Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Downadup Worm — When Will the Next Shoe Drop?

timothy posted more than 5 years ago | from the it-looks-like-you're-using-windows dept.

Security 295

alphadogg writes "The Downadup worm — also called Conflicker — has now infected an estimated 10 million PCs worldwide, and security experts say they expect to see a dangerous second-stage payload dropped soon. 'It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs,' says Don Jackson, director of threat intelligence in the counter threat unit at SecureWorks. The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes."

Sorry! There are no comments related to the filter you selected.

what will it download? (5, Funny)

Anonymous Coward | more than 5 years ago | (#26593249)

the worm is capable of downloading second-stage code for darker purposes."

So it might download vista?

Keep spreading lies (5, Funny)

Anonymous Coward | more than 5 years ago | (#26593357)

Windows is actually far more secure than Linux. Get the facts [getthefacts.com] , people.

Re:Keep spreading lies (3, Informative)

Anonymous Coward | more than 5 years ago | (#26593481)

Yeah as if a Microsoft website isn't going to show a bit of one-sidedness and in doing so leave out a metric ton of facts that don't exactly keep their product at best interest.

Re:Keep spreading lies (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26593745)

I prefer this [zoy.org] site, its facts are far more accurate ;-)

Re:Keep spreading lies (4, Informative)

Anonymous Coward | more than 5 years ago | (#26593825)

I prefer this [zoy.org] site, its facts are far more accurate ;-)

Don't click that link!

Re:Keep spreading lies (5, Informative)

Anonymous Coward | more than 5 years ago | (#26593883)

Be warned - in case you are tempted...

This is a pretty ingenious script that

  • Opens up windows (or tabs, depending on how you open the link) as fast as your computer can - 100% CPU
  • Each window displays gay porn
  • Plays a loud sound "Hey everybody I'm looking at gay porno"
  • Behind the scenes it also copies the contents of your clipboard to this guy.

It works in IE and firefox. It is simply a page with an image, a flash movie, and a javascript that copies your clipboard to a field then 'submit()'s' the form, reloading the page.

Very simple and bypasses popup blockers (at least the ones I have on).

This has got to be a security hole in firefox, both on the ability to open windows/tabs, and copying the clipboard.

If you want to have a look, use:

wget http://getthefacts.on.zoy.org/index.php

WARNING: dont click on this link, just copy the wget command to a shell. Dont say I didn't warn you...

Re:Keep spreading lies (1)

darkpixel2k (623900) | more than 5 years ago | (#26594255)

Damnit. When will Chrome be available for Linux? Do you know how long it takes to reopen 150 tabs on an old Compaq Presario 2300 laptop? Good thing I have a second brower installed. It'll take me a week to get firefox loaded back up.

Re:Keep spreading lies (4, Insightful)

jesser (77961) | more than 5 years ago | (#26594321)

Firefox doesn't let web sites access your clipboard directly. Flash does. The Flash guys consider it a feature, while the Firefox guys consider it a security hole in Flash (or at least I do).

I bet the site is using Flash.

Re:Keep spreading lies (0)

Anonymous Coward | more than 5 years ago | (#26594425)

I wonder how he gets access to the clipboard in FF3. Flash, maybe? Hell, I've been working on something where we want to give the user the ability to click a button, copying the HTML from within a DIV to their clipboard, and without hacking about:config in FF3 (when using Flash 10) it's not even possible. :\

Re:Keep spreading lies (2, Insightful)

Anders (395) | more than 5 years ago | (#26593837)

I prefer this [zoy.org] site, its facts are far more accurate ;-)

At least it wasn't a rickroll ...

Re:Keep spreading lies (4, Funny)

Penguinshit (591885) | more than 5 years ago | (#26594043)

It's a dickroll...

Re:Keep spreading lies (-1)

quickOnTheUptake (1450889) | more than 5 years ago | (#26593575)

that's why it's estimated that 10 million linux computer are infected.
Oh, wait.

Re:Keep spreading lies (1)

ATMD (986401) | more than 5 years ago | (#26594461)

No, that can't happen until the year of the Linux desktop, which I believe is the year after the release of DNF...

*ducks hail of thrown Ubuntu disks*

Re:Keep spreading lies (0)

Baseclass (785652) | more than 5 years ago | (#26593751)

This is a joke right?

I've been running Linux for 10 years. Not once have I had a virus, malware, or spyware installed on my PC.
By contrast, my wife's laptop which was running Windows XP (until I installed Slackware on it) required constant de-spywareification and resource intensive anti-virus programs always on alert.

You my friend need to get the facts.

Re:Keep spreading lies (1, Informative)

Anonymous Coward | more than 5 years ago | (#26593953)

Same here. We couldn't keep my Mom's PC clean when it was running windows. I swear it would get infected with something within a month. Switched her to Linux just over two years ago and haven't had a problem since.

She grumped about "things are changed" for about a week. Now she is happy surfing, emailing, printing, loading music on her MP3 player, and grabbing pics off her camera. She is happy - I am happy!

Re:Keep spreading lies (1)

Kneo24 (688412) | more than 5 years ago | (#26594245)

Part of your moms problem, and the GP's wife's problem is education. Did you guys bother to teach them that the internet isn't safe and that they probably shouldn't click on every link they see?

And if they'd rather not listen, let them educate themselves; do not help them. I had to do this to my mom and sister and they've been virus/spyware/malware free for a year now. They know to keep Windows up to date and run a scan at least once a week for any suspicious. They've also learned to not click on every fool link there is just because they can.

Re:Keep spreading lies (2, Insightful)

nmb3000 (741169) | more than 5 years ago | (#26594279)

By contrast, my wife's laptop which was running Windows XP...required constant de-spywareification and resource intensive anti-virus programs always on alert.

Then, as they say, you're doing it wrong. Running XP/Vista securely is pretty easy:

  • Most importantly: don't run as admin.
  • Stay updated.
  • (Optional) Use a browser like Firefox with addons like NoScript. Makes browsing new sites painful, but more secure.

That combined with a little common sense means you don't even need any realtime anti-virus software. If you do accidentally get something malicious installed, cleaning a user profile is really easy. Worst case means copying files and then deleting and re-creating the profile, just like you would have to do on an infected Linux system.

Re:Keep spreading lies (0)

Anonymous Coward | more than 5 years ago | (#26594311)

But operating system and user are completely correlated in your example. What if you had been using Windows for 10 years? I have run Windows for at least that long (until recently), and never had virus or malware. Now I run Linux, and love it, and still no viruses.

Re:Keep spreading lies (2, Interesting)

Baseclass (785652) | more than 5 years ago | (#26594433)

I love how Windows apologists always qualify their answers with "I like Linux too but...". It's a bit like saying "Some of my best friends are black but..."
You're obviously an experienced Windows user and understand the importance of discretion when clicking links, installing software, etc.
The difference is, Linux users don't have exercise nearly as much caution. My wife and kids know nothing of what lies beneath their pretty GUIs yet since upgrading every system in the house to Slackware (yes upgrading), we've had no further issues involving malicious software.

The zookeeper says: ... (1)

Savage-Rabbit (308260) | more than 5 years ago | (#26594011)

Windows is actually far more secure than Linux. Get the facts, people.

... Please don't feed the trolls.

Re:what will it download? (1)

drpt (1257416) | more than 5 years ago | (#26593785)

I think so but they will rename it to "cornhole"

Re:what will it download? (5, Insightful)

hobbit (5915) | more than 5 years ago | (#26594345)

while Downadup today is not malicious in the sense of destroying files

How quaint! The idea that someone might infect millions of PCs just to delete people's files is so 20th century.

Don't be so down. (0)

Anonymous Coward | more than 5 years ago | (#26594361)

the worm is capable of downloading second-stage code for darker purposes.

Don't be so down. On the up side, it is also capable of downloading cheerfully singing chipmunks.

And now we rediscover (5, Funny)

causality (777677) | more than 5 years ago | (#26593261)

And now we rediscover why monocultures don't work (and are generally not found) in nature.

Re:And now we rediscover (4, Funny)

Dzimas (547818) | more than 5 years ago | (#26593613)

Hmm. Are you alluding to the dominance of computers or humans?

Re:And now we rediscover (2, Informative)

dov_0 (1438253) | more than 5 years ago | (#26593915)

Very good point. The variety in different distros and user chosen software would give Linux a great advantage over Windows securitywise.

Re:And now we rediscover (1)

Godji (957148) | more than 5 years ago | (#26593971)

And that's funny why? Mod informative.

Re:And now we rediscover (2, Insightful)

philspear (1142299) | more than 5 years ago | (#26594329)

I at least find it funny that IT joins many other fields in realizing nature faced a similar problem and solved it billions of years ago.

Re:And now we rediscover (1, Insightful)

timmarhy (659436) | more than 5 years ago | (#26594093)

yeah right because computers happen in nature. we did have a diversity of computers in the wild, they happily swung from the trees and shat in the woods, but then the windows computer was introduced and ate all their food and raped their babies.

or maybe not everything has an analogy based on nature, since it's 100% artifical to begin with, and fills an artifical reqirement (like all computers being compatible dictates a monoculture...)

Re:And now we rediscover (2, Funny)

Anonymous Coward | more than 5 years ago | (#26594169)

HMPFH.

*YOUR* PC might have shat in the woods, but my Mac was potty trained from day one.

Spyware, Adware, Antivirus, Don't use IE, Use a (-1, Troll)

rolfwind (528248) | more than 5 years ago | (#26593265)

Router, don't let the computer go on the internet naked.

When will Windows be ready for the desktop? Srsly.

Re:Spyware, Adware, Antivirus, Don't use IE, Use a (0, Troll)

samriel (1456543) | more than 5 years ago | (#26593381)

So, in other words, always wear a condom, and for christ's sake, DON'T go looking for hookers in Taiwan?

Re:Spyware, Adware, Antivirus, Don't use IE, Use a (0)

Anonymous Coward | more than 5 years ago | (#26593523)

In Taiwan, hooker finds you!

AIDS figures (1, Informative)

Anonymous Coward | more than 5 years ago | (#26593857)

You mean Africa, with 20% of population infected with AIDS.

Taiwan has 0.1% of population infected.

This computer worm is indeed trickly. It inserts code via vulnerabilities, guesses passwords, spreads via domains if possible, and so on.

Downadup vs Morris - which one will prevail?
Round One, Fight!

Re:Spyware, Adware, Antivirus, Don't use IE, Use a (0)

Anonymous Coward | more than 5 years ago | (#26593385)

Windows has been ready for the desktop for years now.

When will it be ready to connect to the internet is another issue entirely, and I wouldn't recommend anyone waiting to see the day - they'll see their retirement checks long before it happens.

Re:Spyware, Adware, Antivirus, Don't use IE, Use a (3, Informative)

Computershack (1143409) | more than 5 years ago | (#26593389)

When will Windows be ready for the desktop? Srsly.

Microsoft patched this and issued the fix through Windows Update a month before the worm was even in existence. It's only stupid fucks who don't update their OS that've got infected.

Re:Spyware, Adware, Antivirus, Don't use IE, Use a (0)

Anonymous Coward | more than 5 years ago | (#26593457)

See, this is why Micro$oft is correct with DRM and giving users less control. If M$ controlled every aspect of the computer - what programs you can install/run, what websites you visit this worm would not infect a single computer because a patch was available.

Re:Spyware, Adware, Antivirus, Don't use IE, Use a (1)

JohnBailey (1092697) | more than 5 years ago | (#26594021)

Microsoft patched this and issued the fix through Windows Update a month before the worm was even in existence. It's only stupid fucks who don't update their OS that've got infected.

Ahh.. that's all right then.. So you are saying more than the thirty percent mentioned will be getting it..

Re:Spyware, Adware, Antivirus, Don't use IE, Use a (-1, Troll)

TW Atwater (1145245) | more than 5 years ago | (#26594091)

It's only stupid fucks who use Windows that've got infected.

There, fixed that for you.

Re:Spyware, Adware, Antivirus, Don't use IE, Use a (1)

nurb432 (527695) | more than 5 years ago | (#26593555)

And dont use email, or browse or or or..

Only way to be 100% safe is to not be online at all.

Re:Spyware, Adware, Antivirus, Don't use IE, Use a (0)

Kent Recal (714863) | more than 5 years ago | (#26594057)

Interestingly you can already be 99,9999% safe simply by using a Mac or Linux.
Neither e-mail nor browsing applications are broken per se - it's that one operating system.

Re:Spyware, Adware, Antivirus, Don't use IE, Use a (2, Insightful)

Kneo24 (688412) | more than 5 years ago | (#26594209)

Interestingly, security through obscurity is not real security.

Re:Spyware, Adware, Antivirus, Don't use IE, Use a (-1, Troll)

Kent Recal (714863) | more than 5 years ago | (#26594335)

Before trying to sound smart in public you should maybe look up [wikipedia.org] your catch phrase...

Re:Spyware, Adware, Antivirus, Don't use IE, Use a (-1, Redundant)

Kneo24 (688412) | more than 5 years ago | (#26594411)

The terminology I used here works. You feel that OSX and Linux are secure. I pointed out that the reason they appear to be that way is because they're obscure, "fringe", not a lot of users.

If you were a virus writer, would you spend your time writing viruses for OS's that doesn't have the overwhelming majority of the market share in this scenario? No, you wouldn't. You'd have far less of a chance infecting as many people as you could in comparison to the larger other OS install base.

Re:Spyware, Adware, Antivirus, Don't use IE, Use a (0)

Kneo24 (688412) | more than 5 years ago | (#26594423)

And after reading your link (I didn't bother to click because you were wrong regardless), it even validates my point further down the page. Good job showing everyone you fail at reading.

Obligatory (0, Offtopic)

retech (1228598) | more than 5 years ago | (#26593273)

I, for one, would like to welcome our new Ukrainian Worm Overlords.

its not hard (5, Informative)

madcat2c (1292296) | more than 5 years ago | (#26593313)

Use a hardware router, use a real anti-virus program that actually publishes updates everyday (Nod32 for me), and use a browser where you can kill anything that tries to auto install itself (firefox, chrome, etc).

And don't forward or respond to chain emails!

Re:its not hard (1)

quickOnTheUptake (1450889) | more than 5 years ago | (#26593483)

and don't use admin, 1234, or microsoft, as your password

Re:its not hard (1)

PrescriptionWarning (932687) | more than 5 years ago | (#26593497)

There are worms out there that actually disable your anti-virus updates from actually occurring while telling you that they have updated.

Re:its not hard (1)

phulegart (997083) | more than 5 years ago | (#26594367)

Yes there are. And there are simple steps to being able to clear those worms/spyware/malware when you are infected with them. However, those simple steps either require running scans and updates regularly, or paying for software that will do it automatically (although spybot does have a scheduler feature).

The issue right now, is that there is not one cleaning tool that gets them all. That's where it starts to get complicated. A large portion of the worst stuff can be cleared easily and painlessly with Malwarebytes and a recent ComboFix. But then it's a matter of getting THAT knowledge into the mainstream. And these tools will fall by the wayside as different kinds of infections become more prevalent, and other cleaning tool developers stay on top of what is current. So education is the key I guess... as it is with most things.

Linux users should not be feeling smug. They should appreciate Microsoft more than they do. If Linux had a more dominant position in the market, Linux users would be cleaning spyware/malware from their machines too. But most linux users are too smart to realize or admit that.

Re:its not hard (1)

Joce640k (829181) | more than 5 years ago | (#26593647)

...except that this spreads via USB sticks and blocks antivirus updates.

A minor nitpick, I know...

Re:its not hard (1, Interesting)

Anonymous Coward | more than 5 years ago | (#26593889)

Gotta say, it's pretty clever of the worm writer to rediscover the sneakernet as a malware infection vector. Though I'm curious as to why it just blocks anti-virus sites and not Window updates? That'd make it almost impervious to fix by network.

Re:its not hard (1)

Godji (957148) | more than 5 years ago | (#26593985)

I'm wondering about the method if infecting a USB stick. Is it filesystem-secific? How does it work?

Re:its not hard (1)

ancientt (569920) | more than 5 years ago | (#26594491)

It isn't exactly filesystem specific, though it does depend on being a filesystem that Windows will recognize. It infects USB by putting an autorun.inf on the device to install itself. The nasty bit is that, to the average user, it looks like the executable is just the windows dialog to open the device as a folder. f-secure.com [f-secure.com] has a nice writeup on it.

Re:its not hard (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26593879)

Or use a Mac and forget your laundry list of protection aids.

When you see divert fractions of pennies into a ba (1)

Joe The Dragon (967727) | more than 5 years ago | (#26593319)

When you see it divert fractions of pennies into a bank account they control.

You'll All Thank Me (5, Funny)

hksdot (1128515) | more than 5 years ago | (#26593325)

You'll all thank me when I deploy the second stage to install and run SETI@home and discover alien intelligence.

-Virus Author

Re:You'll All Thank Me (1, Funny)

Anonymous Coward | more than 5 years ago | (#26593399)

deploy the second stage to install and run SETI@home and discover alien intelligence

... that then comes and kills us all before we advance enough to be a threat to them. Yea, thanks a lot buddy. How about FOLDING@home instead?

Re:You'll All Thank Me (4, Funny)

philspear (1142299) | more than 5 years ago | (#26594373)

that then comes and kills us all before we advance enough to be a threat to them.

Right before that would happen, he'll deploy "stage three" by handing the aliens a USB drive...

Why is it.. (4, Funny)

zmollusc (763634) | more than 5 years ago | (#26593359)

.. that I can't get windows apps to do what i want without crashing, but it runs teh evil viruses perfectly?

Re:Why is it.. (0)

Anonymous Coward | more than 5 years ago | (#26593437)

blah blah troll troll

Re:Why is it.. (1)

John Hasler (414242) | more than 5 years ago | (#26593585)

What makes you think it does? Perhaps 10% of all infections fail. So what?

Re:Why is it.. (1)

Shados (741919) | more than 5 years ago | (#26593663)

Virus writers aren't former Visual basic 6 developers without degrees who think they're hot shit for being able to pop a modal dialog, and make a career out of it. Thats why.

Re:Why is it.. (2, Interesting)

troll8901 (1397145) | more than 5 years ago | (#26593993)

Too true. The original Internet worm had only 99 lines of source code, yet incorporated encryption, password guessing, vulnerability-injection, and so on.

Except for a bug, I think the author was a genius - a true "hacker" in the original sense of the word.

Of course, both viewpoints were presented by another guy, who included this incident in the last chapter of a book.

Re:Why is it.. (5, Insightful)

nathan.fulton (1160807) | more than 5 years ago | (#26593881)

".. that I can't get windows apps to do what i want without crashing, but it runs teh evil viruses perfectly?"
Because there is a 100% correlation between a virus crashing and a virus writer's lost profit. With most legitimate software, a crash leaves only one practical option: keep using the crapware and hope it doesn't crash again.

Re:Why is it.. (1)

brusk (135896) | more than 5 years ago | (#26594199)

Actually no. If a virus works only 50% of the time, no big deal, the author probably doesn't even know.

Re:Why is it.. (2, Funny)

Yvanhoe (564877) | more than 5 years ago | (#26594229)

Let's be fair, the virus only works on 30% of the machines. Still impressive for a windows app though...

Could it be hijacked... (3, Interesting)

TexVex (669445) | more than 5 years ago | (#26593447)

If this thing is a malicious software delivery system, wouldn't it be possible to hijack it and have it download something that removes it?

Re:Could it be hijacked... (2, Interesting)

Kifoth (980005) | more than 5 years ago | (#26593525)

Good question... Since we know that the virus checks 250 formula based URL's every day for 'updates,' what's to stop someone from registering one of the upcoming url's and hosting code there that'll cause the virus to uninstall or cripple itself?

Re:Could it be hijacked... (2, Informative)

John Hasler (414242) | more than 5 years ago | (#26593545)

I would imagine that it requires signed code.

Re:Could it be hijacked... (1)

nathan.fulton (1160807) | more than 5 years ago | (#26593897)

only if the virus writer is doing it wrong. There are about a million ways to prevent this, including encrypting the code.

Re:Could it be hijacked... (2, Informative)

Fnord666 (889225) | more than 5 years ago | (#26594015)

If this thing is a malicious software delivery system, wouldn't it be possible to hijack it and have it download something that removes it?

Unfortunately the virus writers already thought of that. The article didn't give details but I would guess that the downloaded payload is digitally signed and the virus code verifies the signature.

Re:Could it be hijacked... (3, Interesting)

upuv (1201447) | more than 5 years ago | (#26594357)

Aside from the potential protections the virus may have for this.

White hats have a few extra rules to contend with. Since going into someones computer and changing stuff without there approval is illegal in most parts of the globe the white hats would be just as guilty as the virus writer.

God forbid the white hat actually makes a mistake and the cure is worse than the disease. An analogous problem occurred when Sony installed a root kit that prevented people from breaking the law. Sony thought it was protecting it's IP rites. What really happened was that Sony effectively gave complete and total access to any one who wanted to do stuff on the computer. Sony got slapped hard for this and it cost them a bundle. Many people lost there jobs and the damage to personal computers around the world was rather staggering.

So it's not as simple as someone taking over the comms with the virus and sending back clean up routine.

----
As an aside. If or when the world comes to accept that white hats are allowed to attack virus in this manor we will see an almost instant response from the virus writers.

A double payload mechanism would be very effective for example.
1. Virus infects.
2. 2nd payload is delivered and hides in stealth.
3. white hat antivirus clears first virus. As it would take time for the aggressive anti virus to be written. The 2nd payload could easily be delivered well in advance of the white hat action.
4. 2nd payload is now on the hardware with no need to talk to command and control.

That is just one possible vector change that would appear.

----

More likely is that if white hats where given the go ahead to attack. The "Bad guys" would simply move to the next soft target. I suspect the next soft target to be the vast numbers of networked devices that are multiplying all running Linux variations. Also since next to no one ever updates the firmware on these appliances once vulnerable they will remain for ever vulnerable.

----
So in the end no it's a BAD idea for the white hats to aggressively attack these things. It's an arms escalation that we simply don't need.

I.e., when will people stop using Windows? (1)

gunne (14408) | more than 5 years ago | (#26593473)

That's what I thought the article was about when I read the headline...

conficker - conflicker - downadup (1)

e**(i pi)-1 (462311) | more than 5 years ago | (#26593479)

"The Downadup worm - also called Conflicker - has now infected an estimated 10 million PCs worldwide,

Ashamed of being fucked with [wikipedia.org] , victims call "conficker" now "conflicker" or with the euphemism "downadup". It does not matter, it all adds up down there if you are screwed with.

The sick truth. (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26593511)

I am an ex-Linuxer, If Linux was used more it would get viruses too. That aside, whoever wrote this virus/worm should get Gitmo, and yes, McCain/Palin in 2013 will reopen it to teach morbidly obese nerds in their basement not to write viruses. This is cyberwar and they should have an example set to them. If we were a proper country like Soviet Russia they would get the Siberian wolf blowjob by now.

Re:The sick truth. (4, Funny)

couchslug (175151) | more than 5 years ago | (#26593597)

"If we were a proper country like Soviet Russia they would get the Siberian wolf blowjob by now."

Thanks to the internet, not only do I know that for some people that would not be a punishment,
but that others wish they were the wolf.

Re:The sick truth. (1)

pxlmusic (1147117) | more than 5 years ago | (#26593611)

3/10

Re:The sick truth. (0)

Anonymous Coward | more than 5 years ago | (#26593795)

Creating a virus could be like finding x > 0 such that f(x) = 0 where

f(x) = sin(log(x)) [Windows]
f(x) = 1 [Linux].

I.e. it might not always be possible.

Re:The sick truth. (1)

Baseclass (785652) | more than 5 years ago | (#26593955)

Uh huh, sure you are.

If you were truly a Linux power user, then you'd know that the Linux/UNIX security model is not conducive to the spread of viruses since any program attempting to modify system files would require root access first.

Re:The sick truth. (1)

Breakfast Pants (323698) | more than 5 years ago | (#26594055)

Moot point unless the only way you do anything as root is through a shell in one of the virtual terminalsor xdm. If you ever give your root password in a logged in X session, or as your user (su or sudo) your machine can be compromised. su, bash, etc. can all be replaced with sinister versions, and the next time you su to root, your password is captured.

Re:The sick truth. (0)

Baseclass (785652) | more than 5 years ago | (#26594141)

I never said Linux couldn't be compromised, alas, I routinely need to install security patches because new exploits are discovered all the time.

What I said was "the Linux/UNIX security model is not conducive to the spread of viruses". Getting rooted locally is quite a bit different then spreading viruses to other Linux machines that would also need to be exploited for the virus to get root access.

Re:The sick truth. (1)

Atlantis-Rising (857278) | more than 5 years ago | (#26594305)

And yet, the exact same security model is present in Windows Vista- users need to provide an administrative password to elevate security privileges for a process that requires administrator-level access, or, even if you are logged in as administrator, you need to provide confirmation to conduct administrator-flagged actions.

This is the premise behind Vista's UAC.

Notice how universally it is panned as being useless, despite being exactly the type of security model you advocate?

Thank you Mickeysoft! (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#26593521)

And a big FUCK YOU to you too!

Microsoft... (4, Insightful)

ConceptJunkie (24823) | more than 5 years ago | (#26593863)

"From where do you want to get pwned today?"

It's 2009... I can't believe we're still dealing with this crap in 2009.

Re:Microsoft... (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26594371)

"From where do you want to get pwned today?"

It's 2009... I can't believe we're still dealing with this crap in 2009.

Nothing will change until Microsoft execs face jail time for putting out such crap.

Re: Downadup Worm â" When Will the Next Shoe (0)

Anonymous Coward | more than 5 years ago | (#26593869)

I wasn't aware that worms wore shoes. Lucky this thing isn't a centipede, or worse a millipede. We'd never hear the end of those other shoes dropping if it were!

it's my worm (1)

Errtu76 (776778) | more than 5 years ago | (#26593873)

And I'm using it to 'infect' their pc's with Linux. It'll stop all future virii as well as creating a wave of happiness. Dark purposes, it's all how you look at it. Sure they'll hate me for a while, but then they'll love me and i'll reveal my identity and be a hero!

Re:it's my worm (2, Funny)

nathan.fulton (1160807) | more than 5 years ago | (#26593937)

I knew it! Those linux folks are all virus writers! They even infect the copyright system with their dirty viruses [wikipedia.org] !

Re:it's my worm (1)

Eudial (590661) | more than 5 years ago | (#26594017)

And I'm using it to 'infect' their pc's with Linux. It'll stop all future virii as well as creating a wave of happiness. Dark purposes, it's all how you look at it. Sure they'll hate me for a while, but then they'll love me and i'll reveal my identity and be a hero!

Here I was hoping the virus would start correcting the spelling in you tube comments. Maybe the next virus that comes along will realize my grammar nazi utopia, then...

Re:it's my worm (1)

El_Oscuro (1022477) | more than 5 years ago | (#26594125)

  1. Rent a bot net with the worm on it.
  2. Instruct each zombie to Bittorent and install Wubi. [wubi-installer.org]
  3. ???
  4. Profit!

A small niggle... (3, Interesting)

rickb928 (945187) | more than 5 years ago | (#26593947)

But it's "Ukraine", not "The Ukraine".

At least, that's what Ukrainians say [wsu.edu] .

Just sayin... And that's what the Ukrainian rocket scientist I know says also.

Re:A small niggle... (1)

Cyberax (705495) | more than 5 years ago | (#26594155)

Don't worry. Ukraine is going to split into several parts real soon or at least become a federation. And then you'll be able to call it "the Ukraine" again. :)

Re:A small niggle... (2, Interesting)

feelbad_feelsgood (809633) | more than 5 years ago | (#26594387)

If you wonder why people (esp. Americans) insist on referring to Ukraine as "The Ukraine," I believe the answer lies with the Parker Bros. board game "Risk". Their wikipedia entry http://en.wikipedia.org/wiki/Risk_(game)#Territories [wikipedia.org] doesn't say this, but I'm pretty sure older boards had a space that was not called Ukraine, but "The Ukraine". Corroboration from Seinfeld: http://www.seinfeldscripts.com/TheLabelMaker.html [seinfeldscripts.com] If you're wondering if Americans learned geography from any source more reliable than a board game, well, you already know the answer.

Remove it script? (1)

brxndxn (461473) | more than 5 years ago | (#26594139)

Where do I go to get a script that searches for it and removes it?

I'm sure I have coworkers that need this removed from their computers at work..

Re:Remove it script? (1)

anss123 (985305) | more than 5 years ago | (#26594217)

I'm sure I have coworkers that need this removed from their computers at work../quote The hole the virus exploits was closed last year, before Conflicker started spreading, so if your company machines are up to date they should be safe. Microsoft also has a "malicious Software Removal tool" that can remove the virus.

So when.. (1)

Arafel65 (800718) | more than 5 years ago | (#26594179)

Is the movie coming out?

Complacency is a disease (4, Funny)

David Gerard (12369) | more than 5 years ago | (#26594181)

A computer worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users blitheringly stupid enough [today.com] to still think Windows is not ridiculously and unfixably insecure by design [philosecurity.org] .

Despite many years' warnings that Microsoft regards security as a marketing problem and has only ever done the absolute minimum it can get away with, millions of users who click on any rubbish they see in the hope of pictures of female tennis stars having wardrobe malfunctions still fail to believe that taking Windows out on the Internet is like standing bent over in the street in downtown Gomorrah, naked, arse greased up and carrying a flashing neon sign saying "COME AND GET IT."

Microsoft cannot believe people have not applied the patch for the problem, just because they keep trying to use Windows Genuine Advantage to break legally-bought systems. "Don't they trust us?" asked marketing marketer Steve Ballmer.

Millions of smug Mac users and the four hundred smug Linux users pointed and laughed, having long given up trying to convince their Windows-using friends to see sense. "There's a reason the Unix system on Mac OS X is called Darwin," said appallingly smug Mac user Arty Phagge.

"It can't be stupid if everyone else runs it," said Windows user Joe Beleaguered, who had lost all his email, business files, MP3s and porn again. "Macs cost more than Windows PCs."

"Yes," said Phagge. "Yes, they do."

Ubuntu Linux developer Hiram Nerdboy frantically tried to get our attention about something or other, but we can't say we care.

Get a Mac (0, Flamebait)

Anonymous Coward | more than 5 years ago | (#26594231)

Just get a Mac already. Seriously.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?