New IM Worm On The Loose 407
elfarto writes "Techweb is
reporting that a new worm that spreads via Microsoft's instant messaging client
began badgering users Monday, several security firms said.
Dubbed Funner, the worm propagates by sending itself to all the contacts listed
in the user's copy of MSN Messenger, Microsoft's IM client.
There is an analysis on
Symantec Security Response Site; apparently the worm tries to download stuff
from www.78p.com and adds entries to the hosts
file pointing to more that 400 Chinese porn sites. The worm also sends itself to
the whole contact list as funny.exe so it requires the user interaction to
actually execute it. "
Another reason to move to GAIM (Score:2, Funny)
Re:Another reason to move to GAIM (Score:5, Informative)
Re:Another reason to move to GAIM (Score:3, Funny)
Re:Another reason to move to GAIM (Score:2)
Re:Another reason to move to GAIM (Score:4, Informative)
Re:Another reason to move to GAIM (Score:3, Informative)
Re:Did I miss the memo? (Score:3, Funny)
Was that when some attention-starved sluts starting showing off their boobs...
You sound like you think this is a bad thing.
Anyway, it's not like IM is a professional tool, it started off as a quick way to send little messages and grew. Think about the main user base teenage kids, folks in their early twenties and geeks. Of course it's a reasonable guess to say 50% of that user base is male. So that's geeky males, student males or males going through hormone hell. Of course it became a requsitie when br
Re:Another reason to move to GAIM (Score:5, Funny)
Re:Another reason to move to GAIM (Score:5, Informative)
Even better, set your little sister up with Linux and not have to worry about all the other crap funny.exe will do.
Don't forget... (Score:5, Informative)
FreeBSD [freebsd.org]
OpenBSD [openbsd.org]
NetBSD [netbsd.org]
DragonFlyBSD [dragonflybsd.org]
Re:Don't forget... (Score:3, Informative)
Mac OS X [apple.com].
Re:Another reason to move to GAIM (Score:3, Funny)
The WINE team are working hard every day to improve their compatibility with modern Windows viruses for the Windows enthusiast who insists *all* of their software runs.
Re:Another reason to move to GAIM (Score:5, Funny)
Re:Another reason to move to GAIM (Score:3, Insightful)
it finds porn? (Score:5, Funny)
Re:it finds porn? (Score:2)
Re:it finds porn? (Score:3, Funny)
This will be successful..... (Score:3, Funny)
Geez, who cares. If a dumbass like me thinks that would be ridiculous, I'm sure everyone else in the world would think so too.
Re:This will be successful..... (Score:5, Insightful)
Users can be psychotic sometimes...!
Re:This will be successful..... (Score:3, Funny)
When I heard about it, first thing I thought was "Hey, at last a practical use for those Turing test AI's"
virus: hey its [nick gotten of settings] here, you gotta check this out.
* virus sends file
bob: did you check it for virus
(match word virus) virus: yeah, I checked it out, its safe.
Also could check for 'is it...you', various 'bye's, etc. Actually get around the 'don't run stuff you shouldn't trust thing'.
Now mod me down before a worm author sees this comment and actually writes a messenger w
Re:This will be successful..... (Score:5, Funny)
*sigh*
Re:This will be successful..... (Score:5, Insightful)
Re:This will be successful..... (Score:2)
But how would Windows users notice? That's normal operation for most of them.
is it just me or is it my friends (Score:5, Funny)
Re:This will be successful..... (Score:3, Informative)
This doesn't apply to files that require an interpreter or emulator, like
Re:This will be successful..... (Score:5, Interesting)
The knowledge (or lack thereof) of the average computer user is the real reason that security is such an issue today.
Re:This will be successful..... (Score:5, Funny)
Re:This will be successful..... (Score:5, Insightful)
That's like saying "All Linux users are elitist snobs", just because there's some jerks mixed in out there.
Re:This will be successful..... (Score:2)
Re:This will be successful..... (Score:3, Interesting)
Re:This will be successful..... (Score:5, Insightful)
Not only are MSN users ignorant, most Joe and Josephine users are that ignorant *in general*.
I just spent 3 hours today cleaning up a machine that had upwards of 60 trojans and other malware on it. One of which was a keylogger. It was amazing that this machine ran at all.
Does the owner of said computer have any clue about how all this malware got there? Nope. He's got 3 kids, though, that all use the same computer. I
He is ignorant, in the truest sense of the word. He is also *typical* of most home computer owners. People these days expect their machines to simply work, like toasters, because the interface hides the real complexity. I have been trying to educate him, and it's been a battle.
But regardless of that, MSFT has never done any User Education itself. Bill prefers it that way, and that's a shame. Keeping the users ignorant allows MSFT to Blame The User when it comes to exploits (You Failed to Upgrade!), allows them to force DRM down their throats, and basically allows the company to run roughshod over its customer base, without complaints.
So yes, MS users are ignorant. They simply do not know better, and their precious vendor, Microsoft, is aiding and abetting this ignorance.
So what are *you* doing to educate your users?
--
BMO
Time to switch, perhaps? (Score:5, Insightful)
Re:Time to switch, perhaps? (Score:4, Informative)
Re:Time to switch, perhaps? (Score:3, Insightful)
I have almost considered helping them instead of complaining, but I have no idea where to get started on an open source project.
I'll still continue to use Gaim until another GPL/LGPL multiple IM client comes along.
Woohoo! (Score:5, Funny)
Re:Woohoo! (Score:5, Funny)
why MSN is having trouble? (Score:4, Interesting)
Re:why MSN is having trouble? (Score:5, Funny)
No, that's normal.
Impact? (Score:5, Informative)
Re:Impact? (Score:5, Interesting)
Well, here's another argument against "Microsoft software gets broken into more, because it is more widely deployed". (Besides Apache vs. It Isn't Secure.)
Dammit (Score:5, Funny)
LUA (Score:4, Insightful)
Re:LUA (Score:2)
Re:LUA (Score:5, Insightful)
Seriously, they would have 19 gazillion support calls the next day.
Re:LUA (Score:5, Funny)
Frequently, these start up a service when they run. It would be very hard to make these work as non-admin.
Personally, the first thing I do when I find a game like this is download a no-cd patch/crack. Then I can run it unprivileged.
There are exceptions; the last icq client I tried won't even run as 'power user' and must be run as administrator.
The developers of this sort of rubbish need electric shocks applied to their genitalia every time someone gets infected through their crap application.
Re:LUA (Score:5, Insightful)
And don't think loggin out and back in would solve the problem; you just install in the user's logon scripts rather than the system boot scripts.
Apart from protecting other users' files, non-privileged accounts don't add a whole lot of security. And on Windows, it hardly works anyway. There are many things that should work for regular accounts but don't, and other things that shouldn't but do.
Re:LUA (Score:3, Informative)
There are 2 reasons why this doesn't work at the moment.
1) non-power-user don't even know what I limited-user account is (or that it even exists).
2) power-user usually use other OSes for day-to-day tasks, but keep Windows handy for gaming. However, 95% of the games won't work in limited-user mode... not because the game developpers are lousy and can't
Terminology question (Score:2, Insightful)
Worms... (Score:5, Insightful)
Re:Worms... (Score:2)
d'oh (Score:5, Funny)
First good reason i hear to switch to Windows.
worm isnt going to do much damage (Score:5, Funny)
www.78p.com has address 1.10.5.89
Re:worm isnt going to do much damage (Score:3, Interesting)
08:21:54 MDT (-0600) Tue Oct 12, 2004
1. blah.blah.net (aaa.bbb.ccc.ddd) 0.8 ms
2. blah2.blah.net (aaa.bbb.ccc.ddd) 5.1 ms
3. blah3.blah.net (aaa.bbb.ccc.ddd) 6.7 ms
4. *
5. *
6. *
7. *
8. *
9. *
10. *
11. *
12. *
13. *
14. border10.s6-4.pcisys-1.den.pnap.net (216.52.42.13) 7.4 ms !H
Trace complete.
Re:Mod Down (Score:3, Informative)
Stupidity at its best (Score:2)
But 400 chinese porn sites? Add me to your MSN, quick!
Re:Stupidity at its best (Score:2)
I've read the descriptions on this one and I see no social engineering at all other than the name "funny" - the bar on the human element is far too low.
Re:Stupidity at its best (Score:2)
The sole purpose of hiding extensions is to avoid scaring imbeciles who freak out at the sight of a period and three letters.
Porn? (Score:2)
So...horrible virus...yes...only affects MS Messenger people..horrible..um......
Ok look, anybody have a copy of it? Or at least the URLs?
A step back (Score:5, Funny)
Trolling... (Score:5, Funny)
And they don't run as Admin anyway, so the worm couldn't even infect them if they did click it...
And Microsoft will surely release a prompt fix to address this issue...
So I don't see what the problem is here. :-)
Re:Trolling... (Score:2)
I don't know about Windows, but on unices I can install software just fine as a regular user. I can even make it start automatically from my login script, or periodically from a cron job. It has full access to all my files and regular network access...you see where I'm going: malware can still do a lot of damage when run by a normal user.
Re:Trolling... (Score:3, Informative)
Clever! (Score:5, Funny)
Ohhhh... I see the plan... we slashdot 78p.com, thus limiting the 'worm's damage!
Good thinking, guys!
Just [78p.com] doing [78p.com] my [78p.com] part. [78p.com] ;) [78p.com]
Re:Clever! (Score:2)
Worm name in article is wrong (Score:5, Funny)
------------------
Rate free iPod offers: RateTheOffers.com [ratetheoffers.com]
(Flat screens and Desktop PCs too)
Symantec Analysis (Score:3, Informative)
Other than that, not much info there, except it points out the obvious, that osX users are not affected, since this appears to be a Visual Basic bug.
If nothing else, the listing of some 940-odd asian porn sites on the Symantec page will be useful to someone...
Uh Oh (Score:2)
In other news, Firefox and Linux usage dropped dramatically today and Apple has just declared bankruptcy.
Whoa! (Score:2)
Computer Baddie Etymology (Score:2, Informative)
Since this virus requires human interaction, it is a virus and not a worm.
Re:Computer Baddie Etymology (Score:3, Informative)
Is there a problem? (Score:2, Redundant)
Slashdotted already. (sigh)
You can be rich !! (Score:5, Funny)
China rewards porn snitches [slashdot.org]
1)run windows 2)get infected 3)receive list and fwd to the chineese authority 4)profit!!
MSN downtime (Score:3, Informative)
Almost all of my contact list confirmed having the same problem.
Re:MSN downtime (Score:3, Informative)
First, I got messages opening in a window, from people that I don't know.
Then, some messages from people I know, appearing in that same window, instead of their own window.
And after that, a pop up message, from MS, stating the service was going down for maintenance.
It lasted more than one hour.
Fact checking? (Score:5, Funny)
How do they know that all 400 are porn sites? Did someone actually sit down and visit every one?
Also, are they hiring?
Re:Fact checking? (Score:3, Funny)
Reward for Chinese porn sites (Score:2)
Funny.exe funny extension (Score:2, Funny)
well I don't get off on Chinese porn so please, (Score:2)
So much for natural selection (Score:5, Funny)
One day, with a bit of luck, people opening attachments/files/emails/whatever like this will be considered much the same as people eating strange pieces of food that they find in the street.
For those in the support side of the field, remember that as long as there are stupid people (and there always will be) security vulnerabilities will always be a poor second cousin to humans. The bulk of your support calls won't come from clever little worms that capitalise on obscure security flaws in a product, they'll come as a result of idiots thinking that "nakedwoman.exe" is actually something they want to see.
Yet another reason we should embed cattle-prods into keyboards... "wow, some stranger sent me some naughty pictures of herself! Pity they're archived, I'll just double-click and let them extract themsel *zaaaaaaaap!!!*"
Suspicious... (Score:3, Insightful)
Hell (Score:5, Insightful)
Re:Posted live on The Screen Savers (Score:2)
Re:Posted live on The Screen Savers (Score:2, Informative)
Re:Posted live on The Screen Savers (Score:3, Informative)
Re:Posted live on The Screen Savers (Score:2)
Re:Posted live on The Screen Savers (Score:2)
Re:Obligitory windoze comment... (Score:5, Interesting)
The fact is, Windows has a solid, well implemented, priviledge system. The second fact is that they gave this up in favor of app compatiblity (crappy programs that expect to write to the windows directory just to run, versus to user directories) and ease of use. This is biting them in the ass, and they are working on getting people away from running as Administrators. Just not as heavy a push as I'd like.
Re:Obligitory windoze comment... (Score:5, Informative)
The kind of people who would execute this file, are the same kind of people who wouldn't know how to give some file execute permissions if they were running a Unix-based workstation (probably even OS X).
This is not a Unix security feature (Score:3, Informative)
Second, this "feature" is not there for any high-brow security reason. Back when Unix was first written reading disks was *very* slow. And the path tended to contain "." and people tended to pile many files into the current directory. When you typed "bla
Re:Obligitory windoze comment... (Score:2)
Re:400 porn sites? (Score:5, Funny)
Re:400 porn sites? (Score:2)
And I learned something interesting as a result of that - google.cn (the Chinese tld) is run with phpBB. Obviously not Google! (At least, I hope).
Re:Bleh. Jabber (Score:2)
Re:Bleh. Jabber (Score:2)
Re:And here's your answer to the Chinese porn boun (Score:2)
Why switch OS's? Just switch clients. I use (ha! There, I admit it!) AIM. Why? No crap spam messages like you get with ICQ, It's not a MS product so I can limit the amount of fluff I see, it's free, doesn't require a sub to anything, and it's not an interface using an account I'd have to create anyway (hi Trillian) just so I can say I don't use it.
Yes, it has an ad in the main window with my buddy list, so what? I don't see that part of the app 99% of the time anyway. Nobody sends me messages at random a
The Screen Savers (Score:2, Informative)
Keep in mind that the show is a shadow of what it used to be. The new host (Alex) isn't near as knowledgable as the host he replaced, though he does seem to be getting better. Also, they put tons of commercial plugs into the show now in the name of "give-a-ways." Ever since Comcast bought it, cancelled half the shows, then integrated TechTV into G4, the show hasn't been the same, though it is gettin
Re:The Screen Savers (Score:3, Interesting)
Basically I think LA is a lamer city then San Francisco. If LA notices something it becom
Re:It's all part of life (Score:3, Funny)
The average Joe won't learn safe computing habits until Dell, Gateway, HP, and Compaq start issuing keyboards and mice complete with 10,000 volt negative reinforcement "bad user, no treat" features. People with no computer knowledge are the last to admit their ignorance caused their problems.
Re:Requires User Interaction to spread? (Score:2)
I was under the impression that a worm was self spreading by exploiting a vulnerability in the target.
After reading the security response, it's clear that this is just a virus exe that uses messenger as a transport. The only vulnerabilities that this exploits is "ID 10 T User Errors".