LovSan Clone Let Loose 631
JMullins writes "According to Kaspersky Labs the LovSan virus has been re-released in a new form that has changed the appearance of the worm. It looks like the outbreak continues to get worse and worse, with no real end in sight until people can patch their systems. Net slowdowns are expected over the weekend when both versions of the virus start their attack."
That's media reporting for ya (Score:5, Insightful)
To be fair, the media's not going to be interested in reporting that it's not as bad as it seems.
(Note: I'm not saying it's not that bad, I'm saying don't trust the media to tell is its dying.)
It's a little fishy (Score:5, Insightful)
Re:And while you all get easy 5, funnies. (Score:5, Insightful)
That was true like a year or two ago, but since this has come up I've been amazed at how things have changed here. It's not that it's turning pro-Microsoft, but the "Everything Linux does is perfect" attitude has settled back down to realistic levels.
I agree with you, though, Linux is a root password away from being ssh'd to hell.
The Internet is not Secure (Score:4, Insightful)
Let's see here (Score:3, Insightful)
Not as big of deal as you think (Score:3, Insightful)
This uses the same vulnerability as before. Which means that if you were hit by but recovered from blaster, you'll be safe from this one. That said, this is a more virulent form, and will screw over unprotected networks even faster. But it won't be nearly as damaging as the original. This is just an example of an anti-virus software producer hyping up a virus to sell their product.
Re:And while you all get easy 5, funnies. (Score:1, Insightful)
Re:Ugh, lazy patchings (Score:2, Insightful)
We were infected by someone dialing in to (of all places, MSN) and opening an *authorized* VPN tunnel to our network.
Users will not patch their machines, even if there's a bright icon in their start menu. Even if it reminds you all the damn time. If it doesn't automagically download and install, they're not going to do it.
Should they have to? No. No one should have to patch as often as they do. Especially not desktops. Home users, for the most part, are technically savvy enough to plug in a USB device and have it 'work'. Office users, forget about it. For the most part, people think computers are magic, and IT people are just weird to be able to understand them.
Re: Cloning.. (Score:1, Insightful)
Re:It's a little fishy (Score:2, Insightful)
Re:Ugh, lazy patchings (Score:5, Insightful)
I like to wait to update my box for about a week or so to see if there is any outcry about some nasty thing Microsoft slips into the update. I'll bet I am not alone. As far as Blaster is concerned, I rely on independant firewall and antivirus applications to deal with these threats. IMHO it works better than relying on MS to secure their OS.
Re:gotta say it (Score:1, Insightful)
Would you blame Linus if you didn't apply security patches and got hacked?
Re:Benevolent Virii (Score:2, Insightful)
We should be thankful for this worm (Score:4, Insightful)
If this worm didn't exist, the systems would remain unpatched until some much more destructive exploit was distibuted (say, deleting all your files).
Think of it as vaccination - a mild form to shore up our defenses, so a killer form doesn't get us.
Re:Ugh, lazy patchings (Score:2, Insightful)
The problem is harder to solve than that.
Consider a gigantic worldwide firm that runs flavors of Windows servers and desktops from NT up through Longhorn on thousands upon thousands of machines, in dozens of facilities across the globe. Then consider that many of these servers may be running mission critical applications which are no longer being maintained. As a result, there are complex and thorough change management procedures in place that prevent casual application of the latest patches and updates. For any given server they may a) require weeks to test the patch to make sure nothing comes down; b) find the patch breaks an application and therefore cannot be deployed; or c) have a total ban on even breathing on their older servers lest something break.
This is why the "just patch your servers early and often" doesn't work for those larger companies. To the decision makers faced with evaluating business risk, the cost of staying up to the latest versions can seem as high (or higher) than the potential loss caused by a compromise.
So the answer ends up being in your in-line protection: firewalls, and (as they improve) intrusion prevention technologies that offer "virtual patches" for exploits before they hit the wild.
(Having said all this, if you have boxes with port 135 open to the public internet, you'd better have a good reason. And there aren't many good reasons.)
Re:Ugh, lazy patchings (Score:4, Insightful)
127.0.0.1/16? sure! The LAN, (192.168.0.0/24 or 10.0.0.0/8, perhaps some Link-Local/Broadcast addresses..) perhaps. The entire INTERNET? No fudging way, man!
Other MS weirdness; I have filesharing turned on. It's only associated with the LAN card's TCP/IP stack (NOT the PPTP (DSL) connection's TCP/IP stack). Nevertheless, were it not for my spiffy firewall software thingy you'd be able to access it from the internet! Yippee..
Re:gotta say it (Score:2, Insightful)
And I'm on a Southwestern Bell DSL. Is it just me or are some ISPs now blocking port 135?
In my opinion, it's definitely a good thing that they are, if this is the case. And it appears to be.
Re:gotta say it (Score:1, Insightful)
I've seen so many idiotic followers here state that you just can't patch a production server. That may be very true BUT THE INFORMATION ON THE VULNERABILITY IS THERE. There is quite alot that would of been able to be done to protect these systems before running the official MS patch. Firewalls are one option, and this includes internal firewalls that protect important systems from not only the outside world but vulnerable points of your own network.
People had the patch and had the information. Anyone infected is getting exactly what they deserve. Anyone running a production system that gets infected deserves to lose their job if they're infected, it's just negligence.
I used to work at an antivirus company. (Score:5, Insightful)
For one thing, there are plenty of idiots out there quite willing to write a virus for free.
For another, if the viruses/worms/trojans were written by the AV firms, they'd be MUCH better. My co-workers and I would regularly discuss how one could, hypothetically, write the ultimate virus
Contrast that with the true nature of most successful 'in the wild' viruses -- most of which aren't that well written
Re:bleh (Score:3, Insightful)
I guess I'm just curious how this became "+4 Interesting." Yes, we know Microsoft tries to make money.
Why should "M$" (that always-clever dollar sign that never stops being incredibly amusing and funny) take the blame for what you started out saying--people who don't patch their boxes are getting hit?
Re:I used to work at an antivirus company. (Score:2, Insightful)
Sure, they are making money from all this, but that seems to be continuing without them having to be do anything sneaky.
And can you imagine what it would do to them it they did start manufacturing viruses, and were found out?
Is *nix that much more secure? (Score:5, Insightful)
The desktop world is ruled (by numbers, anyway) by Microsoft. Any potential malware s'kiddie can knock together some malware in a few hours, dump it into some unsuspecting newsgroup somewhere or email it to his Outlook-using mates and start an epidemic relatively easily. The sheer number of vulnerable machines makes that easy.
The installed base of Windows boxes also means that, despite MS not opening up their code to anyone (except governments and universities willing to sign away their first-born as insurance against breaking the NDA), large numbers of people spend vast tracts of time throwing McValue Meal-sized URLs at web-servers and mutant packets at RPC interfaces.
Lots of people x Lots of time x Lots of machines = lots of vulnerabilities found...
Now consider *nix. It has a number of advantages straight off the block:
Just a thought. Now flame away ;)
Re:The Internet is not Secure (Score:3, Insightful)
Re:That's media reporting for ya (Score:5, Insightful)
On a similar not, I am witnessing tv hype disaster now. All the power is out in NY, and people have been calmly walking down the street to leave town. Others are "volunteering" to direct traffic, and people are obeying. People are out together in the street with candles, checking on neighbors, almost everyone is calm, even tho with the power out, getting news in was slow and difficult (like 9-11, but much milder). Sure, some will take advantage of the situation, but burglaries happen every night. On the whole, I am pleasantly surprised at how well organized it is, and how well its going so far. Its a success story on dealing, again.
Yet the news channels are TRYING to make it out to be worse than it is. They are saying how people are mad and want to know why this happened, but they can't SHOW someone saying that, they just report that its true. fox/cnn all the same.
The real irony is how calm everyone is, how they are seem to have a "oh well, can't help it, no reason to freak out" attitude even while the news reporters are almost trying to get them to.
Microsoft.com is down, as is Windowsupdate ! (Score:3, Insightful)
Nothing, Nada.
I guess in a weird sort of way, its ironic.
Re:gotta say it (Score:4, Insightful)
Right, Bill Gates personally wrote this worm and released it into the wild.
I'm no fan of Microsoft, but cut them some slack. They released a fix for this vulnerability two months ago. If people are still vulnerable, it's their own damned fault.
Re:I used to work at an antivirus company. (Score:2, Insightful)
Re:Feeling left out (Score:3, Insightful)
Believe me, there are many things which are more robust than win95. Whilst your paranoia is your business, saying you run win95 because it's more stable than say, w2k, flies in the face of the evidence. And that's not even going into the realm of things like Linux/BSD, which I assume you can't run due to some CAD app or other.
Let me give you an alternative view point. I run w2k, behind a linux firewall. I use a variety of browsers (IE6, Moz, Opera) with scripting, java etc enabled. The security settings are set to what I'd consider sensible but not paraniod. I run a standard virus scanner which kills anything incoming before I even see it. My email goes into Outlook. I use the web a lot. I go to sites which contain "suspect" material. I download and run exectuables from unverified sources. In short I do everything you're not supposed to, but with the benefit of knowing what's going on and understanding the risks (and how to mitigate them).
Result? The last virus I found on my system was in the bootsector of an Atari ST floppy disk about 10 years ago. I run AdAware and other trojan detectors every week or so, never found anything particularly nasty (except some junk morpheus put in one time). In short, I get to see all those websites I want to, I get to run the latest software with all those whizzy features, and I still don't get any of the nasty side effects.
So you're quite welcome to continue practising ultra-safe computing, but IMHO you really don't need to.
Re:That's media reporting for ya (Score:3, Insightful)
Folks, you've just described postwar Iraq. Power there has been intermittant for *months*, in heat worse than anything NYC has ever seen. And we wonder why the Iraqis are pissed off? We can't deal without power for a single day...
Re:Ugh, lazy patchings (Score:3, Insightful)
Err, yeah, right. Let me count the apps that I absolutely *need* in order to do my job.
Things from your list:
* SSH client. Yep, agree with that one
* Web browser / email client (one program)
OK, that's two. What I also need:
* Other web browsers, for compatibility testing
* Graphics editor (for designing web sites)
* Text editor (for editing web sites and programs)
* Word processor (for writing letters & other
documentation that'll need printing)
* Spreadsheet (for doing occasional organisational
tasks)
* C++ compiler (for the obvious)
* Java compiler (ditto)
* Version control system front end
* Various 'back end' admin systems for web sites
that I manage
* Antivirus software (I sometimes send compiled
programs directly to clients; company policy is
scan-before-send).
* CD writing software
OK, that's 13 absolute essentials. Then there are the things I'd find it hard to live without:
* File sharing client. Currently only one [shareaza.com] although in the past I've used more than one at once.
* Media players. Winamp, MS media player, Real One.
* Productivity utilities: file compression, a fast image viewer, a task scheduler & reminder program
* Video editing & conversion software in order to be able to stick my home videos onto VCD.
* Things that I'm playing [shatters.net] with [osafoundation.org]. The odd piece of free-software-du-jour that I might find useful and have downloaded recently to see if its any good.
That makes 24. It doesn't include any of my own projects (which probably adds a further 10 separate programs to that figure at any one time).
And, I haven't had any problems with my Windows 2000 system since I installed it 9 months ago. I don't think I'm "insane". I'm just trying to use my computer as the tool that I want it to be.
Re:That's media reporting for ya (Score:3, Insightful)
It sounds nice and warm and fuzzy to have something "good" come out of the terrorist attacks. I think that in general, New Yorkers behave themselves because if they don't, life will really, really suck. First WTC bombing people? You didn't see people looting or freaking out.
This isn't the first large power outage that hit NYC recently. It happens every other summer or so, just not as widespread.
I think many people view cities as being inhabited by some sort of animals which have no self control. These people, all living in McMansions in the suburbs, are amazed when adverse situations affect cities, and they don't burn to the ground. Maybe they're jealous that we get to hang out on street corners and drink beers while the power is out, who knows?
New Yorkers have helped each other before 9/11, and it's obvious that they'll do it after 9/11. Perhaps it awoke something in you that tells you to be civil to your neighbors, but most New Yorkers grow up this way and don't know another. These things happen when you live on top of 8 million other people.
Re:I am so sick of these amatures... (Score:2, Insightful)
There is so much potential for greater evil and mayhem...
The data destroyer: Erase a bunch of files, wipe out the boot record, or just format the whole hard drive. People who keep their system unpatched also tend not to worry about backups.
The hardware destroyer: Run CPUburn. Set the monitor to way-out-of-spec refresh rates and change around them faster than the monitor can handle. Flash update the periphrials with corrupted data.
The insidious manipulator: Make small, subtle changes to numeric data in Excel and Access files. The kind that nobody is likely to notice for weeks.
The mischevious troll: Much like the article mirror trolls with a couple words changed to something rude and uncouth, but on the infected computer's Word and text files. Imagine trying to explain to your client that you didn't _really_ type that epitath in your letter to them. Also, download some random porn and sprinkle it on the user's hard drive.
But nooooo... the best these guys can come up with is "reboot the computer"? Blah!