Bagle/Beagle Variant Includes Source Code 219
NASAdude writes "Sunday brought a lot of fireworks... and the release of two new Bagle/Beagle variants. One of the variants includes a copy of its source code as an attachment as it spreads via email. It is expected the inclusion of the source will result in numerous variants.
It's been dubbed Beagle.Y and Beagle.Z by Symantec and Bagle.ad and Bagle.ae by McAfee.
ZDNet ran a story that covers these new variants."
new name (Score:2, Funny)
CVS (Score:5, Funny)
Re:CVS (Score:3, Funny)
Re:CVS (Score:3, Funny)
Re:CVS (Score:2)
Re:CVS (Score:5, Funny)
Re:CVS (Score:4, Funny)
*b'dum-chik*
Re:CVS w (Score:4, Interesting)
About time to try that concept again ?
I know its gonna generate some traffic, but 1 new variant amongst 50+ new others isnt much.
Consider pro/cons
+ you could patch most of the vulnerable systems by including the official M$ patch
+ inform the user that the pc is victim of a virus and lead him/her to a virusscan.
+ remove the original virus, or some of the variants.
+ save bandwidth/spam for each pc fixed [1]
-generate more traffic [1] nothing compared to the current amount of net traffic and spam it generates.
-would be illegal
Worth to consider imho, if you write it properly and not suffer from same flaws as the codered one did. Im sure you could do far more good than harm
beagle.sourceforge.net might not be the proper place for it though
Re:CVS w (Score:5, Insightful)
Re:CVS w (Score:2, Interesting)
Re:CVS w (Score:3, Interesting)
Also many of the mass mailers do stop and try to disarm other mass mailers. This is not uncommon becuase it prevents the virus from being detected if someone doesn't update their AV until they find one that is old enough to be in the signature files.
Such an Anti-virus-virus, would just be another of these viruses. No more or less.
Re:CVS (Score:3, Funny)
what about... (Score:2, Funny)
epic
Re:what about... (Score:5, Funny)
What about beagle.mars? (Score:2)
Another excuse for MS? (Score:2, Insightful)
Re:Another excuse for MS? (Score:5, Funny)
Title (Score:3, Funny)
Re:Title (Score:5, Informative)
Not everything space-related is NASA you insensitive clod!
Re:Title (Score:5, Funny)
You can tell NASA's attempts from UK Universities with this simple test.
Did space object in question:
a. Crash and burn due to problems with the metric system or
b. Vanish without trace
If a then object is of NASA origin, if b, then non-NASA.
Hope this helps clear up any confusion.
Re:Title (Score:2)
And speaking as a US citizen when well we learn and drop our current system for the metric, a much better system.
Re:Title (Score:3, Informative)
Re:Title (Score:2)
Which is easier to remember? 12 inches in a foot, or that a piece of paper is 21.59 cm by 27.94 cm instead of 8.5x11 inches?
Re:Title (Score:2)
ouch (Score:3, Informative)
Comment removed (Score:5, Funny)
Re:ouch (Score:4, Insightful)
(example given in MIPS since it is the only assembler I know)
well think about this the kiddy scripter does not need to know that li is load imedate but all he needs to know is 24 is the register, do not touch, and 1025 is the port, change to a new port to try.
Re:ouch (Score:2)
Re:ouch (Score:3, Insightful)
I cannot tell if you are being sarcastic or serious so I will assume that you are serious.
Just about every skript kiddiot out there has a copy of MASM, TASM and/or NASM on his machine. If you do not believe me then you are underestimating the average skript kiddy. Go hang out in some script kiddy message boards or especially IRC and you will see that they may be obnoxious little scum but they a
Re:ouch (Score:3, Interesting)
Bots in particular have sky rocketed. In the last few months alone we have seen names jump from two letter varients (bot.ay) up to 4! (bot. wrzq) Do the math, its an insane number.
One of the major contributing factors are virus generators! Yes there are programs out there that will write the bot for you!
On the other hand, because they are all variants of the same family, they are fairly
Re:ouch (Score:2)
This is new exactly how? Things like this are around for decades, the earliest I remember for DOS was VCL (Virus Creation Lab), but we had things like that on the C64 in the 80s already. But, as has been said, those are easy to detect as all 'created' virii derive from the same codebase.
Not that there has been AV software for the C64. ;)
Re:ouch (Score:5, Funny)
Pretty please (Score:5, Funny)
Re:Pretty please (Score:2)
Re:Pretty please (Score:5, Interesting)
Re:Pretty please (Score:5, Funny)
After all, killing someone's OS is annoying, but deleting someone's pr0n collection is tantamount to declaration of war.
Either that or randomly e-mail samples from said collection out as well as copies of itself with a header "Do you know what has hidden on his computer?"
I really shouldn't be giving people ideas should I...
Re:Pretty please (Score:3, Interesting)
Re:Pretty please (Score:4, Insightful)
Turned out he'd picked up a mass mailing virus. He had Norton AV installed, but hadn't wanted to pay to keep his virus defs updated. Norton was scanning every outgoing EMail, but didn't see anyting it recognized and let them all pass through.
I told the guy he'd have to pay to update his virus defs in order to fix the thing. Actually, Norton offers a free remover for that particular virus, but I didn't want the guy calling me back in another two weeks with a different virus.
Re:Pretty please (Score:2)
Something simple, like writing big random blocks of data all over the disk would be enough. (Got to defeat those pesky undelete tools.) Screw the bootblock, hose the VTOC (or what
Re:Pretty please (Score:3, Insightful)
Really, that's a little unfair. I mean, not patching has been relatively consequence free for quite a while now. Suddenly dooming them right away is a bit harsh.
Rather, I'd create a small family of malwares, and have each one leave behind some indication of that it had been there. Do it in some way that the virus scanners may have a hard time cleaning it up. Also, notify the users that they've been hit. Tell them this is their last chance to repent. Give them pointers to resources to help them repen
Re:Pretty please (Score:3, Funny)
Some ideas:
It installs Linux on their system (let them figure out that dependency hell!) [note to self: make sure it isn't Debian, apt-get rocks]
It makes their homepage default to Slashdot
It sends an email to RMS every day saying "Aren't you the guy who created Linux?"
Re:Pretty please (Score:2, Insightful)
What benefit to the virus writer is there in that? I look at this as a sign that the virus industry has "matured" past the point of petty vandalism to theft of service.
How long... (Score:5, Funny)
Re:How long... (Score:2, Insightful)
2) Claim users have installed your software without puchasing a license. Threaten to sue unless $699 fee is paid per machine.
3) Profit!
Oh my...
=Smidge=
Shared source (Score:5, Funny)
If you try to google Bagle assembler "source code" [google.fi]
you'll get
Microsoft shares source code with students - ZDNet UK News [zdnet.co.uk]
Re:Shared source (Score:2)
That's to make prosecution more difficult (Score:5, Insightful)
Released Source? (Score:2)
Seen it... (Score:5, Interesting)
In all seriousness, having the source code can't be a bad thing, since this way, it'll be easier to stop if we understand how it works.
And at least if we all get a virus, there is a good programmer behind it, and it's less likely to crash on all of us.
Normally I'd consider virus writers the scum of the earth, but this one is talented enough to be a professional hacker, from my limited experience with assembly language (512 byte boot sector on a FD). Not that I endorse email worms, but this guy has talent.
Re:Seen it... (Score:2, Insightful)
Sociopathic, self-centred, a total arsehole, but talented nonetheless.
Man, if the author could be turned to the Light Side though... small, efficient windows applications, well written in assembler... sounds like Steve Gibson's Evil Twin.
Re:Seen it... (Score:3, Interesting)
Most people tend to think that only other blokes are so pathetic as to sit in front of a computer all day and write viruses. Girls obviously all have a life, and have better things to do.
To be fair, this does seem to backed up by the FBI's arrest record.
Of course it could just be because the girls are smarter and dont get caught.
Re:Seen it... (Score:3, Funny)
:P
Re:Seen it... (Score:2)
Re:Seen it... (Score:3, Interesting)
And besides, it gives the new people something to practice with ("Here's a copy of Bagle, explain how it works, and find a way of detecting it.").
Bagle.ad and Bagle.ae (Score:2, Funny)
Re:Bagle.ad and Bagle.ae (Score:2)
I wonder if the patch will be called Lox
The real question is... (Score:5, Funny)
Re:The real question is... (Score:2, Funny)
Re:The real question is... (Score:2)
Re:The real question is... (Score:2)
Re:The real question is... (Score:2)
I know several windows zealots who tell me it is viral...
Public domain. (Score:2, Insightful)
Something I shoulda Done (Score:5, Interesting)
This just brings to mind an idea I've had for a long time now. And it's in no way an unique idea, I know that for a fact.
So here's the idea: Write a variant of one of these viruses. And he's what it does. When it infects a machine, it sends out copies of itself to every person in the address book. After that, it forces the machine to download some sort of Anti-Virus software. PC-Cillin or NOD32 are favorites of mine. It installs them, then forces a Windows Update.
Sounds good, right? But read on. My second idea is better.
Here it is:
Viral Anti-Virus Software.
Most virus recognition is based on Pattern Recognition, from what I have garnered from my research. Create a virus that spreads like wildfire -- kind of like Melissa and Code Red spread all crazy-fast -- except this little bit of code contains Virus Recognition software in it. It invades unprotected boxen and then starts a continuous scan for Viruses.
You know how most people click 'Yes!' to anything that pops up, a la Gator?
Have this little golden nugget of Illegal Do-Gooding pop up a small dialog saying, "File.Extention is infected with a virus (XX% Probability). Do you wish to delete? Y/N?"
And just to hold with custom:
Step One: Create Virus.
Step Two: JAIL!
Step Three: PROFIT!
Re:Something I shoulda Done (Score:5, Informative)
Re:Something I shoulda Done (Score:2)
this is not news (Score:3, Insightful)
Please, please, please, I know I'm preaching to the choir here, but please, for crying out loud, please if anyone ever asks you about buying a new computer, just point them towards the nearest Apple authorised reseller. If they complain about the price, point out that the inherent usability and security designed into Mac OS X from the ground up will more than pay for itself in terms of not cursing and screaming at the damn thing every time you boot it up. If that doesn't work, mention that Macs are prettier. If that still doesn't work, give them six months tops before you're saying "I told you so".
Windows may be popular but that doesn't make it any good.
Another one bites the dust... (Score:3, Insightful)
-Mind
We are 'safe', for now (Score:2)
True it wont be as many as windows currently does, but they will be there..
And you cant discount the trojans that dont need anything other then the user behind the keyboard to cause local profile damage, and spread..
Slap a GPL on it quickly! (Score:3, Funny)
-grin-
Give new meaning to the term "viral licensing" (Score:2, Funny)
Just what we need. An Open Source Virus. And if it is somehow GPLed, we'll *really* have viral licensing.
This is not an attack (Score:3, Funny)
Old news (Score:2)
I had "I Love You" faxed to me over a mail-to-fax gateway back in the day
Complete with VB-script sourcecode.
Want to cause problems? use port 80 (Score:3, Funny)
D'OH!
Didn't Linus predict this? (Score:5, Funny)
Could someone mail me a copy? (Score:5, Funny)
Don't worry (Score:2)
Re:Don't worry (Score:3, Insightful)
If it's encrypted, how did they find out it's source code? They must have already cracked it.
Re:Don't worry (Score:5, Funny)
And the author has already filed his DMCA suit against them for cracking his encryption.
What a curious test... (Score:2)
Either way Microsoft will offer this as proof that those Open Source guys are all evil.
All these virus description websites are lacking (Score:2)
YesI know it opens a backdoor on port 1234, I know all about what it does, and I know I need to update my virus scanner here.
How the fuck do I prevent getting it? Is it a vulnerability in Outlook specifically? or is it truely something in WinXP/2k like the virus definition page suggests. Do I have to execute the attachement to catch it, or as soon as outlook opens the email I have the virus?
Fucking BS virus defn pages don't seem to want to tell us h
Re:All these virus description websites are lackin (Score:2)
The antivirus companies want you to get infected. That way, if you have their software, it tells you it found the virus and you see that your purchase was justified; if you don't have their software, you get hit by the virus and start thinking that maybe you should buy some antivirus software.
If antivirus vendors told everyone how to avoid getting the virus without using antivirus software, they'd be reducing demand for their own products.
Whats the motive (Score:2, Interesting)
One is often made to believe that Windows viruses and trojans are primarily the work of scrip kiddies and that windows is sim
Cheers! (Score:2)
Re:Cheers! (Score:2)
I'm surprised . . . (Score:3, Interesting)
Seriously.
Not that I'm looking forward to that day, as it means that I'll spend a WHOLE lot of time fixing other people's computers
But all the 'I Told You Sos' might be worth it.
Given that these worms are getting to be pretty sophisticated in how they spread (IIS server exploit ->IE activeX exploit), and given that although MS does a 90% good job in patching them, the poor rate of patch (what? patch my computer? but it works fine), and total reluctance to switch to non-MS products (The VP of our company refused to switch from MS, even after the CERT warning. "Why would I want Mozilla or something? MS just released a patch for that problem you are talking about"), I'm STUNNED that someone hasn't gone nuts, and torched the Windows World(TM).
No terrorist group, no crazy psychotic hackers, no insane foreign governments.
No Russian organized crime group holding a corporation hostage.
Nothing. Nada. Zilch.
Strange.
I still think its coming. Perhaps I'm just a pessismist, but I think that 'cyberwar' may still be on our horizon, and even if you, Ms. Super-Smart-Geek is able to protect your system, 90% of the windows world will not be able to.
And instead of spam, we'll see permanent bios corruption, or something else, that will simply f*ck their computers.
I'm scared of it, anyways. I only hope that it happens far enough in the future that I can earnestly say, "I can't fix that, I using Windows back in the 2000-era, I don't know anything about your XP-SE, your Longhorn, etc. . . "
I spend too much of my time on service calls as it is, for my parents, for my officemates, for my relatives, and for my friends.
I try to 'train' them on how to manage a system properly, but its honestly hopeless.
I'm pretty savy, but back in the day when I ran them, my Windows systems STILL got screwed up sometimes (not often, but occasionally).
I can totally understand (but not sympathize) when my sister comes back to me and her laptop has got a bazillion pop-up-ware things installed.
I'll feel bad for her when/if her laptop gets trashed by a virus, but.... I told her to get a mac.....
Oh well, ce la vie.
I'll live through the storm, anyways, and so will my backups of the company data.
Re:Scripting exploit (Score:2)
Re:Scripting exploit (Score:5, Insightful)
VBscript or WSH which is inherently Open Source on Windows?
<nitpick>Open-source is a type of licensing; VBScript is a language, and WSH a technology, not licensing regimes. Typically the source-code for a VBScript app is distributed with the application, but not necessarily - it might be obfuscated - but might well be subject to proprietary licensing restrictions.
Just because you can see the source code doesn't make it open source. Open source implies certain freedoms that are additional to being able to see the code: the right to modify and redistribute the code, for example.
</nitpick>
Re:Scripting exploit (Score:2)
Re:Scripting exploit (Score:5, Funny)
Re:Scripting exploit (Score:2)
Re:Scripting exploit (Score:2, Informative)
I doubt it(IANAL). It's only a felony if you own the source code of malware with the intention of using it to damage or access an unauthorized computer. Otherwise people who write antivirus products would spend their entire life in jail.
Re:Scripting exploit (Score:2)
Not that I care. People keep sending me viri; I have a whole mail folder full of them. If someone wants to claim that's illegal, I'm going to refer them to DSF#@@SDASDQ^2@aol.com.
Re:Scripting exploit (Score:3, Funny)
Re:Scripting exploit (Score:3, Insightful)
How amusing if it weren't. Maybe the authors could be prosecuted for circumventing a protection device *on their own property*. The sound of mental fuses popping would be deafening.
Re:Scripting exploit (Score:2)
1. Write VBScript virus w/ proprietary license.
2. Infect the whole goddamn world with it.
3. Sue EVERYBODY.
4. SCO^H^H^H Profit!
Re:Scripting exploit (Score:2)
Re:MSN Killer? (Score:2)
Re:Source (Score:3, Interesting)
I don't know, but the Department of Homeland Security, the FBI, and the CIA are looking for them also.
Re:Source (Score:2)
In a building on a floor no one can get to, behind a locked door with no key.
Re:An End To This Anarchy (Score:3, Insightful)
That approach, while fine twenty years ago, isn't at all realistic today. Today PCs are sold as something which is easy to use and useful for everyone. And they should be. The fact that they aren't is the problem of the people who designed/implemented things badly in the first place.
Given that all most people want a PC for is web browsing and email, why the f*ck haven't Microsoft come up with an OS which can do that, and just that, without any security risks at all? This puzzles me somewhat.
Regardless,