Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment: Re:No user interaction (Score 1) 322

by Altieres Rohr (#39693559) Attached to: New Targeted Mac OS X Trojan Requires No User Interaction

First, a drive-by download is not a malware category. It's an attack type. Viruses, trojans, worms can all be spread by a drive-by download, though trojans are the most common these days; spywares were the first to use it heavily, however.

Second, from your own link, drive-by downloads can be "downloads which a person authorized but without understanding the consequences". I remeber the term first being used to describe ActiveX and elevation of Java applets, both which require user interaction. See this, from 2004, using the term in this way:
http://www.benedelman.org/news/112904-1.html

If you check the Wikipedia's page history, you will see it was created with this very definition, too.

In other words, if you call something a "drive-by download" it does not necessarily mean that the user played no part in the attack.

Comment: Re:No user interaction (Score 4, Informative) 322

by Altieres Rohr (#39690045) Attached to: New Targeted Mac OS X Trojan Requires No User Interaction

Mass-mailers requiring user interaction are called worms since forever. But many older worms used some form of exploit code, and Melissa was called a virus because it was actually an Office file infector (a macro virus). It's easy to see the reason for confusion.

Love Letter was already being called a worm without exploiting any flaws back in 2000, though*, so was Sircam in 2001 and Bugbear/Thanatos in 2002. By the time Netsky, Beagle and Mimail were around, it was pretty clear a worm was any malware that replicated itself completely over a network and without the use of a host file. When USB drives became common, the term was used for those as well. Floppy viruses infected the boot sector ("infected" being the keyword); malware that spreads over USB just use the Windows autorun function.

Any malware parasite can infect a program that will end up in a USB drive, in the same way that the Parite virus ended up spreading over e-mail when it infected a copy of Beagle (IIRC). A USB worm specifically looks for connected USB drives and copies itself to them. There's a difference.

* http://www.cert.org/advisories/CA-2000-04.html

Comment: Re:No user interaction (Score 5, Informative) 322

by Altieres Rohr (#39689469) Attached to: New Targeted Mac OS X Trojan Requires No User Interaction

The definition of worm is not "malware that copies itself from system to system automatically without user interaction". Worm is self-replicating code that uses a network, by some defintions, and, by others, a worm is any malware that spreads by itself but does not parasite legitimate software (thus why "USB worms").

Although the Morris worm did not require user interaction, this is not true of all future malware that would be considered a worm. Malware that copies itself to network drives, P2P software shared folders, or attaches itself to or sends e-mail, IM or IRC messages are all worms.

As for trojans, any malware that does not replicate is a trojan. Back in the day, and even today, the only way to convince a user to run such software is by advertising it as another piece of software - thus why the trojan horse definition. Exploit code changed that, but they're all still trojans, and most still fallback to advertising themselves as a Flash player plugin or video codec when the exploit doesn't work. In any case, this new malware doesn't replicate, so it is a trojan.

There is no malware category to describe code that requires no user interaction to run. Exploits, worms and viruses and trojans all can do it, but that's not required by their definitions.

Reference: http://www.f-secure.com/en/web/labs_global/threat-types

Comment: Massive misinformation (Score 1) 85

by Altieres Rohr (#37986274) Attached to: Brazilian ISPs Hit With Massive DNS Attack

I'm the Brazilian journalist who first reported on this issue.

These attacks are not massive. They are happening in a server each time, and the ISPs use many different servers. As such, the number of affected victims each time is small. However, it is true they are ongoing. ISPs and users need to take action now and protect their DNSs and home routers, respectively, though ISPs are also to blame because they use the same password for the default configuration on every router. Plus, user complaints can be found days apart - but DNS cache poisoning only lasts for a few hours. In other words, there are multiple attacks.

There's info indicating this has been going on and off since at least 2009, but we hadn't heard of it because they were only redirecting banks to identical pages. Now they're trying to use Google, Facebook et al to infect users with trojans, which is far easier to notice.

It's also true a sysadmin was arrested for accepting a R$ 10,000 (about US$ 6,000) monthly bribe to change the DNS configuration in an ISP, probably a small or medium-sized one.

I'm a GVT user (one of the affected ISPs) and I have verified my DNS server went from not using random ports to using random ports. I last checked this about two weeks. So yes - this is happening, and they have taken some action. But the DNS server I use was never poisoned, and many other users have not seen or noticed these attacks.

Sony

+ - Sony PlayStation Network Breached, 77 Million User->

Submitted by Runaway1956
Runaway1956 (1322357) writes "Sony is warning its millions of PlayStation Network users to watch out for identity-theft scams after hackers breached its security and plundered the user names, passwords, addresses, birth dates, and other information used to register accounts. Sony’s stunning admission came six days after the PlayStation Network was taken down following what the company described as an “external intrusion”.

The stolen information may also include payment-card data, purchase history, billing addresses, and security answers used to change passwords, Sony said on Tuesday. The company plans to keep the hacked system offline for the time being, and to restore services gradually. The advisory also applies to users of Sony’s related Qriocity network.

In short, Sony has been pwned — AGAIN!"

Link to Original Source

HELP!!!! I'm being held prisoner in /usr/games/lib!

Working...