Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Wikipedia Used To Spread Virus 116

Posted by Zonk
from the ware-the-internets dept.
eldavojohn writes "The German Wikipedia has recently been used to launch a virus attack. Hackers posted a link to an all alleged fix for a new version of the blaster worm. Instead, it was a link to download malicious software. They then sent e-mails advising people to update their computers and directed them to the Wikipedia article. Since Wikipedia has been gaining more trust & credibility, I can see how this would work in some cases. The page has, of course, been fixed but this is nevertheless a valuable lesson for Wikipedia users."
This discussion has been archived. No new comments can be posted.

Wikipedia Used To Spread Virus

Comments Filter:
  • by krell (896769) on Sunday November 05, 2006 @02:41PM (#16727465) Journal
    How better to teach about viruses than to have an actual virus found at the http://en.wikipedia.org/wiki/Virus [wikipedia.org] entry?
    • by topham (32406)

      really? you want everyone that's slightly curious to be able to download a virus?

      • Re: (Score:2, Funny)

        by The Creator (4611)
        Yes.
        • but with the source code too!
          • I actually see nothing wrong with this and it would be a useful resource.

            When I was younger, I had a directory dedicated to viruses... Just in case I ever had someone I needed to get revenge on. hehe

            Erm, maybe this isn't such a good idea after all...
            • by 2008 (900939)
              I used to keep a few zipped up and inactive just to make sure that my virus scanner was still working, and hadn't been e.g. disabled by a virus.
    • From the article:
      > "if there really is a new threat on the internet, you're likely to hear about it first from the security companies, not an online encyclopedia."

      Is that a challange?
      • No, this is not a challenge. Security companies are primary and secondary sources. Encyclopedias such as Wikipedia are tertiary sources, with policies that require articles to be verifiable through reliable sources.

        • policies that require articles to be verifiable through reliable sources

          You don't know Wikipedia very well, do you?

          • I know that English Wikipedia contains a lot of articles that can best be described as works in progress. Be bold about bringing this to editors' attention: put {{unsourced}} at the top of each poorly sourced article and {{cn}} after each questionable assertion. This will get the article on the radar of obsessive-compulsive fact checking editors.

        • by krell (896769)
          "Encyclopedias such as Wikipedia are tertiary sources, with policies that require articles to be verifiable through reliable sources."

          No, it doesn't. This "requirement" is actually just a recommendation in practice. I don't know the percentage, but I see many articles that are not verified "through reliable sources."
          • by tepples (727027)
            I see many articles that are not verified "through reliable sources."

            Would you please provide a partial list so that I can go in and request a search for better sources?

    • Well, this is just another example of a large institution (Wikipedia) discriminating against Linux. Why don't they publish Windows and Linux viruses side by side, for an objective comparison?
      • Re: (Score:3, Funny)

        by krell (896769)
        "Why don't they publish Windows and Linux viruses side by side, for an objective comparison?"

        Did you know that there is an entire version of Wikipedia that contains an encyclopedia of Mac viruses? Unfortunately during a server move, someone downloaded it to a 2k memory segment on a flash drive. Someone sneezed and it got lost in the carpet and has not been recovered yet.
      • by rtb61 (674572)
        Speaking of M$ windows does that mean wikipedia is now no more or less reliable than the most used commercial operating system http://www.microsoft.com/windowsxp/home/eula.mspx [microsoft.com] ;-). They specifically do not warrant against the inclusion of viruses in the operating system.
    • "This article is about a biological infectious particle; for the computer term, see computer virus."

      I don't think that type of virus fits through these tubes.

      If only it did...
  • come on (Score:3, Insightful)

    by Janek Kozicki (722688) on Sunday November 05, 2006 @02:43PM (#16727481) Journal
    People with reasonable sense of life will not trust complete strangers. Any information from complete stranger (on the street, or from the wikipedia, what's the difference?) is just that - a information to consider. Ignore it, or verify if it's true before making some real use of it.

    OTOH dumb people will always get what they deserve. They will screw their life by trusting complete strangers and also they will screw their PCs, again - what's the difference?

    How come, dumb people can expect to be being protected from complete strangers. And by whom? By other stragers? That article is plain FUD.
    • by kentrel (526003)
      Any information from complete stranger (on the street, or from the wikipedia, what's the difference?) is just that - a information to consider. Ignore it, or verify if it's true before making some real use of it.

      You are a complete stranger; how can I trust this advice!!???
    • People with reasonable sense of life will not trust complete strangers. ... dumb people will always get what they deserve. They will screw their life by trusting complete strangers and also they will screw their PCs, again

      Don't blame the victim, their only fault is to trust Microsoft. Do you know and trust people at Microsoft or are they just another group of "strangers" who screwed your PC with stuff that's easy for malicious people to exploit? I trust another group of "strangers" at Debian but have

      • to all who replied.

        thanks people, all your replies were indeed right. I stated my opinion too strongly, and now you are all streching it a bit more. Let's rephrase that, then 'take everything with a grain o salt', sounds better eh?

        re: eating in restaurant - owners will get bad publicity in newspapers if someone got sick there, that does not pay off for them so they care. However microsoft already has bad publicity, and they do not care.

        People you have dealt with before, or belong to organization you dealt w
        • See, there's this thing with discourse. The meaning of what you say is always contextual.

          If someone is going out to a rough part of town, I would advise them not to dress too nicely and to carry little cash. If they get mugged, though, I won't blame them. While there is an instinct from some to find a single point of responsibility for every event, in fact, there are multiple perspectives, multiple contexts, and a variety of ways of looking at responsibility.

          So, "take things with a grain of salt" is good ad
      • Here, download and compile this tasty little tarball treat... ./configure content: #!/bin/sh rm -rf ~
    • by mctk (840035)
      People with reasonable sense of life will not trust complete strangers.

      I assume you've never flown. Or eaten at a restaurant.
      • by interiot (50685)
        Or driven near other cars. Or purchased a product from anything other than a locally owned company. Or installed software written by someone other than you personally know.
      • by maxume (22995)
        I wear my seatbelt because of this(and because I have firsthand experience with one working...). The level of trust that people give to absolute strangers when they get behind the wheel is huge. Freaky huge.
    • by buswolley (591500)
      Really... Perhaps you think too much of yourself. There is a difference between knowledge and stupidity. Are you in a position to understand the position the non-computer tech/ non-c.s. etc must contend with while on the internet? These aren't all dumb people. These are people with different focuses in life. I bet many of them are aware of dangers in other mediums that you would not even notice. So fuck off snob.
    • The only problem that i see with this development is that the general public still doesn't really know what wikipedia is all about. They think that is some kind of web page maintained by a few that talks about everything. Or worse, they think that there is a company or institution behind it. They really don't know that anyone, anywhere can edit the content of wikipedia. Daily, I encounter people that seem to be sure that some divine entity makes sure that the content of wikipedia is fine. When i inform them
    • People with reasonable sense of life will not trust complete strangers.

      People with a reasonable sense of life realise that somewhere along the line, they will have to trust something. This will, in 99%+ of cases results in trusting a stranger. It really can't be helped. If you wanted to verify it, where would you turn? To an encyclopaedia, or textbook? Another "complete stranger" information source?

      Any information from complete stranger (on the street, or from the wikipedia, what's the difference?) is just

    • How the FUCK can you call the article FUD? Did you even RTFA, you knee-jerk twit?

      Sorry, but I am SICK AND FUCKING TIRED of people throwing around the "FUD" label so easily. First it became a synonym of bullshit (newsflash: "FUD" is a malicious, systematic campaign of disinformation and misleading information. "Bullshit" is a much broader term. All FUD is can also be classified as bullshit, but the reverse is not true.) The article reported the FACTUAL EVENT that some German hackers used Wikipedia to
  • Don't worry (Score:5, Funny)

    by anaesthetica (596507) on Sunday November 05, 2006 @02:46PM (#16727497) Homepage Journal
    Wikipedia, of course, is self-healing. Within two minutes, the virus was replaced with a large picture of a scrotum.
  • uh-oh! (Score:2, Funny)

    by Anonymous Coward
    Better not follow this link then:

    http://en.wikipedia.org/wiki/Syphilis [wikipedia.org]

  • by macadamia_harold (947445) on Sunday November 05, 2006 @02:55PM (#16727573) Homepage
    The page has, of course, been fixed but this is nevertheless a valuable lesson for Wikipedia users.

    According to wikipedia, the number of valuable lessons for Wikipedia users has TRIPLED in the last six months!
    • by bazald (886779)
      According to Wikipedia, the number of jokes regarding something tripling in the past six months according to Wikipedia has tripled in the past six months!
    • Thank you for reminding us of an example of how problems on Wikipedia are quickly fixed. :)
  • The main thing this shows me as that as Wikipedia is growing popular, more parasites are grappling on. Or rather, those parasites have a greater impact. As they say in french: "C'est la rancon du succes".
  • Wikipedia Hijacked to Spread Malware

    Hijacked? That's a really over-exaggerated statement, as anybody could've edited the page to add the link to the virus. Now, if they actually hijacked it to, say, automatically download the virus to the user's computer, that would be a different story, not that it would've affected people who patch their computer.
  • Eh... this article [heise.de] appears to say that the leet hax0rs only put a link to the German article about W32.Blaster [wikipedia.org], and then used ordinary phishing techniques (i.e., set up a fake domain wikipedia-download.org, misused the Wikipedia logo, etc, etc...)

    In other words, plain ordinary ho-hum phishing attack. Where's the blood? Where's the guts? Where's the annoyances?

    I was already worried that there would have been some serious problems with the way MediaWiki handles JavaScript or something. Like back when some

  • They linked to a virus, but acualy wanted to link to No_Virus_Realy.exe [example.com]

    OK, I am off to submit a story how Slashdot has been used to launch a virus attack.
    • Facinating. Your post demonstrates a weakness in the code used to identify link targets here on slashdot. The bracket says "example.com", but the link goes to it.slashdot.org! I wonder if that could be abused... (and no, I don't have time to look at the slashcode source code to find out!)
      • by Jugalator (259273)
        Hmm, I can imagine some way of hiding goatse guys with this. :-/
      • Well, I did look at the page source:

        <a href="http:example.com/some/virus/ise/here.exe" title="example.com">No_Virus_Realy.exe</a>

        Since the link doesn't contain a properly formatted protocol prefix (it should be http://) the browser assumes its a local link and prepends the current page's server name to it. If you change the url to browse the page using a different section (say apple.slashdot.org), then the link goes to apple.slashdot.org/example.com/...
  • It was seriously coming sooner or later. People seriously don't know what to trust, and what not to trust. Wikipeia is NOT a software repo. They should have been using linux, anyway :)
    http://what-is-what.com/what_is/open_source.html [what-is-what.com]
  • Simply because they are not an official source of information

    And such attacks should continue until they put up a disclaimer regarding the information made available thru wikipedia as not being official.

  • It's got nothing to do with Wikipedia -- Don't follow spurious 'urgent' links in email -- whether it's to your termination notice, or a wikipedia article. Email back to someone you trust asking if it's real -- then you can decide if it's trustable.
    • by zCyl (14362)
      It's got nothing to do with Wikipedia -- Don't follow spurious 'urgent' links in email

      Just wait until someone comes up with a virus which edits Wikipedia with links to itself as a method of propagation. The spammers have been doing this for some time, and it's only a matter of time before the virus writers start doing this as well.

      Then it will genuinely be an issue of the degree of trust you can place in a link found on Wikipedia.
  • "... & credibility"

    Eh?? Where d'you get that from then?? You don't want to believe everything you read in Wikipedia, you know.

    (Today's earlier Wikipedia story - some of the stuff there is ripped off from other sites anyway.)
  • The lesson?

    If you insist on running insecure desktop software, it isn't safe to use the Internet.

    But will it be learned?

    20 years and it hasn't yet.

    - MugginsM
    • by NineNine (235196)
      What a pretentious prick. Do you go up to people who have had relatives killed in car accidents and tell them it was their own fault for not driving a Sherman Tank?
      • "What a pretentious prick. Do you go up to people who have had relatives killed in car accidents and tell them it was their own fault for not driving a Sherman Tank?" Probably not, but when you compare the trouble of buying a Sherman tank to just updating your operating system. It's more like criticizing a person for not wearing a seatbelt - a more valid comparison than the exaggeration you decided to use.

        • I see it as more similar to getting locks on the doors of your home and closing windows before you go out.

          Is it fair you have to go to this extra hassle and cost? no.
          Are the crooks really to blame? yes.
          Will blaming them and leaving your door unlocked solve the problem? no!
          Will catching the occasional crook solve the problem? no!

          The Internet is a really big place. Crime happens. It sucks, it's the fault of the bad guys. But you
          still need to lock your front door. (or run a secure desktop)

          - MugginsM
      • No, but if they aren't wearing seatbelts the government and insurance company rarely give very much monetary sympathy.
  • This is just the ancient problem of people blindly trusting anything they're told in mails.

    The problem isn't the authority Wikipedia has received, that's just a sub-problem, the real problem is the authority e-mails have got, to the point of users trusting them enough to download random things even if they don't know the person sending them.
  • I'm confused why someone would download a file from wikipedia? Read the article, fine. But why would you download something from it?
    • by mgblst (80109)
      Maybe the link references a paper, with a link to the pdf. I don't think that this is so hard to believe, especially when most people don't even understand what download means? What is the different between going to a webpage and downloading a webpage?
  • For instance, Moodle has a built in feature that lets you run all uploaded files through a server a side anti-virus application (by default CLAM, but commercial ones can be used as well if you have a server side license).

    Seems to me that Mediawiki should be able to do this with uploaded files..of course users should all patch their systems and not trust any downloaded files regardless of where they are from. But it does seem to me that the host site should certainly scan uploaded files as well.
  • There is NO WAY I am clicking on the link in the submitted articles summary. It could be a virus on the other end; you know ... the kind of virus where I have to download and run it myself to be affected?

    Not this kid . I'm off to have sex with a goat [goatse.cx] instead; it is more safe. Does anyone have a trojan for me?
  • I'm glad this was tagged FUD, because the FUD is in the title. I think we should have tagging for articles and tagging for the titles as well.
  • Ok Seriously What the HELL is the matter with these people? There should be limits to the "we do it because/to see if we can" excuses crap. A community-based project like the Wiki should not have been targeted, it is an effort of people willing to contribute, for everyone's benefit.
  • Its ok for slashdotters to say that people should not trust email links and dowload stuff from wikipedia, but what about others?
    I have spent hours explaining to my friends and relatives why links in emails are bad, but that does not stop most of them from exploring them once in a while.
    To add to that, my friends and relatives have seen me visit wikipedia, they have heard me explain how I find a LOT of useful information at that place!
    If a mail links to wikipedia, I can see my mom recollecting that I go

Logic is a systematic method of coming to the wrong conclusion with confidence.

Working...