PDA

View Full Version : Love You San worm


kylos
Aug 12, 2003, 10:31 AM
Remember that recent DHS warning about a system vulnerability in Windows a few weeks ago? No? Well then you need to read atat or alternately the mass media.

Anyhow, it was exploited (http://story.news.yahoo.com/news?tmpl=story&u=/washpost/20030812/ts_washpost/a46233_2003aug11) Monday afternoon. Hidden in the .exe are the lines

"I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!"

This guy is great!!!!!

This actually affected me since I'm on an internet connection shared through an XP box. Apparently the virus didn't actually get onto the computer but the worm is nice enough to shut your computer down even if it doesn't infect it. As far as I can tell my university was infected since I dial in to it for my internet connection. After a while it gave up, but the host on our lan would shut down after being connected for a minute or two.

I still like this author for his shot at gates. Ha!

G4scott
Aug 12, 2003, 12:36 PM
Well, good ol Billy has less than a week to do something about this vulnerability. This saturday, the worm will attack a microsoft support page...

Thank goodness I own a Mac.

Wes
Aug 12, 2003, 12:50 PM
I was chatting to a few friends on pcs yesterday. I was having a field day. Every few minutes one of them would start typing various profanities as a window popped up mentioning an RPC error and they had 60 seconds before restart. Sure enough, after 60 seconds they went offline, to return a minute later. This was happening to quite a few of them. Sadly this hacker will probably spend the rest of his days in prison.

iJon
Aug 12, 2003, 12:55 PM
well i just installed the patch, i dont think its gotten to me yet. not that it really matters, pc is just for games. i am guessing this is a good time to back up all my saved games so i can reinstall in a couple of days.

iJon

rainman::|:|
Aug 12, 2003, 01:55 PM
Notice how the media, while mentioning the "fix the software" line, is ignoring the fact that Microsoft is one giant security hole. I'm sure they're just "weathering the storm" before Longhorn hits, but that's a long time away... And i'm sure Longhorn will be just as crappy... They can't fix the vulnerabilities without rewriting the whole system, and they can't write a secure system until they acknowledge their gaping security flaws that cripple the 'net.

My mom just called me, because my dad called her, and told her since she had MS products (IE, she's not running X yet), that she's vulnerable, and that this virus will "kill" the computer forever and ever. Bah! I just want to hit people that don't know what they're talking about... Their lives in so many ways depend on this technology, and they know nothing about it, or how precarious the whole security issue is. Maybe they won't pay attention until we have scrapped the internet in entirety because everyone's bank accounts disappeared, electronic devices stopped working, and anarchy reigned supreme... Melodramatic, but the sentiment is there.

pnw

Mr. Anderson
Aug 12, 2003, 03:41 PM
But you really have to wonder if this would have happened so soon if it hadn't been given out by the press? It seems to me that someone saw that they were worried about the leak and then took advantage of it......ha!

I hope that never happens to Apple....

D

bryanc
Aug 12, 2003, 03:54 PM
If Microsoft didn't have the U.S. government in their pocket, I really think we'd be seeing some legislation that punished software vendors for distributing grossly insecure operating systems.

We don't let cars with no breaks on the highways because they are a hazard to everyone else. Similarly, we shouldn't let PCs running windows on the internet...they screw the system up for everyone else with their gaping security holes (not to mention the PEBKACs).

Cheers

applemacdude
Aug 12, 2003, 04:37 PM
Why can't microsuck just make a safe os? the have a big ass security flaw in their os like everyweek

Powerbook G5
Aug 12, 2003, 05:00 PM
That reminds me of my girlfriend, she had a Toshiba laptop and got some kind of odd virus so every 20 seconds or so she'd IM this porn link with a quote like "Watch these girls lick this guy off!!!!" She did a format and reinstall maybe three times but it kept coming back, it drove her crazy until we were walking through CompUSA looking for a new keyboard for her and she saw an iMac and called her dad and convinced him to buy it for her. After that, it was easy to fix the virus--dumped the Toshiba in the trash. :)

MrMacMan
Aug 12, 2003, 06:05 PM
My friend hasn't patched his system forreever.

That is because this code glitch probably was because of the last patch, and so on and so on...

ahah, he has like 100 patches and 20 major security updates needed.

--PWN.

:eek:

Powerbook G5
Aug 12, 2003, 06:25 PM
Two months ago we had to trash our Gateway system...we got something that leaked onto it and basically whenever you tried to install anything or update a patch from Microsoft, it would sit at the Windows ME screen indefinitely until you unplug it, then go to Adaptec Goback and revert it to a time before you installed the said item. It was literally impossible to do any security patches. We couldn't reinstall Windows because it would get stuck at the boot sequence, either. It was damn irritating, to say the least. Especially since even if we had been able to reinstall Windows, we had lost the key sequence a year ago so we wouldn't have been able to re-authenticate it, anyway.

etoiles
Aug 12, 2003, 06:54 PM
Is OSX really that much safer (in theory) or are there just very few people (compared to windows) looking for 'holes' ?

Either way you are better off with a mac, but I was just wondering...

Powerbook G5
Aug 12, 2003, 07:03 PM
I think it's a combination of both, actually.

Sayhey
Aug 12, 2003, 08:18 PM
One might think that the government might take these secuirity problems into account when deciding to award all those contracts to Microsoft. Or am I just being naive? Nah! :rolleyes:

Powerbook G5
Aug 12, 2003, 08:42 PM
Come on, it's the government...it's not like they would do anything logically!

big
Aug 12, 2003, 09:14 PM
Man, some of those really nasty viruses can write itself to the boot-rom.

your pretty much screwed at that point, and you have to flash the bios

howeve, they can ALSO write themselves to the ROM in printers too, then rewrite back to the PC

either pretty nasty coding, or really great coding, in my opinion!

idea_hamster
Aug 12, 2003, 09:35 PM
Originally posted by big
Man, some of those really nasty viruses can write itself to the boot-rom.
Do you have a source for that? It sounds like a bit of an tech-legend. Not trying to be a wet blanket -- just to have healthy skepticism.

Oh, and BTW, my entire company was driven to distraction today by this MSBlaster worm. One twenty-four story building, hundreds and hundreds of computers -- the worm ripped through the entire building in less than 15 minutes. We all got a mass voice mail saying to unplug our workstations at the wall and wait for further instructions. Took us four hours to get back to work. (Needless to say, I'd be very, very put out to find that this thing had written itself into someone's boot ROM!)

Powerbook G5
Aug 12, 2003, 09:56 PM
That's just insane, I am just glad I am not using Windows...every single day I have to deal with helping my parents install all the security patches when they turn on their Dell.

cb911
Aug 13, 2003, 01:48 AM
i just saw this over at theregister.co.uk


MSBlaster contains the following text:

I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix
your software!!



i just had to laugh when i saw that. :D


check it out: http://www.theregister.co.uk/content/56/32286.html

Mudbug
Aug 13, 2003, 01:56 AM
I'm laughing right along with you, although I fear there is an OSX worm just festering, waiting to come to life at some point and cripple all of us. I'm sure it can be done, it's just a matter of time.

but oh yeah, <points and laughs> they definitely have it coming. New patches every day. Why not make it better to start with? It's bloated enough...

cb911
Aug 13, 2003, 02:07 AM
Originally posted by Mudbug
I'm laughing right along with you, although I fear there is an OSX worm just festering, waiting to come to life at some point and cripple all of us. I'm sure it can be done, it's just a matter of time.

no!! don't even say that! :eek:

yeah, i'm sure it's possible, but not nearly as easy as Billy makes it. :D

Stevie would never make anything like that possible. :D

iTag
Aug 13, 2003, 08:12 AM
If my windows machine was working then id update but now that i use a Mac well whats the point i ask you



iTag = former Sabenth rest in peace my old friend now i have to start from scratch typical

kylos
Aug 13, 2003, 08:31 AM
Already posted. (http://forums.macrumors.com/showthread.php?s=&threadid=34880)

Macmaniac
Aug 13, 2003, 08:53 AM
I'm so glad I have my mac:) (Hugs iMac)

caveman_uk
Aug 13, 2003, 10:12 AM
Originally posted by idea_hamster
Do you have a source for that? It sounds like a bit of an tech-legend. Not trying to be a wet blanket -- just to have healthy skepticism.

I don't have source code for that (as I've never needed to do it) but of course it's possible. How do you think BIOS updates work?

wdlove
Aug 13, 2003, 10:18 AM
I wonder if Bill Gates and Windows will ever wake up? That is the problem with a monoply, no real reason to fix problems. It is very hard for a large organization to change.

big
Aug 13, 2003, 10:19 AM
exactly

idea_hamster
Aug 13, 2003, 11:12 AM
It seems that the folks at MS are trying some damage control PR:

"Microsoft spokesman Sean Sundwall acknowledged that the blame does not really lie with customers.

"Ultimately, it's a flaw in our software," he said. (http://www.msnbc.com/news/951393.asp?Ocv=CB2O)"


CNN.com seems to have re-directed this link to a new related story that doesn't include this quote. The original story can still be found elsewhere on CNN.com under the title "Warnings Did Little to Stop Internet Worm". -- i._h.


also...
Originally posted by caveman_uk
I don't have source code for that (as I've never needed to do it) but of course it's possible. How do you think BIOS updates work?
I've honestly got no idea how a BIOS update works -- but I guess one is a bit naive these days to believe them when they call something ROM. Just because it says "Read-only" doesn't necessarily mean it is read-only. Disillusioned yet again -- *[sigh]*.

rueyeet
Aug 13, 2003, 01:40 PM
The thing about Microsoft's near-daily security patches is that home users don't have the time, and often, the computer literacy required to also be full-time system maintenance experts, even with Windows Update. The constant barrage of patches is just numbing...and the fact that a constant barrage of patches is even necessary is just aggravating. Worse, dedicated system maintenance experts testify that Microsoft's patches often break other things.

As I'm the only kind of system maintenance my elderly parents have, I'm planning on downloading the patches to CD so that if MS's servers are downed this weekend when I'm there to apply them, I can still update their computers.

This just pisses me off beyond all bounds. If Mom weren't so technophobic and unwilling to have to learn yet another system, and if Dad weren't such a DOS guy, I'd almost be willing to BUY them Macs just so I didn't have to deal with this.

:mad:

idea_hamster
Aug 13, 2003, 02:00 PM
Originally posted by rueyeet
I'm the only kind of system maintenance my elderly parents have...
If you find the original Warning does little to slow internet worm article on CNN.com, the author bemoans the exact same fact regarding his mother -- so you're not alone.

kylos
Aug 13, 2003, 02:04 PM
Heh. One of my professors was just saying that he tries to stay away from windows updates for his wife's XP box because he's already had patches cripple his video performance. He'-s a big *nix geek. And he's a humanities prof.:D You're right on, though, about the average computer user not being very capable of installing a patch. Fact is, a lot of these people hear the media lecturing them about not installing the latest patch, (after all, both Microsoft and the DHS warned about the hole over a month ago) and then they feel guilty and stupid because now it's there fault but they don't know what to do. Now to most of us here, installing a patch is not that hard, but the vast majority of pc owners just don't grasp even some of the most fundamental concepts. But if Microsoft is to blame it's customers, then it should only sell to those it can verify are relatively knowledgeable of windows.

Ryan1524
Aug 13, 2003, 10:51 PM
yesterday i was watching the news and CNN (no i don't usually watch CNN - i was bored), and they mentioned that this virus attack is "to be expected due to the millions of lines of coding required for the operating system." pffft...and OS X, Linux, etc etc doesn't ahve as many lines?? :p ;)

wdlove
Aug 14, 2003, 10:38 AM
My wife is a visiting nurse and so can download her patients at home. Last night she could not, frustrating. Had to leave early this morning to the office. The IT person said that the server was down due to the P Worm. Our local news said that other hospitals were also affected. I just wonder if they will ever learn? :(

iJon
Aug 14, 2003, 01:48 PM
Originally posted by wdlove
My wife is a visiting nurse and so can download her patients at home. Last night she could not, frustrating. Had to leave early this morning to the office. The IT person said that the server was down due to the P Worm. Our local news said that other hospitals were also affected. I just wonder if they will ever learn? :(
probably to them, a one button mouse is as shocking to them as the virus. apple can never win this kind of market without certain software. my family and i have been really good friends with my ortho who gave me my braces. He has someg G4's but just to view his pictures he xrays and stuff. but other than that, its all windows softwae.

iJon

wdlove
Aug 14, 2003, 08:18 PM
Originally posted by iJon
probably to them, a one button mouse is as shocking to them as the virus. apple can never win this kind of market without certain software. my family and i have been really good friends with my ortho who gave me my braces. He has someg G4's but just to view his pictures he xrays and stuff. but other than that, its all windows softwae.

iJon

Yes, it is a real bummer. Apple could make great in roads if it could develop medical software. I'm sure that Mac OS X would be benefical for imaging!

I had braces also when I was in junior high!

themadchemist
Aug 14, 2003, 10:45 PM
Originally posted by bryanc
If Microsoft didn't have the U.S. government in their pocket, I really think we'd be seeing some legislation that punished software vendors for distributing grossly insecure operating systems.

We don't let cars with no breaks on the highways because they are a hazard to everyone else. Similarly, we shouldn't let PCs running windows on the internet...they screw the system up for everyone else with their gaping security holes (not to mention the PEBKACs).

Cheers

Brilliant point. I never thought of this. Perhaps an administration that it is to critical software (like operating systems) as the FDA is to drugs.

In that case, Windows would be dispensed with as if it were acetone being pawned as a hypertension drug.

Magus42
Aug 21, 2003, 02:20 AM
... I haven't seen so much misinformation in one spot since the last time i looked at grc.com...

Are any of you even aware of the fact that the patch for this vulnerability was available over a month ago? I didn't think so.

So before you go spouting off about MS not fixing things, check your info first. And as for updates, how much brainpower does it take to hit a few links on windowsupdate, or enable auto-updates in XP? No worse then the update manager in OSX.

etoiles
Aug 21, 2003, 10:40 PM
Do you mean service pack 4 ? The SP that nobody in our office installed because it creates major problems with 3DSmax files ? :p

Anyway, this worm was a real windows problem, whether MS reacted fast enough or not. It shouldn't have been possible in the first place.

But I agree that people are fast to judge MS on this one and feel on the safe side with OSX. Do people really think OSX is that much safer ? Everytime Apple releases a security fix I think "thank god there is not more hackers/worms/viruses on OSX..."

BrandonRP0123
Aug 22, 2003, 12:47 AM
Originally posted by idea_hamster
Do you have a source for that? It sounds like a bit of an tech-legend. Not trying to be a wet blanket -- just to have healthy skepticism.

Oh, and BTW, my entire company was driven to distraction today by this MSBlaster worm. One twenty-four story building, hundreds and hundreds of computers -- the worm ripped through the entire building in less than 15 minutes. We all got a mass voice mail saying to unplug our workstations at the wall and wait for further instructions. Took us four hours to get back to work. (Needless to say, I'd be very, very put out to find that this thing had written itself into someone's boot ROM!)

My coworker caught the Chernobyl virus in 1999. Sure enough on the Chernobyl anniversary it over-wrote the master boot record, partition table, and over-wrote the NVRAM in the bios. Completely hosed the PC. Had to swap motherboards, as the BIOS NVRAM chip was soldered onto the board. Once the machine finally powered up and booted, the partition table was gone completely. I love you, Microsoft.

BrandonRP0123
Aug 22, 2003, 12:48 AM
Originally posted by Magus42


So before you go spouting off about MS not fixing things, check your info first. And as for updates, how much brainpower does it take to hit a few links on windowsupdate, or enable auto-updates in XP? No worse then the update manager in OSX.

Unfortunately, more than you think. With the majority of the population still on dialup as well, (and, for example, the updates Microsoft publishes are 30MB sometimes), and the lack of knowledge to do that - the numbers make you sick.

Backtothemac
Aug 22, 2003, 12:53 AM
Look, the people who right viruses are anti-Microsoft, and pro Linux, and Mac. They do it because they can. People someone could just as easily go after Macs with a virus. They do run Macros just like a PC, but when you are only 3% of the market, does it make sense to do it?

BrandonRP0123
Aug 22, 2003, 12:59 AM
Originally posted by Ryan1524
yesterday i was watching the news and CNN (no i don't usually watch CNN - i was bored), and they mentioned that this virus attack is "to be expected due to the millions of lines of coding required for the operating system." pffft...and OS X, Linux, etc etc doesn't ahve as many lines?? :p ;)

That statement on their part is just plain ignorant.

But at the same time, there's just as many vulnerabilities out there for UNIX machines. The realpath() security update on 8-14-2003, I received about a week earlier from freebsd-announce (we run FreeBSD at our joint). There was a vulnerability in Cisco IOS earlier in the month - and the list goes on and on.

Since Microsoft products make up the greatest percentage of installations, and the ``ease of use'' of windows makes even the truly computer illiterate ``administrators'', it's a fact of Microsoft, I suppose.

idea_hamster
Aug 22, 2003, 09:09 PM
Originally posted by Magus42
... I haven't seen so much misinformation in one spot since the last time i looked at grc.com...

Are any of you even aware of the fact that the patch for this vulnerability was available over a month ago? I didn't think so.

So before you go spouting off about MS not fixing things, check your info first. And as for updates, how much brainpower does it take to hit a few links on windowsupdate, or enable auto-updates in XP? No worse then the update manager in OSX.
Actually, there were a few threads here (one started by yours truly) regarding the group that discovered the flaw and the patch. So, yes, in general the readers of Macrumors are probably aware that MS made a patch available when they did -- about a month before the worm.

The point that came up in those threads, however, was that:
(a) lots of people -- whether they could or not -- aren't going to patch their systems because they treat their computers like their toasters: "does it work? then it must be fine"; and
(b) lots of system administrators are not going to patch their systems because they've had past problems with MS security patches conflicting with their settings, their applications, their networking, and even each other.

That's the point. No one patched, not because they didn't have time, but because they're either not tech savvy enough or too tech savvy.

That's not "spouting off".

idea_hamster
Aug 22, 2003, 09:16 PM
Originally posted by Backtothemac
Look, the people who right viruses are anti-Microsoft, and pro Linux, and Mac. They do it because they can. People someone could just as easily go after Macs with a virus. They do run Macros just like a PC, but when you are only 3% of the market, does it make sense to do it?
I agree that virii that spread because a user runs an executable file that they got in e-mail are writable for Macs and, since they depend on people being duped into running them, can dupe Mac users.

The tougher question is whether system-level security (like the flaw that the MSBlast worm used) is better due to the underlying FreeBSD core.

Backtothemac
Aug 22, 2003, 09:35 PM
Wow, I am getting hammered with this virus. 20 emails with it in the last hour :mad:

idea_hamster
Aug 22, 2003, 09:46 PM
Originally posted by Backtothemac
Wow, I am getting hammered with this virus. 20 emails with it in the last hour :mad:
Yeah, the tech people in the press were saying how August was a bad month for this because lots of people (like all of France) are on vacation, so we'll get more outbreaks as these people get back to work, open their e-mail....