Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Massive Spam Shot of "Storm Trojan"

kdawson posted more than 7 years ago | from the storm-warning dept.

Spam 260

jcatcw writes "Postini has already counted nearly 5 million copies of the spam in the last 24 hours, and calculated that the run currently accounts for 87% of all malware being spread through email. 'Expect this to grow much larger,' a Postini spokesman said; 'It should top out at 60 million messages within the next 24 hours.' It's the largest attack in the last 12 months, and more than three times the volume of the two biggest in recent memory: a pair of blasts in December and January. The spam carries a ZIP file attachment posing as a patch with subjects such as Worm Alert!, Worm Detected, Spyware Detected!, or Virus Activity Detected."

Sorry! There are no comments related to the filter you selected.

yep... (1)

Churla (936633) | more than 7 years ago | (#18719065)

My AVG seems to have quarantined a couple of these yesterday.

Another day in the world of near-monoculture. (5, Interesting)

jcr (53032) | more than 7 years ago | (#18719083)

After all these years of malware on Windows systems, I think it's high time someone took Microsoft to court and at least charged them with contributory negligence. After the Mellissa virus, they can't claim that they don't know the hazard.

The person to bring this suit would need to be someone who's not a licensee of any MS products, but has suffered losses from their network getting DOS'd by Windows zombies trying to trade copies of the malware of the hour.

-jcr

Re:Another day in the world of near-monoculture. (5, Funny)

grub (11606) | more than 7 years ago | (#18719129)


Microsoft is to computers what Philip Morris is to lungs.
Woo, a new quote! :))

Re:Another day in the world of near-monoculture. (3, Funny)

grub (11606) | more than 7 years ago | (#18719163)

s/what/as/g

Re:Another day in the world of near-monoculture. (3, Insightful)

pestario (781793) | more than 7 years ago | (#18720003)

s/g//

In English: (0)

Anonymous Coward | more than 7 years ago | (#18720157)

GP: oops, change all occurrences of "what" to "as" in my post.
P: You luser! You only want to change one occurrence, so why force the system to keep looking once it's found? Do you think CPU cycles are free or something? Besides, it's bad practice to use the "g" without thinking about what you really want first.

Re:Another day in the world of near-monoculture. (1)

fourchannel (946359) | more than 7 years ago | (#18719971)

I like how you phrased that. I might start thinking about my initial, and subsequently, frustrating, maddening, and tremor causing =P plunge into Linux symbolic to quiting cigarettes cold turkey -- A real bitch until you get about six weeks into it. By then you've learned enough and kept your sanity mostly intact to keep your bearings away from cigarettes/microsoft.

And yes, Linux has been known to cause anxiety and tremors in people at times. =D

Re:Another day in the world of near-monoculture. (2, Funny)

Hoi Polloi (522990) | more than 7 years ago | (#18719993)

Microsoft is to viruses/trojans as Europe was to the Black Plague

Re:Another day in the world of near-monoculture. (1)

alberion (1086629) | more than 7 years ago | (#18720077)

Hahaha. You just gave me my GTalk status for today. Thanks

Re:Another day in the world of near-monoculture. (4, Funny)

baryon351 (626717) | more than 7 years ago | (#18719165)

After all these years of malware on Windows systems, I think it's high time someone took Microsoft to court and at least charged them with contributory negligence. After the Mellissa virus, they can't claim that they don't know the hazard.

Who said it's Windows malware?

(yeah, OK, I was trying to be funny...)

Re:Another day in the world of near-monoculture. (2)

baryon351 (626717) | more than 7 years ago | (#18719247)

I hadn't read the computerworld article before posting the above comment. Sadly, now I have, I notice it doesn't mention which OS the trojan runs on.

If I weren't so tired atm I'd have something deep and witty to say about that, but all I can do is shake my head.

Re:Another day in the world of near-monoculture. (0, Troll)

$RANDOMLUSER (804576) | more than 7 years ago | (#18719319)

Yeah, you must be tired. Which OS do you think it runs on?

Re:Another day in the world of near-monoculture. (1)

powerlord (28156) | more than 7 years ago | (#18719741)

You mean there is more then one OS? You must mean XP and Vista, right? ;)

(posted from Linux, by way of a tunneled session from OSX)

Re:Another day in the world of near-monoculture. (1)

SomeoneGotMyNick (200685) | more than 7 years ago | (#18719895)

You mean there is more then one OS? You must mean XP and Vista, right?
Only if you run Winders [ncbuy.com]

Re:Another day in the world of near-monoculture. (5, Funny)

SomeoneGotMyNick (200685) | more than 7 years ago | (#18719959)

I notice it doesn't mention which OS the trojan runs on.
**** COMMODORE 64 BASIC V2.0 ****

Re:Another day in the world of near-monoculture. (1)

Opportunist (166417) | more than 7 years ago | (#18719481)

Probability and experience say it. And I usually listen to those guys.

Re:Another day in the world of near-monoculture. (5, Insightful)

MightyYar (622222) | more than 7 years ago | (#18719179)

Oh, come on. I am FAAAR from a MS apologist, but this trojan is not really something that they can (or should) prevent! This worm is not exploiting any flaw in MS's programs that I am aware of, it is simply social engineering. Unless you make Windows prevent a user from running arbitrary code, I don't know how you'd fix this.

If anyone should be sued, it should be the ISPs who allow zombies to sit there on their network. I don't like lawsuits, and would prefer to see some government incentive used to compel ISPs to remove the zombies.

Re:Another day in the world of near-monoculture. (1)

gx5000 (863863) | more than 7 years ago | (#18719299)

And you know that will never happen, someone's making too much bacon here over this.
But I agree, we have to tell the line owners to backtrack this crap and stop it, final.
It's not hard at all, they constantly monitor traffic and packet contents.
They simply don't want to, and I think it's time we put it to them.

Re:Another day in the world of near-monoculture. (2, Funny)

jimstapleton (999106) | more than 7 years ago | (#18719311)

Very true...

The biggest security risk is shared by all operating systems and hardware setups because it's not part of the computer.

It's the lump of carbon, water, and other trace elements/compounds between the keyboard and the chair.

Re:Another day in the world of near-monoculture. (1)

clintre (1078849) | more than 7 years ago | (#18719507)

I have to agree. Personally if an idiot is stupid enough to open it, they deserve what they get.

Re:Another day in the world of near-monoculture. (1)

secolactico (519805) | more than 7 years ago | (#18719669)

The problem is, they are not the only ones who get it.

The poor schmucks with an email who receive the spam are the ones who get it, as well as the poor schmucks who administer an e-mail system that now has to contend with the extra load.

Re:Another day in the world of near-monoculture. (1, Offtopic)

blueZhift (652272) | more than 7 years ago | (#18719611)

Shutting down zombies would definitely slow this stuff down. I know that in the past at least, some universities would cut off network access for computers that were apparently compromised. I don't know if this is the case at the majority of schools though. Sadly, it probably will take legislation to force ISPs to cut off zombies from their networks. I don't know why they don't do this already. Do these zombies help their bottom line, or is it less costly to keep them on the network to avoid fielding customer service calls?

Re:Another day in the world of near-monoculture. (1)

MightyYar (622222) | more than 7 years ago | (#18719763)

Since almost every computer that I work on for a friend/family member has been compromised, I'd say that they would have a huge support nightmare if they started cutting folks off. I was thinking that something like a tax break for ISPs with this policy would be in order. Or the government could do the quasi-unfunded mandate thing and just refuse to do business with ISPs or their subsidiaries that don't have such a policy in place. If they were really aggressive they could also require that those ISPs not deliver mail (or degrade the speed of mail) from non-complying ISPs, but that'll never happen...

Re:Another day in the world of near-monoculture. (1, Insightful)

Anonymous Coward | more than 7 years ago | (#18719769)

And you know what kind of "DRM" flames show up on Slashdot if you even suggest people not be able to run arbitrary code. We all know social engineering attacks are possible on all platforms that allow users to run code that they want to. I'm agreeing with you here - this is NOT a Windows problem (other than Windows being popular enough that people write these things for it). In cases where it is a Windows flaw - sure, that's MS fault. But here it looks like people are flaming them just for their success.

Re:Another day in the world of near-monoculture. (1)

Impy the Impiuos Imp (442658) | more than 7 years ago | (#18719989)

Exactly. How is an email with a picture instead of actual text (so a text scanner can't detect it) claiming it's from your IT department and they need you to run this patch to get rid of a virus, instructing you to open the attached zip file (with password, provided in the picture) which is password protected (so a zip scanner can't get in it) a Windows problem?!?!?

Re:Another day in the world of near-monoculture. (1)

Mister Whirly (964219) | more than 7 years ago | (#18720023)

"In cases where it is a Windows flaw - sure, that's MS fault. But here it looks like people are flaming them just for their success."

No, not on Slashdot! The horror! And this whole time I though Slashdot was the pillar of unbiased, informed opinions based purely on fact!

Oh yeah, and something about being new here...

Too much privilege! (3, Insightful)

spaceyhackerlady (462530) | more than 7 years ago | (#18719949)

Oh, come on. I am FAAAR from a MS apologist, but this trojan is not really something that they can (or should) prevent! This worm is not exploiting any flaw in MS's programs that I am aware of, it is simply social engineering. Unless you make Windows prevent a user from running arbitrary code, I don't know how you'd fix this.

Actually, there is a technical flaw, not just a human engineering one. The system allows users to install software, with global system implications, with no confirmation. My Mac confirms such things with me, and seems to get it right. My Linux box won't let me touch the global system configuration at all unless I su to root.

This has always been the problem. I recognize that there is incompetent Windows software out there that won't run without Administrator privileges, but that's another issue. If you really need privilege to do something (like change your password), others systems have ways of temporarily elevating privilege. Like suid on Unix.

...laura

Re:Too much privilege! (1)

bobsledbob (315580) | more than 7 years ago | (#18719987)

That's a feature of unix/mac, not a "technical flaw" of windows. Just because other systems have that feature... Well, you know.

The parent is right, in this case M$FT isn't liable.

Re:Too much privilege! (1)

MightyYar (622222) | more than 7 years ago | (#18720085)

True, though they have improved this in Vista.

But I don't think that there is anything about making a spam-zombie that couldn't be done as a normal user. I think that this trojan would still work if applied to Mac or Linux users of the same cluelessness level (though that might be harder to find). Further, in most Mac installations, and many Linux installations, the main user of the system is aware of the root password and will happily plug it in when prompted. On the Mac this happens almost every time you use the system installer, and you wouldn't think anything of it if you were purposely installing a "spyware checker" trojan.

Re:Too much privilege! (2)

Feanturi (99866) | more than 7 years ago | (#18720101)

My Mac confirms such things with me,

That's great, so when you're doing something that you feel really needs to be done, such as protecting your computer from the nasty botnet it is reportedly a part of, or your email will be cut off, you'll click through those prompts to get that patch in. Well maybe not you personally, but you and I are not the common masses.

Vista has the "Cancel or Allow" thingy going now. Do they need to extend it, would that really help?

"Hmm I need to run this patch like the email says, well here goes:"

[Attention, you might be about to bork your computer with this action, Cancel or Allow?]

"Umm... Well the email seems pretty insistant, I better still do it.. ALLOW"

[Are you sure about that?]

"YES"

[Are you REALLY sure??]

"YES"

[Honest and for true?]

"YES"

Where should it stop?

Re:Too much privilege! (1)

Mister Whirly (964219) | more than 7 years ago | (#18720111)

"If you really need privilege to do something (like change your password), others systems have ways of temporarily elevating privilege. Like suid on Unix."

You mean like right-cliking a program and selecting "Run As" in XP, executing the program with different permissions? Yeah, I sure wish that already existing feature existed too...

Re:Another day in the world of near-monoculture. (0)

Anonymous Coward | more than 7 years ago | (#18720015)

Unless you make Windows prevent a user from running arbitrary code, I don't know how you'd fix this.

What the hell are all those Cancel or Allow dialogs for then? Does not one of them say "You're trying to run a program in an email attachment, which is never a good idea"?

Re:Another day in the world of near-monoculture. (2, Insightful)

mcpkaaos (449561) | more than 7 years ago | (#18719325)

By that logic, should Slashdot be sued by sites that suffer the Slashdot Effect? It is a form of DoS, after all, and Slashdot are obviously aware when it occurs yet do little (mirrors after the fact) or nothing (no mirror at all) to prevent it.

Re:Another day in the world of near-monoculture. (1)

Opportunist (166417) | more than 7 years ago | (#18719575)

How is MS responsible for what the user of their system does? Would you drag GM to court if someone used their cars in a terror attack?

I do agree with you that MS should be held responsible for remote exploits and buffer overflows, where the user does nothing and still gets infected. That's a flaw of the system. This (and about 99% of current malware) user user stupidity to infect a system.

Personally, I'd hold a user of a system responsible for what he does with it. If you are stupid enough to click on every damn attachment that lands in your inbox, no matter how harebrained the "threat" or promise attached to it, then you should be held responsible for the damage you do. You should be held responsible for the spam you send, the DDoSs you participate in, the botnets you run with.

Spam is one of the biggest problems of the net. It clogs our "tubes", it fills our inboxes and it comes almost entirely from spambot loaded machines. It's time those machines get sorted out.

Re:Would you drag GM to court (1)

CodeShark (17400) | more than 7 years ago | (#18719635)

Let's say GM left something wide open in their cars that allows a bad guy to steal a Chevy, then blow up fifty or a hundred or a thousand other GM vehicles by remote control. You bet I would sue GM if my family was in one of the cars that blew up.

Re:Would you drag GM to court (1)

Opportunist (166417) | more than 7 years ago | (#18719681)

That's why I said MS should be held responsible for flaws in their system that allows remote exploits like the RPC exploit that was quite popular before SP2 for XP.

What we're talking here is a guy coming up to you, telling you your car is unsafe and that he needs the car keys to drive it around the block to check if it is in danger and to fix it in his garage. Who should be responsible for that, GM or the cluebrick that hands over his keys?

Re:Would you drag GM to court (1)

Mister Whirly (964219) | more than 7 years ago | (#18719881)

Lawsuits - the solution to and cause of all life's problems....

(with apologies to Homer Simpson, and beer)

Re:Another day in the world of near-monoculture. (0)

Anonymous Coward | more than 7 years ago | (#18719683)

I do agree with you that MS should be held responsible for remote exploits and buffer overflows

Here you go. [computerworld.com]
Same site, same page, different day, same brown zune.

Re:Another day in the world of near-monoculture. (1)

Opportunist (166417) | more than 7 years ago | (#18719825)

Yes, that's a prime example for liability on the side of MS. Thanks for the link.

It's not in MSs liability when someone is executing code. Should MS keep you from executing what you see fit?

Personally, I prefer "free" systems (not as in beer, as in F/OSS) that allow me to run the software I deem "right" for my system. It's not for the system maker to dictate what I may run and what I may not run. This in turn means, though, that I have to take responsibility for my actions. I have to make sure that the programs I run do not interfere with the computers of other users or, in the case of a shared system, does not even interfere with the processes of other users.

Didn't think I'd ever admit it, but it's true what ol' uncle Ben always said to Peter Parker. With great power comes great responsibility.

Re:Another day in the world of near-monoculture. (1)

Hoi Polloi (522990) | more than 7 years ago | (#18720099)

Personal responsiblity is all well and good until a problem becomes so pervasive that not only does it harm the "fools" but innocent bystanders as well. I have to deal with spam and phishing because of all of the comprimised machines out there. Obviously leaving it to the users hasn't worked and the solution requires an escalation.

People aren't allowed to own howitzers either even though many of us could be trusted to only fire them at government approved proving grounds.

Re:Another day in the world of near-monoculture. (1)

blhack (921171) | more than 7 years ago | (#18719627)

Should ducati be held accountable because moron motorcyclists feel like testing the structural integrity of the pavement by slamming themselves into it at 140mph?

Re:Another day in the world of near-monoculture. (1)

Wolvie MkM (661535) | more than 7 years ago | (#18719731)

Good point, remind me to blame Dodge because of the criminal who broke in to my car... Jesus...

Re:Another day in the world of near-monoculture. (0)

Anonymous Coward | more than 7 years ago | (#18719749)

OK, then let's sue the car companies for people who use them for nefarious acts or because people have accidents in them.

Re:Another day in the world of near-monoculture. (1)

Feanturi (99866) | more than 7 years ago | (#18719851)

Not that I wish to defend MS, but I'll offer a bad car analogy anyhow. GM makes no attempt to prevent me from playing a live version of GTA with my car. So if I feel like being a plague on society by such an action, I guess GM is to blame for enabling this activity, right? I mean, they know people can go crazy behind the wheel, but have they made any effort to implement sensors that can determine that I'm a flipped-out lunatic and disable the vehicle? No, they have not, this clearly is negligence on their part.

Oh but Linux and Mac are more secure right, so what's Microsoft's problem? No, they are more obscure and so not lucrative enough as botnets, not worth the bother. This exploit relies on the stupidity of the person getting the email, what is MS supposed to do about that exactly?

Re:Another day in the world of near-monoculture. (1)

stonecypher (118140) | more than 7 years ago | (#18719937)

Contributory negligence requires that there be a clear and well understood alternative. You can't charge a company with contributory negligence unless you have a better answer. So, unless you have a bunch of diffs for XP, sit down and quit whining. Believe it or not, they're actually doing an excellent job, considering the enormous size of windows and the value of a compromise. I'd tell you to compare it against defects in other applications, except I have no doubt you'd have no idea where to start.

Funny how the next thing out of your mouth is almost guaranteed to be "well why don't you show me these statistics I should have had before I opened my poorly educated mouth," acting as if it's my responsibility to educate you if I don't want you to keep spreading around mindless FUD.

Quit pretending to be an engineer. Don't bother telling me you aren't pretending to be an engineer; only an engineer understands engineering practices and engineering defect rates, and you're talking about taking a major corporation to court for not doing well enough with those rates. "Well they're Microsoft, there should be no defects." No large project in the history of mankind has no defects.

Welcome to the real world. When the Justice Department wanted to break Microsoft, if they could have sued for negligence, they would have. They have done that to some companies. They just couldn't do that to Microsoft, becuase to suggest that a project would be illegal to release before zero-defect proof is to wipe all software off of the face of the map and start at a speed so slow that we will never compete with any other country again. Believe it or not, national-scale spite lawsuits would have major repurcussions.

Insightful my ass. Mod parent down through the Earth's mantle, to play with the Morlocks where it belongs.

Does it run on Vista? (1, Funny)

Anonymous Coward | more than 7 years ago | (#18719103)


Does this variant run on Vista? That'd be too funny.

idiot (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18719183)

Its a trojan you fucking idiot, one that requires the user to execute an attachment to their email (and unzip it, no less). What the hell has this got to do with Vista?

Re:idiot (1, Insightful)

Anonymous Coward | more than 7 years ago | (#18719377)

Er.. apart from the fact that this is a major security problem and Vista is advertised as "much more secure" and that it's also supposed to have multiple privilage levels for the same user and this would be exactly the kind of problem which would be stopped by executing programs from email with lower privilages and that a user level trojan would be an ideal case for blocking with an O/S level built in firewall and that if the anti-virus people were able to do low level things on Vista, it would probably also be more easy for them to block this kind of thing at the point where you try to do file access and so many other things that I would probably run out of breath and die trying to write this without using any commas or full stops;

No; this has nothing to do with Vista.

Re:idiot (1)

cdrguru (88047) | more than 7 years ago | (#18719673)

Except the fool users that already unpacked and executed the file will then just type in the appropriate password when required in order to apply the patch.

There is no chance of this not succeeding with people that have no business being responsible for administering a computer.

Re:Does it run on Vista? (1)

Opportunist (166417) | more than 7 years ago | (#18719601)

About 70% of current malware runs on Vista, so I'd give it a good chance.

If it's important to you, I'll check on Monday.

Re:Does it run on Vista? (0)

Anonymous Coward | more than 7 years ago | (#18719963)

God you fucktards all sound like broken records. "Micro$oft is teh suck" "Vista bad" "Gates is Satan". Can't you at least come up with some new and interesting catchphrases? Or at least some new Linux masturbatory fantasies?

Wow, good thing (5, Funny)

Grashnak (1003791) | more than 7 years ago | (#18719119)

Good thing I installed that anti virus program that unexpectedly emails me attachments to protect me. Otherwise I'd be in trouble!

I've Gotten It Several Times... (1)

saudadelinux (574392) | more than 7 years ago | (#18719125)

My officemate got it as the Britney / Paris porn thing twice this week. But she wasn't interested. I got it once. I wasn't interested. I've gotten the "Spyware detected!" with the zip file attached three times: twice at work, and once on my Yahoo! account.

I work at Department of Agriculture, so I'm surprised they didn't install themselves ;-)

Re:I've Gotten It Several Times... (1)

powerlord (28156) | more than 7 years ago | (#18719815)

My officemate got it as the Britney / Paris porn thing twice this week.

Gee ... I've gotten it once. Didn't seem to like trying to run under OSX though.

Re:I've Gotten It Several Times... (1)

Impy the Impiuos Imp (442658) | more than 7 years ago | (#18720025)

Britney and Paris hooking up in a video? Sweet! Send it to me, plzthxbie

I got one, I got one!!! (5, Informative)

sobolwolf (1084585) | more than 7 years ago | (#18719187)

This was an image file so I typed it out to so maybe a nice person with mod points will redeem my terrible Karma... -- Dear Customer, Our Robot has detected an abnormal activity from your IP address on sending e-mails. Probably it is connected with the last epidemic of worm which does not have offical patches at the moment. We recommend you to install this patch to remove worm files and stop email sending, otherwise your account will be blocked. We had archived the patch becouse the worm can modify unpacked exe files. you should open the archive file, enter the password and run the patch immediately. Password: ugh11 Customer Support Center Robot __________ NOD32 2120 (20070316) Information __________ This message was checked by NOD32 antivirus system. patch-95150.zip - is OK patch-95150.zip > ZIP > patch-95150.exe - error - password-protected file http://www.eset.com/ [eset.com]

Re:I got one, I got one!!! (1)

backbyter (896397) | more than 7 years ago | (#18719639)

Hmm. Password="nap40", file=patch-67821.zip"

And yet Postini can't seem to stop it (0)

Anonymous Coward | more than 7 years ago | (#18719189)

We use Postini, and I still get these emails frequently. Thunderbird's Bayesian filter does a great job at marking them though.

Re:And yet Postini can't seem to stop it (1)

Intron (870560) | more than 7 years ago | (#18719951)

Postini is probably now wondering about the gigantic DDOS attack on their web server.

I use mimedefang, which filters .exe by default, but allows .zip. Hard to block this one since they can just change the password to change its signature.

OMG!! Spam contains worms? (0, Redundant)

Panaqqa (927615) | more than 7 years ago | (#18719203)

Does that mean it's now good bait to use for phishing?

Re:OMG!! Spam contains worms? (1)

AP2k (991160) | more than 7 years ago | (#18719321)

You know, you are supposed to cook your pork before you eat it.

Re:OMG!! Spam contains worms? (1)

VinB (936538) | more than 7 years ago | (#18719911)

Spam is people! OMG Spam is made from PEOPLE!

I saw one of these yesterday (4, Informative)

jsewell (86485) | more than 7 years ago | (#18719205)

The msg body was a GIF containing text telling me there had been virus activity from my IP and I should run this "patch" to fix it. The "patch" was a zip file they said they had to send as a zip so my "comprimised virus scanner" wouldn't reject it. If I didn't run the patch, my internet access woudld be cut off. All I had to do was unzip and run the patch and all my problems would be solved. HA!

We all had a chuckle at how stupid someone would be to actually do that - then we realized grandma probably would, not knowning any better. All the more reason to get grandma off windows and onto at least a Mac, if not Linux.

Re:I saw one of these yesterday (0, Funny)

Anonymous Coward | more than 7 years ago | (#18719257)

So macs are meant for the retards among us. Maybe you can get him a Fisher Price computer as well.

Re:I saw one of these yesterday (0)

Anonymous Coward | more than 7 years ago | (#18719405)

Since when is grandma a tranny?

Re:I saw one of these yesterday (1)

jojoba_oil (1071932) | more than 7 years ago | (#18719315)

The msg body was a GIF containing text

It's really too bad that "Everyday Joe" doesn't know to:
  • Disable automatic image display in emails
  • Ignore emails that contain the majority of their text in said images
  • Ignore emails containing attachments that they aren't already expecting.

Otherwise this bullshit wouldn't propagate. Seriously, how many worm stories have to hit the news before the illiterate user wises up just a little bit?

waaaait just one second... (4, Insightful)

ScentCone (795499) | more than 7 years ago | (#18719341)

All the more reason to get grandma off windows and onto at least a Mac, if not Linux.

Out of curiosity... since this is a completely social hack, and is just a means to trick somebody into opening up a compressed file and running the included executable... why would a Mac or Linux user be immune? Cannot Mac and Linux users also run executable programs from their desktops? You're confusing the ability to run a program of your choice with the means by which someone is fooling you into thinking you should choose to run it, right?

Re:waaaait just one second... (1, Insightful)

Rob the Bold (788862) | more than 7 years ago | (#18719521)

Out of curiosity... since this is a completely social hack, and is just a means to trick somebody into opening up a compressed file and running the included executable... why would a Mac or Linux user be immune? Cannot Mac and Linux users also run executable programs from their desktops? You're confusing the ability to run a program of your choice with the means by which someone is fooling you into thinking you should choose to run it, right?

Sure, you could write a trojan targeted toward those OSs. And you could presumably trick users w/o regard to the OS they use. But it's far more likely that the windows user is logged in with full Admin privileges. The Linux and Max users are probably not, limiting the extent that the trojan can mess with their systems. You probably could trick the Mac and Linux users to log in as admin, to change the file mode to executable, and run the trojan. However, at each step, the user might just wise up and have second thoughts. Wouldn't stop all cases, but with something like this, it doesn't hurt to improve the odds in the good guys' favor.

Re:waaaait just one second... (0)

svendsen (1029716) | more than 7 years ago | (#18719591)

Right so a trojan will have a more difficult chance of compromising the OS itself. However it can still destroy the users data easily and to most people the data is the important thing. So if trojan writes cant figure out linux/os x (but we all know they will eventually) they might just get nasty and destroy data instead. In the end A. Dont take candy from strangers.

Re:waaaait just one second... (0)

Anonymous Coward | more than 7 years ago | (#18719833)

Why don't you think Mac users run as admins?
I am a big fanboy, 12 switchers and counting, but every time they would get a Mac, the first and only user account created would be the admin one.
It's not called root, but nevertheless it is an admin account.
So I would guess that most of the Mac users are running as admins, with a full mail server waiting to run right underneath their fingertips.

Re:waaaait just one second... (1)

Skeezix (14602) | more than 7 years ago | (#18719897)

Right, it couldn't destroy the entire operating system in Linux or a Mac, perhaps, but it could delete all of Grandma's photos, documents, email, bookmarks, and so on. Which is probably what she'd really care about.

Re:waaaait just one second... (1)

Dachannien (617929) | more than 7 years ago | (#18720095)

But there's no money to be made by deleting Grandma's photos of the grandkids, and money is what malware authors are all about these days.

Re:waaaait just one second... (1)

dr.badass (25287) | more than 7 years ago | (#18720097)

Right, it couldn't destroy the entire operating system in Linux or a Mac, perhaps, but it could delete all of Grandma's photos, documents, email, bookmarks, and so on. Which is probably what she'd really care about.


It's also the thing that malware writers care the least about. They tend to be more interested in creating botnets or routing spam than deleting grandma's photos. Windows is a much better target for these aims.

Re:waaaait just one second... (1)

Kuciwalker (891651) | more than 7 years ago | (#18720137)

If people thinks it's a critical security update, why would they be surprised that it requires admin privileges? They've already jumped through a dozen hoops to get to the point of running the program, so I don't see why this (a logical requirement) would faze them.

Re:waaaait just one second... (1)

Tepar (87925) | more than 7 years ago | (#18719593)

why would a Mac or Linux user be immune?

Probably because the executable inside is a Windows executable, and won't run on a Mac or Linux.

Re:waaaait just one second... (0)

Anonymous Coward | more than 7 years ago | (#18720053)

Well, maybe your grandma knows how to open a console and type

chmod +x malware
, but mine sure doesn't...

Re:waaaait just one second... (1)

iabervon (1971) | more than 7 years ago | (#18720109)

If Grandma is running Linux, she's probably aware that her grandson takes care of all that sort of stuff. If it's a Mac, she knows that Apple takes care of everything.

Re:I saw one of these yesterday (1)

svendsen (1029716) | more than 7 years ago | (#18719373)

Until somebody writes something for those operating systems. Sure they may not be capable of being taken over at the level of a windows machine can be, but they can still lose all their data which will be just as bad.

Re:I saw one of these yesterday (4, Insightful)

cdrguru (88047) | more than 7 years ago | (#18719621)

Wrong - Linux and Mac are completely vulnerable to this type of attack. You go to install something that you were told to do so and it prompts for the root password. The user then types it in and the machine is wide open.

Don't think that would happen? You must be dealing with a better class of users than exist in the wild. Of course it would happen, and happen at such a frequency that it would be just another massive exploit.

Windows is targeted because of market penetration. Why bother with less than 5% when you can get 95% in a single effort?

Re:I saw one of these yesterday (0)

Anonymous Coward | more than 7 years ago | (#18719893)

The biggest thing stopping viruses infecting Unix based systems is that they don't propagate

Windows
    Here's an email attachment click to run ...

Unix
    Here's an Email attachment
          Save it
          Make it executable
          Run it
          Running as a user so has to ask to send email ...

So windows needs a user to be stupid and Unix need a user to be knowlegeable *and* stupid

Re:I saw one of these yesterday (0)

Anonymous Coward | more than 7 years ago | (#18719723)

then we realized grandma probably would, not knowning any better.
Agree, but am I the only one who is puzzled by the fact that grandma, much like most novice computer users, will do things on the computer that they would never do in real life? This like obying to a letter in your mailbox that tells you to urgently swallow the included pill because you have been exposed to a very infectious virus, and the pill will stop the infection from spreading. Who in the world would do that? But when it comes to computers, some people obey without a blink!

Just another... (1)

Billosaur (927319) | more than 7 years ago | (#18719271)

...trap for the unsophisticated Web user. I mean, if you get an email from someone you don't know telling you to update your anti-virus, wouldn't you think that's a little suspicious?

I don't get much spam, because I really don't let my email address float out in the wild, so this kind of thing never bother me. But it just makes me wonder when someone is going to take some initiative and try to build a better system, to minimize the human element as much as possible.

New "Sledgehammer" virus (1)

jfengel (409917) | more than 7 years ago | (#18719351)

WARNING! Your computer is infected with a virus. This virus could be transmitted to you, and you will die within 24 hours.

Please forward this email to everybody you know, then smash your computer with a sledgehammer. NOTE: you must forward the email BEFORE smashing the computer, not after.

###

I swear to God I think people would actually do that. What the hell can the operating system do if people are willing to save a zip file, type in the password, and then run the contents?

Maybe Microsoft should refuse by default to run any software that didn't arrive on a CD. But then the virus will just include instructions to burn it onto a CD before running, and people will probably do that, too.

Re:New "Sledgehammer" virus (2, Insightful)

svendsen (1029716) | more than 7 years ago | (#18719425)

Agreed. You can not make a system to prevent users from shooting themselves in the fool. I mean I can drive my car into a tree, how dare it let me do that!

Re:New "Sledgehammer" virus (1)

AP2k (991160) | more than 7 years ago | (#18719531)

Perhaps it should. Especially when you running into a tree makes every 4/5 drivers distracted enough to run their own cars into a tree.

Re:New "Sledgehammer" virus (1)

BlueTrin (683373) | more than 7 years ago | (#18719623)

The problem is quite easy but when it comes to technology you cannot expect Joe and granny to be knowledgeable about computers. For us, it is common sense but you just have to watch in the office other people to know that this problem is not as easy as we could think it is.

My personal opinion is that all emails programs should display at the installation a big warning and explanation about phising, malware, spyware, scams ... etc

In addition to that, on the welcome page of the email client, by default, you could have the latest news about scams. Also some link with a website that displays on the top of an email which is suspect a reason explaining why it may be dangerous to open this email (something like "we have found that this email matches a scam sent over the internet, you risk losing your bank information, ... blah blah blah".

Another problem is tracability, it is due to the email protocol, but it should be changed to have a secure ID linked to it, not be a protocol where any SMTP server can send its own name without check from the servers relaying the message.

But if someone put a paper saying "Go crash yourself into a tree", he has a great chance to get arrested and nobody would crash into a tree as it is common sense.

Just my 2 cents, I am fed up of seeing this kind of things happening without possibility to retaliate against the persons issuing these malware.

Re:New "Sledgehammer" virus (1)

Opportunist (166417) | more than 7 years ago | (#18719647)

Yup, they will. The promise or threat just has to be big enough.

Imagine the promise that this tool is gonna remove all WGA troubles for now and ever. Think people would refuse to burn it to CD, log in as admin, give it all rights and permissions, reboot 10 times and hand over every kind of password they have, including those for EBay, Amazon and their bank account?

Re:New "Sledgehammer" virus (1)

kiddailey (165202) | more than 7 years ago | (#18719843)

I've actually already seen spams/chain mails that do say such a thing. In fact, there's web site(s) out there with "information" on the virus:

http://www.cyberflu.com/ [cyberflu.com]

From the site:

"The National Center for Virus Control has issued a Threat Level 5 warning about a new internet virus that can be transmitted from computers to humans, resulting in flu-like symptoms. Unlike traditional viruses that are spread by email or software downloads, this "CyberFlu" virus is transmitted to your PC when you browse a web page infected with the virus. The good news is that the CyberFlu virus will not harm your computer and no data will be lost. Your PC just acts as a carrier. But, under certain circumstances, the virus can be transferred from your PC to your body through contact."

Re:New "Sledgehammer" virus (1)

kiddailey (165202) | more than 7 years ago | (#18719907)

And yes, I realize that's a prank site, but it was a good example :)

An actual solution for malware (0)

Thagg (9904) | more than 7 years ago | (#18719561)

What somebody needs to do is write a program to do thermonuclear detonation simulations, that would be easily run on millions of computers, sort of an "Armaggedon at home" project. One of the criminal gangs will then lease their botnet to some group that starts using the simulator to do some cutting-edge bomb research.

There is little question that the computer that deserves to be at the top of the Top 500 list is a botnet. It's only a matter of time before that computer power gets used for truly nefarious purposes, and my guess is that it's a matter of not much time at all.

The question is what the response will be -- will the insecure computer problem be fixed or will the internet just be destroyed?

Thad

Simple problem (3, Informative)

cdrguru (88047) | more than 7 years ago | (#18719563)

If the any computer is not properly administered, it will be compromised by users that don't know any better. They can't possibly be aware of the differences between Microsoft automatically applying updates and other such "software updates" that might be required.

One sort of computer doesn't need to be administered any more than your toaster or TV needs to be administered. If the programming cannot be changed by the user in any way and all it does is read email and browse the web. Period. Maybe play some music sometimes. Ideally, such a device has its programming in ROM (not flash) and cannot be changed in any way. No instructions are ever put on R/W memory, ever. Completely and utterly secure the way your toaster is. How many people have found exploits for a toaster?

Windows is perfectly secure when it is properly set up and administered. The problem is that you can't install software on such a computer and you can run all sorts of fun applications. Gee, isn't that too bad. One solution is to require every user to either (a) switch to a appliance that cannot be compromised, (b) pay the ISP to administer their computer or (c) pass a test to be qualified to have a general-purpose computer connected to the Internet. And yes, the test should be similar to the FCC license for HAM radio: long, incredibly detailed and most people can't pass it without lots of work.

The operating system cannot be made secure from users adding software if they are supposed to add software. But users aren't qualified to add software to their computers and if they are allowed to do so, they will add things that will eventually destroy the ability to use the Internet.

Re:Simple problem (1)

VinB (936538) | more than 7 years ago | (#18719835)

->How many people have found exploits for a toaster?

Not a good example. Who writes software for a toaster? Sort of like Mac... ooh. Sorry. Never mind.

Not the whole story? (1)

addie macgruer (705252) | more than 7 years ago | (#18720083)

Sounds convincing; however, certain classes of virus and worm fall outside this view. SQL Slammer? Didn't write to disk, didn't need to. Restarting your computer cleared the virus, for the few seconds it took to get infected again. A `read only' solution wouldn't help. Properly set up and administered? You mean, not connected to a network? My exploit for a toaster would be to pop some bread in, hold down the tray lever until it caught fire, and the watch as it destroyed your house. It's lack of accessability that causes the security there, not the innate design perfection of a toaster. I am also afraid that computers *are* appliances, and more, they're appliances that people require in order to do work. Halting the business world for a few months in order to `qualify' everyone would be more trouble than the internet's compromised machines are worth. For what my tuppence is worth: 1. Security by design: computers shouldn't need virus checkers. Probably also strength in diversity: if less people ran windows, less people could spread windows viruses. 2. Target the cause of the problem. If goods/services couldn't be sold by spam email, then there would be no incentive to send them. 3. User education, with a more inclusive and less elitist stance from the internet experts. 4. Quenching at source: ISPs should have a procedure for stopping spam zombies. Perhaps blocking port 25 at account creation, unless requested open by the user. Some method of blocking open relays too.

478 of them came to my domains "catchall" account. (1)

backbyter (896397) | more than 7 years ago | (#18719577)

I thought I had an abnormal amount of spam today. Usually just get 30-40 for the domain. These were addressed to ssdb@blah yykh@blah, etc. Accounts I've never used. I suppose I'll have to turn off the catchall account for awhile.

.zip files! I don't need any stinking .zip files! (1, Insightful)

Anonymous Coward | more than 7 years ago | (#18719699)

A BOFH at my company decided that the email server would not accept any M$ executable file attachments (.exe, .src, .zip, etc) four years ago. Yes, yes that was me. Our ClamAV spends most of it's day dumping fishing emails.

It scares me to death! (1)

itz2000 (1027660) | more than 7 years ago | (#18719745)

It really scares me till to death that ... There are people who gets mail from people they don't familiar with subjects like : Worm Detected, or Virus Alert and actually opens the files attached!

I don't know what the people who opens this file expects?!


Once someone smart had said : There's no patch for stupidity

le customers (1)

rmadmin (532701) | more than 7 years ago | (#18719775)

I've had a handfull of customers email me on this one yesterday and today.

"This is the same as the last 'patch' email I told you we never send, delete it"

maybe the problem... (2, Interesting)

darkvizier (703808) | more than 7 years ago | (#18719795)

...is that malware has better installation instructions than any of our other software. When people see documentation, it's like a dream come true!

Ah... disillusionment. :-)

Mail server filters (2, Interesting)

TheBracket (307388) | more than 7 years ago | (#18719813)

We have a set of filters in place that scan every incoming message (for viruses, spam, etc.). It looks like in the last 24 hours or so we've blocked a few thousand of these. They seem to be coming from all over the place, with a variety of subject lines. We block any IP that sends us malicious messages more than twice in an hour (the block stays up for 24 hours, I think), so the 2-3,000 we've blocked could be a drop in the ocean - or may not be. That's still a lot more than we get for most incidents like this.

Re:Mail server filters (0)

Anonymous Coward | more than 7 years ago | (#18719919)

The part not mentioned in TFA was that the virus ran through Postini's filters for over 3 hours before their "Anti-Virus" started to flag it.

Ouch!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?