LovSan Clone Let Loose 631
JMullins writes "According to Kaspersky Labs the LovSan virus has been re-released in a new form that has changed the appearance of the worm. It looks like the outbreak continues to get worse and worse, with no real end in sight until people can patch their systems. Net slowdowns are expected over the weekend when both versions of the virus start their attack."
Cloning.. (Score:5, Funny)
Re: Cloning.. (Score:5, Funny)
> Don't let the legislature get wind of this story.. They'll try to use it as justification to ban cloning.
The scary part is that if they mutate and interbreed we could end up with a virus with four asses.
Re: Cloning.. (Score:2)
Re: Cloning.. (Score:5, Funny)
Wrong. It's still a step above Star Trek conventions.
Re: Cloning.. (Score:5, Funny)
Off-topic? By Grabthar's Hammer, I shall avenge you.
Re: Cloning.. (Score:5, Interesting)
Re: Cloning.. (Score:5, Interesting)
> Is there some reason that virus writers don't create their viruses to modify themselves automatically? It would be easy to defeat a checksum automatically.
Maybe some of them do do that, and the A-V firms haven't caught on yet.
Seriously, IMO the kind of worms we've seen so far are child's play compared to what we can expect when someone wants to do some serious damage. In the future we'll have stealth worms that just flip a few bits on your system and then erase themselves after propagating to another computer or two, worms that work as a genetic algorithm to optimize effectiveness and continually feed new variants into new "ecological niches" of the internet, worms that are mathematically optimized for the fastest spread, or conversely for the broadest under-the-radar spread, etc.
The future is bleak, IMO.
Re: Cloning.. (Score:5, Interesting)
The curious amateur
This guy has a couple clever ideas, few scruples, and a lot of spare time. All the wide-spread (and well-covered) worms, to date, have come from this kind of guy.
The white-hat professional
These are your security researchers other security professionals. these are the guys that get paid to work in this field every day. They're smart, the understand the details of the security business, and they're fully aware of the extreme vulnerability of the Internet. Like you, the know how bad a "real worm" could be.
The black-hat professional
These are your security researchers and security professionals. These are the guys who's job is security. They're smart, they understand the details of the security business, and they develop tools (including worms, trojans and viruses) to take advantage of these vulnerabilities. These tools are developed for a specific purpose: to further the objectives of their employer. You don't hear about them, because their tools are low-n-slow and their impact is very targeted and controlled.
The difference between a white-hat and a black-hat is a matter of perspective. The world is a big place. Certain governments do not have the same morals as others. Read The Economist [economist.com]. The French intelligence services work very closely with French businesses. The Chinese have equally questionable practices.
The future is not that bleak. The worms that are designed and released for wide-spread, global impact are the modern-day equivalent of graffiti on billboards. It's an ego trip, nothing more. The ones to worry about are the ones who don't have an ego, and have a specific purpose.
Hope you're checking your logs, and I hope you notice when he hacks your systems.
J.J.
Re: Cloning.. (Score:5, Informative)
And, to be fair, US intelligence service works occasionally closely with US corporations (there were some cases related to airplane industry where EU was investigating how come US company had found out what some european company was bidding).
Point being that perspective certainly matters, like you say, but also that few government agencies if any are completely above using illegal and/or immoral practices to help "their" companies, anywhere in the world.
Open democracies, and especially free press lessen likelihood of such stunts (by retroactively uncovering them, usually leading to scandals... which act as deterrent in the long run). Unfortunately those 'antidotes' are being threatened especially in US, by latest legislations (from "Patriot" act to DMCA).
Re: Cloning.. (Score:3, Interesting)
Re: Cloning.. (Score:3, Interesting)
Re: Cloning.. (Score:5, Interesting)
Re: Cloning.. (Score:5, Informative)
Basically, the concept is that an encryptor is built up in memory randomly, while the inverted code (e.g. add vs. sub, rol vs. ror) is built up in reverse. The virus is encrypted with the encryptor, and the decryptor is prepended.
There were a ton of them in the early 90's. There are polymorphic Word viruses that use different techniques - running their script through a randomizer for variable names and such. Some viruses have also mutated their own opcodes as you suggest, although it's less common - but its been done.
Detecting such viruses is challanging, but usually there are static bytes with known (although possibly variable) distances between them. One can also run an interpreter over a file and pseudo-execute it until it can be proven that it is or is not a virus, or just blast any existing crypto around the body and look to see what's there. If the virus just flips between equivalent opcodes, then just scan with a regular expression that includes each equivalent as an alternative. Another method is analysing the opcodes - if an exe's entry point is at the end of the file where you have a 1k decryptor right before 2k of garbage, and all the decryptor's opcodes fall within what one virus can produce, chances are....
There are a lot more complex and hybrid techniques for it -those are just a few that can be described quickly.
Re: Cloning.. (Score:3, Interesting)
That's media reporting for ya (Score:5, Insightful)
To be fair, the media's not going to be interested in reporting that it's not as bad as it seems.
(Note: I'm not saying it's not that bad, I'm saying don't trust the media to tell is its dying.)
Re:That's media reporting for ya (Score:2)
Re:That's media reporting for ya (Score:5, Insightful)
On a similar not, I am witnessing tv hype disaster now. All the power is out in NY, and people have been calmly walking down the street to leave town. Others are "volunteering" to direct traffic, and people are obeying. People are out together in the street with candles, checking on neighbors, almost everyone is calm, even tho with the power out, getting news in was slow and difficult (like 9-11, but much milder). Sure, some will take advantage of the situation, but burglaries happen every night. On the whole, I am pleasantly surprised at how well organized it is, and how well its going so far. Its a success story on dealing, again.
Yet the news channels are TRYING to make it out to be worse than it is. They are saying how people are mad and want to know why this happened, but they can't SHOW someone saying that, they just report that its true. fox/cnn all the same.
The real irony is how calm everyone is, how they are seem to have a "oh well, can't help it, no reason to freak out" attitude even while the news reporters are almost trying to get them to.
Re:That's media reporting for ya (Score:3, Insightful)
Folks, you've just described postwar Iraq. Power there has been intermittant for *months*, in heat worse than anything NYC has ever seen. And we wonder why the Iraqis are pissed off? We can't deal without power for a single day...
Re:That's media reporting for ya (Score:3, Insightful)
It sounds nice and warm and fuzzy to have something "good" come out of the terrorist attacks. I think that in general, New Yorkers behave themselves because if they don't, life will really, really suck. First WTC bombing people? You didn't see people looting or freaking out.
This isn't the first large power outage that hit NYC recently. It happens every other summer
gotta say it (Score:2, Interesting)
Re:gotta say it (Score:4, Interesting)
As a matter of fact, this has been the only vulnerability in Windows Server 2003 since its release, and it was a vulnerability that was inherent in the interprocess structure of the Win32 library itself and so affected all the products in the Windows line.
I doubt we'll see any other holes in Windows Server 2003 for the rest of the year, especially since they're already working on the service pack (their plan is to phase in Blackcomb features). Microsoft's reputation is riding on this, and you better believe they were checking their code like crazy.
Re:gotta say it (Score:4, Insightful)
Right, Bill Gates personally wrote this worm and released it into the wild.
I'm no fan of Microsoft, but cut them some slack. They released a fix for this vulnerability two months ago. If people are still vulnerable, it's their own damned fault.
Already slow as hell, so just in case... (Score:3, Informative)
Kaspersky Labs' experts anticipate that in the short run a repeated outbreak of the global scale may occur. This is because the two versions of "Lovesan" exploit the same vulnerability in Windows and may co-exist on the same computer. "In other words, all computers infected by the original "Lovesan" will soon be attacked by its revamped versio," commented Eugene Kaspersky, Head of Anti-Virus Research for Kaspersky Labs, "Taking into consideration that the amount of infected systems is now reaching 300,000 the return of the worm will imply a doubling of this number and lead to unpredictable results." In the worst case scenario the world community might face a global Internet slow-down and regional disruption of access to the World Wide Web: just as it happened in January 2003 due to the "Slammer" worm.
Technologically, the new modification of "Lovesan" is a copycat of the original. Slight changes were made only to the appearance of the worm: a new name of the main worm-carrier file (TEEKIDS.EXE instead of MSBLAST.EXE), a different method of code compression (FSG instead of UPX), and new "copyright" strings in the body of the worm abusing Microsoft and anti-virus developers.
Users of Kaspersky(R) Anti-Virus can be sure that this new worm will not harm to their computers. All Kaspersky Labs products effectively detect both modifications of "Lovesan", without requiring an update.
It's a little fishy (Score:5, Insightful)
Exactly. (Score:4, Interesting)
A little late (Score:3, Informative)
Source: http://www.sarc.com
Re:It's a little fishy (Score:2, Insightful)
Re:It's a little fishy (Score:5, Interesting)
Re:It's a little fishy (Score:5, Informative)
http://www.f-secure.com/v-descs/msblast.shtml
http://securityresponse.symantec.com/
http://us.mcafee.com/virusInfo/default.asp
I used to work at an antivirus company. (Score:5, Insightful)
For one thing, there are plenty of idiots out there quite willing to write a virus for free.
For another, if the viruses/worms/trojans were written by the AV firms, they'd be MUCH better. My co-workers and I would regularly discuss how one could, hypothetically, write the ultimate virus
Contrast that with the true nature of most successful 'in the wild' viruses -- most of which aren't that well written
Feeling left out (Score:5, Funny)
Defeating MSBLAST.EXE and The Blaster Worm (Score:2)
Re:Feeling left out (Score:5, Funny)
Re:Feeling left out (Score:5, Interesting)
I had been working on my CAD system on my home machine running WIN95 and DOS. I wasn't even aware anything was amiss until I logged onto Slashdot to see whats new. I was wondering why it was so slow. My firewall responded in a bit and told me I was getting a helluva lot of connect attempts on port135. So, I go look up the log file and it looked like SQL slammer all over again. Almost a megabyte of infection attempts. I wondered at first if I had made an enemy on a dialup??? In 4 hours??? Why did the whole world seem determined to wax me off the web? Damm, it seemed like everyone in the world was wanting my port135.
Ok.. so I continue to read Slashdot and the story finally loads about this new LoveSan virus making the rounds. Hmmm. When I think of how much work would have been lost had something came in and messed up my machine, I shudder. But then, I don't run my machine wide open to the net. I try to practice secure techniques - such as never allowing any programs to run that I have not verified their intentions, and don't run anything that allows embedded executables ( read: javascript and later things post DMCA that haven't been "cleared" by what I consider trusted groups - which are mostly the groups the DMCA was aimed at in the first place. )
Sure, there are a lot of websites that I can no longer see. I can not even access the Southern California Edison site, nor many business sites - as they require these embedded-executable technologies as a requisite to viewing their content.
So, I sit here, with a pretty fast system, as its pretty simple. I have no virus scanning going on, as I am not running just anything I get in. I do have an integrity monitor running, which does a quickie on startup to see if any critical files are amiss ( it just calculates an MD5 on my key executables and compares to what they should be. ).. if so, booting to GUI is aborted and I drop to DOS to straighten it out - but its never happened outside a test situation.
I keep getting all these people telling me I should upgrade and be current with the times. I would gladly upgrade if the later stuff was actually better and more robust than the earlier stuff - but thats not what I see.
Oh yes, the "presentation skills" are definitely better on the new stuff, but I see the new systems much like a stunningly beautiful secretary that I can't trust, and spends a helluva lot of time doing her makeup.
I try to tell these business people what they are getting into by running software that hasn't been verified for trustworthiness, but they seem happy to go ahead and do it anyway as long as there is someone else to blame if things go amiss. I hoot till I'm blue in the face about these businessmen who put content on the web that can only be viewed with proprietary readers, whose underlying trojan motives, if any, can no longer be legally ascertained as a result of the DMCA.
I am especially puzzled by business's perception of proper etiquette. Would they hire a sales rep that constantly interrupted a customer in mid-question with comments on his grammar or spelling? Or worse yet, rudely hangs up on customers if they don't understand something? Is not a corporate web-site their sales-rep in cyberspace? Why would a business hire such rude representatives that coin their own protocols and chide the customers relentlessly for not adhering to their latest incarnations of the communications protocol "standard"?
At the risk of redundancy, I'll say it again. I do not like these proprietary unverifiable protocols. I consider them very risky - to me. I really don't care if YOU get hit with a virus, but I don't want any part of it.
Ok.. I just had to get this off my chest. It might cost me a bit of karma, but I had to say it in public in the hopes that someone in management that makes the decisions will hear my plea.
Re:Feeling left out (Score:3, Insightful)
Believe me, there are many things which are more robust than win95. Whilst your paranoia is your business, saying you run win95 because it's more stable than say, w2k, flies in the face of the evidence. And that's not even going into the realm of things like Linux/BSD, which I assume you ca
Re:Feeling left out (Score:5, Funny)
Left out? Try a Linux version :) (Score:3, Funny)
To make this smile even bigger: Compile this and execute it as root (all ports below 1024 are restricted and needs root permission to be listened to)
Now you can actually *see* when the worm tries it's futile attack on your superior OS.
Re:Feeling left out (Score:3, Funny)
Re:Feeling left out (Score:5, Funny)
Ugh, lazy patchings (Score:5, Interesting)
The RPC vulnerability this worm exploits was patched at least three weeks ago. Maybe if people would get it through their skulls that Windows ships with a BIG WINDOWS UPDATE LINK [microsoft.com] in the Start Menu for a REASON, and maybe if people would at least check for new, fun things weekly, these viruses wouldn't spread quite so far. The news outlets that focus on the "horrific" damage instead of the easy fix are doing their subscribers a disservice.
Besides, even if you don't care about security, you must at least admit it's fun to see a new "This vulnerability could allow an attacker to execute malicious code"-patch every week. I wonder what'll happen when Microsoft's numbering system overflows...
Re:Ugh, lazy patchings (Score:5, Interesting)
This isn't so much about security as it is poor design on the part of microsoft leaving so many useless services exposed to the internet.
Re:Ugh, lazy patchings (Score:2, Insightful)
We were infected by someone dialing in to (of all places, MSN) and opening an *authorized* VPN tunnel to our network.
Users will not patch their machines, even if there's a bright icon in their start menu. Even if it reminds you all the damn time. If it doesn't automagically download and install, they're not going to do it.
Should they have to? No. No one should have to patch as often as they do. Especially not desktops. Home users, for the most part, are technically savvy enough to plug in a USB device and
Re:Ugh, lazy patchings (Score:2)
Or at least that how I imagine they would try to explain it.
Today I noticed that every morning our couple XP computers at work send out a few uPnP related packets to 239.255.255.250:1900. They're going beyond our lan and out through our gateway to the internet.
Re:Ugh, lazy patchings (Score:5, Informative)
Your network is misconfigure. 239.255.0.0/16 is a local scope multicast address. (RFC2365) The message sent is to let other uPNP devices know your computer is there.
Re:Ugh, lazy patchings (Score:4, Insightful)
127.0.0.1/16? sure! The LAN, (192.168.0.0/24 or 10.0.0.0/8, perhaps some Link-Local/Broadcast addresses..) perhaps. The entire INTERNET? No fudging way, man!
Other MS weirdness; I have filesharing turned on. It's only associated with the LAN card's TCP/IP stack (NOT the PPTP (DSL) connection's TCP/IP stack). Nevertheless, were it not for my spiffy firewall software thingy you'd be able to access it from the internet! Yippee..
Re:Ugh, lazy patchings (Score:2)
Credit MS with a little bit of insight. They increase the data type for the numbering to a double a long time ago.
Re:Ugh, lazy patchings (Score:2)
Re:Ugh, lazy patchings (Score:5, Insightful)
I like to wait to update my box for about a week or so to see if there is any outcry about some nasty thing Microsoft slips into the update. I'll bet I am not alone. As far as Blaster is concerned, I rely on independant firewall and antivirus applications to deal with these threats. IMHO it works better than relying on MS to secure their OS.
Re:Ugh, lazy patchings (Score:3, Insightful)
Err, yeah, right. Let me count the apps that I absolutely *need* in order to do my job.
Things from your list:
* SSH client. Yep, agree with that one
* Web browser / email client (one program)
OK, that's two. What I also need:
* Other web browsers, for compatibility testing
* Graphics editor (for designing web sites)
* Text editor (for editing web sites and programs)
* Word processor (for writing letters & o
Phew (Score:4, Funny)
Guess they were just damned lucky there.
Re:Phew (Score:3, Informative)
If we're lucky... (Score:4, Funny)
If we're lucky the power will be out and the worms won't be able to carry out their attack.
Re:If we're lucky... (Score:5, Funny)
Damn, Slashdot needs a "+1 Paranoid" mod
Re:If we're lucky... (Score:3, Funny)
Well, Bill Gates is already more powerful than any government leader in the world, so perhaps we shouldn't be suprised if he has also mastered lightning and other natural phenomena to do his bidding.
Copycats (Score:2)
Re:Copycats (Score:2)
They also state that their software detects both without an update. Thats interesting- I always figured (and never bothered to educate myself and discover otherwise) that virus definitions were less flexible than that- like md5 sums or something. Or is Kaspersky ahead of the game?
Re:Copycats (Score:2)
Most of the good AV packages do perform a hash of some sort on the unchang
The Internet is not Secure (Score:4, Insightful)
Re:The Internet is not Secure (Score:3, Insightful)
Well some are safe from it... (Score:5, Funny)
MS Worm & Power Cuts (Score:5, Interesting)
And I thought those guys were just exagerrating things.
Re:MS Worm & Power Cuts (Score:2)
News Flash (Score:5, Funny)
Obligatory +5 SCO reference (Score:3, Informative)
Just my opinion. I'm tired of this same "joke" showing up in every article.
New Energy Industry version (Score:2)
The Continue Generating Power For Most Of North America Server service failed to start due to the following error: The system cannot find the file specified.
Blaster.B and Blaster.C (Score:5, Informative)
B:
C:
The new C means that the scan that we use to get the original out of the registry has to be modified so we can find this C variant.
Not as big of deal as you think (Score:3, Insightful)
This uses the same vulnerability as before. Which means that if you were hit by but recovered from blaster, you'll be safe from this one. That said, this is a more virulent form, and will screw over unprotected networks even faster. But it won't be nearly as damaging as the original. This is just an example of an anti-virus software producer hyping up a virus to sell their product.
bleh (Score:2, Interesting)
Re:bleh (Score:3, Insightful)
I guess I'm just curious how this became "+4 Interesting." Yes, we know Microsoft tries to make money.
Why should "M$" (that always-clever dollar sign that never stops being incredibly amusing and funny) take the blame for what you started out saying--people who don't patch their boxes are getting hit?
MS Releases Network Scanning Tool (Score:5, Informative)
Download [microsoft.com]
Network admins have fun.
the average user reaction... (Score:3, Interesting)
Yeah that sucked. Anyway, I find it interesting to note the common public reactions to these outbreaks of exploits.
For example, this link [cnn.com] shows a CNN poll where "Doing Nothing" about the worm is tied with "already downloaded a patch" -- this is kind of interesting, since CNN would be a more "general user" audience than tech savvy folk here.
I wonder why no one seems to really care about computer security until it hits them with data loss, or worse.
Patches and backups are things people always promise to do "later" -- and, luckily for data recovery companies, later seldom comes.
I'm sure many people here have done voluntary tech support for friends and family. What do you find to be the most frequent problems? Would you trace them to user negligence, or Microsoft software, or perhaps a combination of the two? Perhaps it's some other factor, such as the "dumbing-down" of computers by the media leading to common misconceptions?
Sometimes, as reports of Windows exploits become a daily news item, I often wonder when people will, en masse, decide they've simply had enough and switch?
Re:the average user reaction... (Score:5, Funny)
Most common "problem" I have seen is that people do the following:
1)Get a computer, with OS and some software installed
2)Use the computer
3)If buy commercial software, install it, hitting OK every time it appears
4)If download arbitrary software from the net, install it, hitting OK every time it appears
5) If computer seems sluggish or something seems wrong, do one or more of the following:
- Go to the Program Files directory (of course it's Windows) and delete one or more directories containing programs you recall having installed recently
- Hunt around the hard disk and delete things that don't look right
- Buy software that supposedly fixes your system, and run it several times consecutively, choosing different options each time
- Reboot
- Re-install the operating system
6) Go to 2)This algorithm is run continuously for several years.
SCO announcement (Score:3, Funny)
Lisensing fees start at $699 for home users.
a deep dark thought.... (Score:5, Interesting)
i saw the news about the second (and third) versions and i just wondered if these (all three) we just a distraction. i wonder how many people looked for an awfully obvious process and if they did't see it, well, that was the end of the story?
somethings smells here.
eric
Re: a deep dark thought.... (Score:5, Interesting)
> i saw the news about the second (and third) versions and i just wondered if these (all three) we just a distraction. i wonder how many people looked for an awfully obvious process and if they did't see it, well, that was the end of the story? somethings smells here.
I've always wondered whether someone planning a criminal break-in somewhere might not release a virus as a cover, so that the victim would shrug off any anomalies on their system as side effects of the virus, and think the virus fix was end-of-story.
Create a worm that patches the vulnerability? (Score:2, Interesting)
Re:Create a worm that patches the vulnerability? (Score:2)
Ever written a complex low-level program that ran on millions of machines without a single user ever finding a bug in it? printf("Hello world!"
Benevolent Virii (Score:4, Interesting)
When someone finds out about an exploit, they tell the company about it (aka MS) and give them time to come up with a patch. Then after sufficient time has passed for security concience people to patch their systems, a virus is released that takes advantage of the exploit to either inform the user that their system is vulnerable and that they should install the patch, or simply install the patch for them.
Alot of times it seems to take a big attack for busy system admins to roll out a system wide update. I have talked to people whose work computers have been hit pretty hard by virii and I just wonder what would have happened had they been hit by a truely malicious virus, not just these annoying but easily recoverable ones. It scares me.
Re:Benevolent Virii (Score:3, Informative)
culpability (Score:5, Interesting)
Along with the idiots at microsoft who don't make updates for IIS available though windowsupdate. (in my experience, ymmv.) C'mon, it's shipped with the OS, you've got automatic updates on by default, so make them patch the goddamn webserver.
Net slowdowns... (Score:4, Interesting)
Is this why slashdot.org feels slow/not responding and have missing images? All other Web sites seem fine. I noticed this at work, home, etc. with Mozilla v1.4.
Oh, it's not that bad! (Score:4, Funny)
Re:Oh, it's not that bad! (Score:3, Informative)
We should be thankful for this worm (Score:4, Insightful)
If this worm didn't exist, the systems would remain unpatched until some much more destructive exploit was distibuted (say, deleting all your files).
Think of it as vaccination - a mild form to shore up our defenses, so a killer form doesn't get us.
Intranets being infected. (Score:5, Interesting)
I had to stay up till 12am trying to figure what the crap was going on with my equipment when it was communicating with those stupid NT servers. We're running Redhat and I was sitting there using tcpdump trying to figure out what was wrong with the packets.
It looks normal from the Redhat side, but you'll get no responses from the Application layer on the NT side. It must flood the send pipe in the TCP/IP socket layer on the NT side.
WARNING: If you're running Linux in the Enterprise and you're interfacing NT, you'll be blamed first. Just know it ain't your fault.
I am so sick of these amatures... (Score:5, Funny)
For instance take this worm and add the ability for it to seek the network for every single excel spread sheet it can find and randomly mix up a couple of cell values. Then have it set the access time back to the original.
Hell just write a few bytes to a random location in any file you can access.
Come on black hats, quit boring me!
Is *nix that much more secure? (Score:5, Insightful)
The desktop world is ruled (by numbers, anyway) by Microsoft. Any potential malware s'kiddie can knock together some malware in a few hours, dump it into some unsuspecting newsgroup somewhere or email it to his Outlook-using mates and start an epidemic relatively easily. The sheer number of vulnerable machines makes that easy.
The installed base of Windows boxes also means that, despite MS not opening up their code to anyone (except governments and universities willing to sign away their first-born as insurance against breaking the NDA), large numbers of people spend vast tracts of time throwing McValue Meal-sized URLs at web-servers and mutant packets at RPC interfaces.
Lots of people x Lots of time x Lots of machines = lots of vulnerabilities found...
Now consider *nix. It has a number of advantages straight off the block:
- It's open source. Code that finds its way into the kernel goes through the best peer-review system available; public scrutiny.
- Generally, the people who run *nix are more tech-savvy than an average Joe Blow.
- Any vulnerabilities that are found get acknowledged and fixed very quickly.
But what would happen if *nix had the sort of desktop penetration that Windows does? How quickly would the kind of person that thinks a computer case is called a 'hard drive' apply a *nix security patch? If *nix was that popular, how many more people would devote vast tracts of time to finding obscure security holes and vulnerabilities?Just a thought. Now flame away ;)
MSBlast attacks Friday MORNING (Score:3, Informative)
Microsoft.com is down, as is Windowsupdate ! (Score:3, Insightful)
Nothing, Nada.
I guess in a weird sort of way, its ironic.
Massive Legal Ramifications in here (Score:4, Funny)
Firstly, the second strain of the virus is clearly derived from
the first strain. This is blatant piracy, and a violation of the
cherished IP of the original authors.
The original author of the virus is now in a position to reap a windfall, by
- Suing the second author to the tune of $3Bn for having blatantly stolen their code.
- Suing the thousands of owners of infected machines because they may be running pirated code in violation of the DMCA.
- Offering infected users a $699 licence fee for running the derived virus, which will protect them from any further legal action.
What the authors of the second, derived virus have done is abominable, and shows a callous disregard for the IP rights of the original authors. They are nothing but pirates, and a threat to the wholesome values of benign free-trade capitalism.
-----------------------
Gets funny indeed after so many times (Score:3, Funny)
It is certainly redundant to state the simple solution is to abandon all Microsoft products. There must be hundreds of exploits 'widely known among hackers' but not known to Microsoft and/or published. Any 'hacker' worth his salt can get into any NT type server with a minimal effort and can certainly get to clients and install servers. The truth of he matter is us old hacks are really bored with Microsoft.
Poorly Written Worm? (Score:4, Interesting)
I asked if he could determine where the scans were coming from and he said that this was unusual and he was looking into it. He pointed out that there was no damage being done, but was curious as to who would be doing 12 hours of constant port scanning.
After an hour he called back and said that the scans were coming from just about everywhere, and that they were scanning only the port used by the Worm. His conclusion (and mine as well) was that a fault in the random number generation method used by the worm caused it to pick our Class C address block more than other ones, and thus we were getting the scans.
No damage is being done... so I guess we merely wait until (hahahahah) all these lusers patch their systems - but really, can the script kiddies out there PLEASE learn how to write GOOD code before releasing their worms? (or did this come straight out of microsoft labs itself - seems their typical crap coding style).
Perhaps they should have used the SGI LAVA RANDOM NUMBER GENERATOR.
Re:And while you all get easy 5, funnies. (Score:5, Insightful)
That was true like a year or two ago, but since this has come up I've been amazed at how things have changed here. It's not that it's turning pro-Microsoft, but the "Everything Linux does is perfect" attitude has settled back down to realistic levels.
I agree with you, though, Linux is a root password away from being ssh'd to hell.
Re:And while you all get easy 5, funnies. (Score:5, Interesting)
So are we going to start adding all securities in third-party apps that run on Windows to the "Windows vulnerability" list? That's crazy.
Linux is a kernel, yes. But the fact that it's available in that form if that's all you want is an advantage, not a technicality. Try getting Windows without a GUI, or SMB.
Let's see here (Score:3, Insightful)
- FSF FTP site gets hacked. Some people are mined for passwords.
- A significant proportion of all desktop machines on the internet are compromised by a self-propigating virus, and the internet is affected by the sheer quantity of traffic generated by the worm.
I think there's a slight difference of scale there.Re:Let's see here (Score:3, Interesting)
Re:I hope this new version runs under WINE (Score:4, Funny)
Finally, all the Linux users who have felt left out can participate in the reboot fun. It is a bargain for $50. See www.crossoverblaster.devnull for more details.
Disclaimer: I do not work for CodeWeaver. My views are purely my own.
Re:who came up with "lovesan"? (Score:2, Informative)
Re:Great. Just great. (Score:3, Interesting)
The fact that nobody patches their systems is an indication that the delivery method is flawed. It must be that the patching system has one or more of the following problems:
1. Too complicated, or too flaky to make updates simple
2. The importance of patching is not impressed on the user at install time
3. Patches are too fl
Re:Simple security practices go a long way... (Score:4, Funny)