Slashdot Log In
Four Kids Confess to Goner Worm
Posted by
CmdrTaco
on Sat Dec 08, 2001 09:25 PM
from the hope-they-get-grounded-with-no-dinner dept.
from the hope-they-get-grounded-with-no-dinner dept.
imrdkl writes: "4 kids in Israel have confessed to writing and distributing the Goner worm, according to Fox."
Yet another annoying worm comes and goes, wasting countless IT hours, to say nothing of bandwidth. The kids face up to five years -- of course since they aren't in the U.S., they might actually be punished.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Well blahs all around (Score:4, Insightful)
If our users had listened to the rules, this wouldn't have been a problem. But within 30 seconds of the attachment entering our network, over 50 users had run it. Why can't someone hold the irresponsible user at fault? The instructions are easy - don't run attachments you weren't expecting. Instead of blaming some kids for playing around with code, why can't we find fault in the people that don't follow their instructions?
Yeah, I'm ranting, but to make something constructive out of my waste of bandwidth, how can we get the users to listen? Anyone have effective tools? Yeah, I'm all for firing the ones that can't observe policy, but that would mean firing my boss too. And she's actually pretty decent, as far as managers go.
Re:Well blahs all around (Score:5, Insightful)
with an attached note saying "pull this pin,"
and that person then proceeding to pull it,
even though they have been told OVER AND OVER
that if they pull the pin on a hand grenade,
it will hurt them.
The virus is dormant, completely harmless
UNTIL SOMEONE RUNS IT.
The fact that someone wrote and engineered it
to spread in this way, and convince people to run
it, they (the writers) should be held accountable.
But just because they are responsible doesn't
mean every other person down the line
isn't responsible as well.
Makes me think of an episode of Space Ghost Coast To Coast (Snatch, I think..)
which goes something like this:
"The rays... Its... Its feeding on the rays!"
"Then don't shoot it!"
"But.. The rays... It's feeding on them! Ohh."
Parent
Re:Well blahs all around (Score:3, Interesting)
In fact, if users did turn smart, both you and me might find it a lot harder to get jobs.
You see, computer geeks get jobs because we're supposed to be the ones who think about things like this. Hell, we're perverted enough to *enjoy* doing this nitty-gritty computer stuff. Joe Q. User just wants things to work. The user doesn't want to have to deal with anything. After all, the computer isn't their job, the computer is a tool to help them with their job.
So yes, I agree that in an ideal world people wouldn't be stupid and would know not to open unexpected attachments (and always scan everything anyway, and all that stuff). But the reality of it is that will never happened, and it just takes one person screwing up to let the worm wreak some degree of havoc.
Re:Well blahs all around (Score:3, Insightful)
Here's what happened: they were hit at 17:50 local time, at about 18:00, the first of four Outlook
lusers clicked on the attachment, which made the few admins who were still at work aware of the
problem. As they immediately went into action, they were able to get the mail servers under control pretty quickly (relatively speaking, that is). Next day, however, a scan of the network
revealed that about 50 additional PCs had to be cleaned up. These belonged to people who still use Netscape to read their mail and had also activated the worm. It didn't spread from there, but it did disable the virusscanners, so...
Next thing, that admin that I'm refering to claims: "Fortunately, we have Outlook installed on a few PCs already, because that is how we found out just before leaving for home. If everybody still used Netscape, a lot more PCs would have been infected during the evening, night, and morning before the helpdesk would have noticed the problem."
Sadly, this really is a true story...
Fixing the staff problem (Score:5, Interesting)
I don't agree entirely with what you write, since I assign the blame for things like this almost entirely to those who write the stuff in the first place. I'm sure you'll get plenty of other replies saying the same.
OTOH, you make a fair point about employee training. The small company where I work, a software development house, has had a few e-mail viruses mailed to it over the past year or two. It's interesting to note that these often get forwarded around the office, but invariably by non-technical staff. The developers and tech support guys and gals generally have the sense not to run blind attachments; the admin and management guys and gals are more trusting, and bite the bullet.
Our IT support guys have long had a record kept of exactly when everyone runs the anti-virus update they mail round every month. Recently, they've instituted a "leader board", which is mailed to everyone, showing who ran it fastest. It's an amusing little game for those of us who are sitting in front of our PCs anyway, but the really telling thing is the people who don't appear on the list at all (which is typically mailed around the afternoon after the update), i.e., those people who still haven't updated their systems several hours later. Guess who they are...
So, we have established that certain types of users are more vulnerable to this than others, and we know who they are. The next question, of course, is what to do about it. You can come up with any number of penalties, but how are you going to turn around and slap them on, say, the MD of your company (a repeated offender in our case)?
Personally, I always liked the "drill" approach. The IT guys occasionally create a Hotmail account or some such, and mail something cool-looking to a few random accounts at the company. If you run the attachment, it pops up a simple message on your screen informing you that if this had been real, you'd just have cost everyone in the company a day's work/sent abusive mail to your most profitable client/whatever. This isn't publicly embarassing, and it makes the point. It's certainly proven very successful in a couple of cases I know of.
You could complement that with a "three strikes" sort of rule. Anyone who falls for it gets a couple more spams shortly thereafter. Anyone who falls for it repeatedly has maximum security settings imposed on their machine thereafter. It will cause them hassle if, for example, they have to send or receive a genuine executable attachment, but such is the price you pay for keeping your systems secure from your own users as well as people outside. Better that than watching offensive mail go to those top five clients...
Parent
Re:Fixing the staff problem (Score:4, Redundant)
At least in my company, the first person to send this out (company name to remain anonymous.) was the CTO
This is not a lie or an exaggeration. Our companies CTO was the first damn fool to send it.
I'll now read the rest of this thread to see other replies.
Parent
Re:Well blahs all around (Score:3, Insightful)
Honestly, I don't think the fault rests on these kids at all.
A quick article reference:
Once inside a user's system, it [Goner] deletes anti-virus and firewall programs, then installs scripts to allow hackers to access the computer and use it as a platform for denial-of-service attacks.
This was not a blameless accident. It wasn't a mistake, that wasn't meant to be released. It was a specially written virus designed to build a 5cr1p7 k1d33 DDOS network.
I don't think they planned to sit around with thier massive DDOS network, not doing anything. Furthermore, they certainly knew what trouble the worm could cause - there is ample precedent for this.
We won't deter future virus writers with a slap on the wrist. They need to be given a sentance that others will look at and say 'I wouldn't want that to happen to me'.
They shouldn't be given a 5-year sentancem granted. I would think that a $5,000 fine and confiscation of thier computer equiptment would to fine. But we can't say 'Blame the users; they aren't following procedure', because if it weren't for script kiddie virus writers, there would be no need for virus-stopping procedures at all.
That's my opinion, anyway.
Michael
at least IT is paid by the hour. (Score:5, Interesting)
When was the last time in history a 15 year old was able to cripple the economy by being mischievous? How many 15 year olds do you know that can rob a bank? Organize a general strike to stop productivity? Stop traffic? We are in a strange new time indeed.
Preaching to the choir here, but using products (cough cough microsoft, cough couch outlook) that suck is your own fault. It's like driving an automobile without seatbelts, all is good until you crash the car. Then we blame the wall we crashed in.
Technical specs [kaspersky.com] of gonner and a free treatment [kaspersky.com] utility for those in need
Same old... (Score:4, Interesting)
script kiddie/cracker/whatever create worm
worm gets out, spreading by point and click method
IT goes on about how bad this one is
Eventually worm dies and kids are caught
Big deal made over last worm causes more copycat type worms
Cycle restarts
Ok I mean thats pretty general, but goddamn if I'm not sick of all this. How about instead of going after the worm writers (they are not innocent but hear me out), why don't we try to at least educate the public into not opening things they don't know about. I mean what good does blackice and zonealarm do if someone opens a file and turns them off? The technology isn't the problem (except with IIS but thats whole different beast), its the people. Maybe someone (I know I'll be flamed as a bastard for this) should create a worm that actually fucks over the people that open it. Instead of making it so they download some roll-back registry fix, how about you just wipe out the registry? Why not make it so IE and Outlook have popup-adds with every page and email they view. What if the worm steals their emails and sends them to spammers list automatically? I mean obviously people aren't learning, or this crap wouldn't be happening over and over again. Yeah the people are victims blah blah blah... cry me a river. I've never had a worm, and never will. I'm not claming i'm smart or anything, but its common sense that an emailing "I'm asking for your advice" with a document that ends in scr or vbs is something that joe45@aol.com probably didn't mean to send me.
Re:Same old... (Score:4, Insightful)
Ah yes. It's the user's fault. Damn them for actually using the features in their frigging e-mail clients. How dare they not go through arcane menu commands and figure out how to deactivate features. Let's shoot the slobs now, and totally ignore the fact that lazy-ass developers created all of these problems for the users to begin with.
Oh yeah. very common sense. Unless, perhaps you know joe45@aol.com. Which is the case in most of these "scan the user's address book and send a copy" schemes. That's why it's so successful... e-mails go to people who know, and perhaps trust, the person who launched the virus. Hell, a lot of the viruses are in the form of Word documents, which, believe it or not, are actually passed around via e-mail. See, e-mail is all about communication. People send people things. People open them up. 99.99% of the time, nothing bad happens. That's what e-mail is for. That's why we have attachments. If people aren't supposed to open them, what's the point of having that capability in e-mail clients?
Do you actually expect people to know what the hell a .scr file is? Maybe you've got all of Window's file extensions memorized. Most people I know have more important things to think about.
No, if you want to code up a virus to "fix" this problem, code up one that goes out and downloads and installs an e-mail client that was written by someone with a clue about security. Perhaps install an operating system where something run in userland can't fuck with system files. Hell, write a virus with some AI that can seek out and destroy the source code to lousy e-mail clients, scripting systems that have no concept of security, and operating systems that have no security model to speak of.
In the mean time, screeching at people that doing things that the e-mail clients were designed to do in the first place is grounds for a cyber-anal-raping is about as productive as screeching that they're a witch if they float in water. It may seem obvious to you, but you're not speaking their language.
Parent
Yes! AND Punishment for CIOs/CTOs (Score:3, Insightful)
The question that never gets asked is why all these companies were vulnerable to these attacks. I've worked for several Fortune 500 companies and I've yet to see one with good security. You'd think they'd be going out and hiring a bunch of security professionals after Sept 11 but I'm not seeing a whole lot for infosec or security on the job boards.
Until some CIOs and CTOs start losing their jobs over this crap, the cycle will persist.
They've already suffered enough (Score:3, Troll)
After all, judging by the virus code, it is almost certain that they had to use Microsoft software to create it.
5 years for kids??? (Score:3, Flamebait)
In the US, these same kids can just as easily steal a car, get drunk, and run you over while running a red light. Guess what? With a good plea-bargain, they'll get off in 5 years too.
What's more important, 5 years in the slammer for stupidity or 5 years in the slammer for killing someone? Get your priorities straight people...
Don't worry too much. (Score:5, Insightful)
Parent
Re:Don't worry too much. (Score:4, Troll)
No, no, no! They are T E R R O R I S T S! Come on people, if you let terrorists like these kids off the hook, it's only a matter of time before they start bombing things and mailing anthrax, right? Gotta be tough.
Parent
Re:5 years for kids??? (Score:3, Insightful)
They SHOULD be punishable to the letter of the law. Violence should be punished more.
Why? Is it deterence? Nope. Is it to cause fear? Nope. Is it to effect social change? Nope.
Its about fundamental fairness. When you cause harm to organizations and individuals out of spite than you deserve jail time. It doesn't matter if its a rock to the window, a fist to the face, a brick to head, a baseball bat to a car, or a virus to a computer. Its all essentially violence.
Putting them in jail for years on end isn't going to make them grow up any faster.
By the time you can read and write, by the time you can think and reason, by the time you are old enough to consider good and bad, consequences and chocies you are grown up. Right now you are an adult. Whether the law, or your parents, or your priest, or your government, or anyone else tells you that or not is irreleveant. You may not be fully educated, you may not have reached you're final hieght, but you are an adult. You should have the full rights of an adult, and be fully accountable.
Kids are kids, and then they grow.
Everyone grows. The only real question is here is when are you responsible for you're acts. The answer to that question is damn simple: when you are old enough to actively make choices that affect your actions.
So ask your self: those "stupid" things you did, where they illegal? Did you know or have reason to suspect they were illegal? Did you act in a way to cover them up/conceal them? If the answer is "yes" than you are guilty. Assuming you werent caught you lucked out - but you deserved to be caught and punished for those "stupid" things.
In the US, these same kids can just as easily steal a car, get drunk, and run you over while running a red light. Guess what? With a good plea-bargain, they'll get off in 5 years too.
Thats a travesty. In all senses of the word, that is injustice. The only price that can paid for a life taken is your own life - life in prison.
Make choices. Accept the consequences. Change the things you don't like. That's life. And as long as you can understand that, you are an adult.
We should harness the talents of 5cRi7K1DDI35 (Score:3, Insightful)
These kids are to young to go to gaol and the outcome of confining the kids to a cell for up to five years will only make them criminals.
I just think the punishment should fit the crime and actually make a difference to the outcome of such young and talented delinquents lives
Sigh... (Score:3)
BTW, I've read that in Israel white-collar crimes are punished more harshly than normal crimes. For example, if you commit copyright infringment you stand to spend more time in jail than a rapist. Can somebody confirm/deny this? (But then again, it looks like this is the way things are going in the US too with "hackers" being declared terrorists and all...).
I can't belive people are still falling for this! (Score:3, Funny)
*Woman peeks her head into IT Manager's office*
"Oh, and Bob, I opened that e-mail virus -- just like you told me not to!"
Attachment blocking at the server (Score:5, Informative)
I use a virus scanner on the Exchange server capable of blocking attachments based on extension (Scanmail by TrendMicro works nicely for me). I always block:
ade,adp,asx,bas,bat,chm,cmd,com,cpl,crt,exe,hlp
Bingo - no e-mail virus problems
I figure if my users really need them and the person sending the message is smart enough (and meant to send it) then they can zip it. If the sender wasn't smart enough to zip it, then I can always pull it out of the quarantine folder.
This Is Bullshit (Score:4, Insightful)
Computer crimes are MORE than sufficiently punished in the US, thank you very much. I don't know where you get off implying that the US goes easy on computer "crime". I had a little incident during my freshman year of college. The FBI was very determined to get me jail time for a ridiculously minor offense. It was only through sheer wit and creativity of my laywers that we got the offense down to a misdemeanor and a lousy 600$US fine. That was the most hellish time of my entire life and could have ruined my career forever. All over a tiny little deal (no damage was done).
Imagine what these kids would get in the US for writing such a worm. It'd be a helluva lot worse than 5 years in prison. So put your pro-punishment attitudes away and get real. Remember what our government does to computer criminals [freekevin.com].
Re:This Is Bullshit (Score:3, Insightful)
The FBI should be actually doing their jobs and hunting down murderers, rapists and people who actually hurt other people instead of hunting down people who write programs to piss people off.
Put shit into comparison for a second.
That's right, punish KIDS... (Score:3, Insightful)
Part of the process of being a kid is learning... While I do not approve destruction or paralizing IT infrastructures, this seriously bugs me depending on the seriousness of the punishment.
Meanwhile, LOADS of spammers are still clugging my Hotmail inbox at a rate of at least 20 spam a day, my ISP email account receives at *LEAST* 5 spams a day, multiply that by X amount of users, THERE'S a big bandwidth waste. These people are still running free and going stronger than ever!
Those lame virus lasts for about a week. If after that, anyone else gets caught, they need to *LEARN* the HARD WAY like "doing backup is a good idea because you never know when your system might fail", well the same should go with "Update that antivirus file, because you never know what might hit you". Heck, the antivirus programs offers to do it automatically, there's no excuses.
Re:That's right, punish KIDS... (Score:3, Insightful)
Yeah, riiight.
I am so sick of that goddamn clichque. Lets be clear: they did something stupid and will now pay the price. Thats right, they will pay the price. Five years? Yes, I think that is harsh. Punishment must be noticeable though - how about a ban on the use of computers/internet till they turn 18? How about restitution in full? How about lots of things..
They did a dumb stupid thing. I have no idea why people rationalize what kids do as "part of the process".
And it doesnt matter that is a virus. The computer aspect of it only really maters because its an international twist. We should all be prepared for a virus or malicious program - but the criminals in the case should pay like everyone else - regardless of whether or not they are in a "learning process".
hate crimes (Score:3, Funny)
I believe these kids are guilty of hate crimes [satirewire.com] against stupid people.
Canada does it best (Score:3, Insightful)
That is enough punishment for a silly prank.
And I can't simpathize with the people who blame the users for openning the attachments. Teaching users not to open emails that have "Hi" as the subject line is only a short term solution. Trying to get users to remember which types of files are executable is not an option either. (Until a year ago, I assumed that
A better solution is to not allow executable attachments which end in
An even better solution is for Microsoft to fix their programs or for people to not use Microsoft products.
procmail filter (Score:4, Interesting)
The extra level of 'abstraction' (the user having to rename the file to run it) has saved us from every major email born virus in the past two years while still allowing people to get there precious attachments if they are expecting them.
Defense against information warfare (Score:5, Interesting)
These virus writers are doing a public service. Serious problems with our communications infrastructure might not be fixed if it weren't for them.
Imagine what could happen if the first exploits of these security flaws came, not piecemeal from a scattering of amateurs, but rather from some adversary who could call on the services of numbers of technically proficient individuals. A hostile government say, or a terrorist movement that drew in disaffected persons in many countries. What if the vast majority of business users had no idea of how vulnerable they were until the system suffered a massive failure?
There is an enormous learning process going. People are finding out the hard way, what they would never otherwise have the time to focus on: computers can fail, for very subtle reasons, and we are more dependent on them every day.
Why let it go so far? (Score:3, Informative)
I really have little sympathy for IT admins who get killed by this stuff, there are a million tools out there to stop this stuff from doing damage way before idiot humans get their hands on it.
I personally would like to see more ISPs use this stuff, after all they're not obliged to carry any traffic they deem high risk to their users. They already block dodgy ports so windows shares aren't wide open, why not a complimentary virus scan on mail?
We must now bomb Irael (Score:4, Funny)
Re:What drives a script kiddie? (Score:3, Insightful)
I believe that every programmer, at some point, goes through a phase when they want to try everything under the sun just to say that they can/could/did do it. I never actually wrote a virus myself, but I definitely remember wanting to just for the sake of getting into the guts of a computer and seeing what makes it tick.
Most programmers have also been/are sysadmins. I believe this along with growth/maturity eventually lead to the desire to produce something useful, not destructive, for the rest of the world.
Unfortunately, some never get past it, and some just use pre-fab virus creators. These people for whatever reason didn't move on to the next stage of evolution and probably never will, but at the same time, they keep sysadmins in business and antivirus writers employed.
Re:What drives a script kiddie? (Score:3, Insightful)
Hmmm, maybe if there are more crackdowns on script kiddies and more slander against that kind of life these kids won't think it's 'cool' anymore. Just a thought
Same here... but I don't think crackdowns will help. I mean, they probably get enjoyment out of their creation growing (until they fully realized what they did). A better idea than crackdowns might be a controlled environment for kids to screw around in...
Of course, one result would be giving crackes experience / promoting it. But giving out free condoms could be viewed as promoting sex...
whatever. I can't see any especially good solution.
Re:Crackdowns cant even stop crime! (Score:3, Funny)
That should make it uncool enough.
Re:they didn't do anything wrong. (Score:3, Insightful)
Re:they didn't do anything wrong. (Score:4, Insightful)
That's a bad analogy. It's more like four kids pressed a button on the outside of the WTC at street level, causing the towers to explode due to an engineering flaw. In other words, there is no way for a mail message to directly cause harm to your computer. It must be interpreted by a program which you trust (a traitor, in other words) which is willing to harm your computer at the command of an outside party.
I absolutely can and do hold them responsible. Their decision to facilitate running programs that arrive in the mail without any kind of sandbox or access restrictions was an obviously dangerous one whose implications were immediately visible to people who understand computers. Microsoft spins their product as the omniscient gatekeeper to the internet and handholder to the clueless. They encourage the computer-illiterate to put their trust in Microsoft rather than learning how computers actually work. They created both the software and the culture that propogate malicious code. All of which means that they are greatly to blame for deliberately bringing into existence email viruses.
Parent
Re:they didn't do anything wrong. (Score:3, Informative)
That's a bad analogy. It's more like four kids pressed a button on the outside of the WTC at street level, causing the towers to explode due to an engineering flaw. In other words, there is no way for a mail message to directly cause harm to your computer. It must be interpreted by a program which you trust (a traitor, in other words) which is willing to harm your computer at the command of an outside party.
Agreed, there should be absolutely NO REASON why a block of text and/or data sent to your machine should do anything you don't want it to. Since it does, and since these viruses get written over and over again, with no end in sight, the blame is with the software writers.
Now I'm not saying these kids should be let off the hook. They did something that was wrong and costly. But if we don't want to have this happen again, punishing the kids accomplishes nothing. Actually it makes the future virus writers want to learn how to be more stealthy.
The solution is sandboxes or code-checking with proofs. Or better yet, just displaying email messages as TEXT-ONLY, like they're supposed to be.
Re:A Suggestion For Corporations and IT Profession (Score:3, Interesting)
Well, I know that if I told Stan from accounting I was going to send him a file, and in his normal scatterbrain manner, completely forgot about it, and subsequently had the attachment bounced and my account locked, Stan from accounting would lose his legs. But otherwise, this plan is good, if a little draconian. Maybe just filters against certain executable file types would be a better idea.
Re:What Language? (Score:3, Informative)
Re:Here's the other side of this coin. (Score:3, Interesting)
MS hasn't forced anyone to buy Exchange. Get it? Despite everything that has happened to disclaim its viability, its still very popular in many organizations. That's because the perceived value is greater than the perceived costs. Right or wrong, thats how it is.
If you run a crappy ass install of a crappy ass server with a crappy client with crappy ass users than you deserve whatever you get.
MS provides a product and all its nasties are out in the open. YOU have the responsibility to create a secure system/setup; YOU have the responsibility to choose an adequate product; YOU have the responsibility to patch/use 3rd party tools if and when needed.
The hoodlums here are the morons who wrote the virus. Complicit are the idiots who buy crappy products and who do not set them up properly. Complicit are people such as yourself who pawn responsibility off to someone else.
Kids aren't supposed to write viruses. And sys-admins aren't supposed to run insecure systems. Bad kids will be punished by going to jail; sys-admins will be punished by their company going out of business, getting fired, or getting hacked. Microsoft will be punished in marketplace.
Meanwhile, don't buy Exchange, hire good sys-admin's, and continue to put kids who break the law in jail.
.
No lawsuit's needed, thank you.