Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Worms Operating Systems Software Windows Security

"Dasher" Worm Brings Christmas Keylogger 114

An anonymous reader writes "A worm called 'Dasher' is exploiting a flaw in Windows that Microsoft issued a patch for in October, dropping keyloggers on infected machines, according to F-Secure. The SANS Internet Storm Center warned earlier this week about the weird traffic generated by the first version of this worm, which apparently was crippled by programming errors. Washingtonpost.com has some information that indicates the worm appears to have originated in China. It appears from the Microsoft advisory that Dasher is a threat mainly to Windows 2000 users, although it could impact Windows Server 2003 and Windows XP users who aren't running SP2." Update: 12/17 17:20 GMT by Z : Fixed link to SANS center.
This discussion has been archived. No new comments can be posted.

"Dasher" Worm Brings Christmas Keylogger

Comments Filter:
  • by Anonymous Coward on Saturday December 17, 2005 @11:42AM (#14279916)
    They can just go ask the NSA what is going on.
  • by PurifyYourMind ( 776223 ) on Saturday December 17, 2005 @11:43AM (#14279918) Homepage
    Wouldn't sifting through data from potentially hundreds of thousands of machines (for popular viruses/worms) be difficult-to-impossible? Or maybe there's a way to determine which account are, e.g. admins on large IRC servers or otherwise useful.
    • I'm sure writing a program to scan through files for a username/password type of entry wouldn't be difficult at all. Most of the important data (Email addresses, usernames, passwords, credit card numbers, etc) are in static format, so they're easy to distinguish from random typing (like this).
    • That depends on the resources of the group behind the attack. If this is an individul importing all the data into a database, then yes, it would be nearly impossible for them to make any real headway. If, however, it is a government faction running a pseudo-AI program to sift out useless data before passing it onto a few hundred minimum-wage key pounders, then very large scale breaches are not only possible, but likely. Of course, the programming errors alluded to in the summary suggest the former over the
      • by Xarius ( 691264 ) on Saturday December 17, 2005 @12:44PM (#14280155) Homepage
        You think Linux is somehow immune to keyloggers?
        • You think Linux is somehow immune to keyloggers?

          It's immune to this keylogger.
        • I think you're much less likely to get hit by a keylogger running Linux than Windows, and that you're 100% less likely to get infected by this keylogger. Linux isn't perfect, but the more people use it the better it gets, unlike Windows which just becomes the target of more hackers and virus writers with no associated increase in bug-fixing.
          • Re: (Score:3, Insightful)

            Comment removed based on user account deletion
            • Let me ask you this.

              Say I'm a hacker, right? And I notice a bug in some open-source code and I notice a bug in MS' new version of IE.

              Now I'm a good person, but I don't have access to the IE code. So I can fix the open-source code, but all I can do about IE (or any other MS product) is tell them and hope they'll fix it but many don't since MS doesn't see them as a problem.

              The only way to get them to fix it would be to prove to them that it IS a problem.

              Sure, there's a lot of bad people who want to

              • Comment removed based on user account deletion
                • "The like I said, be nice and report it. If they ignore you force them to act by releasing a POC on the net."

                  And if they ignore the POC?

                  "The Mozilla dev team has done it multiple times since the release of Firefox 1.0."

                  Has the Mozilla dev team ever rejected any fixes to code? That's what really matters. Now that they're in the spotlight and are under pressure to be better than IE, it's perfectly normal for them to prioritize things. However, I'm sure they haven't rejected anyone's working code fixe

                  • Comment removed based on user account deletion
                    • "No, you don't pull things out of your ass - You regurgitate propaganda that's been fed to you. That's even worse, because propaganda always has a partial truth to it and thus can easily be mistaken for fact. Just because some dude at linuxismygod.com told you so, doesn't make it so. Here's an excersize for you. Go to securityfocus.com or some other security site and compare the amount of vulnerabilities found in IIS6 vs the amount of vulnerabilities found in apache (version 1 or 2, take your pick) in the l
                    • Comment removed based on user account deletion
                    • "That's like me saying desktop linux sucks because when I tried slackware 96 it took me an hour just to get my serial mouse to work, and even longer just to get the vesa driver to work with XFree86."

                      If you ask me, it's not. I paid good money for both Win98 and Win98 SE, both of which claimed to be made with the Internet in mind and claimed to be secure. If they had the Internet in mind and made it secure, why did they make it with so many Internet security holes?

                      Linux never claimed anything to me exce

                    • Comment removed based on user account deletion
                    • The way I recall it, MS said that MOST users should use Win9x and that for HIGHER security purposes such as servers you should use NT. Although I can understand them wanting compatibility with DOS programs, they certainly could've done a better job.

                      While it is too bad that Unix had "Morris", let's not forget that the Internet was still not a very common thing back then and was a much different place than it is today (reminds me of Dave Chappelle's "What if the Internet was a Place" skit :) ). Before the

                    • Comment removed based on user account deletion
                    • That's what I'm saying - personally I like Linux, but if people want to try Mac or anything else. . . fine by me. There's just too many people sticking with Windows even though it's given them TONS of trouble. If they were to just TRY something else - learn on a friend's Mac, download a Knoppix CD, whatever - they'd be better off because at least then they'd know that there are other possibilities if they don't like Windows (and I know many people who don't - that's part of the reason why I mentioned the
          • by teslar ( 706653 ) on Saturday December 17, 2005 @04:55PM (#14281108)
            I think you're much less likely to get hit by a keylogger running Linux than Windows, and that you're 100% less likely to get infected by this keylogger. Linux isn't perfect, but the more people use it the better it gets

            Mmmm... I can only really agree with you on the 100% point concerning this particular keylogger.

            For the rest.... I think it would be pretty easy for me to write a little useful app, which also happens to log all your keystrokes and just release it, maybe package it as a .deb and .rpm and just mass-distribute it. Sure, I'll be found out, but not straight away and I can do a lot of damage in the meantime. The beauty is, I could even release the source of the entire app and the chances that someone will go through it and find the keylogger are pretty slim. I could probably name a couple of files keylogger.c and backdoor.c and it'll go undetected for a lot of people.
            The people that do find out will of course spread the word very quickly in their circles, but the people that do not find out are not likely to be in those circles - newbies in particular, running Ubuntu or Suse and not very sure about how all this linux thing works will be a good target. I think on the whole, it would go undetected and unfixed pretty much on a same timescale as a Windows worm. Damages will be limited due to a lesser distribution and not running as root, but they will be there.

            The last point you mention, linux getting better as more people use it, I find very hard to believe at all. I see what you mean - linux will get better as more developers, i.e. serious professional programmers who know what they're doing, join but not as more people just use it. I'm pretty willing to bet, that of 10 new linux users, 1 will try to improve it, 3 will have an in-depth interest, unafraid to recompile their kernel or to try things out, but the rest will be your Joe Average, finally convinced by his geek friend that he should use it instead of Windows. He will not change his default configuration that came with his user-friendly distro, he will certainly not know of, or touch any configuration file, and if you say that you have an application which automagically crawls the net for Anna Kurnikova pics, he will download and install it The more people switch to linux, the higher the number of absolutely clueless people will be. This won't make linux worse or better, but it will increase the number of targets for malicious people.

            So, in summary, I do think it would be relatively easy to install a keylogger on other people's machines and the more people use linux, the easier it will become to achieve a significant spread.
            • Hmm. While I have to agree, that it would be easy to write, getting it installed is another matter. While you could make the package, the clueless who would just install anything will not use the command line, will not know how to install anything no in the package manager, (is that not why Linux is so hard.. to hard to install software;) so it would have to be included in the stable branch of what ever distribution (ubuntu, suse, mandrake), Fat chance on that.. or walk a person through the process to add y
              • Comment removed based on user account deletion
                • "Root is not required on Linux to run executables or connect out to the Internet, and software does not have to be compiled to run in Linux."

                  You're right, but any program that is run by a non-privileged user (without running su or sudo) can only affect the files and folders that can be modified by that user. Running a virus program as an unprivileged user will only infect that user's files - just delete the user's files, delete the account, create a new account, copy a backup of the user's files, and you

                  • Comment removed based on user account deletion
                    • "You are living in the 90's dude. Outlook and Outlook express are actually very secure email clients nowadays, and won't do shit by default."

                      No, I'm pretty sure they were exploited in 2000 or 2001. I don't remember exactly when, but it was around when I decided to switch.

                      " Outlook won't even render regular html email by default."

                      I bet that looks pretty.

                      Are you serious? There's a security problem with OE. . . so they disable HTML rendering? Simply not making OE able to handle scripts would've done

            • "Sure, I'll be found out, but not straight away and I can do a lot of damage in the meantime."

              No, you can't "do a lot of damage". How do people find out about a Linux app? They hear about it from the Linux sites where the Linux nerds tear them apart and look at their code to analyze it and learn from it. Sure, some misfortunate user might stumble across your code, but it's not likely that they'll ever hear about it unless you trick them into running it - and even then, they might not know how to run/in

        • Immune? no. But if a tank and a car get in an accident, you can generally assume that the tank will come out on top 99.999% of the time. It is possible that there is some design flaw in the tank that will cause it more harm if hit just right. Likewise, *nix are about that immune due to design and build.
        • It's possible that it is immune to this key logger and many others, as most are coded to work on Windows.
      • actually, I would think the goal is to get passwords to secure goverment computer enviroments - the easiest way to do that is through people making mistakes, not attacking the systems. If you know from automated datasorting that the owner of the computer this data is comming from works for say the FBI, there's an offchance he's ignorant enough to use the same passwords at home and at work - enough of these and you could get into many systems.
      • Comment removed based on user account deletion
    • Grep for strings likely to precede useful input, like "myciti.com"
    • Wouldn't sifting through data from potentially hundreds of thousands of machines (for popular viruses/worms) be difficult-to-impossible? Or maybe there's a way to determine which account are, e.g. admins on large IRC servers or otherwise useful.

      I think it would be trivial to write a script to go through the data looking for email addresses & credit card / bank account details.

      I'm sure thats what the author is after....
      • I maybe wrong but couldn't you get the client side keylogger to filter the info to find credit card numbers and only transmit those back?
      • Or to make a keylogger thats smarter than just recording all keystrokes, for example recording an id for every window opened, and showing which windowid was switched to. Then sifting through it becomes infinitely easier -- You could flat out ignore anything in windows of no interest to you(games), but then smart-search through firefox and ie looking for account data.
    • Easily filtered (Score:5, Informative)

      by Valdrax ( 32670 ) on Saturday December 17, 2005 @12:44PM (#14280156)
      Well, if it's from China, it might be an attempt to get sensitive government info. If that's the case, then you could start by filtering down to only keystrokes from .gov & .mil domains. Then it's a matter of looking for short, 6-12 letter words separated by mouseclicks or presses of the enter of tab keys. For the good stuff, look for words that contain a non-alphabetical characters.

      This won't get you into systems with multi-factor identification (like a Secure ID-based password), but it can get you the financial and personal data for government workers who might be subvertible as spies through blackmail, extorsion, or just through a simple offer to help them through a financially difficult time. (This is one reason why your credit history is an important part of getting security clearance.)

      Of course, if you're just looking for financial data to rob people indiscriminately instead of something far more sinister, you can look for sections of text starting with people entering URLs for banks and so on. It's not that hard to write scripts to troll through this sort of data using simple shell scripting or Perl. As someone who works at a telecom company, let me just say that grep'ing through gigs of text data for particular strings (like a phone number in a transaction record) only takes a matter of a few minutes. It's something for which you open up Slashdot to read a single article and then come back.

      No, sifting through this kind of data wouldn't be a technical or resource challenge in the slightest. Receiving and storing it would be the hardest part of the whole operation after actually writing the code to take advantage of the exploit. Extracting data from text files is monkey work.
      • Something i don't get is why hex editors and winrar's view button can open massive files in seconds, while pretty much any MS (and other) products take forever to load whatever it is I'm trying to open
        • Probably because just about everything else has to actually *do* stuff with the data that it is loading?
        • Hex editors don't load the whole file, and this is likely true for WinRAR, too. They are filling a small view buffer, and have to read from the file when you move to a different position in the stream.

          Most text editors will load the full file into memeory, and then load it into an editing window. So you need at least as much memory as file size. You need even more if you're loading something like XML.
      • RTFA from the Washingtonpost.com. He's saying most keyloggers used by the bad guys don't record everything you type, contrary to popular perception:

        Many people may have the impression that keyloggers record everything a victim types on their keyboard. While a few keyloggers in use do that (usually the commercial variety designed to help parents spy on their kids' home computer use), the bad guys generally aren't interested in reading reams of IM chat conversations and silly e-mails. Plus, that's a huge amo
    • IF you have the most primitive form of keylogger then all it will indeed do is capture ALL the keystrokes. It is/was/should be possible however to also record WHERE the keys are being entered, wich window. Now still not exactly easy BUT you got one huge advantage. Computers LOVE searching through endless amounts of text data for specific strings.

      Even if you have the most primitive and complete of keyloggers you can roughly say this about how a login/password pair should appear. A string of characters, usua

  • by Ruff_ilb ( 769396 ) on Saturday December 17, 2005 @11:44AM (#14279919) Homepage
    Most of the desktops that I know that run Win2k are run by schools, universities, etc. I haven't seen someone's PC running win2k yet. Also, these desktops (the ones run by schools, at the library, etc) are usually either (A) very secure or (B) no one expects them to be secure. So this could be worse, I think.

    This could be a major problem if it infected SP2 computers.
    • *Lots* of businesses run Win2k (It still appears to be the majority, looking at the customer lists I've got, but 2003 is catching up fast. XP is nowhere...). Home users can afford to upgrade every time MS decides to release an OS patch.. business can't.

    • by RealisticCanadian ( 850967 ) on Saturday December 17, 2005 @12:19PM (#14280063) Journal

      While this still could be worse, you are correct on one thing: Win2k in schools.

      Spent the summer working at a local university. There was superfluous opportunity to embezzle a lot of money; as we were instituting their absolutely awful new HR software--which also meant I got to see how much all the bigwigs and upper-administrators (read: idiots puffed full of their own self importance) made off of hard-working students. (I was brought on as a Data Technician; not support or PC repair or what-have-you)

      When the machines in our semi-secret office (All W2K) were infected with a virus (Don't ask me, I no longer remember, but I went & read the writeup @ symanted then, which told me it was able to cross-propogate through the network once it landed on one machine) I of course decided to quarantine the bastard myself first... I then realized what I had most feared--that these machines were all set up to Track who was using them; but not to actually restrict Anyone from Anything. Thats right, Joe Schmoe user could do anything he wanted; from registry-hacking to whatever your heart desired.

      So; I managed to isolate this guy and the three other viruses that were wandering through the War-Room (thats what we called it); but I didn't purge, at this point I was too intrigued, so I summoned the IT guys.

      4 hours later ONE guy (who looks like a plumber, and not even Mario) shows up, and begins, well, piddling (there's no other word for it.... he threw in an admin password and started checking completely unnecessary settings, then attempting to read the reports that their Tracking software creates, presumably to get to the root of the problem) with the machines after pretending he doesn't need me to tell him what I've done so far. His expression gets more and more bored, and after about another hour and a half, he tells my boss (one of them aforementioned admin-types) that he can't find anything wrong, and she should watch 'that new guy'.

      I'm pretty sure they heard my jaw hit the floor on the other side of campus. A week later I had recieved the job offer I'd been counting on from the local cable service provider; and I headed for the hills, washing my hands of the whole situation, and terribly glad the only records tying my name to the lpace were strictly paper-based.

      I checked in on it with a friend of mine who's a student there. He moved here from China, and is still a little unpolished with his english, but I heard this loud and clear: "Oh my FUCKING GOD man! Half the computers on campus are FUCKED!"

      I can only assume that Mr. Plumber did not get anyone to look into the virus.

      I have no idea how much that mistake cost the University; but I do know that once it was cleaned out, nothing changed. They are merrily running the exact same sytems setup the exact same way; probably every one of em mapped off the mirror sitting in the IT department.

      So yes, I do believe that this could have MUCH wider-effect than you believe.
      • I did some volounteer service this summer for the local State Historical Society and one of my duties was to sift through and file all the mail that one particular department head had recieved during the past year. Most of it was just superfluous, letters between states, letters to magizines and replies, billing and the like. The one intereting piece that I came accross was notifications from the overseers of account numbers for trust funds and expenditure accounts with money stored in them in the hundreds
    • Not quite... (Score:2, Informative)

      by DogDude ( 805747 )
      I know that all of my home machines, and all of our business machines are all Windows 2000. I know that a *lot* of businesses stopped with Windows 2000 because there's no real compelling reason to go to XP. Although, since it was fixed more than two months ago, there's really no reason for anybody not to have installed that patch by now.
    • I happen to run Windows 2000 on a seperate partition, mainly for when I absolutely need windows applications.

      zaku@sage # fdisk /dev/hdb

      The number of cylinders for this disk is set to 6232.

      There is nothing wrong with that, but this is larger than 1024,

      and could in certain setups cause problems with:

      1) software that runs at boot time (e.g., old versions of LILO)

      2) booting and partitioning software from other OSs

      (e.g., DOS FDISK, OS/2 FDISK)

      Command (m for help):

      Command (m for help): d hdb2

      Partition number (

  • Convenient? (Score:5, Interesting)

    by Jynx97 ( 834066 ) on Saturday December 17, 2005 @11:47AM (#14279937)
    Didn't I just read somewhere that Microsoft was upset with the penetration of SP2 for Winxp?

    The next day an article comes out saying that only SP2 will save you!
    • You're entirely correct. That article was posted yesterday. I was thinking the exact same thing as you when I read this post.
    • What's your point, exactly? Of course people should patch to SP2. Of course MS wants them to patch their machines. Hell, I want people to patch their machines so that mine don't get hammered by worm attempts.
    • I don't see how people miss that it is ironic that this worm is apparently from China while most machines without SP2 are also from China. Earlier there was a story that said we should be aware/afraid of cyber attacks by the Chinese.

      I think the worm originated in Fort Meade [mccullagh.org], the stories originated from the Pentagon. That or the Chinese are targeting each other, not us.
  • Watch out (Score:4, Funny)

    by Anonymous Coward on Saturday December 17, 2005 @11:48AM (#14279940)
    If Fox News finds out some people are calling it a Holiday Keylogger, there could be hell to pay.
  • by erikus ( 891552 ) on Saturday December 17, 2005 @11:54AM (#14279972)
    SP2 is affected too.

    From the advisory link:
    Affected Software:

    Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 - Download the update

    ...

    • What's more important to me is: Can this worm find me behind a NAT router.

      I am
      1. running SP1
      2. using NAT
      3. virus/trojan/worm free
      4. loving it

      "OMG Ur CrAzY!!1"
      Well, I run a virus scan every now and then, I check my outgoing traffic for anything suspicious, etcetera etcetera etcetera. So calm down.
      • I think the MSTDC or somesuch (the cause for the vulnerability) is off by default on SP1. I think. And you being behind NAT will only protect you if noone else is behind the same NAT. Say, your friend with his infected laptop drops in for a visit. Plugs his machine into your switch and out goes the virus.
      • I read TFAs, but they are either extremely technical and over my head, or extremely dumbed down and useless ("click to install the patch"). I'd like to know what the service is, and which port(s), that this comes over (I did gather it's not through a browser or email); so if I have a firewall that default blocks probes, am I safe? (I do run Win2k, which I gather is vulnerable in default setup.) I know MS liked (maybe less so now) to activate odd services listening on odd ports to allow administrators (or, i
    • Then this goes quite well to increase the amount of penetration in XP SP2. Not by the number of installs but in the number of exploits.
  • Oh What Fun (Score:3, Funny)

    by MrNonchalant ( 767683 ) on Saturday December 17, 2005 @11:56AM (#14279978)
    A holiday keylogger called Dasher. Could we call whoever wrote this a scrooge? Howbout a grinch? The cuteness doesn't stop here folks!
  • by Anonymous Coward on Saturday December 17, 2005 @11:57AM (#14279984)
    I write some PERL using Vim

    Keylog THAT if you dare
    • nah, write some brainfuck using ed.
    • vi is the only surviving editor that has a protocol instead of a user interface. The datastream moving from your brain to the file on disk is about as compressed as it can be. All the commands are minimalist (most are single-key), you never need to use the mouse, there's built-in regex support... No wonder programmers like it: the editor doesn't require you to switch context.

      Unfortunately the datastream produced by vi is very easy to examine - just pipe it into another copy of vi, and there you go. Easier

    • Keylog THAT if you dare

      Ha! I got it! I have the logfile for the Perl code session! It's...no, wait...no, sorry, it's just line noise from my bad internet connection.

  • The Grinch uses a Mac.
  • FTFS: "... The SANS Internet Storm Center warned earlier this week about the weird traffic generated by the first version of this worm, which apparently was crippled by programming errors. Washingtonpost.com has some information that indicates the worm appears to have originated in China. ..." Offshoring gone wrong?
  • It just hit me (Score:5, Interesting)

    by Stan Vassilev ( 939229 ) on Saturday December 17, 2005 @12:13PM (#14280044)
    Looks like viruses (spread by infecting exe files) are mostly non-existant today, replaced by network-propagated worms..

    And it just hit me that we'd never get any of this if we were not on-line all the time.. Few years ago when the first internet worms were appearing I was like "ahah, just don't stay connected all the time you idiots".

    Now I and the majority of folks around the world are "converted" and hopelessly tied to on-line, making us vulnerable to those attacks.

    How many minutes can you spend offline, before the reflex kicks in and you try to google up some info you need?
    • I remember not that long ago my cable went down. It was literally every couple or three minutes I'd come up with something I'd need to google or look up and get as far as loading FF before remembering. It's really amazing just how much we use online these days. Directions, movie times, random tidbits googled at will, communications.... just about everything.

      On another topic, FF just blocked a popup from here. I'm not on my normal computer so I guess it could be adware, but popups on Slashdot? Hmm...
    • Spending less time online is not the answer. That's like seeking to decrease the number of car accident related deaths by requesting that people drive less. This latest worm, like many before it, exploits a service that is tied to... wait for it... IIS and MS SQL server. These two services:

      A) Have virtually no use to most users (I guess some software uses MSDE *puke*)
      B) Should not be exposed on a public IP (a.k.a. you should be running a firewall)

      A $55 firewall [newegg.com] would significantly impede the spread of worms
    • How many minutes can you spend offline, before the reflex kicks in and you try to google up some info you need?

      What is this 'offline' of which you speak?
  • by cursion ( 257184 ) on Saturday December 17, 2005 @12:27PM (#14280093) Homepage
    maybe it's really from santa and his IT dept is testing out new ways of seeing who is naughty and nice and checking on what we really want. i mean, imagine getting about 6 billion emails and/or snail mails saying "i want this!".

    sing along now...
    "He knows when you've been sleeping. He knows when you're awake. He knows what you're typing. ..."

  • Bugs? (Score:2, Informative)

    by bsdluvr ( 932942 )
    ...the first version of this worm, which apparently was crippled by programming errors...

    Worms with bugs?
  • Another Scam? (Score:2, Insightful)

    by nurb432 ( 527695 )
    Just another scam to 'prove' you need to pony up the cash and upgrade?
  • Of course... (Score:2, Insightful)

    by Skiron ( 735617 )
    ... the big question is why haven't people patched?

    Well I will tell you. They don't as Microsoft NEVER EVER release just a `fix' patch. It is bundled with other patches that break lots of things. So people either:

    a) Can't as it fubars their system.

    or

    b) Too scared what it breaks. [I still get very nervy at work when applying these patches to servers - you never know - nor guarantee - if it will ever come back up again or just get BSOD.]

    It is about time MS started to just issue a patch to fix ONE of their
    • You mean like hotfixes?
      • Hotfixes do not address one issue - they bundle 'other fixes' into them as well, all usually undocumented.
        • OK... (Score:2, Interesting)

          by Skiron ( 735617 )
          Have a laugh...
          http://support.microsoft.com/kb/905915 [microsoft.com]

          WTF?

          Update rollup 905915 includes the cumulative security fixes that are documented in security bulletin MS05-054. The update rollup also includes hotfixes for Microsoft Internet Explorer that were released after the release of security bulletin MS04-004 and of security bulletin MS04-038.
          If update rollup 873377, update rollup 889669, or an Internet Explorer hotfix that was released after security bulletin MS04-038 are not installed, and

    • Patch bundling (Score:3, Interesting)

      I hear people claim that MS bundle up multiple fixes and updates in patches, and I'm yet to see evidence of it. In fairness, I haven't really gone looking, but it also doesn't seem logical.

      If MS was to bundle other (security) fixes in a patch, they would quickly be identified by reverse engineering the patch and used to exploit as-yet-unpatched systems. There are people who look over these patches in extreme detail, both "white hat" and "black hat" types.

      If they bundled other fixes / changes, their business
      • If they bundled other fixes / changes, their business customers would get really, really pissed in a major hurry. Microsoft does NOT want to piss these people off, even with the lock they have on the market. Remember that Microsoft's whole sales pitch right now is about "total cost of ownership."

        I can't believe I'm compelled to say this...

        Don't you mean total cost of 0wnership [bsdnexus.com] :-D
    • ... the big question is why haven't people patched?

      Actually, if you install Windows XP Home/Professional SP2, the setup gives LOTS of warnings about having Automatic Updates active. I run Automatic Updates in Warning mode so as soon as the updates are available I can download and install the updates quickly.
  • What am I missing? (Score:2, Insightful)

    by lip_spork ( 939597 )
    The worm posts data collected to a specific server. Isn't that kind of evidence that could be used to determine who's responsible for it?
  • Irony (Score:3, Interesting)

    by TeknoHog ( 164938 ) on Saturday December 17, 2005 @01:46PM (#14280376) Homepage Journal
    You're safe from keyloggers if you use Dasher [cam.ac.uk].
  • http://www.schneier.com/passsafe.html [schneier.com]

    Why not make keystroke loggers useless? I love this software. Just copy and paste passwords ;)
    • http://www.schneier.com/passsafe.html

      Why not make keystroke loggers useless? I love this software. Just copy and paste passwords ;)


      What? Do you really think it's difficult to modify a keylogger to capture the contents of the clipboard too?

      It's been done before. And while I'm not a programmer, I'd be surpised if there wasn't a Win32 API for doing exactly that.

      If your system is compromised by a worm then you have to assume that it is completely compromised. Have a look at the Metasploit vulnerability scanner
  • Now Dasher! now, Dancer! now, Prancer and Vixen!
    On, Comet! on, Cupid! on Dunder and Blixem!
  • by suezz ( 804747 )
    a new drm business model for the MPAA and RIAA.

"The great question... which I have not been able to answer... is, `What does woman want?'" -- Sigmund Freud

Working...