New IM Worm Installs Own Web Browser 479
Aquafinality writes "A new IM worm discovered recently takes the novel step of installing its own web browser onto the victims PC. Ironically titled "The Safety Browser", its default settings actually make your PC less secure - switching on pop-ups, changing your home page and hijacking your desktop with a looped music track that plays every time you switch your computer on.
It's clear people cannot resist clicking "yes" to anything they're presented with via IM - with this in mind, what on Earth can we do so stop the spread of garbage like the above? To put it another way, will reducing the amount of potential "suckers" out there dissuade the bad guys from coming up with ever-more elaborate ideas such as this latest scam? Or is IM safety a lost cause?"
IM safety? (Score:5, Interesting)
It's very hard to stop people executing something thats sent to them by someone they know - but for other vector methods, perhaps people should consider an IM client that doesn't [securityfocus.com] include [cert.org] activeX [computerworld.co.nz]
Anyway, mildly interesting, the worm makes no attempt to hide iteself with a "You are beaten, it is useless to resist" desktop paper (!) and music on startup (from TFA) Worse still, music starts to blare out of your PC. Not just any old music - bad music. Bad looped music, with screeching guitars and awful drum n' bass beats.
But not to worry XP SP2 users, you're protected.... again from TFA: snigger....
I know where this is headed (Score:5, Interesting)
You KNOW they will. That's the level of what we're talking about.
For one thing people have become accustomed to random stuff showing up on updates and upgrades. The remore operatior will simply launch a splashscreen that says "A gift from Microsoft for your loyalty!" and people will go nuts. For another thing, there is a good deal of evidence accumulated over the many years of this malware war that the users who are keeping malware authors in business are total noobs. Many are developmentally disabled, or are children, or are computer phobes who avert their eyes when the machines "does something odd". Some are simply dumb as cabbages. They click "yeah sure, pwn me" on every dialog box because they are functioning as part of the attached peripherals a NOT an intelligent user.
No, I'm not bitter. I'm not being sarcastic. I've woken to the reality. This is our world, and we white hats are just a liitle slow on the uptake is all. What this suggests about computer ownership (like maybe you need an operator's license, as required with radio broadcasting, if you are going to traffic in the public sphere) is probably the next frontier of the discussion, that's all.
Trusted Computing (Score:3, Interesting)
1. An OS with a solid configurable TC implementation.
2. A knowledgeable computer user sets up the OS for the executablerunning IM user.
3. The OS is configured to only run applications from certain vendors (Mozilla, StarOffice, Microsoft?).
I would love to have TC for my sisters computer. She has never had the need to run any applications besides the ones I have installed.
Or is this already possible with any OS? The ability to specify a list of allowed executables and the disability for a user application to change the list.
Re:Again, is it IM's fault? (Score:5, Interesting)
Probably not, because the typical default access for a linux user is unprivileged (I've been working intensively in the linux environment, and I'll bet I've not been logged in as a privileged user (i.e., root) more than two or three times a year during that span).
I'm not sure how long user privilege separation is going to continue to be the great protection it is now, once the majority of desktop users have it. Consider a single user desktop with privilege separation (linux, vista (supposedly) or os x):
1) Malware downloaded & executed by dumb user.
2) Malware sets itself to start at that user's privileges when the user logs in.
3) Malware can do many things at malware level at least when user is logged in (including periodically checking its update server for local privilege escalation exploits it can run).
We're about to enter an age of smarter malware, that takes its time getting root, and keeps a low profile (maybe a little keylogging here or there) until it does... you read it here first
Re:Trusted Computing (Score:2, Interesting)
All trusted applications will be runnable.
Think of the XBOX, only signed games can run, in this scenario, microsoft are the trust authority, if a piece of software remains unsigned then it cannot be run.
However, this only gives a false sense of security because all it takes to break this is somebody finding an exploit in a data file allowing unsigned code to be read and executed.
No TCP system will ever be able to handle signing every single data file although the RIAA/MPAA would like this.
A lost cause (Score:2, Interesting)
Thankfully, their ignorance means more money and work for me in my business to fix their problems that they brought on themselves.
If they're stupid enough to open something from a program that they know could be bad, then they do deserve whatever they get.
It used to be smart people using dumb computers - now it's dumb people using smart computers.
Re:Linux installing worm (Score:2, Interesting)
an April Fool's Joke around 1999 after "Melissa" had hit the
internet. The basic premise was to take
the Microsoft virus/worm attack of the day and piggyback
onto it kickstart or something like it.
The only problem at the time was the bandwidth requirements for
getting millions of basic Linux installs on all those Windows
boxes was prohibitive -- No one server could feed all those
client installs --- at least not in 1999.
However, now that we have Bittorrent and it's fairly robust,
Tuxissa now seems much more doable. In fact, it would be
the easiest way for a sysadmin who was tasked to convert
a local Microsoft network into a Linux network to go --
just pick the known exploit of the week and marry it up with
kickstart+bittorrent and seed server and away you go ---
boom! Instant Ubuntu/SuSe/Fedora/Debian/Slackware/whatever
local network.
--Johnny
Internet Noob "Final Solution" (Score:2, Interesting)
Any other bots and spyware on that machine go away, and the user ends up with a clean factory restore (after his brother-in-law comes over to show him how to use the restore disks).
Over time, this could be modified to seek out zombie machines directly.
How is this an "IM" worm? (Score:3, Interesting)
Perhaps re-examining the actual exploit rather than delivery medium as the cause would be a good way to head toward right direction in my opinion.
Darwinism - Top Posted (Score:1, Interesting)
I'm tired of the moron. It's time they felt some pain.
This "worm" will knock the morons and AOLers off the net and then I no longer need to worry about them. Let it ride...
Re:Again, is it IM's fault? (Score:5, Interesting)
I think using virtual machines as sandboxes could go a long way towards improving security also. Imagine a distro with a super-locked-down secure OS that only ever runs a single app, which is a virtual machine app (VMWare, Xen, whatever). The user does everything inside this virtual machine's guest OS, and never installs or runs any other software on the host OS.
With that setup, it would be easy to "checkpoint" the state of the system and restore it whenever things have gone wrong (due to malware, user mistakes, whatever). (A clever diff-based mechanism might be able to make OS-state saves/restores fast enough to be done automatically in the background, say once a day). Even if the guest OS was completely compromised by malware, it would still be impossible for the malware to prevent the user from using the (uncorrupted) host OS to "rewind" the computer back to before the infection occurred. The host OS could also keep an audit trail of what happened when inside the guest OS, to help the user find out where things went wrong.
make a friendly worm... (Score:5, Interesting)
"hi, your computer is obviously insecure - may I install
[] firefox
[] thunderbird
[] AVG free (Antivirus)
[] hijackthis
[] and one of the following freeware firewalls: [insert firewalls here]
for you? - P.S. I'll install the software from official mirrors, no faked, phishing software - if I wanted to harm you, I could have done this already
[No] [Yes]
may I also interest you in
[] OpenOffice
[] miranda
[] bsplayer
[]
[No] [Yes]
May I recommend myself to your friends?
[No] [Yes]
thank you for your interest
I'll remove myself from your system now. goodbye!
[OK]
I think most people that stick with ms software do this because they have no clue how to install alternative software (seriously - my family uses PCs for 14 years now and still they call me and ask me how to install this and that software) so make a "worm" that assists you in making your pc more secure (and shows you that you need it at the same time) maybe put in links to small, easy-to-understand "getting started" sites...
It's been done before (Score:3, Interesting)
Reflex Action (Score:3, Interesting)
Re:I know where this is headed (Score:3, Interesting)
That's a darn good idea. And, yes, some people would get pwned, and not necessarily because they're "stupid".
Perhaps the results of such an experiment would help to enlighten the gearheads-in-denial (you can spot 'em every time topics like this one come up) who think problems like these are all the user's fault, or that they're fixable with just a little education. Wrongola, on both counts.
Re:Again, is it IM's fault? (Score:3, Interesting)
If you understand multiuser security, you understand Windows security. It's basically the same as the Unix model, with a few twists:
+ Administrator is not quite as all-powerful as root -- still bound by ACLs for example
+ ACL permissions apply to not just files but also registry keys
+ There's a policy layer to control who can perform certain actions (setting the clock, installing device drivers, etc).
The entire computer-as-an-appliance model of how a computer should behave in Windows just doesn't lend itself to the notion of a "privileged account". You don't have a privileged account in your toaster or your microwave, do you?
I strongy agree with this sentiment. Multiuser security wasn't designed for personal computing and really only works on the desktop as a kludge. PC security is never really going to work until we have a system that acknowledges that the "user" is not a trust level. Instead, it should be task-oriented. For example, installing software is a high-trust activity, while (say) running Kazaa should be severely locked down.
the malware will become "more clever" and thus that my machine will be less secure than it is now.
The malware is already pretty damn clever in a Windows system programming sense. It's probably unavoidable regardless of the system put in place.
Re:Again, is it IM's fault? (Score:3, Interesting)