Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Microsoft Operating Systems Software Windows

Bagle/Beagle Variant Includes Source Code 219

NASAdude writes "Sunday brought a lot of fireworks... and the release of two new Bagle/Beagle variants. One of the variants includes a copy of its source code as an attachment as it spreads via email. It is expected the inclusion of the source will result in numerous variants. It's been dubbed Beagle.Y and Beagle.Z by Symantec and Bagle.ad and Bagle.ae by McAfee. ZDNet ran a story that covers these new variants."
This discussion has been archived. No new comments can be posted.

Bagle/Beagle Variant Includes Source Code

Comments Filter:
  • new name (Score:2, Funny)

    by millahtime ( 710421 )
    And it will be come to be known as beagle.painintheass
  • CVS (Score:5, Funny)

    by BenBenBen ( 249969 ) on Tuesday July 06, 2004 @07:11AM (#9620131)
    beagle.sourceforge.net doesn't have it :(
    • Re:CVS (Score:3, Funny)

      by akadruid ( 606405 )
      Give us a chance, we're just updating the project page. I was going to upload it but the other l33t h4xorz say there's some gentlemen wearing black suits at the door...
    • Re:CVS (Score:3, Funny)

      by jaavaaguru ( 261551 )
      Do you know when the UltraSPARC port will be available? I've been feeling pretty left out...
    • You could still get bagle.sourceforge.net - sf.net/projects/bagle returns "Invalid project"...
    • Re:CVS (Score:5, Funny)

      by dave_mcmillen ( 250780 ) on Tuesday July 06, 2004 @08:48AM (#9620771)
      Laugh if you will, but I for one applaud this new era of open source viruses . . . Wait . . . Oops, my "open source = good" reflex was triggered before my brain had a chance to think about it.
    • Re:CVS w (Score:4, Interesting)

      by SuneSpeg ( 662034 ) on Tuesday July 06, 2004 @08:48AM (#9620772) Homepage
      Actually.. i know its been tried before, i think it was code red/nimda ?, where someone made a patch spreading in same manner, but instead it patched the systems.

      About time to try that concept again ?
      I know its gonna generate some traffic, but 1 new variant amongst 50+ new others isnt much.

      Consider pro/cons

      + you could patch most of the vulnerable systems by including the official M$ patch
      + inform the user that the pc is victim of a virus and lead him/her to a virusscan.
      + remove the original virus, or some of the variants.
      + save bandwidth/spam for each pc fixed [1]

      -generate more traffic [1] nothing compared to the current amount of net traffic and spam it generates.
      -would be illegal

      Worth to consider imho, if you write it properly and not suffer from same flaws as the codered one did. Im sure you could do far more good than harm .

      beagle.sourceforge.net might not be the proper place for it though :)
      • Re:CVS w (Score:5, Insightful)

        by mwood ( 25379 ) on Tuesday July 06, 2004 @09:48AM (#9621485)
        *sigh* Please don't release another anti-virus-virus. The last one was at least as much a pain as the one it was supposed to cure.
        • Re:CVS w (Score:2, Interesting)

          by SuneSpeg ( 662034 )
          Indeed it was, but it sure also had some flaws. Learning by the mistakes of it, and write a smarter anti-virus-virus, im sure you could generally benefit from it. Personally i prefer to see a little log entry in my firewall, than 500 pieces of spam in my inbox. No doubt its an unusual approach, but what other (working) methods do you suggest to wipe out 50 new variants ?
        • Re:CVS w (Score:3, Interesting)

          by einhverfr ( 238914 )
          *sigh* Please don't release another anti-virus-virus. The last one was at least as much a pain as the one it was supposed to cure.

          Also many of the mass mailers do stop and try to disarm other mass mailers. This is not uncommon becuase it prevents the virus from being detected if someone doesn't update their AV until they find one that is old enough to be in the signature files.

          Such an Anti-virus-virus, would just be another of these viruses. No more or less.
    • Re:CVS (Score:3, Funny)

      by VivianC ( 206472 )
      Does anyone know if it is licensed under GPL or a BSD license? If I make modifications and distribute it, am I obligated to provide the source code to anyone who asks? I don't know if I want to risk contaminating my proprietary viruses with this open source virus.
  • any news on beagle.mars?
    epic
  • ....to say that 'open source' is bad?. In all seriousness - what is the end to all this?
  • Title (Score:3, Funny)

    by Sepper ( 524857 ) on Tuesday July 06, 2004 @07:14AM (#9620152) Journal
    Reading title fast, I thought that NASA had released some source code... *sigh*
    • Re:Title (Score:5, Informative)

      by rjw57 ( 532004 ) * <richwareham@nOspam.users.sourceforge.net> on Tuesday July 06, 2004 @07:23AM (#9620190) Homepage Journal
      You mean the UK Universities which made Beagle2 ?

      Not everything space-related is NASA you insensitive clod! :)
      • Re:Title (Score:5, Funny)

        by akadruid ( 606405 ) <slashdot&thedruid,co,uk> on Tuesday July 06, 2004 @07:30AM (#9620224) Homepage
        Not everything space-related is NASA you insensitive clod! :)
        You can tell NASA's attempts from UK Universities with this simple test.
        Did space object in question:
        a. Crash and burn due to problems with the metric system or
        b. Vanish without trace

        If a then object is of NASA origin, if b, then non-NASA.
        Hope this helps clear up any confusion.
        • a) sorry to disapoint you but NASA uses metric too, infact in all sciences metric is used is is only the general population of the US that uses the other system.

          And speaking as a US citizen when well we learn and drop our current system for the metric, a much better system.
          • Re:Title (Score:3, Informative)

            by GregChant ( 305127 )
            Grandparent was referring to this [wikipedia.org].
  • ouch (Score:3, Informative)

    by mpost4 ( 115369 ) * on Tuesday July 06, 2004 @07:16AM (#9620157) Homepage Journal
    that could hurt, now every kiddy scripter can get a copy of the code. how many (in reason) letters can we put at the end of the virus name to declare a new variant? watch out for Beagle.zzzzzzzzzzzzzz comming this July to an inbox near you.
    • by account_deleted ( 4530225 ) on Tuesday July 06, 2004 @07:20AM (#9620183)
      Comment removed based on user account deletion
      • Re:ouch (Score:4, Insightful)

        by mpost4 ( 115369 ) * on Tuesday July 06, 2004 @07:24AM (#9620199) Homepage Journal
        Read teh artical, it says it is commented to help people understand what is going on aka think of this

        (example given in MIPS since it is the only assembler I know)


        li $24 1025 # this line loads into the register 24
        ## the port to be explorted (in this case port 1025)

        well think about this the kiddy scripter does not need to know that li is load imedate but all he needs to know is 24 is the register, do not touch, and 1025 is the port, change to a new port to try.
    • Re:ouch (Score:3, Interesting)

      Speaking from expierence, once source code is released there realy is no limit to how many varients we can expect.

      Bots in particular have sky rocketed. In the last few months alone we have seen names jump from two letter varients (bot.ay) up to 4! (bot. wrzq) Do the math, its an insane number.

      One of the major contributing factors are virus generators! Yes there are programs out there that will write the bot for you!

      On the other hand, because they are all variants of the same family, they are fairly

      • Yes there are programs out there that will write the bot for you!

        This is new exactly how? Things like this are around for decades, the earliest I remember for DOS was VCL (Virus Creation Lab), but we had things like that on the C64 in the 80s already. But, as has been said, those are easy to detect as all 'created' virii derive from the same codebase.

        Not that there has been AV software for the C64. ;)

    • Re:ouch (Score:5, Funny)

      by Rithiur ( 736954 ) <rithiur@gmail.com> on Tuesday July 06, 2004 @08:18AM (#9620534) Homepage
      And in the other news today, new variant of the Beagle virus, Beagle.goatse, opens a easily abusable back door in your system. However, so far it seems that hackers have been unwilling to use this hole to breach into our computer.
  • by Anonymous Coward on Tuesday July 06, 2004 @07:17AM (#9620164)
    Can someone please make a variant that makes users regret not patching their systems? Like, overwrite the BIOS, turn ones into twos in all spreadsheet documents, delete all JPGs, MP3s and AVIs, send a resignation to boss@yourdomain.com and a log of your online banking transactions to the FCC, donate 10 bucks each to the KKK and THEN put up a screen which lists all that.
    • Hold one, so you want to ruin someones life for a mistake (yes a big one, but still) "send a resignation to boss@yourdomain.com" if you want to be evil and make a variant, make one that will patch the system and die.
    • A much better solution would be to turn the computer into a spam zombie that only spams itself. After a few thousand spam messages from themselves cloud their inbox, they might actually realise, "Oh, This IS annoying!"
      • by JosKarith ( 757063 ) on Tuesday July 06, 2004 @07:49AM (#9620332)
        Nope. The best idea would be to search for .mp3's, or .jpg's that have a lot of "flesh tones" and corrupt them.
        After all, killing someone's OS is annoying, but deleting someone's pr0n collection is tantamount to declaration of war.
        Either that or randomly e-mail samples from said collection out as well as copies of itself with a header "Do you know what has hidden on his computer?"
        I really shouldn't be giving people ideas should I...
        • Re:Pretty please (Score:3, Interesting)

          by drinkypoo ( 153816 )
          That outlook worm a while back did mail random samples from someone's document collection out. As the ratio of pornography to other documents on the system rose, the likelihood of the system sending out one's porn increases, so it should be a self-controlling system...
      • Re:Pretty please (Score:4, Insightful)

        by anon*127.0.0.1 ( 637224 ) <(moc.amrakduab) (ta) (todhsals)> on Tuesday July 06, 2004 @07:56AM (#9620375) Journal
        Oddly enough, had something like that happen to one of our agents. He called in to complain that he couldn't get any work done. Every few seconds, his PC would pop up a little window saying "Scanning outgoing EMail" and lock up for a moment. Then the window would disappear and everything would be back to normal. Until the window reappeared.

        Turned out he'd picked up a mass mailing virus. He had Norton AV installed, but hadn't wanted to pay to keep his virus defs updated. Norton was scanning every outgoing EMail, but didn't see anyting it recognized and let them all pass through.

        I told the guy he'd have to pay to update his virus defs in order to fix the thing. Actually, Norton offers a free remover for that particular virus, but I didn't want the guy calling me back in another two weeks with a different virus.

    • I've often wondered why this hasn't happened. It's just what the world needs. Yes, some data (read pr0n and mp3s) would be lost, but it would teach a lot of valuable lessons - lessons which must be learned somewhere along the line. Keep backups. Use a firewall. Keep up-to-date with patches. Don't trust *anyone*. DON'T USE WINDOWS!

      Something simple, like writing big random blocks of data all over the disk would be enough. (Got to defeat those pesky undelete tools.) Screw the bootblock, hose the VTOC (or what
    • Re:Pretty please (Score:3, Insightful)

      by Sangui5 ( 12317 )

      Really, that's a little unfair. I mean, not patching has been relatively consequence free for quite a while now. Suddenly dooming them right away is a bit harsh.

      Rather, I'd create a small family of malwares, and have each one leave behind some indication of that it had been there. Do it in some way that the virus scanners may have a hard time cleaning it up. Also, notify the users that they've been hit. Tell them this is their last chance to repent. Give them pointers to resources to help them repen

    • Can someone please make a variant that makes users regret not patching their systems?

      Some ideas:

      It installs Linux on their system (let them figure out that dependency hell!) [note to self: make sure it isn't Debian, apt-get rocks]

      It makes their homepage default to Slashdot

      It sends an email to RMS every day saying "Aren't you the guy who created Linux?"

  • How long... (Score:5, Funny)

    by rjw57 ( 532004 ) * <richwareham@nOspam.users.sourceforge.net> on Tuesday July 06, 2004 @07:17AM (#9620166) Homepage Journal
    How long until SCO sues Bagle's author for copyright infringement....
    • Re:How long... (Score:2, Insightful)

      by Smidge204 ( 605297 )
      1) Create worm that infects millions of computers.

      2) Claim users have installed your software without puchasing a license. Threaten to sue unless $699 fee is paid per machine.

      3) Profit!

      Oh my...
      =Smidge=
  • by Snaapy ( 753650 ) on Tuesday July 06, 2004 @07:20AM (#9620179)
    Funny.

    If you try to google Bagle assembler "source code" [google.fi]

    you'll get

    Microsoft shares source code with students - ZDNet UK News [zdnet.co.uk]
  • by Advocadus Diaboli ( 323784 ) on Tuesday July 06, 2004 @07:23AM (#9620197)
    So far you could spot a viurs author by the "evidence" that he had the source code of the virus on his PC. Now everybody has the source. I guess we need bigger jails soon.
  • Is this something we're going to start seeing more of? There are already enough variants of viruses as it is. Imagine the craziness of five thousand variants of every virus that comes along. Gaobot was already painful enough to deal with.
  • Seen it... (Score:5, Interesting)

    by lachlan76 ( 770870 ) on Tuesday July 06, 2004 @07:26AM (#9620209)
    Seem Familiar? [bbspot.com]

    In all seriousness, having the source code can't be a bad thing, since this way, it'll be easier to stop if we understand how it works.

    And at least if we all get a virus, there is a good programmer behind it, and it's less likely to crash on all of us.

    Normally I'd consider virus writers the scum of the earth, but this one is talented enough to be a professional hacker, from my limited experience with assembly language (512 byte boot sector on a FD). Not that I endorse email worms, but this guy has talent.
    • Re:Seen it... (Score:2, Insightful)

      Normally I'd consider virus writers the scum of the earth, but this one is talented enough to be a professional hacker, from my limited experience with assembly language (512 byte boot sector on a FD). Not that I endorse email worms, but this guy has talent.

      Sociopathic, self-centred, a total arsehole, but talented nonetheless.

      Man, if the author could be turned to the Light Side though... small, efficient windows applications, well written in assembler... sounds like Steve Gibson's Evil Twin.

  • This is so boring. Soon we'll have Bagle.zzz.
  • What license is it released under?
  • by PakProtector ( 115173 ) <cevkiv@@@gmail...com> on Tuesday July 06, 2004 @07:29AM (#9620222) Journal

    This just brings to mind an idea I've had for a long time now. And it's in no way an unique idea, I know that for a fact.

    So here's the idea: Write a variant of one of these viruses. And he's what it does. When it infects a machine, it sends out copies of itself to every person in the address book. After that, it forces the machine to download some sort of Anti-Virus software. PC-Cillin or NOD32 are favorites of mine. It installs them, then forces a Windows Update.

    Sounds good, right? But read on. My second idea is better.

    Here it is:
    Viral Anti-Virus Software.
    Most virus recognition is based on Pattern Recognition, from what I have garnered from my research. Create a virus that spreads like wildfire -- kind of like Melissa and Code Red spread all crazy-fast -- except this little bit of code contains Virus Recognition software in it. It invades unprotected boxen and then starts a continuous scan for Viruses.

    You know how most people click 'Yes!' to anything that pops up, a la Gator?

    Have this little golden nugget of Illegal Do-Gooding pop up a small dialog saying, "File.Extention is infected with a virus (XX% Probability). Do you wish to delete? Y/N?"

    And just to hold with custom:
    Step One: Create Virus.
    Step Two: JAIL!
    Step Three: PROFIT!

    • by Anonymous Coward on Tuesday July 06, 2004 @08:26AM (#9620581)
      There have been several "anti-virus viruses" that didn't quite work, and ended up being a major pain to deal with.
    • Although your idea may help prevent PCs from becoming infected, it will still clog up networks with all of its traffic, possibly causing network outages and lost money for the business. In the end, your "solution" really isn't much better than the problem.
  • this is not news (Score:3, Insightful)

    by ajs318 ( 655362 ) <sd_resp2NO@SPAMearthshod.co.uk> on Tuesday July 06, 2004 @07:38AM (#9620273)
    All it means is that there are still clueless people using computers. I already know that. Sometimes I think it's a damn shame viruses can't do the kind of real, permanent damage that shocks a clue into people -- if there is such a thing. For once I'm actually wishing for a SCO story.

    Please, please, please, I know I'm preaching to the choir here, but please, for crying out loud, please if anyone ever asks you about buying a new computer, just point them towards the nearest Apple authorised reseller. If they complain about the price, point out that the inherent usability and security designed into Mac OS X from the ground up will more than pay for itself in terms of not cursing and screaming at the damn thing every time you boot it up. If that doesn't work, mention that Macs are prettier. If that still doesn't work, give them six months tops before you're saying "I told you so".

    Windows may be popular but that doesn't make it any good.
  • by mindmaster064 ( 690036 ) on Tuesday July 06, 2004 @07:41AM (#9620286) Homepage
    I'm so glad my entire network is running Linux. :) I swear there is some major virus every goddamn week. Linux has it's own problems, but I am glad I can do something about them. I wonder how long it will take for businesses to realize that running around chasing exploits and viruses isn't a good way to make use of your technical support staff time.

    -Mind
    • Eventually, as *nix based machines become more wide spread, these idiots will spend more time looking for holes...

      True it wont be as many as windows currently does, but they will be there..

      And you cant discount the trojans that dont need anything other then the user behind the keyboard to cause local profile damage, and spread..
  • by Domini ( 103836 ) on Tuesday July 06, 2004 @07:47AM (#9620324) Journal
    And what about a copyright notice on Virii in future? Could MacAfee be sued for reverse-engineering a virus?
    -grin-
  • One of the variants includes a copy of its source code as an attachment as it spreads via email.

    Just what we need. An Open Source Virus. And if it is somehow GPLed, we'll *really* have viral licensing. ;)
  • by HBPiper ( 472715 ) on Tuesday July 06, 2004 @08:02AM (#9620423)
    Its a resume!
  • Assembler, I laugh at you..

    I had "I Love You" faxed to me over a mail-to-fax gateway back in the day :D

    Complete with VB-script sourcecode.
  • If someone wanted to really cause problems, they'd modify that thing to use port 80 to spread itself, and disguise the packets as /. traffic. What admin would notice if it was a virus, or just some new story on /.?

    D'OH!
  • by Minwee ( 522556 ) <dcr@neverwhen.org> on Tuesday July 06, 2004 @08:15AM (#9620504) Homepage
    "Only wimps use tape backup. Real men just include their important stuff in a Windows worm and let the rest of the world mirror it."
  • by alteridem ( 46954 ) on Tuesday July 06, 2004 @08:45AM (#9620751) Homepage
    Oh wait, there are a dozen in my inbox already. God you guys are quick, thanks ;)
  • The McAfee virus info page says that the source code is encrypted. Assuming the author used something sound like PGP, we'll probably never see the source code.
  • ... of the open source paradigm. Will "many eyeballs" lead to a supervirus in an absurdly short time span? Or will it lead to the rapid evolution of anti-viral software?

    Either way Microsoft will offer this as proof that those Open Source guys are all evil.
  • They tell me everything but explicitly how it spreads!!

    YesI know it opens a backdoor on port 1234, I know all about what it does, and I know I need to update my virus scanner here.

    How the fuck do I prevent getting it? Is it a vulnerability in Outlook specifically? or is it truely something in WinXP/2k like the virus definition page suggests. Do I have to execute the attachement to catch it, or as soon as outlook opens the email I have the virus?

    Fucking BS virus defn pages don't seem to want to tell us h
    • The antivirus companies want you to get infected. That way, if you have their software, it tells you it found the virus and you see that your purchase was justified; if you don't have their software, you get hit by the virus and start thinking that maybe you should buy some antivirus software.

      If antivirus vendors told everyone how to avoid getting the virus without using antivirus software, they'd be reducing demand for their own products.

  • Whats the motive (Score:2, Interesting)

    by nmk ( 781777 )
    I have often heard people say that Linux and OS X are more secure due to obscurity. I was just wodering if one can, perhaps, look at the situation from a different perspective. Geeks have hated MS for a long time, and they are the ones who have the technical skills to exploit Windows vulneribilities. The internet has finally given them a way to attack MS with their limited resources.

    One is often made to believe that Windows viruses and trojans are primarily the work of scrip kiddies and that windows is sim
  • Great.. Now Microsoft can legitimately say that Open Source enthusiasts write viruses and therefore Open Source is evil ...
    • There seem to be a lot of stupid people here on Slashdot today, who automatically assume that becasue something includes source, it is open source. There is in fact, in the laws of the US, UK, most of Europe, and anywhere else signatory to the berne conventions, implied copyright on anything which is written, including software. It actually needs an explicit statement to release anything as "open source" (which needs a licence to be defined or referred to) or as "public domaon".
  • I'm surprised . . . (Score:3, Interesting)

    by WhiteWolf666 ( 145211 ) <[sherwin] [at] [amiran.us]> on Tuesday July 06, 2004 @11:59AM (#9622986) Homepage Journal
    that the killer worm hasn't come yet.

    Seriously.

    Not that I'm looking forward to that day, as it means that I'll spend a WHOLE lot of time fixing other people's computers :( :( :( :( :(

    But all the 'I Told You Sos' might be worth it.

    Given that these worms are getting to be pretty sophisticated in how they spread (IIS server exploit ->IE activeX exploit), and given that although MS does a 90% good job in patching them, the poor rate of patch (what? patch my computer? but it works fine), and total reluctance to switch to non-MS products (The VP of our company refused to switch from MS, even after the CERT warning. "Why would I want Mozilla or something? MS just released a patch for that problem you are talking about"), I'm STUNNED that someone hasn't gone nuts, and torched the Windows World(TM).

    No terrorist group, no crazy psychotic hackers, no insane foreign governments.

    No Russian organized crime group holding a corporation hostage.

    Nothing. Nada. Zilch.

    Strange.

    I still think its coming. Perhaps I'm just a pessismist, but I think that 'cyberwar' may still be on our horizon, and even if you, Ms. Super-Smart-Geek is able to protect your system, 90% of the windows world will not be able to.

    And instead of spam, we'll see permanent bios corruption, or something else, that will simply f*ck their computers.

    I'm scared of it, anyways. I only hope that it happens far enough in the future that I can earnestly say, "I can't fix that, I using Windows back in the 2000-era, I don't know anything about your XP-SE, your Longhorn, etc. . . "

    I spend too much of my time on service calls as it is, for my parents, for my officemates, for my relatives, and for my friends.

    I try to 'train' them on how to manage a system properly, but its honestly hopeless.

    I'm pretty savy, but back in the day when I ran them, my Windows systems STILL got screwed up sometimes (not often, but occasionally).

    I can totally understand (but not sympathize) when my sister comes back to me and her laptop has got a bazillion pop-up-ware things installed.

    I'll feel bad for her when/if her laptop gets trashed by a virus, but.... I told her to get a mac.....

    Oh well, ce la vie.

    I'll live through the storm, anyways, and so will my backups of the company data.

FORTUNE'S FUN FACTS TO KNOW AND TELL: A black panther is really a leopard that has a solid black coat rather then a spotted one.

Working...