New Microsoft Worm Coming Soon? 497
Seft sent in a solid article running on the BBC discussing the next potential worm explosion on the heels of a recent
Security Bulletin from Microsoft. The article is a somewhat general topic piece on worms in general.
The Amazing Flying Hackers of China! (Score:5, Interesting)
US computer security firm iDefense discovered the code being circulated from Chinese websites. It said some computers were already being broken into using the new exploit code.
This puts a bit of a different spin on the previous story, in which Taiwan accused China [slashdot.org] of organizing a cyber-attack. I think this validates the position that Taiwan's government was simply disseminating a little cross-channel FUD... there may indeed be Chinese hackers trying to break into Taiwanese systems, but they're doing it on an ad-hoc basis, not as part of a government-sponsored attack.
Think about it... you're a hacker in mainland China, and you want to attack someone. Do you go after your own government? Only if your family doesn't mind paying for the bullet [boycottmadeinchina.org] when you're convicted of espionage. Much safer to hit a country that your government wouldn't mind giving a black eye?
Hackers in China... hey, it looks like China is the new Russia!
Re:The Amazing Flying Hackers of China! (Score:5, Interesting)
Re:The Amazing Flying Hackers of China! (Score:5, Interesting)
It's a lot easier to write a worm having the Windows' source code available. This bug came from China, and Microsoft has sent the source code to China
Also, the last attack agains Taiwan by some chinese crackers may have something to do with this. Maybe Microsoft was right when they said that it would be a major security risk to publish the Windows source code.
Re:The Amazing Flying Hackers of China! (Score:5, Funny)
Friend, you mean, "Even if you do learn to speak correct English, to whom are you going to speak it? -- Clarence Darrow"
Treason or perjury? (Score:4, Insightful)
So, was it perjury or treason? You decide.
Either way it's not a set of ethics that would induce me to resume business with them ... ever.
Comment removed (Score:4, Funny)
Re:The Amazing Flying Hackers of China! (Score:3, Interesting)
It's funny that you mention that it would be easier to hack the OS with the source code available. That's exactly why the chances of a zero-day exploit are higher on open source software than closed source. *OUCH*
-Lucas
Re:The Amazing Flying Hackers of China! (Score:3, Interesting)
You've got a good point, except that it also means that someone can notice the problem and fix it. Besides, given the recent string of M$ security holes, wouldn't it be easier to just start throwing strings at all the services until one crashes? If throwing random data at a service crashes it, it's probably a good bet that there's another buffer overflow there. Apparently Microsoft doesn't
I wonder... (Score:3, Interesting)
Re:Welcome (Score:5, Funny)
With that attitude, the movie Dune would have been a lot more boring.
Re:The Amazing Flying Hackers of China! (Score:2)
Re:The Amazing Flying Hackers of China! (Score:5, Insightful)
Mod me down, troll/flamebait, I know.
However, mod me up if you feel that this might make people start patching their systems.
Re:The Amazing Flying Hackers of China! (Score:5, Insightful)
Re:The Amazing Flying Hackers of China! (Score:5, Funny)
What would be a good value for x?
X would clearly be PC dependent for optimum worm spread. An obvious thing would be to deliver the fatal payload after the infection had spread to, say, 15 other PC's. This would cause exponential spread until the number of vulnerable machines became limiting.
But thats *boring*. A much more twisted & evil thing to do would be to deliver a payload at a mission-critical point. For example, after MS Word had been used excessively over a few days, and the word CONCLUSION was typed in.
Re:The Amazing Flying Hackers of China! (Score:5, Interesting)
True. It would have to run for x hours, trying to infect other hosts before "delivering its payload".
What would be a good value for x? When the critical mass has been infected obviously.
You can take the payload and split it up into "n" smaller chunks, then infect "n" initial machines with your virus each with only a small part of the payload. Then every time a virus infects a new host it splits it's payload in half until it's down to one byte/bit/whatever, then it just copies it's payload. When it finds another machine thats already infected, they both give each other their own payload.
If the other side have data that conflicts with your own, throw theirs away to prevent poisoning
So when there are lots of hosts to infect around the world, the payload gets split up, but it's not until almost all the machines are infected that the payload starts being reassembled.
If the payload is encrypted in such a way that you need the entire payload to decrypt the entire thing, then Antivirus researchers can't tell what the payload is going to do before it actually occurs.
You probably want to make sure that there are multiple copies of the initial data in case machines get cleaned that contain the only copy of one bit or so.
We need to organise things like automated detection of abnormal network activity, and some kind of automated way to slow down (but perhaps not stop -- you're not sure if it is an actual virus) the flow of virulent activity.
A technique like this could be used for something like Freenet to hide information until everyone has the information, then release it.
Survival for Virus: Don't Kill Your Host (Score:5, Interesting)
You're thinking software, not biology.
A virus like Ebola is bad news for its host. It spreads pretty easily and quickly causes violent, bloody death. But it kills its host so quickly that the host doesn't have time to infect anyone outside his immediate contacts, and the severe nature brings all Man's medical defenses to track the contagion to its source and eradicate it.
The common cold is a virus, too. It causes relatively minor discomfort to its host, only killing a small number of previously weakened hosts. This gives the cold time to spread widely before it is detected, and by that time the infection can no longer be contained -- or even traced back to its original host.
Early viruses were more Ebola-like, wiping out boot sectors, killing the host. But when was the last time you heard of a new infection by the Michelangelo virus [techtv.com]?
Evolution, of a sort, has led to new viruses being more like the common cold -- annoying, but not deadly, and therefore common as a sneeze.
HIV (Score:5, Interesting)
A computer virus could wait several weeks before it nuked the hard drive.
If I wrote a virus, I would add anti-tamper features so that removing the virus would also trash the system. The virus could encrypt selected parts of the hard drive and decrypt them on-the-fly when the operating system accessed those sections of the hard drive.
Re:HIV (Score:4, Insightful)
A virus/worm that did this wouldn't make as big of a splash when the payload executes. Anti-virus companies would have updated virus defs out there within a day or two of distribution and a lot of people would become disinfected before the symptoms kicked in. Plus, the more damaging the payload, the wider the news will reach and people without anti-virus software would use free removal tools.
-Lucas
Re:HIV (Score:3, Interesting)
Contrast that with what the parent said which was that fucking with the virus, by trying to remove w/ an AV tool for instance, would cause it to drop its payload immediately and do whatever evil it was planning to do.
NB that I know exactly fuck all about progr
Re:HIV (Score:4, Informative)
You can't count on this any more, since the technique of downloading the actual rootkit from the web became popular. Virus companies can't possibly know every trojan that can be posted to a random web page and downloaded by the worm. Hence, "disinfecting" is going to become a more and more dubious proposition over time.
Proper cleanup requires a full system reinstall, compile with all applications and utilities. Get too lazy to do that, and you're going to find out what a really subtle trojan can do.
Re:HIV (Score:3, Interesting)
I encourage you to subscribe to some SecurityFocus mailing lists. We (White hats) analyze traffic trends and would notice any odd activity. We would analyze the data passing in the packets and see what exploit it's implementing. We'd then set up a honeypot so we could analyze an infected box, disassemble the virus, etc. and there would be updated virus defs as a result. All within one o
Re:HIV (Score:5, Interesting)
What's really scary is this:
Think of all the vbs worms/viruses, now mate that with windows scripting (similar to vbs, I think) and windows' abilty to encrypt the file system (built in functionality, right?).
How hard would it be to, oh, say infect a system, encrypt the entire drive (or "my documents" or delete select files/user data), change the admin password, and reboot the system when done?
I think that'd be the rudest awakening ever.
I give it a year or so before it happens somewhere important, because some people never learn...esp Microsoft.
Re:HIV (Score:5, Interesting)
It might teach people about hierarchcical backups, but I doubt it.
Re:Survival for Virus: Don't Kill Your Host (Score:3, Insightful)
Anyway, I believe the days of boot sector trashing viruses are over. It's much better to root and take control of a large number of systems than to indiscriminately destroy one or two. Recent discussion regarding the SoBig variants illustrates this point (ie, possible use as a Distributed SPAM engine). There are already numerous viruses out there which allow the perpetrator to orchestrat
Re:Survival for Virus: Don't Kill Your Host (Score:3, Interesting)
Re:The Amazing Flying Hackers of China! (Score:5, Interesting)
Re:The Amazing Flying Hackers of China! (Score:3, Insightful)
To be honest, that sort of worm isn't the one I would be worried about. The silent killer is going to be much more nasty, and it's a matter of time before somebody writes one (if they haven't already).
Co
Re:The Amazing Flying Hackers of China! (Score:3, Insightful)
Re:The Amazing Flying Hackers of China! (Score:2)
The New Russia is basically bandrupt, unlike China.
Assuming you meant the new USSR, I don't think so. Remember the "one child" policy? Well, all those little princes are growning up. China might be a threat to the U.S. both economically and militarily -- but it is a different sort of threat. I'd tend to discount the military; which they are talking about reducing, and be more worried about "to be rich is glorious."
On the other hand, mov
Re:The Amazing Flying Hackers of China! (Score:3, Interesting)
Hmmm... I think you'd better check the first few paragraphs of the link I found [boycottmadeinchina.org] for my original posting. Or, just pin a note to your back saying "Persecute Me".
You made a good point, though:
Remember the "one child" policy? Well, all those little princes are growning up.
Yeah, and they don't have many princesses to marry. The one-child policy led to a very suspicious decrease in the number of baby girls, so
Re:OT: Unofficial Hostility in "Cyber Space" (Score:3, Insightful)
Re:OT: Unofficial Hostility in "Cyber Space" (Score:5, Insightful)
constantly improving
Over the long haul, yes.
But there were some points of tension when the U.S. cruddy intelligence led to the mistaken bombing of the Chinese embassy in Belgrade, and when a U.S. spyplane flying off the coast made an emergency landing on a Chinese island.
Meanwhile, the government there is learning that it can divert attention from inconvenient issues (like corruption between the military and industry, lack of an open democratic process) by exploiting nationalistic sentiment (We vs They).
This is in the same grand tradition that is done in the United States and in Russia, so the rest of the world can feel safe knowing that all 3 of the largest nuclear superpowers are populated by emotional peasants.
Re:OT: Unofficial Hostility in "Cyber Space" (Score:3, Funny)
I'm sure GWBush is despreatly looking for an "evil nation" that can "bring it on".
But then I find US and China having any kind of hostility highly unlikely.
China exports so much to the US that they'd fall over backwards and cry if the US put on a trade embargo. No shots need to be fired.
Re:OT: Unofficial Hostility in "Cyber Space" (Score:2, Insightful)
Re:OT: Unofficial Hostility in "Cyber Space" (Score:5, Insightful)
Re:The Amazing Flying Hackers of China! (Score:5, Funny)
I just happen to have a TRS-80 Level II Basic program in front of me:
10 Data "China", "yes", "yes", "Iraq", "yes", "no"
20 Read Country$, Bad$, Nuke$
30 If Bad$ = "yes" then Print "We must deal with "; Country$
40 If Bad$ = "yes" and Nuke$ = "no" then Print "Invade Evil "; Country$; "!!!"
50 If Bad$ = "yes" and Nuke$ = "yes" then Print "We will constructively engage "; Country$; " with trade."
60 GOTO 20
In other news... (Score:5, Funny)
Re:In other news... (Score:5, Funny)
I live in the east cost, insensitive clod !
Re:In other news... (Score:2, Funny)
Apparently the hurricane situation is much worse then I had imagined, if your living in the east coast.
Worm's Target (Score:5, Funny)
on the heals of a recent Security Bulletin from Microsoft
Apparently, the worm infects the user's grammar-checker, rendering it inoperable.
Re:Worm's Target (Score:5, Funny)
. . . explosion on the heals of a recent Security Bulletin...
Clippy: Order of Words (consider revising)
Applying typical Slashdot editorial standards, I tried this:
. . . explosion on heals the of a recent Security Bulletin...
Clippy: Order of Words (consider revising)
Crap, let's try again.
. . . explosion on heals of the a recent Security Bulletin...
Clippy: Remove "the" or "a"
I think we got it:
Seft sent in a solid article running on the BBC discussing the next potential worm explosion on heals of the recent Security Bulletin from Microsoft. The article is a somewhat general topic piece on worms in general.
Clippy: turns into a bicycle and rides into the distance
Alright! Let's post!
Re:Worm's Target (Score:3, Funny)
The thing is... (Score:3, Insightful)
No excuse on this one. It's not like Blaster happened eons ago, and this is virtually the same type of flaw. Patch your systems.
Re:The thing is... (Score:2)
Re:The thing is... (Score:2)
Mod the college student down... (Score:5, Insightful)
Start thinking of us that operate in the real world. Cocky statements like "We've had plenty of warning about this, so it's only the criminally unprepared that will be hit right" sound outright stupid. The patch was released last Wednesday. To coordinate business departments, users and techincal staff along with testing requirements doesn't happen overnight. You do your best to patch as fast as possible and take steps to add a firewall layer but you have to deal with business requirements. Switching from Microsoft won't solve this problem either....OpenSSH anyone?
However, I don't mind Microsoft security problems, it keeps food on my table.
Re:Mod the college student down... (Score:5, Insightful)
You're right about having to test a lot when applying patches in such an environment.
However, applying two ten line, plain text, patches on OpenSSH is a slightly more deterministic procedure than installing the lastet five megabyte patch from Microsoft.
Re:Mod the college student down... (Score:5, Funny)
I have to ask, why the hell would you be running anything remotely "mission critical" on windows in the first place???
Re:The thing is... (Score:4, Insightful)
* Someone mod this guy up - it's no troll.
I think its a crock of shit that patches to Windoze require you to agree to things that you didn't when you originally bought the operating system. Make it the same as a car recall, where the responsibility and liability falls squarely on Microsoft to fix a defective product at their expense, not ours.
What you're saying makes complete sense. The fact that it is legal for Microsoft to change the agreement they have with the end user just because the user is trying to keep their system up to date is outrageous.
I believe a number of the security flaws (including Blaster) can be averted by using firewall software to block all ports except those you need (eg. the RPC port).
I love it that all the Linux boxes I take care of haven't had a lick of problem since they've been set up. Blaster came and went and they didn't need any updates or reboots. Just glorious.
Re:The thing is... (Score:3, Informative)
Service Packs and Patches are the same thing: They provide updates to your software. Microsoft can call them whatever they want. They will always be patches.
To your last comment: I have switched, almost at 100% now with that as my goal.
Thank goodness... (Score:5, Funny)
Great (Score:3, Insightful)
Re:Great (Score:2, Insightful)
Maybe, just maybe, the IT department was too busy reseting passwords every time a user forgot their password to patch thousands of systems? Or perhaps their managers refused to pay for the overtime that would be required because they beleived the M$ party line they their systems were now "Trustworthy Computing" secure?
Re:Great (Score:2)
In other news: disabling incoming connections via NAT or Proxies is sure-fire way to stop exploits.
1993? (Score:5, Funny)
"Malicious hackers are starting to circulate computer code that exploits recently found vulnerabilities"
Starting? When was this article written 1993?
New Microsoft Worm Coming Soon! (Score:2, Funny)
Gee thats like say new windows security patch coming soon
New Worm 9.0! (Score:5, Funny)
Am i the only one? (Score:5, Interesting)
The power button and display/contrast knobs on the side of the monitor give it away....
Also, from the article: "But viruses that take advantage of new found flaws in the chunk of computer code exploited by MSBlast look set to arrive even sooner." -- Does this mean that even though microsoft cleaned up the code that was used by MSBlast as a backdoor, they still overlooked some code in the same region?
Re:Am i the only one? (Score:2)
Re:Am i the only one? (Score:2)
Re:Am i the only one? (Score:5, Funny)
The virus turns your PC into a Mac?! Now that's a creative way to hit users hard.
*Sigh* (Score:5, Funny)
Re: *Sigh* (Score:3, Interesting)
> Its a shame the only people who read these articles are the ones who aren't affected in the first place.
Nope, the rest of us will have our network service will be degraded due to all the worm traffic.
Already Here (Score:4, Interesting)
Where's the update? (Score:5, Interesting)
And there is no patch. Headed to http://windowsupdate.microsoft.com, hit Scan for Updates.... nothing shows under Critical Updates.
Anyone know what's up with this?
James.
Re:Where's the update? (Score:5, Informative)
Patch: here [microsoft.com]. (For XP...this and the rest of the patches are also linked on the above page.)
Scan tool: here [microsoft.com].
Re:Where's the update? (Score:5, Funny)
Of course, if you're using Linux and you go to the Windows Update site, you won't find any critical updates for your system there either.
Re:Where's the update? (Score:2)
New slashdot pattern: 3 articles per MS Virus/Bug? (Score:5, Funny)
A pre-worm article
A current worm article
And a post-worm article?
Essentially three times the FUD, bashing, turfing, and... well, slashdot.
I think there's already something new going around (Score:5, Interesting)
Re:I think there's already something new going aro (Score:2)
NAI has new defs that cover it now, and I assume all other others do too.
Re:I think there's already something new going aro (Score:5, Informative)
Just checked with Symantec...while the updated defs aren't available through LiveUpdate, they are available by downloading the Intelligent Updater. How smart of them...instead of sending out a couple hundred K, they force people to download 4 megs each until next Wednesday. It's their bandwidth, I suppose...
(I reran NAV after getting today's defs...it identified the file as containing Worm.Automat.AHB. SARC says nothing informative about it, but F-Secure says the following:
Another 5-10 copies arrived since my last post...busy little fscker, isn't it? Rabbits don't breed this rapidly.
Related? (Score:3, Interesting)
Only the latest virus definitions catch this thing.
Re:Related? (Score:2)
Well... (Score:2)
No. Blaster was it. We're out of worms. Try the fish.
Here they come.... (Score:2, Interesting)
I've received about 20 (with some variation) of these in the last few hours. Strange because SoBig igno
In Other News... (Score:2)
"WHO SAID SIT DOWN!?"
And in other news... (Score:2, Funny)
Curious. (Score:2, Interesting)
Chinese websites, as in from mainland China, or from Hong Kong?
If it is Hong Kong; then perhaps it is the same fellows that run the bootleg operations. Oddly, it doesn't seem that the new Chinese rule has done anything to stop this. I guess crimes against the US and other world nations and their computer systems don't count for as much as saying that thuggish tyrants shouldn't rule.
Mainland, on the other hand,
What patch? (Score:2, Funny)
the media... (Score:2, Insightful)
Products NOT affected... (Score:5, Funny)
Re:Products NOT affected... (Score:5, Insightful)
"However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions."
Does MS really expect the average Win95/98 user to read that and think 'Oh! I better go out and get me a copy of that Winders XP. It may have viruses and worms but at least I'll be supported.'
Happy worms (Score:4, Funny)
Tra la la ...we're goin' 'round the good ole 'net.
hey guys looky there, a new network let's swamp it, I say
*swamp swamp swamp*
ha ha ha ha ha ho ho ho ho ho hee he he he what fun!
*happy singing*
here we go around the good ole net
good ole net
good old net
hi fellas, guess what I found! A nice clean M$ server
Yaaaay!!!
Here we go *infect infect infect*
Haa ha ha ha ho ho ho ho hee hee hee hee What fun!
Praise for Auto-Update? (Score:2, Interesting)
I'd never set it to auto-update, and I sincerely hope it never gets forced upon me. But as long as the company I work for has a know-nothing IT guy and a reliance on windows-only software, I guess I'll have to live with patching my 2K install.
(Though don't tell my boss,
New Worm (Score:5, Funny)
It has the capability to shut down applications, goes right through anti-virus software (even the latest patches!!!), and gives total control of the victim computer to the creator of the worm.
An attempt by the powers that be to shut down it's source of updates was thwarted by various government agencies and the worm itself.
Unfortunately there is no patch to get rid of the W32.MS.AutoUpdateRequired worm.
Ironic (Score:5, Interesting)
And then they say Windows Me is not affected, not is 98, or 95, but you should upgrade to the newest versions. To the end user, that would kind of be like, I could upgrade to the newest versions, and then be vulnerable to all of this...why would I.
Just thought it was funny.
Re:Ironic (Score:3, Informative)
Somewhat (Score:3, Funny)
- The article is a somewhat general topic piece on worms in general.
Since General Wesley Clark has entered the general Democratic field for the next general election, it's been generally assumed that general technical issues like this one would be handled with somewhat general ease by applying the general security practices to used by the general public, in general...and here's the exploit. (Score:5, Informative)
http://www.k-otik.com/exploits/09.16.MS03-039-e
i'd post the code, but
look at the photo (Score:3, Funny)
Microsoft's Advice (Score:5, Funny)
From Microsoft:
Note Windows 98, Windows 98 Second Edition (SE), and Windows 95 also are not affected by this issue. However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions.
WTF? How this translates to me - "If your computer is immune from these new strains of virii you are strongly encouraged to make it vulnerable."
Microsoft Worm (Score:4, Funny)
So the best thing you can do... (Score:3, Insightful)
Spend your time and energy making sure everyone patches. This is so simple to beat. Just patch.
Already getting emails for 3 days (Score:4, Interesting)
But thankfully, I run FreeBSD and don't have to deal with that crap. Just the email overflow
You ain't seen nothing yet (Score:5, Interesting)
Worms today all have limited vision in what they can do and a greedy philosophy which results in limiting their possible damage.
I'm one of the good guys, but I can certainly see the potential that an evil genius can do. Please read these two papers and get a idea of what is possibly coming.
Warhol Worms [berkeley.edu]
Curious Yellow [blanu.net]
Sell it! (Score:3, Funny)
"All we're doing is catering to existing demand" Ballmer said during a press conference. "People want this stuff as much as they want Windows, and we're the best choice to make the exploits available. After all, we know better than anyone how many bugs are in our own code..."
The first official release of the Windows Exploit Advantage Kit, or WEAK, is scheduled to take place on December 42nd. When questioned about the date, Mr. Ballmer had this to say; "It's our way of honoring the late Douglas Adams. Even if that weren't enough, it turns out that the number of bugs in Windows, divided by half the number of years before our sun goes nova, equals exactly 42. What could be more appropriate for a release date...?"
Re:OT: Yet another typo. (Score:2)
Yes, yes it is...
Re:MS Security bulletin? What about... (Score:5, Informative)
New ssh Exploit in the Wild [slashdot.org]
The problem seems to be that you're running late, not slashdot. The above stories were each posted the day before you claim that the vulnerabilities were discovered.
Re:This is but one of two (Score:5, Informative)
"September 2003, Cumulative Patch" update which fixes
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities."
Apparently lots of people just doubleclick it.