Massive DDoS Attack Brewing? 252
Quite a number of people wrote in with the news that CNN is reporting that a Back Orifice-like program masquerading as a movie clip is infecting thousands of computers worldwide. The prediction is that it's being setup for a DDos - but the technical details, are shall we say, "sketchy".
Re:Is it a criminal act to run this code? (Score:1)
Re: (Score:2)
Re:...sigh... (Score:2)
Most people who are gonna download this thing are gonna be looking for porn, so they won't care if "it needs a special file player", they'll download it and run it so then can see the action.
At least, that's my theory.
Finding a Cable modem on the Internet (Score:1)
Re:Since when were movies executed as code? (Score:1)
Re:Lack of security in the 'net (Score:1)
Re:English lesson (Score:1)
it's means "it is", its is the possesive. Its a shame that you can't use it right. In this case, it also is unclear, but I don't give a damn.
THE GROUP OF COMPUTERS combines into an unclear pronoun. Whatever that is.
And your last sentence is a fragment.
To hell with it though, cause I'm be a hick and I ain't here to speak english, and I'm be a tired of reading along and finding this crap.
Re:This sounds like a Tom Clancy novel (Score:1)
Re:And this 'evil sleeper virus' affects Linux how (Score:1)
Same thing is it with insecure OS. If you have security holes in your OS and someone installs a trojan to destroy your data or so, this IS your fault.
But let's say someone uses the security flaws of your OS to install a trojan that launches a DDoS-Attack against MY host, is it my fault too?
I doubt that.
Re:ASF as well as .EXE files (Score:1)
I didn't reference a Register story, I referenced a Linux Today story and the comments on it.
I accept your correction on the ASF script files.
I don't spread "rabid pro-Linux FUD". I simply reported on information I saw elsewhere.
Re:I knew this would happen (Score:2)
Which isn't to say that it absolves them of the consequences of their actions. Not in the least.
But to say that it's "free choice" and dismissing the causative role of the tobacco companies in creating a situation in which children wish to smoke is disingenuous at best.
The tobacco companies manufacture a product that is harmfully addictive, and go out of their way to promote that product to populations that are poorly informed regarding the consequences of their peer- and self-worth influenced choices.
They should not be let off the hook by the casual statement of "hey, free choice, man!" any more than any other company that creates hazardous situations for their workers, the general public or their specific consumers.
--
Re:DOS attack. Or solitaire, for that matter. (Score:1)
Re:DOS attack. Or solitaire, for that matter. (Score:3)
Apparently it puts the IP address of the machine it's running on in an IRC channel somewhere, where i'm sure there's a bot gathering the info. Pretty smart way of avoiding being traced
--
If it is a DDOS brewing, we can do something. (Score:2)
If not, what's to stop us listening on the channel as well, and connecting to each advertised IP address, sending instructions which deactivate the trojan? Raises interesting technical and ethical issues, but it seems to me like the ultimate in "white hat cracking"...
--
Re:Palmer says.... (Score:1)
Re:No Threat, except to your bankaccount (Score:1)
Re:CNN ? (Score:5)
Killing of a subseven network... (Score:4)
It was a huge project, took me around 8 hours to do, and was a huge pain in the ass. Subseven is a damn scary trojan, only has limited flooding abilities, but it can gather a lot of information and can redirect most anything. this would allow a cracker to gather personal information, bounce a web request off of it to use a stolen credit card, or ping flood some ip.
I hope to god they manage to catch these guys and that they don't pay much attention to the news.. heh.. i'm betting they are just using subseven to bounce off a client anyway, so their ip might be diguised. all I know is that 250 of these clients are no longer around because of me, and that makes me feel a little safer.
If anyone is involved in the clean up of these clients, please get in contact with me. I might be able to provide you with operational knowledge.
--
Gonzo Granzeau
Re:Consumer Security (Score:1)
Re:I knew this would happen (Score:1)
I like sarcasm. But raw text, devoid of subtle body language and foreknowledge of the author, has probability 1 of being misinterpreted. So if you care what people might say, one must be very careful with sarcasm on the internet.
The polite thing to do seems to be to add a smiley for the humor-disabled, so as to aid their faulty recognition. That, or use HTML like tags to indicate <SARCASM> and </SARCASM>. Except both of those seem to dumb down everything for the lowest common denominator, and generally ruin the joke.
More illustrations of the dangers of sarcasm can be found in this article [uexpress.com].
Re:WTF? (Score:1)
Pete C
Re:DOS attack. Or solitaire, for that matter. (Score:1)
Re:WTF? (Score:1)
Oh no (Score:1)
The problem, detected by a security firm that works for the Justice Department
NETSEC, founded by two alumni of the National Security Agency and Department of Defense, provides computer emergency services to the Justice Department.
This is simply nothing more than a soft form of the word Echelon
No but seriously. What we're seeing here is Department of Defense working closely with the Justice Department. While you and some other people might think something along the lines of "big deal", I'd like to conjure up a few memories of each of these department's history.
First of all, in the United States, the military is not to be used in the policing of Americans. Their resources are off limits to police agencies, and their personnel are prohibited from engaging in law enforcement activity outside the bounds of their property (ie Military Police on Military bases).
And for very good reason is this division. First of all, look at the Branch Davidian incident in Waco, Texas. This was a USDOJ/USDOD joint activity. We're just now beginning to realize to what extent the DoD was involved.
I honestly think this is the beginning of a new policy where America's military will continue a mission of American policing. That is unacceptable, as the consequences are staggering.
I mean, is it just me, or is Janet Reno REALLY going against what America has stood for in the past two hundred years?
This thing has been around for at least a month. (Score:1)
Re:Since when were movies executed as code? (Score:1)
If the clip is repackaged as a .exe. Most Lusers have no clue about the difference between an .mpg, jpg, exe, doc, ...
I work with profs who still don't ken the difference after working with these file extension associations for the past decade.
Re:Lack of security in the 'net (Score:1)
Password: admin
Oh yeah? Well, the password for @Home's support mode on their netdiag tool is:
login: athome password: athome
Just create a shortcut to the tool with the entry "netdiag.exe mode=support" at the end of the directory address.
Have Fun!
Inconsitances (Score:1)
And a little note of caution
And one more thing
I can relate (Score:1)
My girlfriend and I watched a movie clip about a massive back orifice once. She denied me her services for a week and a half. which half? the top half.
grunties, leave your inner ear alone.
ow my eye.
Re:I knew this would happen (Score:2)
Rounded to the nearest tenth of a percent?
Zero.
Even if you count military-owned weapons. Even if you just count handguns, or just count miltitary-appearing semi-automatic weapons, or pretty much whatever anybody feels like banning this week.
Hell, even if you just count handguns used by citizens in the actual prevention of an actual attempted crime, it is less than
America's supposed gun violence problem is a myth, manufactured by the media for the purpose of scaring people; because scared people watch the news.
Tobacco kills over 400,000 people a year. Guns kill about 35,000 Americans a year, and over 2/3 of those are drug traffickers killing each other.
And as for accidental gun deaths; there are about 200 per year. That's less than three times as many as caused by lightning, and it's been going DOWN steadily (as a percentage) for decades.
Hell, more people (302) die of falling down in the state of Colorado than die from gun accidents in the entire country!
There are something like 2,500 deaths by drowning in the US every year. If you want to save lives, outlaw swimming pools.
More people under 24 die in traffic accidents every year than the TOTAL of all ages who are killed by firearms, accidentally or on purpose. Make the legal driving age 24 and you'll save more lives than by outlawing guns, even if you could make all the guns disappear!
If you take out drug-related murders, guns are used to kill about 11,550 people a year, plus another 200 that die by accident.
11,750 people seems like a lot, but it's less than die from falling down in their homes! It's twice the number who die in workplace accidents, and we don't hear about an epidemic in that!
And when you factor that against the number of times guns are used to prevent a crime, whether you accept 500,000 or 2 million for that number, one starts to wonder where exactly the hysteria is coming from?
It's certainly not coming from the tens of thousands of women who protect themselves from rape each year with a handgun.
A media facing declining ratings made the whole thing up.
--
Re:HOAX ? (Score:1)
his tea yet today says, "The Feds have implanted
a controlling computer virus in Symantec's software, which will then be distributed world-wide in the mad rush to update virus checkers by every vulnerable user in the world."
Must have tea. Mmmm. Tea.
Question about this extension stuff (Score:1)
If this is true, why aren't the files named "foo.exe" rather than "foo.mov.exe" so they look more like movies.
(I think I know the answer, which a lot of people are not going to like: the answer is that "icons" are bunk, the letters ".mov" despite their cryptic nature, are far more compelling than any image to even novice users)
But if anybody has any better answers please tell me.
Also, are they able to make the icon an exact copy of the .mov icon by changing the icon embedded in the .exe? I recommend that MSoft at least show a generic .exe icon if this is the case.
Re:Stop it before it spreads (Score:1)
Re: (Score:2)
Hype, Hype, Hooray (Score:2)
I dunno, maybe I'm too cynical but don't the names "Serbian" and "Badman" sound just a little corny? Almost like they were made up by someone who read a few glossy articles about the computer underground and then decided to write some FUD that would get people's dander up? Can anyone not involved in the promotion of this exciting story confirm that these guys really exist and that they're not more than a couple of kids being l33t on an irc channel?
It just seems so convenient...
Re:I knew this would happen (Score:2)
Uhm, sorry; exceptions just include tobacco.
Guns and software don't injure 1 out of 3 of their customers.
Guns injure something like 1 out of 278,000 of their customers. For software, even Microsoft's crap, it's even lower.
Bicycles have a worse "injures their owner" percentage than guns.
--
Re:...sigh... (Score:2)
Don't let your elitism show quite so much. Most computer users probably fall into your "moron" class, and they really aren't "morons" if they don't know any better. Lots of people drive without knowing the fine details of their cars, and doing a good job of computer security requires a knowledge of computers at the same detailed level. What kind of computing education would you like to require?
In the case of having mostly relatively uneducated users, it's not unreasonable to ask why the infrastructure doesn't do a better job of preventing unwanted security exposure. No, I won't accept a MSBob view of computing either, but we should be able to develop an approach that gives us security without comprimising convenience. That includes not letting mail programs blindly execute programs that can directly modify the computing environment (both the mail program and the operating system are at fault here).
...phil
Stop it before it spreads (Score:5)
shutdown -h now damnit
Geoff
Technical merit? (Score:2)
Refrag
WTF? (Score:2)
Could there be less details? (Score:2)
I find all of this somewhat hard to swallow, given the lack of details given. Does anyone know of another article with cold, hard facts?
Eric
Re:Stop it before it spreads (Score:5)
Re:Since when were movies executed as code? (Score:2)
With the extensions turned off, you're forced to rely on the icon to tell you what the file is...
Massive automobile recall (Score:4)
Imagine the following press release:
REUTERS -- Somewhere.
A major car company has decide to issue a callback on one of their models. Under certain conditions a particular safe-critical part of the car might fail. Although the total cost of the recall is purported to be high, officials at the company were confident that it would not influence their quarterly results, due at some point.
Re:WTF? (Score:2)
Eric
Re:I knew this would happen (Score:2)
I will grant that a big chunk of those people committing suicide by firearm would most likely have found another way of killing themselves if the firearm had not been available, however the fact that you did not include their deaths in your "statistics" makes your argument considerably less persuasive.
BTW, I'm hardly an activist either way - I regard widespread gun use as the result of a "prisoner's dilemma"-type situation: I think the world would be better off if NO ONE had the ability to kill each other easily, but the moment at least one entity gains that ability, then the other members of the society will have to figure out how to nullify that power, either by defense (try to get back to no one having ability to kill each other easily) or offense (mutual assured destruction), in order to prevent that 1st entity from dominating the society. Unfortunately, game theory indicates that trends will tend toward the MAD scenario - and if everyone else has a gun, I certainly don't want to be the only person w/o one.
I definitely know that I don't like BS, and your post smells of well-polished BS.
I know you like Minesweeper... but... jeeez (Score:2)
"Professional Minesweeper is the BEST product ever. really."
Gonzo... please... say it ain't so!
Re: Here's the mad cow (Score:3)
do a find for
???????.exe
and
????????.exe
I think I've seen it. (Score:3)
They used the usual trick of nameing the .EXE somthing like foo.AVI.EXE, and made sure that the embedded icon colour matched that of the associated fake file type.
I dumped the file using 'strings', and it appeared to generate a fake error message regarding a missing codec, as well as a registry key to autorun a program at boot. I presume this trojan contained this code.
Re:Since when were movies executed as code? (Score:2)
Man. And I always thought mere hidden files were an insult to my intelligence.
--
Here's the beef (Score:5)
---
Bridging the Gap (Score:2)
With tools like MS internet connection sharing and cheap networking cable, clueless users are now capable of setting up (almost setting up?) ethernet networks from the comfort of their recliners. Of course, this added ability does nothing to impart new information to the users.
It is possible to set up secure MS networks (this is what I do...) but its not easy, especially when the default settings for so many things are open access to everyone. Unless MS changes the settings (not very likely from what I've seen) or someone comes up with an easy and well publicized way for users to set up at least moderate security, these things will only continue to grow.
Actually, one other thing that could help is for the ISP's to use short lease DNS and keep everyones IP address changing. That would at least make things a little more difficult for crackers.
I've helped check and set up connections for my friends and found that more than a few of them had permitted open file sharing with their computers when all they wanted to do was share a printer.
Oh, and for people who think this is just a MS problem so linux users don't have to worry, if they get enough computers, they can start attacking backbone segments. Then everyone gets shut out.
No Imagination (Score:2)
Great. Somebody is getting set to collect massive amounts of information from a gazillion PCs and install remote-control software, letting them do essentially anything.
And the only threat that folks see is DDOS? Get real. Denial of service is about as exciting and useful as a traffic jam.
Some crackers with a bit of subtlety could clean up. Lets's see, we could:
I'm sure just about any /. poster could come up with enough "interesting" ideas to keep the nice people at the Justice Department awake for a long time.
Re:WTF? (Score:2)
The Diable2 preview movie "trailer" that came out about a year ago was an
they double clicked on it, it load the internal viewer and then load the internal movie
then again, I got the file from http://www.blizzard.com and trusted it, if someone named "Bob" just emailed it to me in a chain letter I won't be so quick to run it. That and I would flame "Bob" for sending large data/programs over email...
Re:Technical merit? (Score:2)
========
Even better... (Score:2)
Re:WTF? (Score:2)
ASF as well as .EXE files (Score:2)
Better idea (Score:2)
1) Get modem and NIC manufacturers to modify the ports on their products so that they can eject a connecting wire under program control.
2) Write a virus that does one thing and one thing only: Triggers the wire eject on the NIC and/or modem.
This automatically removes virus-running morons from the 'net.
--
Wanna hook MAPI clients to your Tru64/AIX/Linux server?
Re: (Score:2)
No Threat, except to your bankaccount (Score:2)
Quite simple these guys want your money and they created a media hype to get it. No reason to flip. And now I am off.
Next... (Score:3)
Then, when the news reports that the new exploit does in fact send that message, and is in fact borne by a porno flick, everyone in your address book will know that it realy is true.
Heh heh heh. Maybe it will even count and report which scenes you replayed, and how many times.
--
Re:tell 'em to run ZoneAlarm (Score:2)
Just giving them Linux isn't going to solve the problem. You actually have to teach them how to implement security. Have you ever tried to teach your non-techie friends how to implement
----
Re:I knew this would happen (Score:2)
I discount that statistic for the simple reason that the CDC says there were only 30,535 total suicides that year, so how could 43,240 of them have been by firearm?
Also, statistics on places that have outlawed firearms shows that the effect is nearly zero; better than 99% of those who want to commit suicide will find a way, whether they have a gun or not.
But I see it as a freedom thing; if you want to commit suicide, who am I to say you aren't allowed to? And how is society worse off if you use a gun to do it than if you use pills or jump off a bridge?
Actually, society is probably better off if we don't have to fish you out of a river or repair the damage you cause to the bus when it hits you.
however the fact that you did not include their deaths in your "statistics" makes your argument considerably less persuasive.
Then what does the fact that the statistics you quote are nonsensical mean for your argument?
This is in fact typical of the anti-gun arguments; they quote easily-disproven numbers that are completely out of whack with reality, and conglomerate them into official-sounding foundations like Suicideology.org so that nobody will look too closely at where they come from. I got most of my numbers from the Centers for Disease Control and the National Safety Council. Some come from the Justice Department. Not only did I not go anywhere near the NRA's web page, but I'm not even a member. (Although I certainly appreciate the central role they've taken in reducing childhood gun accidents this century, and will undoubtedly join soon.)
All of the places I got my numbers from are run by an anti-gun Democrat Executive Branch, so if the numbers are off they're probably off in your favor, and they *STILL* support my argument.
My favorite tactic of the anti-gun folks is that whenever they quote numbers regarding children, they include everyone under 25!
And they count everybody killed in World War I, World War II, Korea, Vietnam, etc. in their "total American deaths by firearms" numbers. That one's priceless, because it means that even if civilians couldn't own firearms and criminals didn't own them, the numbers would hardly change.
And that brings us to the bottom line; gun laws only affect people who follow laws. Criminals by definition don't follow laws.
That's why *EVERY* state that has passed "shall-issue" concealed carry laws has seen an immediate drop in violent crime, greater than the national average drop. All of them.
Those statistics are from the Justice Department; check them out yourself.
--
IT IS A HOAX (Score:2)
The Register [theregister.co.uk] is reporting that this is a hoax.
Yes, the video is a trojan -- but it is a known trojan and is not a DDoS threat.
To summarize:
===========
"NETSEC alerted the Internet community about BackDoor-G2 by calling it 'Serbian Badman Trojan (TSB Trojan)'. News stories suggest that the controlling Trojan which is downloaded is a new threat -- it is not. Although the Trojan known as "Downloader" is new, the file downloaded is a known Trojan."
In other words, NETSEC's discovery amounts to nothing more than a publicity stunt by an opportunistic security firm in quest of free advertising in the form of media attention."
--
Re:Killing of a subseven network... (Score:3)
I was unable to script this setup because subseven uses a windows based gui. I was unable to find a command line version that did what I needed it to do. Basically, a command line version that would log in, remove the server, and log out would be great, but right now no such tool exists. in theory, I should have then been able to pass it to a for list with all my ip's i knew. Yes, it would have been nice, but cut and paste into the GUI was all I had the time. I've spoken with people at Cert and NetSec and was told that something like this in the works.
The long time was because not all hosts are on at the same time. The bot net seemed mostly international. so at the time that people in Japan are turning their computers on, people in the UK are turning their's off, etc. Hence, there was a constant flow of bots in and out of the channel. By grabbing the ip when they joined, I cut and pasted it to the subseven client program, and then removed the server. It was a REAL pain in the ass because the subseven server only allows ip's, not hostnames. Anyway, after around 8 hours of doing this, I felt that the botnet was permenantly crippled, and left the rest. The guy is getting followed by several people, removing the rest of the clients.
no, it wasn't the most elegant solution, and yes, it sucked. I should have packet sniffed the connections and recorded the output, so i could script the whole thing to automate it for this current botnet.
--
Gonzo Granzeau
Palmer says.... (Score:2)
But if a stranger came into your house, looked through everything, touched several items, and left (after building a small, out of the way door to be sure he could easily enter again), would you consider that harmless?
So lets continue the analogie. What if the builder of your house left a spare key to your house under the mat without telling you, but has been known by people in the industry to this at every house he builds? Who would you be mad at? The person who got in without a challenge, or the person that gave him the opportunity.
Re:Since when were movies executed as code? (Score:2)
Hmmm... Doesn't Windows use icons in .exe files? (It's been a while since I was near a Windows box) If so, even looking at the icon is no guarantee that the file is actually what it claims to be.
Re: (Score:2)
Re:Lack of security in the 'net (Score:3)
Ultimately, the responsibility falls on the user, but given the cluelessness of most home (and many office) users, and the inherent vulnerability of Windows, the network providers really need to step up and fill this gap soon.
There's no reason why filtering couldn't be built into the cable modem (the same way many of them now block NetBIOS), and updated by central control at the head end to block new threats.
That said, given that it's cable companies doing this, the login for administration would probably be:
Login: admin
Password: admin
Scary, huh?
- -Josh Turiel
Re:Could there be less details? (Score:3)
If, like most Windoze users, you don't change the default settings on your file viewer and you open most files by double clicking on document files, then once you had downloaded this file it would appear to be an ordinary file with the name MySissy. When you double-clicked on it, it would executre. I've not actually seen it in operation, but if the hackers were smart, they would have made it look like an MPG movie viewer and actually had it play a few minutes of a porn flick while it also did its dirty work.
Something like this is trivial to implement.
Re:WTF? (Score:2)
Re:I knew this would happen (Score:2)
I label myself idiot - I summed the entries in the suicide-by-firearm table @ http://www.suicidology.org w/o checking to see if they covered overlapping categories (which they do). Proper summation yields 30,535 number you mentioned above.
This is, of course, still ~30.5k more deaths due to firearms than you listed in your original message, a statistical modification which you conveniently dismiss as "their choice". You show a severe lack of understanding (or sympathy) on how depression can suppress critical thinking abilities & cause irrational behavior.
I certainly hope that, if there is no way to remove ALL guns from a society, then all gun-owners are thoroughly indoctrinated in safety. Unfortunately, that still doesn't remove the source of MY basic worry - as long as someone else has a gun, I have to worry about whether or not they're going to decide to shoot me (note that I don't distinguish between individuals or the "authorities" here). If they don't have a gun, then I don't have to worry about them shooting me - even if they're insane or really pissed off at me. All your statistics don't mean squat to me if you can't address that basic fear.
Children die when they get shot - why only include statistics for adults?
I don't think this was an issue with the statistics we were attempting to use (once I got my number right).
Bullshit - if weapons were scarce, then even criminals wouldn't use them (since the criminals wouldn't have to worry about being shot, and since they would be damn expensive.) Since they aren't scarce (through the very diligent efforts of US arms manufacturers), to maintain a MAD (Mutual Assured Destruction)-type balance of power, suddenly EVERYONE needs to get a gun - and I no longer feel safe.
Ah yes, the infamous correlation==causality argument - which is, of course, a classic logical fallacy.
I doubt anything I can say is going to change your mind, and I don't think anyone is listening to us anymore, so I'm going to get back to work now.
Re:Better idea (Score:2)
Is it a criminal act to run this code? (Score:2)
DOS attack. Or solitaire, for that matter. (Score:3)
It can then be used to launch a denial-of-service assault."
Yes of course. But then, it can also be used to launch solitaire. Sounds pretty upsetting to me.
René
hidden file extensions... (Score:2)
Re:...sigh... (Score:2)
The solution will involve multiple layers: improved security on the part of the operating system (no more immediate execution of mail attachments), improved configurations on the part of network providers (how to do this without strangling the two-way nature of the net is hard - I'd like to see people still be able to run servers from their bedroom), and improved education all around. I'm not hopeful.
...phil
DDoS via Movies? I do it everyday... (Score:2)
Look out Superfriends-"Wassup"-Guy! The DOJ will be coming after YOU!
Re:I knew this would happen (Score:2)
Lack of security in the 'net (Score:2)
I have a nice little cable router that does I.P. packet filtering and also doubles as a 4 port switch. It is made by Linksys and costs about $180. Hawking makes one that is just a router that costs in the $150 range. If the cable companies just told people they needed the hardware up front, people would buy or rent it and not complain...and be safer for it.
No Updated Anti-Virus Software (Score:2)
That's the same kind of BS Micro$oft has been spewing about the ILOVEYOU virus. It doesn't matter at all if the antivirus software is up to date, although that is a great idea, it doesn't protect against any of the newest worms, virii or trojans. That's the problem with all the major companies, they feel like instead of taking the blame for stuff like this, they have to blame it on the user for "not having virus software up to date". What they need to do is find the security hole and patch it, not blame the clueless user.
tell 'em to run ZoneAlarm (Score:4)
---
Re:What we need (Score:2)
Even personal firewalls that do intrusion detection has problems with trojan programs. Plus, you're at the mercy at the frequency of signature updates. Or run BO on port 5000, that throws some policy files off.
I saw a neat firewall made by ZoneLabs that does application control (pops up a dialog when a program attempts to connect to the Internet), but that is much more user intrusive.
Blocking all outgoing ports is an interesting idea but still problematic. A fun test I do on firewalls I test is playing with UDP port 53 (thats DNS). You can also send a DOS attack over port TCP 80, and even use valid http syntax too. The only other choice is bandwidth controlling, but even that won't help tremendously in a DDOS attack.
Anyone have any good ideas of how to defend against DOS and trojans, incoming and outgoing? The current firewall model is flawed with it's implementation. However, I can't think of any solutions, if there even is one.
Re:I knew this would happen (Score:2)
Then why is gun crime increasing in the UK, and decreasing in the US?
--
Bound to happen (Score:2)
I live in France and I am of of the first thousands of users who have had DSL and my linux firewall has been attacked several times by script kiddies, but the strong seetup hasnt allowed anyone in.
I remember of a internet cable provider setting up it's own firewall to protect its customers from nuke and stuff like that (and prevent them from sending any too) so that they don't have problems with their 24/7 connection.
I guess the only solution would be that everyhome had its linux / freebsd box to act as a router, proxy (protecting kids from porn), and anti hack system.
Hope everyone could be as lucky as I am...
D.
HOAX ? (Score:3)
Re:Palmer says.... (Score:2)
And, I'd sue the pants off the builder for negligence (and whatever else a lawyer could throw at him).
Oh, I almost forgot, since this post touched something related to the legal system I am required, as a good /. nerd, to add:
Comment removed (Score:3)
Re:WTF? (Score:5)
Actually MSNBC has a better story, including the reply from Network Associates that they think it's pretty much low risk.
Also names the file which goes under two names
QuickFlick.mpg.exe or MySissy.mpg.exe
Re:DOS attack. Or solitaire, for that matter. (Score:3)
- The hacked machine will be used for remote solitare.
- The hacked machine will be used for a DDoS attack
Which do you honestly think will be more likely?...phil
Re:What we need (Score:2)
Windows Firewall (Score:2)
Also protects against
Absolutely essential for anyone with a 24/7 connect.
--
Re:WTF? (Score:3)
That is true, for explorer. However, in Outlook the icon displayed for a file is NOT dependant on the extension -- it's set by the person sending you the e-mail. (I get documents created in Word 2000 that have the Word 2000 icon depicting them -- despite the fact that I don't even have Office 2000 installed). Here's one way to do this:
Open up Wordpad.
Drag whatever file you want to send in there.
Click on Edit ->Package Object ->Edit Package.
Change the icon to whatever you want.
Click Update, then close that window.
Drag your new object into an email and send it.
It's never as simple as it seems...
Could you embed a Virus in a Codec? (Score:2)
Question to those people who know this sort of thing...
does Video 4 Windows allow you to embed Codec download information into your video clip?
If it does, that may explain how a video clip (or any other streaming media requiring a codec) may be used as a virus transmission vector.
Just a thought......
Re:WTF? (Score:2)
Interesting quote ... (Score:5)
They're finally getting their terminology right
Pete C
Re: (Score:2)
Creepy? (Score:3)
This trojan horse attempts to download a program file from the Internet and execute it. The intended program file is no longer available on the Internet, thus it currently poses no threat to users.
This, in the context of the cnn report, I find to be a little bit creepy. And how the fsck do they know that the file is no longer available on the Internet? And then they go on,
This trojan horse was originally posted to an adult Internet newsgroup on June 7, 2000. It was described as an adult movie file. However, it actually attempts to download the file http://www.lomag.net/~ryan1918/MySissy.mpg.exe from the Internet and launch it after it has been downloaded. It performs no other actions. The program file no longer exists at this Internet address, thus this trojan horse essentially does nothing and poses no threat to users.
Re: (Score:2)