Fake e-cards signal massive DDoS attack Security researchers are reporting a sharp increase in the number of machines infected by the Storm Worm, prompting speculation that its authors, who so far have limited their activities to spam, intend to use it for more destructive purposes, such as launching massive denial of service attacks. In June and July, internet …
I've been getting 15 of those things a day. Fortunately they were all stopped by my e-mail's anti-virus and quarantined, but I was wondering why there was such a rush of them all of a sudden. Sadly, I realized a long time ago I'm simply not popular enough to get greeting cards.......'sniff'
"demonstrating a strong ability in its authors to trick recipients into clicking through so they become infected"
Not really. This Storm worm proliferation demonstrates mostly how gullible and infatuated with themselves people still are. On the other hand, Internet access has only been widely available for quite a short time - the vast majority of users have 2MB or less of pipe (there is still 13% with only 256kbps). So Internet is still in its infancy, and many, many people will still get caught by this.
It will take a few decades more before the majority wisen up to the fact that receiving an email from a perfect stranger is NOT normal and most often NOT wanted. Meanwhile, botnets will flourish.
Please, if you've had enough of Windows, then try upgrading to DOS.
--
Alterior motive - If these "newbies" jump on the Linux bandwagon then the virus writers will simply swap their target platforms, and don't be so naive to think Linux and MACOS don't have as many problems, they do, they're just not aswell researched yet.
Patrick, I totally agree! Linux and Mac users have been ignored for to long. To many H3X0rs writing stuff for XP and IE only! It’s just not good enough! If they are so L33t then they should make Bonnets open to all to join! They dont even publish the sorce code!
(For anyone who doesn’t understand, please see the Kafuffle over iPlayer before flaming me)
It's gratifying to be told I have so many friends who are trying to get in touch.
(I thought that e-cards lost favour ages ago with the advent of so-called social networking sites.)
Much, much better than to have it implied that I've either got a small willy or that I can't keep an erection for several days.
The pills must have worked and now I'm popular with my peers.
Thanks Storm worm, you've made me feel like I'm wanted.
Just not sure what you might want my machine for, though.
"It will take a few decades more before the majority wisen up to the fact that receiving an email from a perfect stranger is NOT normal and most often NOT wanted. Meanwhile, botnets will flourish."
Um ..... Suppose, just hypothetically for a minute, that no two computers in the world had the same instruction set and addressing schema. In other words, a binary program compiled to run on one computer could never run on any other computer.
Now the only two ways to make *your* computer run a program are (1) to have it compiled for *your* computer, or (2) to have it supplied in Source Code form and run through an interpreter.
If that wouldn't stop the propagation of viruses, worms and Trojans dead, I don't know what would. The only way a program (malicious or otherwise) could be made generic enough to run on *any* computer would be to supply it in Source Code form; and then any competent programmer would be able to see what it was doing and stamp it out.
As a beneficial side effect, it would also make piracy impossible. You buy a piece of software, and it's personalised specifically to your computer; no matter how many times you copy it, it won't run on anyone else's computer. If you scrap your old computer, you can show the certificate from the approved recycling centre and receive a discount on a copy of the same software personalised to your new computer. (So there's another beneficial side effect: it prevents e-littering.)
And this doesn't hurt the Free Software movement, either; because if you download a program in Source Code form, then you can easily compile it for your own computer.
The technical problems are: how to achieve this kind of full personalisation in the first place (some kind of CPU-instruction-level crypto?), and how to bootstrap an initial build environment (the Source Code for a compiler isn't much good by itself). I'm confident, though, that they are not insurmountable.
I went off the entire concept of greeting card sites many years ago when I spotted in the Ts&Cs of one site that because someone else had sent me a card via their site, they were going to use my email address to send me spam unless I opted out. Ever since, I've made it clear to people that I don't think that sending eCards is a things friends should do. As such, my local spam filter has long bounced such messages, even from 'legitimate' sites.
Don't click on anything that you receive from people you don't know, unless you know exactly what you are doing or if you wish to get infected with Worms, Viruses, Trojans or want your bank account emptied. Everybody stupid enough to click simply on everything without the right protection doesn't deserve any better. e-Cards are anyway the most unpersonal way to wish somebody a happy birthday or anything else. If anybody sends me one they are of my christmas list in an instant.
Windows - the Ow starts Now!
Linux - get back to us sometime around 2015 - we'll have it working by then.
See? Windows is good for productivity - you can have your virus outbreak, help knock Estonia offline, lose all your data, restore from tape and be over it before you've got it working on your Linux machines :D
As we all know, if you log in as root or administrator then your asking for trouble.
But the majority of "home" windows users still assign admin to their standard account, instead of giving it restricted access.
If you restrict all accounts, then you seriously reduce the amount of damage that malware can do. The problem is, windows still allows more access than linux/UNIX does. But its getting better.
My kids send me those greeting cards all the time, and I was nearly tricked into opening one, best warn the wife, she assumes they are from the kids and always opens them!
Your "solution" would also require everyone to personally audit every line of code that they download and compile on their "unique" hardware. What else is to stop them downloading and compiling a new game or media player which also just happens to turn their computer into part of a botnet? Perhaps that handy tool you downloaded to automate the code auditing? Well, that has just root-kitted your computer.
"As a beneficial side effect, it would also make piracy impossible. You buy a piece of software, and it's personalised specifically to your computer; no matter how many times you copy it, it won't run on anyone else's computer. If you scrap your old computer, you can show the certificate from the approved recycling centre and receive a discount on a copy of the same software personalised to your new computer. (So there's another beneficial side effect: it prevents e-littering.)"
Windows already does this. Except for the copying part. And the discount part. And the running on your computer part - especially if you upgrade something like the CPU or hard drive.
Oh, and the infection prevention and piracy parts...
PCPRO - Real World Computing - September 2007
Didier Stevens ran a google Ad-Word campaign that offered users the oppertunity to get their computers infected. The add said "Drive-by Downloads, is your PC virus-free? Get it infected here". He got 400 hits. They do state that some of these may be curious researchers, etc... but still, 400 clicks!!!
" ... and don't be so naive to think Linux and MACOS don't have as many problems, they do, they're just not aswell researched yet."
Linux is buggy. Period. BUT:
Not only is the Linux design far more secure (thus more difficult to exploit) than the crap pushed by MS, but all Linux distribution's have different dependencies (libraries, kernels, setup, you name it). This means that the virus writer has to either statically link their executables and create some very stealthy 100MB viruses or have a different virus for each different Linux distribution ( do you even realize how many of these exist? ) and custom Linux installations.
Mass infections like under XP?
Think again!
"If these "newbies" jump on the Linux bandwagon then the virus writers will simply swap their target platforms, and don't be so naive to think Linux and MACOS don't have as many problems, they do, they're just not aswell researched yet."
So what you're saying is that you have no idea how Linux and Mac OSX (which is BSD-based) work.
In Windows, by default, everyone runs as "root" and anything one user does affects the entire system - and can change system files which should be protected. This can be locked down, but I've never seen a home user who wasn't also an IT guy do so.
In Linux, BSD, and other real operating systems (Lindows/Linspire is specifically exempted, as it is meant to be Windows for... Well, I have no idea for whom, as no one sane would use it), each user runs in a "sandbox", and the user must have special rights granted to do anything outside that sandbox that would change the system files; thus, if you received a well-crafted malicious email from a stanger, or from an anonymous "greeting card company," and attempted to do something incredibly stupid (e.g., you opened the email and launched an attachment), you would be asked for the root password before the attachment could execute. That would alert a user with an IQ higher than room temperature to be suspicious.
DOS, of course, is as bad as Windows, but not as pretty.
I think you'll find that a lot of the tasks which malware writers want to achieve do not require root access: fire off a spam email; ddos; p2p or im client for command and control.
Many distros even enable cron for normal users by default.
Maybe the whole machine wouldn't be owned, but does that matter if it performed its tasks?
@anon "Linux is as vulnerable as XP ... NOT!" said "stealthy 100MB viruses"
What about a small statically linked executable that searched for likely mail clients which might happen to be installed (starting with 'sendmail' perhaps?).
The hardest part would probably be writing something that the (idiot) user could just install with a few clicks (or a zero day browser exploit). Maybe that even "couldn't be done". Maybe nobody's bothered trying.
Come on, all you Linux boys! As 4.1.3_U1 pointed out, you don't need root access to send spam on a Linux box. Yes, Windows IS less secure than Linux, but most people don't want to have to recompile the core just to add a new USB memory stick!
To think that these ******* that write these viruses WON'T get around to Linux is just stupid. Especially now that 2 different manufacturers are shipping Linux and instead of the OS being the reserve of competent IT users, Joe Bloggs is going to be using it. How many new users are going to make mistakes and leave the root liable to attack?
We all know that Windows is the main target because it's the biggest (and easiest).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
