The World of Virus Writers 505
No_Weak_Heart writes "Looking for a little weekend reading? You might try the cover story from this week's NY Times Magazine. It's titled The Virus Underground, and it takes a look at the world of malware scripters, virus writers and worm designers."
Idea for a virus (Score:5, Funny)
Re:Idea for a virus (Score:5, Informative)
http://www.google.com/search?q=http%3A%2F%2Fwww
Now click the url it instructs you to.
Re:Idea for a virus (Score:4, Informative)
Here's a clickable link that does work. [google.com]
From there, click the link that says "try visiting that web page by clicking on the following link".
Re:Idea for a virus (Score:5, Funny)
Re:Idea for a virus (Score:4, Funny)
Besides, it's safer to copy and paste........
Re:Idea for a virus (Score:3, Informative)
A real service you did us there
Re:Idea for a virus (Score:3, Informative)
Re:Idea for a virus (Score:3, Informative)
Re:Idea for a virus (Score:4, Funny)
Re:Idea for a virus (Score:3, Funny)
Re:Idea for a virus (Score:5, Funny)
X-Idiot-Who-Sent-This: <real_email>
(and variations thereof) to all the emails it sends. Fake the From: address, sure. But I'd like to know who the person is that I should LART for the 100,000 copies of MyDoom that I keep getting. Especially to addresses that I've given out or never even used.
Re:Idea for a virus (Score:5, Interesting)
Random NYTimes.com Registration Generator [majcher.com]
You'll have to block referer or save the page locally, however, because NYT blocked all registrations originating from that domain.
Re:Idea for a virus (Score:4, Informative)
Re:Idea for a virus (Score:3, Interesting)
Re:Idea for a virus (Score:4, Informative)
Why underground? (Score:3)
Re:Why underground? (Score:5, Funny)
Sheesh (Score:4, Funny)
Re:Sheesh (Score:3, Funny)
Losers (Score:5, Insightful)
I guess my initial reaction was fsck 'em. Fsck 'em all. However, it could be suggested that they have made corporations and governments aware of many intrinsic insecurities in certain popular operating systems which may have prevented some larger potential catastrophe. The problem for these guys, is that we will never know and they will continue to be reviled and hated as losers. (That is unless they are talented enough to score a job with Symantec, the NSA or some other organization dealing with comp. security.)
Re:Losers (Score:5, Insightful)
Re:Losers (Score:5, Insightful)
Software flaws exist PERIOD. They always have and always will. What would you rather have:
1. A small group of 100 or so people (Govenrment, individuals, organized crime, etc) with the ability to log into your machine, do whatever they want to with it (Set up a kiddie porn ring, steal your identity, etc.)
2. A virus that exploits the flaw, disrupts computer networks forcing people to patch the flaw. (Many still don't, as Code Red is alive and well)
I'm all for #2. The flaws exist. Without viruses, then people would NOT patch there systems. When somebody relases a virus, they are saying, hey there's a problem here that needs immediate attention or just about anyone can take over your computer. These guys should be rewarded not punished. IMO they are performing a service letting everyone know of a flaw they discovered, and providing incentive to correct the flaw.
As computers become a bigger part of our everyday life, they are trusted more and more. I would be a lot more concerned in a world with no viruses, and computers that are generally considered "Secure." That puts the power to ruin someones life in the hands of a few.
Re:Losers (Score:5, Interesting)
Re:Losers (Score:3, Insightful)
That is the sort of thing that black hat hackers tend to do anyway.
If you read the article you will see that the major source of exploits is the full disclosure type security forums. I am not saying full disclosure is entirely bad, just that the people writing viruses and worms are not tellin
Re:Losers (Score:5, Insightful)
If you consider computer security like the human immune system, then perhaps it may be seen that these people (while malicious) allow security to keep up with that hacks that can be done. If you kept a person in a bubble for twenty years and then promptly released him into the dirty, disease-ridden world he'd likely get sick and potentially die pretty quickly, as his body has no capacity to survive the world. However, with immunizations (i.e. intentional delivery of malicious agents in small doses, possibly on some schedule) and just general exposure to the germs in the world, most people have no problem surviving this world. Yes, MyDoom, and Trojans, and all the other viruses are more than nuisances and they cost people time, money, data, and other things, but these are in relatively small doses. If we had been in a bubble free of viruses for all this time, then whenever we're released into the "real world", anybody could take advantage of all these exploits (open sockets, DDoS, back doors, etc.) at once and perhaps bring the whole infrastructure down.
It's the fact that virus writers are always developing viruses and releasing them that allows us to fix these problems individually, on a manageable time-scale. If they wanted to do some damage, maybe they should withhold all their viruses and unleash them all at once to cripple everything so much more.
Re:Losers (Score:5, Insightful)
If you make the biological systems analogy, you will also have to acknowledge that a diverse operating system ecosystem is critical to the health and well being of things, especially as the Internet becomes more widely available. We need Linux, IRIX, Solaris, Windows, OS X and embedded OS's to maintain the health of things.
Re:Losers (Score:5, Funny)
What we really need is for Linux, IRIX, Solaris, Windows, OS X, and embedded OS's to start fornicating with each other like crazy, "go forth and multiply", and let the best children survive, while leaving the weak to die. So, open up all your ports, send massive amounts of data between the systems, and fire your sysadmins.
Re:Losers (Score:5, Interesting)
All the major email-bourne worms we've seen to date have had very benign (IMO) payloads, typically a minor DDoS and/or backdoor. These have caused extra load on the Net, and could cause more spam or the harvesting of CC's, but their damage could be far, far worse.
Of course, a lot of script-kiddies use these viruses as bragging-rights (I 0wn 6421 zombie machines), so it's perhaps against their interests to do true damage, but it won't be long until someone does. And then the typical media figure of $X billions just may be legit, as I suspect the people who get infected are the same ones who never backup their systems.
Re:Losers (Score:4, Insightful)
Like really virulent biological virii, computer virii that work this way will limit the extent to which they can spread......unless of course.......they work out slightly more sophisticated methods of damage, or they delay the damage for a period of time before "expressing" themselves.
Re:Losers (Score:4, Insightful)
blaster (Score:3, Interesting)
Most other virus, besides propagating, doesn't do anything so the infected victims doesn't need to erase it from their windows.
Considering the speed of mydoom propagation, the next time we'll have a nasty virus/worm, we'll have some fun !
Re:Losers (Score:5, Insightful)
NYTimes? (Score:2, Troll)
Reporters.. (Score:5, Insightful)
Whenever I read of a new virus or hear of one on the radio, I wish they'd start to hammer home the fact that 99.99% (wild number I pulled from my arse) of these affect Windows machines only. The ignorant masses just assume that viruses and worms are a way of life, they don't know that it's a way of life only if you use a certain OS.
Re:Reporters.. (Score:5, Informative)
Not the extent that exist for Windows, however.
Re:Reporters.. (Score:5, Insightful)
That, sir, is a fallacy. There is no hard evidence to support that claim, and there probably never will be. As a counterpoint, however, consider how many web servers run Linux and Apache versus how many run Windows and IIS. Then consider how many worms and security holes there are for those respective platforms.
Re:Reporters..WRONG!!! (Score:3, Insightful)
Those idiots run windows. There's no big differnce between a clueless windows user running with full admin priveledges clicking HotNakedChick.vbs or a clueless linux user running as root clicking HotNakedChick.pl.
There are few viruses out there that actually exploit anything. Slammer was, SoBig was, but most are just "10 print "I AM L337"".
Apple Viruses? (Score:3, Funny)
Re:Reporters.. (Score:2, Insightful)
Lots. (Score:4, Informative)
Re:Reporters.. (Score:5, Insightful)
''This guy,'' he proclaimed, ''is the best at Visual Basic.''
In the virus underground, that's love. Visual Basic is a computer language popular among malware authors for its simplicity; Philet0ast3r has used it to create several of the two dozen viruses he's written.
This is the problem - back when I was a kid, I used to mess around with things like TSRs and assembly code to create things that had virus like behaviour to scare the crap out of my teachers in school.
These days, these kids just pick up an odd scripting language or two, or some easy language like VB and just do malicious code simply because its easy.
This is not programming or 'crazy skills' - its sheer adoloscence being shown in another way.
Instead, if they spent their time tinkering with the internals of a Linux Kernel or coding other cool stuff (like, Scene graphics programs, for instance!) it would be a much better use of their time and enthusiasm.
Re:Reporters.. (Score:3, Interesting)
I agree it's a sad waste of talent, but once someone goes down that path, I'm not sure I *want* their talent, as I can no longer trust them not to use it maliciously if they feel wronged.
Re:Reporters.. (Score:4, Insightful)
Not that I'm any sort of Windows zealot -- my two windows boxes are eclipsed by a dozen or so BSDs between home, work, and server room, which seem to require far more frequent security maintainence.
Re:Reporters.. (Score:5, Informative)
Correction. They have no virus, trojan, worm, etc that you know of. And of course you would have no way of knowing because you dont run a firewall or antivirus. For all you know your sending out tons of email and infecting other systems. Do us all a favor, turn on the freakin firewall. It came free with the OS if your too cheap to buy a hardware solution.
Clive Thompson knows his stuff... (Score:3, Insightful)
Re:Clive Thompson knows his stuff... (Score:3, Interesting)
he's also keeps a pretty good blog [collisiondetection.net].
Re:Reporters.. (Score:5, Interesting)
affect Windows machines only
Well, MyDoom should be an eye-opener for you then. It proved (not that there should have been any doubt) that the problem of viruses is truly OS independent. Think about it: The virus shows up as a zip file which the user has to open. Then the user has to execute the payload. In other words, the social engineering was the key, not the OS. What's to prevent a Linux user running as *cough*Lindows*cough* root from being affected the same way? An Apple user? Nothing. Don't say they wouldn't be root, because a Windows box properly configured wouldn't have this problem, either. Now we are back to social engineering.
Guess what, Linux has a reputation of being secure, so users will probably be given a false sense of security as well. Who knows, this might make home Linux desktops more vulnerable.
Re:Oh, please (Score:3, Insightful)
this helps prove... (Score:5, Insightful)
Re:this helps prove... (Score:2)
"Idle hands are the devil's playground" or something like that.
Re:this helps prove... (Score:5, Funny)
Yes, how else could the Slashdot effect be so devastating, if not for millions of bored nerds looking for something to click on?
Virus (Score:3, Interesting)
Virus writers... (Score:5, Interesting)
They already exist. (Score:3, Interesting)
They already exist. (The China army's information warfare department, among others, has already been the subject of slashdot articles.)
Interestingly, Microsoft gave these guys access to their source code. They were trying to head off the move by
What happens when... (Score:5, Funny)
Format C: ? Overwrite every file? How about rebuild your washing machine so it suddenly appreciates the taste of "cat" and has the capability of acting out it's amorous feelings for your central heating.
NYT Random Login Generator (Score:3, Interesting)
http://www.majcher.com/nytview.html
Article Text (Score:4, Informative)
By CLIVE THOMPSON
Published: February 8, 2004
his is how easy it has become.
Mario stubs out his cigarette and sits down at the desk in his bedroom. He pops into his laptop the CD of Iron Maiden's ''Number of the Beast,'' his latest favorite album. ''I really like it,'' he says. ''My girlfriend bought it for me.'' He gestures to the 15-year-old girl with straight dark hair lounging on his neatly made bed, and she throws back a shy smile. Mario, 16, is a secondary-school student in a small town in the foothills of southern Austria. (He didn't want me to use his last name.) His shiny shoulder-length hair covers half his face and his sleepy green eyes, making him look like a very young, languid Mick Jagger. On his wall he has an enormous poster of Anna Kournikova -- which, he admits sheepishly, his girlfriend is not thrilled about. Downstairs, his mother is cleaning up after dinner. She isn't thrilled these days, either. But what bothers her isn't Mario's poster. It's his hobby.
When Mario is bored -- and out here in the countryside, surrounded by soaring snowcapped mountains and little else, he's bored a lot -- he likes to sit at his laptop and create computer viruses and worms. Online, he goes by the name Second Part to Hell, and he has written more than 150 examples of what computer experts call ''malware'': tiny programs that exist solely to self-replicate, infecting computers hooked up to the Internet. Sometimes these programs cause damage, and sometimes they don't. Mario says he prefers to create viruses that don't intentionally wreck data, because simple destruction is too easy. ''Anyone can rewrite a hard drive with one or two lines of code,'' he says. ''It makes no sense. It's really lame.'' Besides which, it's mean, he says, and he likes to be friendly.
But still -- just to see if he could do it -- a year ago he created a rather dangerous tool: a program that autogenerates viruses. It's called a Batch Trojan Generator, and anyone can download it freely from Mario's Web site. With a few simple mouse clicks, you can use the tool to create your own malicious ''Trojan horse.'' Like its ancient namesake, a Trojan virus arrives in someone's e-mail looking like a gift, a JPEG picture or a video, for example, but actually bearing dangerous cargo.
Mario starts up the tool to show me how it works. A little box appears on his laptop screen, politely asking me to name my Trojan. I call it the ''Clive'' virus. Then it asks me what I'd like the virus to do. Shall the Trojan Horse format drive C:? Yes, I click. Shall the Trojan Horse overwrite every file? Yes. It asks me if I'd like to have the virus activate the next time the computer is restarted, and I say yes again.
Then it's done. The generator spits out the virus onto Mario's hard drive, a tiny 3k file. Mario's generator also displays a stern notice warning that spreading your creation is illegal. The generator, he says, is just for educational purposes, a way to help curious programmers learn how Trojans work.
But of course I could ignore that advice. I could give this virus an enticing name, like ''britney--spears--wedding--clip.mpeg,'' to fool people into thinking it's a video. If I were to e-mail it to a victim, and if he clicked on it -- and didn't have up-to-date antivirus software, which many people don't -- then disaster would strike his computer. The virus would activate. It would quietly reach into the victim's Microsoft Windows operating system and insert new commands telling the computer to erase its own hard drive. The next time the victim started up his computer, the machine would find those new commands, assume they were part of the normal Windows operating system and guilelessly follow them. Poof: everything on his hard drive would vanish -- e-mail, pictures, documents, games.
I've never contemplated writing a virus before. Even if I had, I wouldn't have known how to do it. But thanks to a teenager in Austria, it took me less than a minute to master the art.
Mario drags the virus over to the trash bin on his computer's desktop and discards it. ''I don't think we should touch that,'' he says hastily.
Re:Article Text (Score:4, Insightful)
Best Quote (Score:5, Funny)
Really? I mean I could have sworn that Philet0ast3r was a real name. Are you sure he isn't the son of the l33t3st parents in Europe: C4ptainKaos and S3xyH3xy?
John.
It's not underground... (Score:5, Interesting)
I mean, seriously, once it hits the NYT magazine, it's not so much an underground item. I'm sure the article is interesting but it's the nature of underground "sports" that you can never really know exactly who and what is going on.
One of my favorite phrases is, "There are no Famous Hackers" meaning simply, that the famous "super-genuius-crackers" in the news who get caught aren't really all that smart are they ?
(I read it anyway, surprised to hear that one of my favorite bands [ironmaiden.com] is still popular
It goes both sides (Score:5, Informative)
Really...how? where? (Score:5, Informative)
Recommended Reading (Score:4, Funny)
indeed (Score:5, Informative)
Umnm (Score:5, Funny)
Umm, once you answer yes to the first question, are the rest not redundant?
don't argue with the master! (Score:3, Funny)
Now obviously, if he's a master of the art of computer viruses, there's a reason he chose to overwrite every file after formatting drive C:, right?
Master? (Score:5, Insightful)
The author's obviously as clueless as any nontechie trying to explain or master anything technical. Such a trojan creator could be created in an hour by any competent programmer. The existing virus underground would fall over laughing if anyone dared claiming knowledge or skill after using or creating this tool.
This freak... (Score:5, Funny)
Metamorphic Viruses (Score:5, Interesting)
(Older Examples: Mistfall Engine, ZMist virus.)
When we start seeing more of these, AV companies will have a hard time keeping up.
Re:Metamorphic Viruses (Score:3, Insightful)
Instant Worms. (Score:4, Interesting)
What scares me most is This Article [securityfocus.com]. Even understanding that one of the assumptions was that any two pairs of hosts communicate at the same rate, It's frightening.
Theoretically wiping out 40 million hosts in under a minute....
I'm guessing that a real-world implementation would probably take closer to 20 minutes, but still it's mighty frightening.
Just about the only way I could see to stop it's spread would be to make smart routers, switches, and even hubs that quickly seal off any services on which there is a sudden surge of SYNs from random hosts.
Re:Metamorphic Viruses (Score:5, Insightful)
Polymorphic/Metamorphic viruses have been around for 10 years at least, and the dumb journalists were just as scared then. I'm still waiting for the dire predictions to come true "when we start seeing more of these". As others have pointed out there's always part of the code that you can't mask, so there's always something to identify the virus with. I'm sure it takes a bit more work to identify the viruses, but the sky hasn't fallen yet.
You should know better if your bio is true, being a grad student of computer science.. but then again grad student quality has dipped pretty low in recent years in CSCI. There's also the journalist taint factor to consider. I'm guessing the magazines/newspapers/TV networks must put lead in the watercooler.
Best Quote (Score:5, Funny)
Perhaps someone should tell him that personality counts.
All been said before (Score:5, Insightful)
They're trojans, not viruses. I haven't seen a respectable virus in like 5 years. Viruses are self replicating. Trojans require lusers to activate. (britney--spears--wedding--clip.mpeg, indeed). What pisses me off is this reporter's beliefe that all this terminology is synonymous (virus, trojan, worm).
After reading the next few pages, i was surprised that the author bothered to extrapolate on the terminology "script-kiddie". (Nice job, Clive) But then he goes on about dreadlocks being the hairstyle of choice
After that it degenerates into political commentary.
What the hell ever happened to ASM viruses? What happened to TINY?
My favourite quote: "This guy is the best at Visual Basic". That's not a compliment, dude. That's like being the best at tying your shoelace.
I agree (Score:3, Insightful)
and
Philet0ast3r said he isn't interested in producing a network worm, but he said it wouldn't be hard if he wanted to do it. He would scour the Web sites where computer-security professionals report any new software vulnerabili
What gives. (Score:3, Funny)
The real question is.... (Score:4, Funny)
Re:The real question is.... (Score:3, Insightful)
I hate the press... (Score:5, Insightful)
It's not a "world". It's something someone does when they sit down at a desk. I really wish the things some geeks do would quit being portrayed with such silly words.
Over-dramatized, to portray an image that is very rarely accurate. It's, most often, some boring person with a bone to pick with the system or a company. Yeah, so they used code instead of throwing a brick through a window. That doesn't make them any more interesting than a teenager bashing a mailbox.
Hacking in the 2nd Degree (Score:5, Interesting)
"These days, many elite writers do not spread their works at all. Instead, they ''publish'' them, posting their code on Web sites, often with detailed descriptions of how the program works."
And, while there exists this "loophole" now, I find this disturbing. Now don't get me wrong. I grew up with Sneakers and I've always been a proponent of computer education and making the security flaws known.
However, at some point if you're leaving material (whether tangible or electronic) out in public whose main purpose is crime and destruction I do think those people should be liable. I'll call it "hacking, in the 2nd degree" or "involuntary hacking".
Let's take guns for example. Let's say a gun seller illegally sold guns to 12 year old children and also sold them bullets. Now let's say that the kids accidently shot each other up. Shouldn't the gun seller be liable? Maybe not liable for first-degree murder, but maybe second degree.
I think that if the hackers want to educate others should perhaps do it in a more educational, and in a way that doesn't make it easy for script kids to copy and paste. Perhaps they can put out white papers with snipets of code... but, for the love of God, don't give the programs away. By doing that you have only yourself to blame with the script kiddies start spreading viruses like there's no tomorrow.
To tell yourself that you're completely innocent would be denial.
If a Virus writer want to be a real pain... (Score:3, Insightful)
Let's continue with this thought process... (Score:4, Insightful)
So this means if I am a chemist, and I describe in detail how to create dynamite, and someone makes the dynamite and blows something up, I am 2nd-degree guilty for that as well?
I believe ultimately that information should not be restricted in any way whatsoever, so I disagree with this idea completely.
The "Scene"? (Score:4, Insightful)
Are there actual, functioning, hacker groups, of a scale larger than Joe and his friends? It seems that the social attitude that accompanies black-hats (at least from the article that I'm questioning) doesn't lend itself to large organizations or control structures.
On the other hand, it is kinda cool to imagine that there's a huge organized computer-crime secretly flourishing across the country. You could make a movie about that sorta thing, maybe call it "Hackers". Oh, wait...
Slashdot members? (Score:3, Interesting)
Computer virus writers are useful...? (Score:4, Interesting)
==================
Why computer virus writers are useful and we should thank them.
The title is obviously a provocation. I am considered a balanced personality but sometimes, I like to stretch things to the extreme and to provoke reactions. This article is one of my rare attempts to provoke you... or not? Today, after the alarm caused by the fast diffusion of the Sobig virus, we are all talking about the reasons why virus writers are coding more and more viruses.
"They should stop, somebody stop them!" I hear all the time but... is this right?
We try to answer to this question with an interview with Professor Samuel D. Forrester, one of the most famous immunologists in the world. Dr. Forrester is on the run this year to get the Nobel Prize for his recent discovery of the mechanisms of aggression of over-reacting immune cells and antibodies. He teaches at the Immunology faculty at the Konigsberg University since 1986.
Zone-H: ZH
Professor Samuel D. Forrester: SDF
ZH: Thanks for having accepted to release an interview to Zone-H
SDF: Thank you, even if it is quite unusual to be interviewed by a computer security website.
ZH: Dr. Forrester, can you tell us what is the branch of the immunology?
SDF: Immunology is the study of the complex and sophisticated immune system. The immune system is a network of cells and organs that work together to defend the body against attacks by "foreign" invaders or germs. The body provides an excellent environment for germs. When they do break into a system, it is the immune system's job to keep them out or to seek and destroy them.
ZH: What is the job of the immunologist?
SDF: Clinical immunologists research new tests and treatments involving allergic and immunologic disorders of the immune system. They work with physicians in general practice and in hospital-based specialties to treat diseases using complex and sophisticated clinical techniques. The science of clinical immunology is a fast developing area of the medical profession. The role of the immunologist is increasingly important, both in laboratory work and in patient care.
ZH: Have you heard about the recent Sobig-F virus deployment?
SDF: Yes, I read something on the newspapers. Even if computer science is not my science, the topic of the computer viruses is obviously of my interest. See, many aspects of the traditional immunology and the computer viruses are in common.
ZH: And this is the reason why Zone-H wanted this interview.... Dr. Forrester, what do you think about computer viruses, what do you know about them?
SDF: Computer viruses are exactly like the normal viruses. They can kill you if your immune system doesn't work, but at the same time, your body should thank them if your immune system is today capable to protect you from deadly illnesses.
ZH: Can you please develop the concept?
SDF: It's simple: every time you get a cold, you sneeze. But you could die, actually. The only reason why you don't die is because your immune system has been programmed to react to the "threat" posed by a germ. It's a paradox, but it's the same germ that could kill you that trained your immune system to react when invaded.
ZH: And what makes the difference? How is it possible that a germ can kill you and the same germ can train your immune system making you stronger?
SDF: It's just a matter of doses. Like with wine, one glass every day makes your heart stronger and lowers your blood pressure, one bottle every day can kill you. This is the concept on which vaccines are based.
ZH: We understand that. Can we stretch the concept saying that a constant flow of germs, if received in the proper dose, makes the body actually stronger?
SDF: Absolutely. If hypothetically we could take two n
Thank you NYT (Score:5, Funny)
''This guy,'' he proclaimed, ''is the best at Visual Basic.''
That's the first time the New York Times made beer come out of my nose!
Weekend?? (Score:5, Funny)
Why waste my weekend, when I can get paid to read it now?
New viruses and virus writers (Score:5, Interesting)
These days I think the virus writers are just people who assemble a virus by collecting scripts and code from the Internet. Also the viruses they come up with do very little or no actual damage to the host system, instead they just "Propagate". If you are infected, delete a few files, remove a couple of registry entries and thats it. It has been a long time since I saw a virus with some real payload.
Virus writers used to be much more creative back in the DOS days [simplythebest.net]. If you are somewhat older you might remember Stoned, Die-Hard, Natas, One-half, etc. Each had its nasty little payload, stealth techniques and difficult to disinfect.
It'll keep happening... (Score:5, Funny)
Yeah, yeah, there are "estimated" costs of every virus that comes out. And they're not small potatoes.
But just wait until a virus comes out that silently infects machines, travels slowly enough to be barely noticed and only does one thing: randomly change values in an Excel spreadsheet. Or randomly delete one column from a randomly picked sheet.
It'll be Armageddon: dogs and cats living together, Detroit winning the World Series AND the Super Bowl, etc.
--
Mando
Warnings (Score:3, Informative)
customizations. Some macros may contain viruses that could harm your
computer. [...]" warnings prevented Word macro viruses...
A user naive enough to click on such a link does, in some important
sense, _want_ to visit that page. Your suggested warning is just
another thing that such users see as "getting in the way of doing what
I want to do". Therefore, if implemented it would become more part of
the problem than the solution (as users will become ever more familiar
with ignoring "warnings" and clicking through them). If you understand
users, you will know that in helping them to not shoot themselves in
the feet, the only useful appraoch is to remove everything capable of
firing the bullets (and quite a few things beside!)...
On the Word macro virus front, things got notably better _NOT_ when MS
implemented the above warning (that the users could blithely ignore and
even _disable_ right there on the warning dialog -- what a travesty of
mis-design that was!) but when it released a version of Word that
defaulted to not running macros unless they were signed with an
acceptable (as configured by the user/admin) key (there are legion
flaws in the design of this feature, but it was strong enough to
significantly impact the Word macro virus problem). In IE, removing
support for this mis-feature (read RFC 2616) will have a much greater
impact than trying to "direct" users who don't want to be directed with
"warnings" and other stuff that "gets in their way".
Maybe... (Score:3, Funny)
Naive (Score:5, Insightful)
It's funny. Which software company will deliberately, knowingly leave out holes in its software? "Microsoft had neglected..." Look, every program, small and big, has bugs. When you're talking of one of the leading database products in the market, you're talking of a very complex piece of software that's bound to have holes here and there. That statement is naive.
Really? Which company knows of all the flaws in its software?
Enlighten me on JPEG trojans, please... (Score:4, Interesting)
In the first part of the article, the author talks to the author of "Batch Trojan Generator" and creates an infected JPEG file, one that "would quietly reach into the victim's Microsoft Windows operating system and insert new commands telling the computer to erase its own hard drive" when clicked.
To me, this implies that the JPEG is actually executable code. On the face of it, this is patently ridiculous. I started thinking about it, though, and relaized that the actual mechanism might simply be an exploit of a buffer overflow in the code that interprets the JPEG (not the JPEG itself, which is not executing). By having the JPEG reference something outside of the boudaries of the actual JPEG file, it might go out and stick malicious machine code in some piece of RAM where it later gets executed.
Am I correct in this assumption about JPEG trojans, or does (unpatched) Windows go out and somehow execute a file ending in .JPG as if it were ending in .EXE? For that matter, if one embedded the JPG in an HTML mail message (or just stuck it on a web page) instead of attaching it, would it execute in the same manner and infect or is there a different JPEG engine at work (i.e. the one in IE or Outlook isn't vulnerable but the one in Microsoft Photo Editor, assigned by default to file type .JPG, is)?
Thanks in advance...
Re:Enlighten me on JPEG trojans, please... (Score:4, Informative)
Although this is most likely the virus that is created by this program, it is also possible to write a program thus [nai.com] that pretends to be a JPEG, with the way Windows handles extensions.
Re:Enlighten me on JPEG trojans, please... (Score:5, Informative)
It is possible that embedded in the meta data of the JPG file (usually used for embedding the date the file was created and the camera used to take it) is some compiled machine code (it would have to be small and simple otherwise the size of the JPG file would disproportionate to the actual image) and IF the JPG viewer that some unlucky user had, contained some buffer overflow error, then it might be possible to load a simple program into RAM, then by virtue of the buffer overflow get it to execute and thus enabling a larger more complex program to run.
However this error would only exist in that specific version of that specific software, so it's ability to spread would be limited. The danger is if the program that interprets that JPG file is system wide or part of Windows standard suite of applications. Then your audience is huge. This is what makes Windows such a dangerous platform for script viruses. Because they have chosen to make their IE engine the central rendering engine of all of their applications (and they have made it easy and powerful enough to entice just about every other application developer to use it as well). Further more they have given their IE engine so many abilities, like the ability to arbitrarily execute machine code (this is how by visiting Apple.com you can install QuickTime, because the web site can download a program on your computer and execute itself, true you need to approve it, but once you say yes every subsequent visit is automatic, they REALLY need to add a "Never trust This source" checkbox) This means if there is a single flaw in the IE engine then that flaw is exploitable across every windows workstation and every application that uses IE as a rendering engine. Now why Mozilla doesn't make an ActiveX Gekko engine with the same function names as the IE ActiveX module so users have a choice which rendering engine they want, is a mystery to me yeah it would be hard, but it's not like Microsoft could pull the rug out from under them, Microsoft is very invested in their API, any change they made to it would break all the 3rd party apps.
-Jason
Re:Enlighten me on JPEG trojans, please... (Score:3, Interesting)
Anothe
The l33test of all writers (Score:3, Funny)
A tall blond friend in a jacket festooned with anti-Nike logos put his arm around Philet0ast3r and beamed.
''This guy,'' he proclaimed, ''is the best at Visual Basic.''
I.... am speechless.
The more things change... (Score:4, Interesting)
Back in the 1992 timeframe, there was a Dark Avenger virus toolkit that allowed Skr1p7 KidDi3z to create "encrypted, polymorphic viruses". Check out then-InfoWorld columnist Steve Gibson's alarmist article [phreak.org] (scroll down to the part entitled "Article 2") It sounds kind of funny now:
That was going to be the end of the world as we knew it. Now we have a VB script engine and the world is going to end. Or not.
Awful (Score:3, Informative)
So if you asked me, "In once sentance, what did you think of that article?" I'd reply, "A compete waste of bytes."
-mod6
If you can't get a job, it may be your own fault (Score:3, Insightful)
After all, would you rather hire the world's best programmer, but then have to worry about (or hire another coder to vet his work for) backdoors, or hire one pretty good but not brilliant programmer whose attitude doesn't make you question the integrity of his work?
(I've worked with the brilliant-but-untrus