The Register® — Biting the hand that feeds IT

Feeds

Prolific worm infects 3.5m Windows PCs

A prolific new worm has spread to infect more than 3.5m Windows PCs, according to net security firm F-secure. The success of the Conficker (AKA Downadup) worm is explained by its use of multiple attack vectors and new social engineering ruses, designed to hoodwink the unwary into getting infected. The worm uses a complex …

This topic is closed for new posts.
Andy ORourke
Flame

Cue

Choose your stance and delete as applicable:

I use Linux so this doesn't affect me

I use OSX so this doesn't affect me

I use some other obscure OS so this doesn't affect me

If the majority of computers used Linux/OSX/other obscure operating system then it would be these computers affected instead of windows PC's

Flames, as thats what I expect to see

Anonymous Coward
Linux

Poor OS security strikes again

It was a foolish idea by MS to implement autorun in the first place, I've always turned it off on every windows box I've ever had.

Broken Windows - because we forgot to put the walls in.

Anonymous Coward
Linux

@andy O'rouke

In nature that is why you have biodiversity and outbreeding (which has it's fun and the downside).

A wise farmer grows more than one type of crop and rotates his fields.

billy no mates
Happy

Virus what virus ?

I have heard of a large company (18,000+ employees) having a large outbreak of this virus on their networks.

It's been a support desk nightmare week !

The timing could not have been worse (as most people were off over the Christmas period hence no updates on work pc's).

since it spreads via the network and not the usual email its a real pain.

Its funny how Symantec rate it as a low virus, god knows what Symantec would label as high .....

Still I use Linux so im not bothered in the slightest.

Colin Millar
Pirate

Oh we laughed

"Security experts suggest that users may want to disable Autorun"

-yeah they were advising this about 10 years ago and MS still haven't got around to fixing this open invitation to steal your pc

Or how about uPnP - automatic, do they still allow telnet by default?

I know he doesn't appear to be as active as he used to be but people could still do worse than visiting steve gibson's grc for a few tips on filling some of the more gaping holes.

Anonymous Coward
Anonymous Coward

@Andy ORourke

I agree with you wholeheartedly. If you want to create a huge bot network then you go for the most prolific machines out there. Since Windows machines outnumber any other OS by a factor so big it's not even funny then Windows will be the target.

I think the biggest problem with Windows is not the OS itself but the fact that so many windows users have automatic updating switched off. The worst culprits seem to be corporates who seem to believe they are safe because they are behind a firewall. And of course they also give all their staff local administrator rights so they can install their own software without having to wait for IT to do it. The sooner somebody teaches these idiots what a firewall can and can't do the better things will be.

Anonymous Coward
Paris Hilton

@A/c

"A wise farmer ....rotates his fields."

Man, that's must be on top of one huge turntable. Or a very tiny field.

Paris - because she rotates on that, front and back.

Phil Endecott

What to click?

What a fabulous dialog box:

Removeable Disk (G:)

[ ] Always do this for software and games:

Install or run program

Open folder to view files

Publisher not specified

General options

Open folder to view files

using Windows explorer

Speed up my system

usings Windows ReadyBoost

Set autoplay defaults in control panel

So, what exactly are the "safe" and what are the "unsafe" options to click on there? Personally the one I find most suspicious is "Speed up my system", since it reminds me of those spamvertisments offering to speed up or disinfect my computer. The phrase "software and games" also looks suspicious since games are software, aren't they. Other than that I really have no idea what I should do if I see something like that. Presumably Windows has control over most of the content; can't they make it a bit simpler?

I suppose the big X at the top right might be a good choice. But it might be hard to get work done if I clicked that whenever I was unfamiliar with a dialog.

billy no mates
Thumb Up

why Linux would never suffer the same fate

just as a heads up, If Linux was the most used OS a virus outbreak would NOT happen on this scale or like the fore mentioned virus.

Linux is very safe in this regard.

Say for example I were to get a virus in my email.

I would have to save the attachment

chmod +x on the saved file to make it executable then run it.

even then it would only run it as my local users privileges NOT as root user.

So at worst my own account would be screwed but not the whole OS.

bottom line, to screw up a windows pc you work with it, to screw up a Linux pc you have to work at it.

A J Stiles
Alert

@ andy o'rourke

The Apache web server (Free) runs 2/3 of the web sites on the Internet. Microsoft IIS runs just over half the others, and the slack is taken up mostly by direct and indirect (possibly Caged) descendants of Apache. By your logic, we'd be seeing fewer attacks against IIS than against Apache. But that isn't the case.

The fact is, Free software is better immune to attacks than Caged software, because it's more likely to be done properly -- the knowledge that other people are going to be reading your code have that effect.

(And by the way, I've a really simple idea that, if implemented, would make it impossible for worms and viruses to propagate. That is for every computer in the world to have a different instruction set and addressing schema, so code compiled for one machine won't run on any other machine. But the industry doesn't want that, otherwise they'd be out of a job.)

tuna
Paris Hilton

ShellHardwareDetection > AutoRun

I don't bother editing reg entries or GP, just disable SHD in the MMC and you're golden. Even prevents the ever-vigilant vendor(ahem...MS) exploits that find a way to Auto-Run despite your efforts.

I heard Paris's .com got an STD.

Colin Millar
Boffin

@ what to click

Don't click - the whole box is poisonous

Ctrl-alt-delete

End process autorun.inf

webdude
Happy

If it wasn't for Windows

I would have to go out and get a REAL job.

And who wants to do that?

Steve
Thumb Up

lol

Well lucky me had this stupid IAMFAMOUS.DLL on my machine wasnt i lucky lol

Eddy Ito
Pirate

Click here [OK]

In my experience selecting the "always do this" box means absolutely nothing with XP. Every time I use removable media of any type I get the same dialog box and every time I select, "Take no action" and check the box to, in theory, make this the default action. So much for computer memory. I think this is why so much of the administrative staff wind up being micro-managers, it's learned behavior they carry over from computers to people.

Jolly Roger because it would be interesting to know how many of the infected computers came with the worm "pre-installed" with a less than legitimate copy of the OS.

Flocke Kroes

@Andy ORourke

If the 80% of computers were split between Ubuntu, OpenSUSE, Fedora, Debian, Mandriva, Linux Mint, PCLinuxOS, Slackware, Gentoo, CentOS, and the other linux distros, malware authors would still get the most potential zombies by targeting XP. ARM and MIPS CPU's can make excellent small cheap computers. Add these variations and malware authors have even more work to do. Gentoo is typically compiled for the specific variation of the CPU, so that is a collection of separate targets by itself (for anything but open source malware ;-).

Microsoft have attempted to mitigate some of their worst security design flaws before. They have had to revert security fixes to maintain compatibility. Unix started out as a multi user operating system, so it needed a good security model from the beginning. This makes it far easier for Linux programmers to maintain security than for Microsoft programmers to bolt on security.

Anonymous Coward
Anonymous Coward

@Andy ORourke

I agree with your comments. If Linux was hugely popular, we'd see the same attacks on as MS systems. The problem is Windows is so easy to work on and program (IMHO) that it encourages script kiddies and novice hackers.

By contrast Linux is more secure, it's also harder to program attacks against it's-self, but there will be holes and it just takes someone to find them and exploit it.

The big problem with MS is that they failed to realise that Windows is used in the home. They leave everything on.

Actually it would be interesting to know how many Linux users are in the UK. Anyone know?

Cris Wilson
Flame

@Andy ORourke

Unless your linux box is currently being brute forced by 3.5 million worms.

E

@ what to click

d:\> format c:

Bod

@billy no mates

And that is precisely why linux won't be mainstream on the desktop.

If Joe Public and his granny needs to muck about like that to run an application, then they're not going to bother with the OS at all.

Or they do like with Vista's UAC and essentially give themselves admin rights to bypass it.

Joe Public with linux will likely just run everything sudo (as in fact I see a lot of linux guides blindly advise typing 'sudo this' and 'sudo that' without stressing the danger of what they are doing!).

Anyway, I laugh at all the PHP hacked servers out there running on... Linux!

In fact half the viruses and trojans downloaded off the web are probably on there because of unpatched PHP apps running on... Linux!

(yeah I know PHP isn't specific to linux, but the point is linux admins blindly assume they are invulnerable because it is linux).

Mark
IT Angle

re: Cue

Well, look at the "resolution" of this problem:

Turn off autorun.

But without that, what's the difference in "eXPerience" between KDE and Windows?

If Windows is wanted because it's soooo easy, how come they can't find and remove the problem? It should be easy, since windows is easy, yes?

Wyrmhole
Heart

No such thing

No such thing as disabling autorun. Autorun may disable you, however.

Anonymous Coward
Flame

@billy no mates

And this is why Linux is not mainstream. It is simply too hard to do everyday tasks with. People do not want to hack about with config files or drop out to terminal every time they want to perform a simple action. They want either no dialog and the damned this to just work, or a simple clicky-clicky one.

As soon as you give that kind of ease-of-use, you lower security (you can, to an extent, have one or the other; but not both). Sure you can sit in your lofty freetard tower and bemoan the people who don't know all the internal systems of a PC, but why should they? Do you know the deep internals of your car, washing machine, stereo etc? If not why not?

I'll tell you why - YOU DON'T NEED NOR WANT TO KNOW. PCs are the same for most people. They are just another "white good" with which to get stuff done. And until the Linux world gets that through its thick, pig-headed, elitist skull; it will forever be the preserve of the l33t hax0r geek crew.

@Bod - spot on. And idiot is still an idiot.

Antidisestablishmentarianist
Linux

@billy no mates

I'm going to have to assume that your moniker and description of 'why it won't happen to linux' was written as a mockery of linux. i.e. I use linux so I'm a 'billy no mates', and it won't happen to linux because you have to go through all this crap just to get from a to b, and because lots of people are lazy they just won't bother. Perfect security - make doing things so long/boring that nobody will do it.

If it is a mockery, I salute your efforts. If it wasn't then you are the new linux poster boy, the one we can laugh at.

Joseph Haig

@Andy ORourke

You missed "I read it as '3.1 Windows' and wondered who was still using it."

In case you are wondering, yes I did.

Oninoshiko
Stop

@billy no mates

Mayhaps you should reconsider the security of your privilage seperation. There have been a number of privalige escalation vulnerablities in Linux over the years. Linux really bad about cutting corners to get "performance improvements" at all costs. I highly doubt Linus has changed his policies all that much.

Destroy All Monsters
Alert

Today is Large Hadron Collider day??

"And this is why Linux is not mainstream. It is simply too hard to do everyday tasks with. "

OH SH*T MAN CERN HAS FINALLY OPENED THAT TIMEWARP TUNNEL BACK TO THE NINETIES QUICK CLOSE IT NOW THERE ARE ALREADY HOLLOW VOICES COMING OUT OF THAT HOLE OHMYGOD WE ARE SO FRACKED.

vincent himpe

unix is secure...

A couple of years ago this happened. An all Sun/Solaris network. I plugged in a Win95 based ( yes you read that correclty Win95) machine. As you know( or don' know ) you can create as many accounts as you want. Just type a new name in win95 propmts you for a password and creates the account. So i jokingly created an account called 'root' with a blank password on the win95 box. Plug it onto the network , map network drive , and map to the samba server on Solaris.

Guess what .... i had the keys to the kingdom... any file i wrote to the Sun machines had as user 'root'. I could even delete files labeled as root.... i could move systems files. for all that mattered ; i was root... That was an eye-opener ... I don't trust any operating system, even if i have the source. An Os is so large and has so many lines of source you can never be 100% sure that something is not lurking in a corner...

James Butler

@Bod, AC, Antidis... et al

billy is mostly correct. You'd know it if you had ever run a modern Linux distro. You're taking his words and screwing them up to imply that it is hard to install new programs or to work with a Linux system. That is totally incorrect. When an authorized user is sitting at the machine and logged in, installations are as smooth as they are on Windows ... maybe smoother, because most modern distros check whether the software will work with the system before installing, which Windows still cannot do. For most modern programs, you simply download or insert the install disc, double-click the icon and ... voila.

The difference is that when an UNauthorized user tries to install something on the system, such as one of the malware currently making the rounds, then (1) if it is authorized by the local user, then that's the only portion of the system that it can harm ... it can't kill the whole machine (including ROM/CPU) that a Windows nasty can, and (2) it will not automatically execute when the drive/media are plugged in, unlike under Windows.

If you're saying, "Well I don't have to even open the CD in Windows, it plays it as soon as I put the disc in", then you're completely missing the problem ... which is exactly that behavior.

Head out of butt ... get yourselves some experience with Linux before you post silliness like that again, please.

James Gibbons
Linux

Got a new variation Jan 1

Got it from a hotel wifi. I run XP Pro and was patched up to SP2 but not SP3 because it caused problems with VMware which I need for development. Symantec Endpoint Protection didn't even see it. Neither did McAfee on my wife's laptop. I noticed I couldn't go to McAfee.com but thought it was down at the time. No warnings at all from the AV.

Spread to my work machines on Jan 5 and started to attack other work PCs. We use McAfee Total Protection at work and I figured it out by checking the logs and saw lots of buffer overflows being blocked. Had to use the Linux server to surf to the McAfee console. By luck it didn't spread to two customers I visited while infected.

Running scans with either Symantec or McAfee failed to remove it on all PCs. Onlyt F-Secure's removal program worked 100%. The problem is that you must remove all infected PCs from the network, disinfect them, connect and patch them or you will get reinfected. Miss one infected computer and you get to start over.

Almost makes me consider running Linux with VMware to run Windows with disks set to read-only. What I don't get is how Symantec and McAfee downplay it.

Nebulo
Stop

"May" want to disable Autorun?

It's one of the first detestable "features" to get turned off on my boxes on first power-up, along with tacky "animations", "plug'n'pray" and anything else I haven't set up myself because I don't want it. When the day dawns that sees me unable to start a file manager, Winamp or whatever the disc needs, I'll just use the box in me old folks' home and let them worry about it.

Anonymous Coward
Flame

And of course...

...if Linux were the major OS of choice the nasty coder-boyz would be creating all kinds of silver bullets to bring it down too.

Que Sera Sera...

Anonymous Coward
Gates Halo

Autorun at least doesn't affect Vista.

Vista doesn't use autorun, so should be immune to that part of the attack at least.

It asks you want you want to do with the disc, but any autorun on the disc isn't run by default.

Chris C

re: unix is secure...

What you described is not an example of UNIX, Linux, Samba, or anything else being insecure. What is *IS* an example of is an extremely bad Samba configuration. In other words, whoever set up Samba on that server did not configure it properly. There's a reason you're supposed to understand everything in a configuration file before you begin using it, and why you're supposed to test things before going live. What you experienced was a poor design/implementation decision by a lazy IT person.

Gotno iShit Wantno iShit
Alert

@Destroy All Monsters

You are correct in some respects, it is LHC day and there was a bit of a slip up. However, the timewarp tunnel accidently opened actually went to the 30s, the 2030s.

Mark
Stop

"And this is why Linux is not mainstream"

And this is why Windows should NOT be mainstream.

Because the computer does work for you, viruses like this can live and breed. Because you have one, they don't have to hide and don't have to worry about being removed.

It is also why disabling Autorun makes windows not ready for the mainstream. Which is what you have to do here. Ergo, Windows is not ready for the mainstream because not only do you have to turn OFF autorun (an extra action) but then having done so you must do all this work to get something running.

Or spend even MORE work removing all the viruses, trokjans and darknet material (KP, botnet code, copyrighted works, etc).

I tell you, windows is NOT ready for the mainstream.

Anonymous Coward
Linux

Re @A/c Farmer's field

As we are in Europe it's a small field that doesn't require an American gut to feed :)

Stuart Duel
Jobs Halo

Mac OS X unaffected

Mac OS X unaffected by this, or any virus since March 2001.

Mark

re: And of course...

Why "of course..."? There is no Autorun on Linux, so this problem would not exist. So there's no "of course" for this vector.

You just say "of course" because you don't want MS OS's to be considered broken by design. They ARE. Windows from NT onwards had the opportunity to use a PROPER multi-user connectivity-aware security policy. Early versions may well have done so. But marketing demanded that the line be "as easy to use" as the Win9x series, with all the brokenness by design it demands.

Why?

So that they could sell it do dumb fucks.

They wanted sales, not an OS. Whatever got the money in was wanted anything that didn't help that goal was out.

Clive Smith

OSX 'sploits

OSX is affected by exploits. Most users are ignorant to this so theres little to protect them.

Shakje

Re: why Linux would never suffer the same fate

Replace the chmod step with lots of annoying UAC boxes and it's the same walkthrough. Like the article says, it has to bruteforce admin passwords to spread across the network..

The Fuzzy Wotnot
Thumb Up

@Bod

Right!

Had the same argument with a colleague.

"Why did you run XYZ command?"

"Fred told me to."

"You didn't try to make sure it wasn't dangerous? Do you know exactly what that does?"

"No, but he said it was safe!"

Which leads to Mum's favourite....

"If they told you to stick your head in the oven/jump off clifff, would you do it?"

Mark

re: mum's favourite

I quite like Dilbert's answer to his mom about it. something along the lines of:

"If lots of my friends did it, and liked it and would do it again, yes. Yes I would."

Gis Bun

ya right

To the Apple & Linux fanatics [and the few zealots] - if the tables were reversed and Linux or OSX had around 80% of the OS population, you don't think there woild be more viruses, malware and other crap out there. Those virus maker creaps want the biggest impact as well as the most number of novices that they can fool [which is in Windows but OSX is catching up with all the novices who like fads/hype more than what the system does.

So why is it that there is anti-virus apps for Linux and OSX if they are sooooooo clean of this crap?

If you ever read the SANS newsletters? Linux/Unix is just as easy to get attacked.

Oh reason why Linux isn't getting hit? Every 2-3 years you are upgrading or reformating because the company doesn't support the OS anymore. Windows gets a minimum of 10 years. XP will probably be close to 14 years of support.

A J Stiles: "Free" [open source CD] probably also means the source code is available [so the hackers can find vulnerabilities in it] and in some cases amateur writing. Microsoft, Apple and the commercial Linux OSs at least have many programmers to test.

Stuart Duel: You mean that *NO* viruses and crap has it OS X since 2001? Ya right. And Bush will still be president for the next 4 years. I guess Symantec and others discontinued their Anti-virus for the Mac line 6-7 years ag. Eh?

Anonymous Coward
Thumb Up

Linux should not be for everyone

Over the years BSD/Linux have been developed by geeks to basically suit their own needs. This has lead to some pretty secure systems. It has also lead to some cryptic, non-end-user friendly OSs. So now the big push is on the make these great OSs user friendly.

I say let the masses have Microsoft. Hopefully, corp, gov will get smart and use other OSs. If people don't want to learn how to us their OS then they will get what they deserve.

Just my opinion though

Mark
Paris Hilton

@Gis Bun

"f the tables were reversed and Linux or OSX had around 80% of the OS population, you don't think there woild be more viruses, malware and other crap out there."

More than there are now? Almost certainly.

More than MS has with 80% of the market? No.

This topic is closed for new posts.