about it... you're a hacker in mainland China, and you want to attack someone. Do you go after your own government? Only if your family doesn't mind paying for the bullet [boycottmadeinchina.org] when you're convicted of espionage. Much safer to hit a country that your government wouldn't mind giving a black eye?

    Hackers in China... hey, it looks like China is the new Russia!
    • by ramzak2k ( 596734 ) on Thursday September 18, 2003 @03:50PM (#6997861)
      does this have anything to do with Microsoft opening up its code to China ?
      • by bigjocker ( 113512 ) * on Thursday September 18, 2003 @04:10PM (#6998094) Homepage
        Now that you mention it, probably.

        It's a lot easier to write a worm having the Windows' source code available. This bug came from China, and Microsoft has sent the source code to China ... maybe they should start looking for the Blaster writer over there ...

        Also, the last attack agains Taiwan by some chinese crackers may have something to do with this. Maybe Microsoft was right when they said that it would be a major security risk to publish the Windows source code.
      • by account_deleted ( 4530225 ) on Thursday September 18, 2003 @05:24PM (#6998698)
        Comment removed based on user account deletion
      • The assholes that wrote the exploit are one step above talentless script-kiddies. The hole is just a buffer overrun and the patch gives away exactly where it is. All they had to do was write code that stuffs the buffer, pushing executable code into another memory area.

        It's funny that you mention that it would be easier to hack the OS with the source code available. That's exactly why the chances of a zero-day exploit are higher on open source software than closed source. *OUCH*

        -Lucas

        • That's exactly why the chances of a zero-day exploit are higher on open source software than closed source. *OUCH*

          You've got a good point, except that it also means that someone can notice the problem and fix it. Besides, given the recent string of M$ security holes, wouldn't it be easier to just start throwing strings at all the services until one crashes? If throwing random data at a service crashes it, it's probably a good bet that there's another buffer overflow there. Apparently Microsoft doesn't
      • I wonder... (Score:3, Interesting)

        by dolson ( 634094 )
        I was just thinking... I bet Microsoft is getting people to write these worms that exploit these security holes in Windows a week after the patch is available... It helps dispell the "myth" that Windows is insecure and all that, and nicely places the blame on the sysadmins... "You didn't patch??? Too bad..." You know what I mean? "It's not Microsoft's fault; they had a patch out a week ago." Brilliant. Microsoft++
    • What leads you to believe that these are hackers "doing it on an ad-hoc basis, not as part of a government-sponsored attack"? If the Chinese government was behind it, I highly doubt they'd serve it up from official websites! If anything, I would think that what you pointed out might bolster Taiwan's claims...
    • by caluml ( 551744 ) <slashdot@spamgoe ... g ['ere' in gap]> on Thursday September 18, 2003 @03:57PM (#6997948) Homepage
      To be honest, I hope it just trashes boot sectors before writing random crap all over the hard drive. That might actually get the message through. All these soft viruses just make people think of it as an inconvenience. When something bad happens, people might just start sitting up and taking notice.

      Mod me down, troll/flamebait, I know.
      However, mod me up if you feel that this might make people start patching their systems.

      • by IM6100 ( 692796 ) <elben@mentar.org> on Thursday September 18, 2003 @04:04PM (#6998037)
        A worm/virus that trashes it's host doesn't do a good job of propagating. These sorts of programs can do so at a 'time bomb' setpoint, if the designer feels the virus/worm will have propagated widely by that time, of course.
      • by RobertB-DC ( 622190 ) * on Thursday September 18, 2003 @04:10PM (#6998092) Homepage Journal
        To be honest, I hope it just trashes boot sectors before writing random crap all over the hard drive. That might actually get the message through. All these soft viruses just make people think of it as an inconvenience. When something bad happens, people might just start sitting up and taking notice.

        You're thinking software, not biology.

        A virus like Ebola is bad news for its host. It spreads pretty easily and quickly causes violent, bloody death. But it kills its host so quickly that the host doesn't have time to infect anyone outside his immediate contacts, and the severe nature brings all Man's medical defenses to track the contagion to its source and eradicate it.

        The common cold is a virus, too. It causes relatively minor discomfort to its host, only killing a small number of previously weakened hosts. This gives the cold time to spread widely before it is detected, and by that time the infection can no longer be contained -- or even traced back to its original host.

        Early viruses were more Ebola-like, wiping out boot sectors, killing the host. But when was the last time you heard of a new infection by the Michelangelo virus [techtv.com]?

        Evolution, of a sort, has led to new viruses being more like the common cold -- annoying, but not deadly, and therefore common as a sneeze.
        • HIV (Score:5, Interesting)

          by Detritus ( 11846 ) on Thursday September 18, 2003 @04:32PM (#6998261) Homepage
          Another approach is to have a long incubation period, like HIV. It slowly multiplies over a long period of time before causing symptoms.

          A computer virus could wait several weeks before it nuked the hard drive.

          If I wrote a virus, I would add anti-tamper features so that removing the virus would also trash the system. The virus could encrypt selected parts of the hard drive and decrypt them on-the-fly when the operating system accessed those sections of the hard drive.

          • Re:HIV (Score:4, Insightful)

            by Nintendork ( 411169 ) on Thursday September 18, 2003 @05:02PM (#6998526) Homepage
            A computer virus could wait several weeks before it nuked the hard drive.

            A virus/worm that did this wouldn't make as big of a splash when the payload executes. Anti-virus companies would have updated virus defs out there within a day or two of distribution and a lot of people would become disinfected before the symptoms kicked in. Plus, the more damaging the payload, the wider the news will reach and people without anti-virus software would use free removal tools.

            -Lucas

            • Re:HIV (Score:3, Interesting)

              by bigfatlamer ( 149907 )
              But did you read the rest of the post? I agree...an incubation period would likely only work for the first wave of infected machines (if that) causing a low number of high profile destroyed machines. 30 seconds on one evening news program, if that.

              Contrast that with what the parent said which was that fucking with the virus, by trying to remove w/ an AV tool for instance, would cause it to drop its payload immediately and do whatever evil it was planning to do.

              NB that I know exactly fuck all about progr
            • Re:HIV (Score:4, Informative)

              by Daniel Phillips ( 238627 ) on Thursday September 18, 2003 @06:36PM (#6999214)
              Anti-virus companies would have updated virus defs out there within a day or two of distribution and a lot of people would become disinfected before the symptoms kicked in.

              You can't count on this any more, since the technique of downloading the actual rootkit from the web became popular. Virus companies can't possibly know every trojan that can be posted to a random web page and downloaded by the worm. Hence, "disinfecting" is going to become a more and more dubious proposition over time.

              Proper cleanup requires a full system reinstall, compile with all applications and utilities. Get too lazy to do that, and you're going to find out what a really subtle trojan can do.
              • Re:HIV (Score:3, Interesting)

                by Nintendork ( 411169 )
                Virus companies can't possibly know every trojan that can be posted to a random web page and downloaded by the worm.

                I encourage you to subscribe to some SecurityFocus mailing lists. We (White hats) analyze traffic trends and would notice any odd activity. We would analyze the data passing in the packets and see what exploit it's implementing. We'd then set up a honeypot so we could analyze an infected box, disassemble the virus, etc. and there would be updated virus defs as a result. All within one o

          • Re:HIV (Score:5, Interesting)

            by A_Non_Moose ( 413034 ) on Thursday September 18, 2003 @05:05PM (#6998543) Homepage Journal
            The virus could encrypt selected parts of the hard drive...

            What's really scary is this:

            Think of all the vbs worms/viruses, now mate that with windows scripting (similar to vbs, I think) and windows' abilty to encrypt the file system (built in functionality, right?).

            How hard would it be to, oh, say infect a system, encrypt the entire drive (or "my documents" or delete select files/user data), change the admin password, and reboot the system when done?

            I think that'd be the rudest awakening ever.

            I give it a year or so before it happens somewhere important, because some people never learn...esp Microsoft.
          • Re:HIV (Score:5, Interesting)

            by HiThere ( 15173 ) * <[ten.knilhtrae] [ta] [nsxihselrahc]> on Thursday September 18, 2003 @05:07PM (#6998572)
            Make that random parts of the system, and random *.doc files (and a few other extensions). Nobody would *dare* get rid of it. A bad system file can be replaced, but a bad doc file can be very bad.

            It might teach people about hierarchcical backups, but I doubt it.

        • I got the Michelangelo virus back in the day: One morning I came into work and there was paint all over my ceiling...

          Anyway, I believe the days of boot sector trashing viruses are over. It's much better to root and take control of a large number of systems than to indiscriminately destroy one or two. Recent discussion regarding the SoBig variants illustrates this point (ie, possible use as a Distributed SPAM engine). There are already numerous viruses out there which allow the perpetrator to orchestrat
        • To be honest, I hope it just trashes boot sectors before writing random crap all over the hard drive. That might actually get the message through. All these soft viruses just make people think of it as an inconvenience. When something bad happens, people might just start sitting up and taking notice.

          You're thinking software, not biology.

          A virus like Ebola is bad news for its host. It spreads pretty easily and quickly causes violent, bloody death. But it kills its host so quickly that the host doesn't h

      • by The_K4 ( 627653 ) on Thursday September 18, 2003 @04:12PM (#6998113)
        I'm waiting for the virus taht cause Windows XP to believe that it's not "activated" and cause hunders of thousnds of people to call to re-activeate their OS. :) Talk about DDoSing them. :)
      • To be honest, I hope it just trashes boot sectors before writing random crap all over the hard drive. That might actually get the message through. All these soft viruses just make people think of it as an inconvenience. When something bad happens, people might just start sitting up and taking notice.

        To be honest, that sort of worm isn't the one I would be worried about. The silent killer is going to be much more nasty, and it's a matter of time before somebody writes one (if they haven't already).

        Co

    • "Hackers in China... hey, it looks like China is the new Russia!"

      The New Russia is basically bandrupt, unlike China.

      Assuming you meant the new USSR, I don't think so. Remember the "one child" policy? Well, all those little princes are growning up. China might be a threat to the U.S. both economically and militarily -- but it is a different sort of threat. I'd tend to discount the military; which they are talking about reducing, and be more worried about "to be rich is glorious."

      On the other hand, mov
      • I'm sort of Buddhist, although I'm not so sure about Confucius. I ought to fit in, more or less.

        Hmmm... I think you'd better check the first few paragraphs of the link I found [boycottmadeinchina.org] for my original posting. Or, just pin a note to your back saying "Persecute Me".

        You made a good point, though:
        Remember the "one child" policy? Well, all those little princes are growning up.

        Yeah, and they don't have many princesses to marry. The one-child policy led to a very suspicious decrease in the number of baby girls, so
  • by brotherscrim ( 617899 ) on Thursday September 18, 2003 @03:45PM (#6997806) Journal
    ...Scientists predict the sun will rise tomorrow.
  • by Anonymous Coward on Thursday September 18, 2003 @03:46PM (#6997808)

    on the heals of a recent Security Bulletin from Microsoft

    Apparently, the worm infects the user's grammar-checker, rendering it inoperable.

    • by RobertB-DC ( 622190 ) * on Thursday September 18, 2003 @03:57PM (#6997937) Homepage Journal
      I tried it in M$ Word, and here's what Clippy told me:

      . . . explosion on the heals of a recent Security Bulletin...
      Clippy: Order of Words (consider revising)

      Applying typical Slashdot editorial standards, I tried this:

      . . . explosion on heals the of a recent Security Bulletin...
      Clippy: Order of Words (consider revising)

      Crap, let's try again.

      . . . explosion on heals of the a recent Security Bulletin...
      Clippy: Remove "the" or "a"

      I think we got it:

      Seft sent in a solid article running on the BBC discussing the next potential worm explosion on heals of the recent Security Bulletin from Microsoft. The article is a somewhat general topic piece on worms in general.
      Clippy: turns into a bicycle and rides into the distance

      Alright! Let's post!
    • Apparently Microsoft security bulletins are a faith-healer type religious experience... almost like an exorcism where the sysadmin slaps the computer on the forehead and says "demons be gone".
  • The thing is... (Score:3, Insightful)

    by Meat Blaster ( 578650 ) on Thursday September 18, 2003 @03:46PM (#6997809)
    We've had plenty of warning about this, so it's only the criminally unprepared that will be hit right?

    No excuse on this one. It's not like Blaster happened eons ago, and this is virtually the same type of flaw. Patch your systems.

    • If you do not have time to patch all of your systems, disable the ports that these services run on by default and forward them for trusted hosts (which could get infected and spread to you...). You are better off disabling services than trying to patch every end user.
    • Lets just hope microsoft doesn't break their own patch like they did last time [dell.com].
    • by toupsie ( 88295 ) on Thursday September 18, 2003 @04:08PM (#6998072) Homepage
      Well, if the only thing you are doing is running AIM, IE and Kazaa, I would agree. However if you work in an environment with mission critical apps that cannot fail, you can't just simply "patch your systems". You must test, test and retest.

      Start thinking of us that operate in the real world. Cocky statements like "We've had plenty of warning about this, so it's only the criminally unprepared that will be hit right" sound outright stupid. The patch was released last Wednesday. To coordinate business departments, users and techincal staff along with testing requirements doesn't happen overnight. You do your best to patch as fast as possible and take steps to add a firewall layer but you have to deal with business requirements. Switching from Microsoft won't solve this problem either....OpenSSH anyone?

      However, I don't mind Microsoft security problems, it keeps food on my table.

  • by dillon_rinker ( 17944 ) on Thursday September 18, 2003 @03:46PM (#6997814) Homepage
    ...that the next worm explosion heals the recent Microsoft Security Bulletin. That will be a welcome change, coming on the heels of the last big Microsoft worm.
  • Great (Score:3, Insightful)

    by Anonymous Coward on Thursday September 18, 2003 @03:47PM (#6997828)
    So more companys like Air Canada can get hit and blame it on the worm makers, yet never blame it on there stupid IT department that had three weeks to patch the system and never did.
    • Re:Great (Score:2, Insightful)

      by El ( 94934 )
      And despite the fact that kevlar vests have been out for years, people are still being killed or injured by being shot in the chest, and they still blame it on the shooters! Amazing!


      Maybe, just maybe, the IT department was too busy reseting passwords every time a user forgot their password to patch thousands of systems? Or perhaps their managers refused to pay for the overtime that would be required because they beleived the M$ party line they their systems were now "Trustworthy Computing" secure?

      • Yeah, if it weren't for the end users, it would really easy to patch computers every time an exploit was announced. Although....then there wouldn't be any computers...now I'm confused!!!

        In other news: disabling incoming connections via NAT or Proxies is sure-fire way to stop exploits.
  • 1993? (Score:5, Funny)

    by StingRayGun ( 611541 ) * <ryanrray@gmaEULERil.com minus math_god> on Thursday September 18, 2003 @03:48PM (#6997837)

    "Malicious hackers are starting to circulate computer code that exploits recently found vulnerabilities"

    Starting? When was this article written 1993?

  • Gee thats like say new windows security patch coming soon

  • by Anonymous Coward on Thursday September 18, 2003 @03:48PM (#6997840)
    All my friends and family use Worm 9.0! It's easier than ever!
  • Am i the only one? (Score:5, Interesting)

    by madcoder47 ( 541409 ) * <development@@@madcoder...net> on Thursday September 18, 2003 @03:49PM (#6997851) Homepage Journal
    Am I the only one who noticed that the woman in the BBC Article's picture (directly above the "The MSBlast worm hit some users hard" Caption text) is using an old mac, and therefore, is not struggling with the MSBlast worm?

    The power button and display/contrast knobs on the side of the monitor give it away....

    Also, from the article: "But viruses that take advantage of new found flaws in the chunk of computer code exploited by MSBlast look set to arrive even sooner." -- Does this mean that even though microsoft cleaned up the code that was used by MSBlast as a backdoor, they still overlooked some code in the same region?
  • *Sigh* (Score:5, Funny)

    by r_glen ( 679664 ) * on Thursday September 18, 2003 @03:49PM (#6997859)
    Its a shame the only people who read these articles are the ones who aren't affected in the first place.
    • Re: *Sigh* (Score:3, Interesting)

      by Black Parrot ( 19622 )


      > Its a shame the only people who read these articles are the ones who aren't affected in the first place.

      Nope, the rest of us will have our network service will be degraded due to all the worm traffic.

      ...at least until ISPs start kicking infected machines of the 'net, at which point we might actually see a network speedup.

  • Already Here (Score:4, Interesting)

    by Fletch ( 6903 ) <fletch@pobox.cPASCALom minus language> on Thursday September 18, 2003 @03:50PM (#6997862) Homepage
    According to C|Net's News.com.com [com.com], two new woms have surfaced exploiting a 2 year old hole [microsoft.com] in IE 5.x.
  • Where's the update? (Score:5, Interesting)

    by lord_dragonsfyre ( 89589 ) on Thursday September 18, 2003 @03:50PM (#6997869) Homepage
    Okay, I've read about three emails so far, plus this article, about this new security hole. So of course, I go to download the patch.

    And there is no patch. Headed to http://windowsupdate.microsoft.com, hit Scan for Updates.... nothing shows under Critical Updates.

    Anyone know what's up with this?

    James.
  • by alexmogil ( 442209 ) on Thursday September 18, 2003 @03:51PM (#6997878) Homepage Journal
    So now there will be:

    A pre-worm article

    A current worm article

    And a post-worm article?

    Essentially three times the FUD, bashing, turfing, and... well, slashdot.

  • by ncc74656 ( 45571 ) <scott@alfter.us> on Thursday September 18, 2003 @03:52PM (#6997882) Homepage Journal
    My suspected-spam file had something like 50-60 new messages in it since last night. Except for one Nigerian-scam message, they all claimed to be security fixes from Microsoft (how original of them :-| ). I saved the attachment from one of them and let Nortan Antivirus take a look at it. It didn't identify any virus (even after updating signatures), but it has to be malware of some sort that just hasn't been cataloged yet.
    • Its a new mail-worm. I've gotten it delivered in both dumbass-execute-the-patch and mime-exploit flavors.

      NAI has new defs that cover it now, and I assume all other others do too.
      • by ncc74656 ( 45571 ) <scott@alfter.us> on Thursday September 18, 2003 @04:17PM (#6998151) Homepage Journal
        NAI has new defs that cover it now, and I assume all other others do too.

        Just checked with Symantec...while the updated defs aren't available through LiveUpdate, they are available by downloading the Intelligent Updater. How smart of them...instead of sending out a couple hundred K, they force people to download 4 megs each until next Wednesday. It's their bandwidth, I suppose...

        (I reran NAV after getting today's defs...it identified the file as containing Worm.Automat.AHB. SARC says nothing informative about it, but F-Secure says the following:

        There is no virus known to us by this name. However, Norton Anti-Virus uses names like W97M.Automat.A to name viruses which have been detected automatically.

        Another 5-10 copies arrived since my last post...busy little fscker, isn't it? Rabbits don't breed this rapidly.

  • Related? (Score:3, Interesting)

    by Yoda2 ( 522522 ) on Thursday September 18, 2003 @03:53PM (#6997894)
    Not sure if it's related, but I've gotten this freaking thing [symantec.com] about 10 times today. It's brand new and claims to be a Windows patch. I can easily see how a n00b would open it.

    Only the latest virus definitions catch this thing.

  • New Microsoft Worm Coming Soon?

    No. Blaster was it. We're out of worms. Try the fish.
  • Here they come.... (Score:2, Interesting)

    by mgarriss ( 615232 )

    Microsoft User

    this is the latest version of security update, the "September 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to maintain the security of your computer. This update includes the functionality of all previously released patches.

    I've received about 20 (with some variation) of these in the last few hours. Strange because SoBig igno

  • Steve Ballmer unleashed his worm to unsuspecting young ladies all over North America....
    "WHO SAID SIT DOWN!?"
  • The Sun is scheduled to rise in the east tomorrow morning...

  • Curious. (Score:2, Interesting)

    by Chompster ( 97289 )
    "US computer security firm iDefense discovered the code being circulated from Chinese websites."

    Chinese websites, as in from mainland China, or from Hong Kong?

    If it is Hong Kong; then perhaps it is the same fellows that run the bootleg operations. Oddly, it doesn't seem that the new Chinese rule has done anything to stop this. I guess crimes against the US and other world nations and their computer systems don't count for as much as saying that thuggish tyrants shouldn't rule.

    Mainland, on the other hand,
  • What patch? (Score:2, Funny)

    by nlangille ( 700199 )
    Either MS is stupid and hasn't put up the patch for win2k pro yet, or I got this ages ago.
  • the media... (Score:2, Insightful)

    by Anonymous Coward
    I think it's another blatant attempt by the media to instill fear in the public about the notion of another huge worm attack on people's computers. I guess the BBC wants credit for the "We said it here first people" catch phrase, then why not have the BBC post an article warning about "The countdown to the next Windows security hole has begun" (I'll start a pool to see who correctly date when a new security hole is found), or the next version update of the Apache webserver long before anyone else can or do
  • by immel ( 699491 ) on Thursday September 18, 2003 @03:58PM (#6997963)
    "Windows 98, Windows 98 Second Edition (SE), and Windows 95 also are not affected by this issue."
    So we can save ourselves by downgrading to previous windows versions? Or is this just a shameless plug?
    "However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions."
    Yup. It's a plug for newer, even more vunerable software, alright.
    • by calethix ( 537786 ) on Thursday September 18, 2003 @04:13PM (#6998126) Homepage
      I laughed when I read that

      "However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions."

      Does MS really expect the average Win95/98 user to read that and think 'Oh! I better go out and get me a copy of that Winders XP. It may have viruses and worms but at least I'll be supported.'
  • Happy worms (Score:4, Funny)

    by GillBates0 ( 664202 ) on Thursday September 18, 2003 @03:58PM (#6997968) Homepage Journal
    MSBlast many worms, which travel round the net by themselves, were happy simply to swamp net connections with traffic as they searched for new servers and computers to infect.

    Tra la la ...we're goin' 'round the good ole 'net.
    hey guys looky there, a new network let's swamp it, I say
    *swamp swamp swamp*
    ha ha ha ha ha ho ho ho ho ho hee he he he what fun!

    *happy singing*
    here we go around the good ole net
    good ole net
    good old net

    hi fellas, guess what I found! A nice clean M$ server
    Yaaaay!!!
    Here we go *infect infect infect*
    Haa ha ha ha ho ho ho ho hee hee hee hee What fun!

  • by Houn ( 590414 )
    After reading this article, I immediately checked WindowsUpate... only to find I installed this already a few days ago. This is the positive side of the Auto-updater, being able to set it to tell you when there are new updates available.

    I'd never set it to auto-update, and I sincerely hope it never gets forced upon me. But as long as the company I work for has a know-nothing IT guy and a reliance on windows-only software, I guess I'll have to live with patching my 2K install.

    (Though don't tell my boss,
  • New Worm (Score:5, Funny)

    by seangw ( 454819 ) <seangw&seangw,com> on Thursday September 18, 2003 @03:59PM (#6997974) Homepage
    There's a new worm out there that exploits a security hole still in Windows 2k/XP from when it was released.

    It has the capability to shut down applications, goes right through anti-virus software (even the latest patches!!!), and gives total control of the victim computer to the creator of the worm.

    An attempt by the powers that be to shut down it's source of updates was thwarted by various government agencies and the worm itself.

    Unfortunately there is no patch to get rid of the W32.MS.AutoUpdateRequired worm.
  • Ironic (Score:5, Interesting)

    by MrEnigma ( 194020 ) on Thursday September 18, 2003 @04:03PM (#6998028) Homepage
    I think it's kind of ironic...on their page it goes through the products affected, NT, XP, etc.

    And then they say Windows Me is not affected, not is 98, or 95, but you should upgrade to the newest versions. To the end user, that would kind of be like, I could upgrade to the newest versions, and then be vulnerable to all of this...why would I.

    Just thought it was funny.
  • Somewhat (Score:3, Funny)

    by JordanH ( 75307 ) on Thursday September 18, 2003 @04:03PM (#6998029) Homepage Journal
    • The article is a somewhat general topic piece on worms in general.
    Since General Wesley Clark has entered the general Democratic field for the next general election, it's been generally assumed that general technical issues like this one would be handled with somewhat general ease by applying the general security practices to used by the general public, in general.
  • by bernz ( 181095 ) on Thursday September 18, 2003 @04:05PM (#6998046) Homepage
    just to help things along, here's the exploit that the worm will use.

    http://www.k-otik.com/exploits/09.16.MS03-039-ex p. c.php



    i'd post the code, but /. won't let me.

  • by lithis ( 5679 ) <sd AT selg DOT hethrael DOT org> on Thursday September 18, 2003 @04:28PM (#6998227) Homepage
    i'm sure all the macintosh users were as frusterated as her.
  • by digime ( 681824 ) on Thursday September 18, 2003 @04:36PM (#6998283)

    From Microsoft:

    Note Windows 98, Windows 98 Second Edition (SE), and Windows 95 also are not affected by this issue. However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions.

    WTF? How this translates to me - "If your computer is immune from these new strains of virii you are strongly encouraged to make it vulnerable."

  • by Sloppy ( 14984 ) * on Thursday September 18, 2003 @05:05PM (#6998548) Homepage Journal
    Typical. Pre-announcing vaporware just to hurt competitors' sales.
  • by Pvt_Waldo ( 459439 ) on Thursday September 18, 2003 @05:40PM (#6998787)
    ...is not spend your tmie ranting about how evil MS is or how bad or what not.

    Spend your time and energy making sure everyone patches. This is so simple to beat. Just patch.
  • by dodell ( 83471 ) <dodell@sTEAitetronics.com minus caffeine> on Thursday September 18, 2003 @06:14PM (#6999057) Homepage
    I've already been getting emails for 3 days with crap from 'Microsoft' and people sending me the patches in .exe form... like I'd trust that.

    But thankfully, I run FreeBSD and don't have to deal with that crap. Just the email overflow :P.
  • by ralphus ( 577885 ) on Thursday September 18, 2003 @09:01PM (#7000380)
    I've said it before, and I'll say it again. The current array of worms making the rounds on the Internet are pretty fundamentally simple worms and not much more than teenagers throwing eggs at the wall on a large scale. Blaster was crashing systems because of it's sloppy coding, it wasn't even doing damage other than eating up resources and planning on attacking MS (which it stupidly did based on DNS entry and then even the WRONG ONE).

    Worms today all have limited vision in what they can do and a greedy philosophy which results in limiting their possible damage.

    I'm one of the good guys, but I can certainly see the potential that an evil genius can do. Please read these two papers and get a idea of what is possibly coming.

    Warhol Worms [berkeley.edu]

    Curious Yellow [blanu.net]

  • Sell it! (Score:3, Funny)

    by KC7GR ( 473279 ) on Friday September 19, 2003 @05:27AM (#7002271) Homepage Journal
    AP WIRE(less), 18-Sep-03. Microsoft Corporation president Steve 'Balmy' Ballmer announced today the formation of a new subdivision of the company which will specialize in the production and marketing of exploits for the Windows operating system.

    "All we're doing is catering to existing demand" Ballmer said during a press conference. "People want this stuff as much as they want Windows, and we're the best choice to make the exploits available. After all, we know better than anyone how many bugs are in our own code..."

    The first official release of the Windows Exploit Advantage Kit, or WEAK, is scheduled to take place on December 42nd. When questioned about the date, Mr. Ballmer had this to say; "It's our way of honoring the late Douglas Adams. Even if that weren't enough, it turns out that the number of bugs in Windows, divided by half the number of years before our sun goes nova, equals exactly 42. What could be more appropriate for a release date...?"

You know you've landed gear-up when it takes full power to taxi.

Working...