Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
The Internet

Four Kids Confess to Goner Worm 539

Posted by CmdrTaco from the hope-they-get-grounded-with-no-dinner dept.
imrdkl writes: "4 kids in Israel have confessed to writing and distributing the Goner worm, according to Fox." Yet another annoying worm comes and goes, wasting countless IT hours, to say nothing of bandwidth. The kids face up to five years -- of course since they aren't in the U.S., they might actually be punished.
This discussion has been archived. No new comments can be posted.

Four Kids Confess to Goner Worm More

Four Kids Confess to Goner Worm

Comments Filter:

  • 5 years? (Score:2, Interesting)

    by Your_Mom ( 94238 )
    After myself being called to fix a customer's sExchange (Yes, NT, I'm young and I need the money) server that barfed its guts on the floor because of this, you can hand them over to my IT dept, we really wanted to take them out back and flog them repeatedly last week.

  • Well blahs all around (Score:4, Insightful)

    by GlassUser ( 190787 ) <slashdot.glassuser@net> on Saturday December 08, 2001 @09:35PM (#2677105) Homepage Journal
    At work, we got it about 1100 EST. One user got it and ran it, and it cascaded. Our servers groaned for about 30 seconds, by that time, the mail admin had run into the server room and yanked the network cable to them. Honestly, I don't think the fault rests on these kids at all. Sure, I guess they should face punishment if they broke the law, but that's their country's problem. I don't blame them.

    If our users had listened to the rules, this wouldn't have been a problem. But within 30 seconds of the attachment entering our network, over 50 users had run it. Why can't someone hold the irresponsible user at fault? The instructions are easy - don't run attachments you weren't expecting. Instead of blaming some kids for playing around with code, why can't we find fault in the people that don't follow their instructions?

    Yeah, I'm ranting, but to make something constructive out of my waste of bandwidth, how can we get the users to listen? Anyone have effective tools? Yeah, I'm all for firing the ones that can't observe policy, but that would mean firing my boss too. And she's actually pretty decent, as far as managers go.
    • "If our users had listened to the rules, this wouldn't have been a problem. But within 30 seconds of the attachment entering our network, over 50 users had run it. Why can't someone hold the irresponsible user at fault? The instructions are easy - don't run attachments you weren't expecting. Instead of blaming some kids for playing around with code, why can't we find fault in the people that don't follow their instructions?"

      Thank you for saying this. It's not the virus makers that bring down networks, it's the people who fall for the same social engineering over and over again and click on the attachment.

      I am scaring myself now because I am agreeing with the NRA - I've brought the 'guns don't kill people, people kill people' debate into this as an analogy. I apologise in advance for starting a flame war.

      • While I wholeheartedly agree with your NRA argument, I don't think this analogy is very accurate -- you say that people who run the attachments (i.e. the victims) should be responsible; wouldn't that suggest that you want the gun shot victims to be held responsible, instead of the people who shot them?

        At any case, I do believe that virus writers should be held responsible, but I don't think the solution is the so called "cyber crime" laws or anything that focuses on the means rather than the cause.

        • Re:Well blahs all around (Score:5, Insightful)

          by slackergod ( 37906 ) on Saturday December 08, 2001 @10:59PM (#2677429) Homepage Journal
          This is more like handing someone a handgrenade,
          with an attached note saying "pull this pin,"
          and that person then proceeding to pull it,
          even though they have been told OVER AND OVER
          that if they pull the pin on a hand grenade,
          it will hurt them.

          The virus is dormant, completely harmless
          UNTIL SOMEONE RUNS IT.
          The fact that someone wrote and engineered it
          to spread in this way, and convince people to run
          it, they (the writers) should be held accountable.

          But just because they are responsible doesn't
          mean every other person down the line
          isn't responsible as well.

          Makes me think of an episode of Space Ghost Coast To Coast (Snatch, I think..)
          which goes something like this:

          "The rays... Its... Its feeding on the rays!"
          "Then don't shoot it!"
          "But.. The rays... It's feeding on them! Ohh."

    • Re:Well blahs all around (Score:3, Interesting)

      by Gogl ( 125883 )
      I agree with you, but the world doesn't.

      In fact, if users did turn smart, both you and me might find it a lot harder to get jobs.

      You see, computer geeks get jobs because we're supposed to be the ones who think about things like this. Hell, we're perverted enough to *enjoy* doing this nitty-gritty computer stuff. Joe Q. User just wants things to work. The user doesn't want to have to deal with anything. After all, the computer isn't their job, the computer is a tool to help them with their job.

      So yes, I agree that in an ideal world people wouldn't be stupid and would know not to open unexpected attachments (and always scan everything anyway, and all that stuff). But the reality of it is that will never happened, and it just takes one person screwing up to let the worm wreak some degree of havoc.

      • Re:Well blahs all around (Score:3, Insightful)

        by mce ( 509 )
        It's not just users who are stupid. I know of an admin who actually used Goner to defend the ongoing introduction of Outlook at the place where he works.

        Here's what happened: they were hit at 17:50 local time, at about 18:00, the first of four Outlook
        lusers clicked on the attachment, which made the few admins who were still at work aware of the
        problem. As they immediately went into action, they were able to get the mail servers under control pretty quickly (relatively speaking, that is). Next day, however, a scan of the network
        revealed that about 50 additional PCs had to be cleaned up. These belonged to people who still use Netscape to read their mail and had also activated the worm. It didn't spread from there, but it did disable the virusscanners, so...

        Next thing, that admin that I'm refering to claims: "Fortunately, we have Outlook installed on a few PCs already, because that is how we found out just before leaving for home. If everybody still used Netscape, a lot more PCs would have been infected during the evening, night, and morning before the helpdesk would have noticed the problem."

        Sadly, this really is a true story...
      • I don't think it is too much to expect that users follow a few simple instructions when using a corporate LAN. They are required to keep their passwords private, report chain emails, not try to exceed their network privileges, and NOT OPEN UNEXPECTED ATTACHMENTS FROM PEOPLE OUTSIDE THE COMPANY.

        Since we run antivirus at our mail gateways, we catch most of what comes through and users get a scrubbed attachment of 0 bytes with an addendum to their subject line of "Scanmail has detected a virus!" so we are not usually at major risk. But we have had people (in IT even) launch iloveyou.vbs and cause headaches.

        Although I do not expect users to know which file extensions denote which type of files are attached, I do expect them to call IT before opening suspect attachments. This, of course, assumes IT has enough people to be responsive to such requests in an organization. When that is not the case, anarchy may reign...

        • it still won't happen. Two months after NIMDA came out, a PC belonging to one of our remote users popped up and started attempting to push the thing onto any computer it could find.

          This after all the usual emails after a virus and instructions on updating DAT files (click here, click there, if it says to reboot, do so, and that was it).

          As much as we'd all like it to happen, non-IT people will not turn on their brains and apply logic & critical thinking to computer situations.

        • and NOT OPEN UNEXPECTED ATTACHMENTS FROM PEOPLE OUTSIDE THE COMPANY.

          That's not good enough. After the first one, the rest of the unexpected attachments would be coming from people INSIDE the company.
    • Anyone have effective tools?

      Public humiliation always worked well for me!

      e.g. "Can you believe that old pervert in sales really believed that the chick in client servce sent only him an 'I Love You' message?"

    • Fixing the staff problem (Score:5, Interesting)

      by Anonymous Brave Guy ( 457657 ) on Saturday December 08, 2001 @09:54PM (#2677202)

      I don't agree entirely with what you write, since I assign the blame for things like this almost entirely to those who write the stuff in the first place. I'm sure you'll get plenty of other replies saying the same.

      OTOH, you make a fair point about employee training. The small company where I work, a software development house, has had a few e-mail viruses mailed to it over the past year or two. It's interesting to note that these often get forwarded around the office, but invariably by non-technical staff. The developers and tech support guys and gals generally have the sense not to run blind attachments; the admin and management guys and gals are more trusting, and bite the bullet.

      Our IT support guys have long had a record kept of exactly when everyone runs the anti-virus update they mail round every month. Recently, they've instituted a "leader board", which is mailed to everyone, showing who ran it fastest. It's an amusing little game for those of us who are sitting in front of our PCs anyway, but the really telling thing is the people who don't appear on the list at all (which is typically mailed around the afternoon after the update), i.e., those people who still haven't updated their systems several hours later. Guess who they are...

      So, we have established that certain types of users are more vulnerable to this than others, and we know who they are. The next question, of course, is what to do about it. You can come up with any number of penalties, but how are you going to turn around and slap them on, say, the MD of your company (a repeated offender in our case)?

      Personally, I always liked the "drill" approach. The IT guys occasionally create a Hotmail account or some such, and mail something cool-looking to a few random accounts at the company. If you run the attachment, it pops up a simple message on your screen informing you that if this had been real, you'd just have cost everyone in the company a day's work/sent abusive mail to your most profitable client/whatever. This isn't publicly embarassing, and it makes the point. It's certainly proven very successful in a couple of cases I know of.

      You could complement that with a "three strikes" sort of rule. Anyone who falls for it gets a couple more spams shortly thereafter. Anyone who falls for it repeatedly has maximum security settings imposed on their machine thereafter. It will cause them hassle if, for example, they have to send or receive a genuine executable attachment, but such is the price you pay for keeping your systems secure from your own users as well as people outside. Better that than watching offensive mail go to those top five clients...

      • Re:Fixing the staff problem (Score:4, Redundant)

        by Typingsux ( 65623 ) on Saturday December 08, 2001 @10:46PM (#2677390)
        Well....

        At least in my company, the first person to send this out (company name to remain anonymous.) was the CTO

        This is not a lie or an exaggeration. Our companies CTO was the first damn fool to send it.

        I'll now read the rest of this thread to see other replies.

      • Ya, ya... I'm scanning a box now because I had a shared drive that just popped up as being infected.

        We use outlook - but mine was patched and I used the web client via mozilla to avoid the vbscript, IIS disabled and using something else for a local JSP/HTTP server. I thought I was being carefull, and I still got nailed by nimda anyhow...

        Your drill only works for the first case. From there on out, it sends it to every one in the address book. I get a message from the CTO, rather than 1337hxrs@hotmail.com, that is a known source for me. Your lucky most email virus subjects lines are stupid too - unless the damn preview nails you anyhow. Ah, hell... even when I was practicing safe hex, the only thing left standing was my sunblade.

        BTW, the preview problem can be fixed for those of us forced to use outlook... Check out nohtml. http://ntbugtraq.ntadvice.com/default.asp?sid=1&pi d=55&did=38 [ntadvice.com]

    • how can we get the users to listen?

      It's the answer no one wants to hear or do, but one way to get them to listen, would be to hold them responsible for their actions. You sent a dozen copies of virus? You get punished. It doesn't matter if you wrote it or not; you did it.

    • How about implementing a no attachment policy? Seriously, how many attachments are jokes and/or vaguely amusing pictures or multiple copies of Word docs that can be found on a corporate fileserver anyway?

      Now that web browsers can handle FTP sites, it's easy to show most people how to upload/download content and it's also easy to set up a low level of security (blind directories etc.) that is comparable to sending stuff over email (if it's confidential, it shouldn't be going out over email anyway).

      Xix.
    • Why not just strip all attachments from incoming email? Or at least *.scr?

    • Re:Well blahs all around (Score:2, Insightful)

      by jmu1 ( 183541 )
      Basically, it all comes down to management not taking computer security seriously. I have to deal with this sort of crap day in and day out. The folks up top decide that when something bad happens, it is my job to clean up the mess. When ever I make a suggestion, it promptly gets shot down with excuses like:"the users can't get used to that", or "that would be too much work on our part"... well, perhaps if they had to deal first hand with recovering data from virus ridden machines, they would be pitching a damn fit about it too!
      • Tell your managers about how much it costs, instead of just how much effort it takes. Be sure to factor in your own pay, it makes the numbers bigger. Managers don't understand much, but they do understand money.
    • If our users had listened to the rules, this wouldn't have been a problem.

      Same old argument, right? It's the user's fault.

      I really don't like this conclusion. Truth be told, this is a major security flaw in Outlook (and derivatives). The bottom line is if Microsoft is going to market to the technically ignorant, they need to protect these users from themselves for the sake of the businesses these employees work for. This is only good software engineering! Design the software for the target audience - everyone.

      Now I know MS probably doesn't think it owes the businesses that buy its software anything - "you get what you pay for". But this flaw - allowing e-mails to execute scripts - is absolutely unnecessary and costly to ANY business connected to the Internet. No amount of policy can protect businesses from this flaw. There will always been a few ignorant weak-link-in-the-chain employees that don't know any better.

      So say what you want about the virus writers, they are putting MS under a very important spotlight. How many virii have to exploit various Outlook holes before businesses demand something better, if only to save money in IT costs? It makes you wonder where the breaking point is ...
    • Any admin worth his salt wouldn't have allowed the "running" of attachments on the clients in the first place. That's more a client-side issue than anything else.

      Also, blocking most attachments, if not all, at the mail server would've stopped the problem complem.

    • Hey,

      Honestly, I don't think the fault rests on these kids at all.

      A quick article reference:

      Once inside a user's system, it [Goner] deletes anti-virus and firewall programs, then installs scripts to allow hackers to access the computer and use it as a platform for denial-of-service attacks.

      This was not a blameless accident. It wasn't a mistake, that wasn't meant to be released. It was a specially written virus designed to build a 5cr1p7 k1d33 DDOS network.

      I don't think they planned to sit around with thier massive DDOS network, not doing anything. Furthermore, they certainly knew what trouble the worm could cause - there is ample precedent for this.

      We won't deter future virus writers with a slap on the wrist. They need to be given a sentance that others will look at and say 'I wouldn't want that to happen to me'.

      They shouldn't be given a 5-year sentancem granted. I would think that a $5,000 fine and confiscation of thier computer equiptment would to fine. But we can't say 'Blame the users; they aren't following procedure', because if it weren't for script kiddie virus writers, there would be no need for virus-stopping procedures at all.

      That's my opinion, anyway.

      Michael

  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Saturday December 08, 2001 @09:36PM (#2677112)
    Comment removed based on user account deletion

    • Re:at least IT is paid by the hour. (Score:2, Insightful)

      by Anonymous Coward
      "Using products that suck is your own fault".

      For what it's worth, Microsoft is the biggest fish out there. In a large business with many users that aren't technically proficient, learning to use another program is difficult. So, Outlook is what they use and Outlook is what you'll find.

      Blaming the users will not solve anything. It's nice to turn up your nose at their technical inferiority, but I fail to the how that helps anyone.

  • What's the point? (Score:2, Insightful)

    by macemoneta ( 154740 )
    Children do what children do; push buttons to establish limits. That's their job. Punish the managers and complacent sysadmins at the companies impacted, that allowed themselves to get a year behind on maintenance. There will always be children. We don't always have to be cheap/lazy about security. At least not if we're going to bitch and moan about stuff that's completely preventable.

  • Same old... (Score:4, Interesting)

    by powerlinekid ( 442532 ) on Saturday December 08, 2001 @09:37PM (#2677117)
    Ok heres the basic cycle:

    script kiddie/cracker/whatever create worm

    worm gets out, spreading by point and click method

    IT goes on about how bad this one is

    Eventually worm dies and kids are caught

    Big deal made over last worm causes more copycat type worms

    Cycle restarts

    Ok I mean thats pretty general, but goddamn if I'm not sick of all this. How about instead of going after the worm writers (they are not innocent but hear me out), why don't we try to at least educate the public into not opening things they don't know about. I mean what good does blackice and zonealarm do if someone opens a file and turns them off? The technology isn't the problem (except with IIS but thats whole different beast), its the people. Maybe someone (I know I'll be flamed as a bastard for this) should create a worm that actually fucks over the people that open it. Instead of making it so they download some roll-back registry fix, how about you just wipe out the registry? Why not make it so IE and Outlook have popup-adds with every page and email they view. What if the worm steals their emails and sends them to spammers list automatically? I mean obviously people aren't learning, or this crap wouldn't be happening over and over again. Yeah the people are victims blah blah blah... cry me a river. I've never had a worm, and never will. I'm not claming i'm smart or anything, but its common sense that an emailing "I'm asking for your advice" with a document that ends in scr or vbs is something that joe45@aol.com probably didn't mean to send me.

    • Re:Same old... (Score:4, Insightful)

      by Croaker ( 10633 ) on Sunday December 09, 2001 @01:17AM (#2677760)
      Why not make it so IE and Outlook have popup-adds with every page and email they view. What if the worm steals their emails and sends them to spammers list automatically? I mean obviously people aren't learning, or this crap wouldn't be happening over and over again. Yeah the people are victims blah blah blah... cry me a river.

      Ah yes. It's the user's fault. Damn them for actually using the features in their frigging e-mail clients. How dare they not go through arcane menu commands and figure out how to deactivate features. Let's shoot the slobs now, and totally ignore the fact that lazy-ass developers created all of these problems for the users to begin with.

      I've never had a worm, and never will. I'm not claming i'm smart or anything, but its common sense that an emailing "I'm asking for your advice" with a document that ends in scr or vbs is something that joe45@aol.com probably didn't mean to send me.

      Oh yeah. very common sense. Unless, perhaps you know joe45@aol.com. Which is the case in most of these "scan the user's address book and send a copy" schemes. That's why it's so successful... e-mails go to people who know, and perhaps trust, the person who launched the virus. Hell, a lot of the viruses are in the form of Word documents, which, believe it or not, are actually passed around via e-mail. See, e-mail is all about communication. People send people things. People open them up. 99.99% of the time, nothing bad happens. That's what e-mail is for. That's why we have attachments. If people aren't supposed to open them, what's the point of having that capability in e-mail clients?

      Do you actually expect people to know what the hell a .scr file is? Maybe you've got all of Window's file extensions memorized. Most people I know have more important things to think about.

      No, if you want to code up a virus to "fix" this problem, code up one that goes out and downloads and installs an e-mail client that was written by someone with a clue about security. Perhaps install an operating system where something run in userland can't fuck with system files. Hell, write a virus with some AI that can seek out and destroy the source code to lousy e-mail clients, scripting systems that have no concept of security, and operating systems that have no security model to speak of.

      In the mean time, screeching at people that doing things that the e-mail clients were designed to do in the first place is grounds for a cyber-anal-raping is about as productive as screeching that they're a witch if they float in water. It may seem obvious to you, but you're not speaking their language.

      • The thing about common sense is that you need to make it common to people. Nobody is born with it. How do you learn the common sense not to stick your hand in fire? By burning yourself at one point or another. With that in mind, by educating the public that is what I mean. Let them know that there really is no reason to open a file ending in .vbs or .src from people. The reason these worms spread so well is that they rely on ignorance of people. Get rid of that ignorance and you've gotten rid of the worms. As for sending word documents... how many word documents have you ever received that ended in .scr or .vbs? Considering that .doc has been the defacto extension for a word document for probably a decade, its just dumb to think that anything that said .doc.src was a word document. By default Outlook doesn't launch worms when it receives them. I've received countless worms in a default outlook setting and not once was one run. So I wouldn't go blaming Microsoft for that. People don't want to use any other email clients, because there really is no point. Netscape's sucks. Mozilla's is based off of netscape's. We're talking people that aren't going to use Evolution or Kmail. Maybe someone should write a worm that actually makes people more aware of worms in general, not just specifically.
  • Do you guys really think virus writers should be punished? I hate to sound old (I'm only 23), but we've had viruses for years before the internet was as commonplace as it is now and no one cared. You just restored from backup and went on. Am I wrong here? I see jailtime for virus writers as being a little too extreme. Yes i know of the Robert Morris worm back in the day and yes, he ended up getting probation, etc, but for the most part, no one payed viruses the attention they are getting now.
    • I hate to sound old (I'm only 23), but we've had viruses for years before the internet was as commonplace as it is now and no one cared.

      You just made your own point. The internet is now commonplace, and it costs large corporations lots of money in lost productivity when one of these get sent out (if only in our IT department alone, laughing at the stupidity of the users falling for the stupid tricks the virus writers use to get them to open the email). There are a hell of a lot more people to care now.
    • "Do you guys really think virus writers should be punished? I hate to sound old (I'm only 23), but we've had viruses for years before the internet was as commonplace as it is now and no one cared. You just restored from backup and went on. Am I wrong here? I see jailtime for virus writers as being a little too extreme."

      We all pine for the 'old days.' But really ... today all they have to do is relate it to 'terrorism' somehow and then the person goes to jail. And then all virus makers are terrorists. And because the terms are generalised, anyone who is a 'hacker' is a terrorist. But wait, there are many linux hackers who don't go around compromising networks. But they are hackers. Sooner or later a linux hacker or two get identified with working on PGP, but strong encryption, according to the US, is a munition - WE HAVE HACKERS MAKING MUNITIONS HERE!! TERRORISTS !!! Arrest them ALL!!! They're helping Osama Bin Laden! And it could all be falling into a cascading cycle of ignroance.

      And this is what THEY want because people with outside-the-box knowledge about computer security can always do things with networks that can't be controlled or monitored by the powers that be.

      Ah yes, I pine for the good old days. (Btw, if it means anything, I'm younger than you.)

    • I don't think they should go to jail, I just think someone should smack the stupid out of them.
    • ...for the most part, no one payed viruses the attention they are getting now.

      That's because in those days, viruses did relatively little damage to only a few people. There weren't as many around, and it was much harder to spread them.

      Nowadays, a s'kiddie with a problem can do millions of dollars' worth of damage because he's in a bad mood, and he can do it in a matter of minutes. No matter how good your security and recovery procedures are, a virus can always hit at the wrong time and do serious damage. Remember, a single day of downtime or an afternoon of lost data across a whole company can be the difference between making a profit or going bust in this business.

      So yes, I think you have to punish those who do this, and with something serious enough to act as a genuine deterrent. Slapping them on the wrist and saying "Naughty" just isn't sending the right message.

      • Nowadays, a s'kiddie with a problem can do millions of dollars' worth of damage because he's in a bad mood, and he can do it in a matter of minutes. No matter how good your security and recovery procedures are, a virus can always hit at the wrong time and do serious damage.
        True, but there are billions of people out there and a significant fraction of them cannot be deterred except by killing them. They might be crazy, they might want to bring down the techno-societies, they might not care what happens to them, whatever. Such people are inevitable, so you have to regard them as a force of nature and work around them. Any system that assumes they don't exist, or assumes that they can be deterred, will certainly fail.
        Slapping them on the wrist and saying "Naughty" just isn't sending the right message.
        OTOH, deterrence and punishment are almost completely futile from a strategic point of view. Deterrence is never perfect, and it only takes one undeterred person to bring down the system. The solutions are better technology and better user training.

        Look at it from a warfare angle: Goner is a half-assed stunt by some *Israeli* kids. You can rest assured that if Al Qaeda could find two brain cells to rub together that they would've done something similar, and unlike the kiddies they would've wiped BIOSes and NIC MAC addresses, wiped filesystem metadata and boot sectors, programmed video cards to extremely high refresh rates (destroying old monitors and maybe making them catch on fire), and so forth.

    • Writing and releasing a virus, worm or trojan is just as much an act of vandalism as if you'd gone out and smashed peoples' windows in. And you can smash a lot of windows with the Internet. No pun intended for this particular metaphor.

      The question that never gets asked is why all these companies were vulnerable to these attacks. I've worked for several Fortune 500 companies and I've yet to see one with good security. You'd think they'd be going out and hiring a bunch of security professionals after Sept 11 but I'm not seeing a whole lot for infosec or security on the job boards.

      Until some CIOs and CTOs start losing their jobs over this crap, the cycle will persist.

  • They've already suffered enough (Score:3, Troll)

    by cperciva ( 102828 ) on Saturday December 08, 2001 @09:40PM (#2677124) Homepage
    I, for one, think that they've already suffered enough.

    After all, judging by the virus code, it is almost certain that they had to use Microsoft software to create it.

  • 5 years for kids??? (Score:3, Flamebait)

    by datawar ( 200705 ) on Saturday December 08, 2001 @09:47PM (#2677151)
    I'm a kid (Senior in High School...) and I've seen kids to stupid things (I've done some stupid things myself too). These things should NOT be punishable by 5 years (unless they are violent). Kids are kids, and then they grow. Putting them in jail for years on end isn't going to make them grow up any faster.

    In the US, these same kids can just as easily steal a car, get drunk, and run you over while running a red light. Guess what? With a good plea-bargain, they'll get off in 5 years too.

    What's more important, 5 years in the slammer for stupidity or 5 years in the slammer for killing someone? Get your priorities straight people...

    • Don't worry too much. (Score:5, Insightful)

      by Apuleius ( 6901 ) on Saturday December 08, 2001 @11:20PM (#2677497) Journal
      They're first time offenders who confessed. They're high school students who would otherwise be preparing to be drafted to the Israeli army soon, and the government will not want to disrupt that if it isn't necessary. Finally, they are from a town that is notorious for inducing boredom for its teenagers. They may get a few months, but I wouldn't count on it, and they'll get assigned to the Ma'asiahu prison, where conditions are very good (it's Israel's prison for first time offenders, and it's probably the only place in the world you could call a re-education camp without irony.)

      • Re:Don't worry too much. (Score:4, Troll)

        by gnovos ( 447128 ) <gnovos@chi[ ]d.net ['ppe' in gap]> on Sunday December 09, 2001 @12:50AM (#2677699) Homepage Journal
        They're first time offenders who confessed. They're high school students who would otherwise be preparing to be drafted to the Israeli army soon, and the government will not want to disrupt that if it isn't necessary. Finally, they are from a town that is notorious for inducing boredom for its teenagers.

        No, no, no! They are T E R R O R I S T S! Come on people, if you let terrorists like these kids off the hook, it's only a matter of time before they start bombing things and mailing anthrax, right? Gotta be tough.

    • Re: (Score:3, Insightful)

      by account_deleted ( 4530225 )
      Comment removed based on user account deletion

  • We should harness the talents of 5cRi7K1DDI35 (Score:3, Insightful)

    by el'gwato ( 232384 ) <djukes@sols.uq.edu.au> on Saturday December 08, 2001 @09:47PM (#2677152) Homepage
    Instead of being punished (in the usual way) for this annoying act of internet vandalism the Israeli government should make them pay for their crimes in a way that will harness their talents. Maybe some form of Internet good will, like 2 years doing mindless computer support for a charity organisation.
    These kids are to young to go to gaol and the outcome of confining the kids to a cell for up to five years will only make them criminals.
    I just think the punishment should fit the crime and actually make a difference to the outcome of such young and talented delinquents lives :)

  • Sigh... (Score:3)

    by RelliK ( 4466 ) on Saturday December 08, 2001 @09:51PM (#2677179)
    Well, we all know that most organizations' security is so pathetic that any teenager can write a worm to penetrate it. Once again, we have the living proof of that. Once again, everyone blames "evil hackers" instead of addressing the real problem or even so much as hinting that sysadmins, or beter yet, PHBs should take part of the blame. So, what else is new?

    BTW, I've read that in Israel white-collar crimes are punished more harshly than normal crimes. For example, if you commit copyright infringment you stand to spend more time in jail than a rapist. Can somebody confirm/deny this? (But then again, it looks like this is the way things are going in the US too with "hackers" being declared terrorists and all...).

    • Re:Sigh... (Score:2, Interesting)

      by Angry Black Man ( 533969 )
      >>BTW, I've read that in Israel white-collar crimes are punished more harshly than normal crimes. For example, if you commit copyright infringment you stand to spend more time in jail than a rapist. Can somebody confirm/deny this? (But then again, it looks like this is the way things are going in the US too with "hackers" being declared terrorists and all...).

      No, no, no. After living in Israel for about a year, I can tell you that copyright infringement (especially cable/sattelite/software piracy) run rampant. I'd say around 80% of all software was pirated, and most people I knew stole either sattelite or cable television. In a country that's at war, piracy isn't the current priority on the ethics hierarchy.

  • I can't belive people are still falling for this! (Score:3, Funny)

    by bnavarro ( 172692 ) on Saturday December 08, 2001 @09:52PM (#2677181)
    It's like that TV Commercial that's been playing in the States here:

    *Woman peeks her head into IT Manager's office*
    "Oh, and Bob, I opened that e-mail virus -- just like you told me not to!"

  • Attachment blocking at the server (Score:5, Informative)

    by bubblegoose ( 473320 ) <bubblegoose@NOSPAM.gmail.com> on Saturday December 08, 2001 @09:55PM (#2677204) Homepage Journal
    This virus wasted about 5 minutes of my time. I read an article about what it did, then the next day I deleted about 150 copies of this that got quarantined on our company's Exchange server.

    I use a virus scanner on the Exchange server capable of blocking attachments based on extension (Scanmail by TrendMicro works nicely for me). I always block:
    ade,adp,asx,bas,bat,chm,cmd,com,cpl,crt,exe,hlp, ht a,inf,ins,isp,js,jse,lnk,mdb,mde,msc,msi,msp,mst,p cd,pif,reg,scr,sct,shs,url,vb,vbe,vbs,wsc,wsf,wsh

    Bingo - no e-mail virus problems :)

    I figure if my users really need them and the person sending the message is smart enough (and meant to send it) then they can zip it. If the sender wasn't smart enough to zip it, then I can always pull it out of the quarantine folder.

  • This Is Bullshit (Score:4, Insightful)

    by Lethyos ( 408045 ) on Saturday December 08, 2001 @10:00PM (#2677232) Journal
    The kids face up to five years, of course since they aren't in the US, they might actually be punished.

    Computer crimes are MORE than sufficiently punished in the US, thank you very much. I don't know where you get off implying that the US goes easy on computer "crime". I had a little incident during my freshman year of college. The FBI was very determined to get me jail time for a ridiculously minor offense. It was only through sheer wit and creativity of my laywers that we got the offense down to a misdemeanor and a lousy 600$US fine. That was the most hellish time of my entire life and could have ruined my career forever. All over a tiny little deal (no damage was done).

    Imagine what these kids would get in the US for writing such a worm. It'd be a helluva lot worse than 5 years in prison. So put your pro-punishment attitudes away and get real. Remember what our government does to computer criminals [freekevin.com].
    • He was referring to big P punishment rather than the little p punishment we are used to seeing in the USA.

      'p'unishment = locking a person in a room for a while.
      'P'unishment = beating the poor sod with bamboo canes or cutting off his hand or something.
      • The big P is, more precisely, a punishment that might actually deter them from doing this again. I have no idea what that might be, but hitting them with a stick or locking them up is not it.


  • We all know what happens to terrorists, check out bin laden hiding in the cave!
  • I'd like to see them and every other person caught for virus authoring to be held prosecuted to the farthest possible extreme. The newsgroup Hip Crime flooding is a good example of that. My newsgroups noise is so high that I can hardly find legit postings anymore, the goal of the flooding. I'd love to meet the bastard responsible for that in a dark alley with one of my old Sparc keyboards w/ the metal sub-structure so I can show him how us country geeks deal with problems like him.

  • outlook address book (Score:2, Informative)

    by Publicus ( 415536 )

    Why does outlook allow a script/program to access the address book without the user's permission? I think we've seen how costly this bug/feature is, why isn't there more pressure on M$ to fix this problem, or provide the option to turn it off?

    These kids are essentially going to go to juvi/jail for swimming in a pool, when the sign clearly says, "no swimming."

    No fault to the pool owner for not putting a fence around his pool, right? Ah, justice.

    • Outlook 2000 with the latest service patches, and Outlook XP/2002 does, in fact, pop up a nifty little 'Program X is trying to access your address book.' and a menu of access types, such as none, this one time, allow for one minute, five minutes, ten minutes, and so on.

    • What is the problem with a script accessing the address book?

      Before flaming me, think about what you're asking.. The address book for Eudora (for example) is a text file! I can write an applescript that accesses the information in the test file without ever talking to Eudora. What will disabling address book support do besides removing a feature that might be very useful (for example, a script that filters your incoming mail according to your address book)..

      • The outlook address book (and global address list in exchange) are part of the pst or part of exchange and can only be accessed through vb calls. You can still filter based on addresses because those things are built into outlook.

        and there is nothing wrong with a script accessing the address book as long as the script has permission to access it which is all this patch does, ask you if its ok.
  • How about this.

    You set up a simple script that by default, turns off accepting email with attachments on it. When a person in the company NEEDS to view an attachment, the script allows one email with an attachment through to his computer after he fills out a form and submits it to the script (the form is never actually read, but hmph).

    This way, anyone who needs to see an attachment does and must know about it before hand. At the same time, it blocks attachment-outlook-stupidity viruses by disallowing them to shoot through the system on a normal basis.

    Furthermore, any person IN THE COMPANY who sends an attachment to another person in the company that's rejected by the mail server because the recipient hadn't filled in the form has his or her email account locked for 24 hours to stop the virus from spreading.

    Done. Finished. My thoughts.
    • any person IN THE COMPANY who sends an attachment to another person in the company that's rejected by the mail server because the recipient hadn't filled in the form has his or her email account locked for 24 hours to stop the virus from spreading.

      Well, I know that if I told Stan from accounting I was going to send him a file, and in his normal scatterbrain manner, completely forgot about it, and subsequently had the attachment bounced and my account locked, Stan from accounting would lose his legs. But otherwise, this plan is good, if a little draconian. Maybe just filters against certain executable file types would be a better idea.
  • After reading throug 30 odd messages that a) slammed Exchange/Outlook/Microsoft or b) said 'Hey, NBD, they're just kids!'

    Here's a little bit of the flipside:

    Our Exchange server weathered it just fine. Why? Because it's running Trend Micro's scanner, and it punts everything but TXT and ZIP files.

    The last three virii that ran through the net DIDN'T affect us. We've got 1200 workstations, 60 odd servers, and _6_ admins. (and a 6 member Help Desk)

    A Microsoft shop CAN be protected, it CAN avoid this crap, and you CAN run an enterprise on these products with a small staff.

    CRIPES!

    Further, the poor little kid is just playing around. Bullshit. There are a bunch of businesses having a hard enough time STAYING IN BUSINESS. They SHOULDN'T HAVE to deal with the financial burden of bouncing and disinfecting their infrastructure.

  • That's right, punish KIDS... (Score:3, Insightful)

    by tcc ( 140386 ) on Saturday December 08, 2001 @10:25PM (#2677337) Homepage Journal
    For grown up security mistakes...

    Part of the process of being a kid is learning... While I do not approve destruction or paralizing IT infrastructures, this seriously bugs me depending on the seriousness of the punishment.

    Meanwhile, LOADS of spammers are still clugging my Hotmail inbox at a rate of at least 20 spam a day, my ISP email account receives at *LEAST* 5 spams a day, multiply that by X amount of users, THERE'S a big bandwidth waste. These people are still running free and going stronger than ever!

    Those lame virus lasts for about a week. If after that, anyone else gets caught, they need to *LEARN* the HARD WAY like "doing backup is a good idea because you never know when your system might fail", well the same should go with "Update that antivirus file, because you never know what might hit you". Heck, the antivirus programs offers to do it automatically, there's no excuses.

  • hate crimes (Score:3, Funny)

    by mizerai ( 54613 ) on Saturday December 08, 2001 @10:31PM (#2677356) Homepage

    I believe these kids are guilty of hate crimes [satirewire.com] against stupid people.

  • Canada does it best (Score:3, Insightful)

    by Error27 ( 100234 ) <error27@gmai l . com> on Saturday December 08, 2001 @11:05PM (#2677449) Homepage Journal
    For the kid who DoSed yahoo and cnn a while back. They put him a government reform school for 8 months.

    That is enough punishment for a silly prank.

    And I can't simpathize with the people who blame the users for openning the attachments. Teaching users not to open emails that have "Hi" as the subject line is only a short term solution. Trying to get users to remember which types of files are executable is not an option either. (Until a year ago, I assumed that .doc files were not executable.)

    A better solution is to not allow executable attachments which end in .doc, .vbs, or .exe onto the network.

    An even better solution is for Microsoft to fix their programs or for people to not use Microsoft products.

  • procmail filter (Score:4, Interesting)

    by CodeMonky ( 10675 ) on Saturday December 08, 2001 @11:14PM (#2677475) Homepage
    There is a nice procmail filter (ftp://ftp.rubyriver.com/pub/jhardin/antispam/proc mail-security.html) that renames incoming attachments and makes them non-double clickable as well as pseudo scans office dcuments for dangerous macros.

    The extra level of 'abstraction' (the user having to rename the file to run it) has saved us from every major email born virus in the past two years while still allowing people to get there precious attachments if they are expecting them.

  • For the children! (Score:2, Insightful)

    by anfloga ( 139529 )
    "The kids face up to five years -- of course since they aren't in the U.S., they might actually be punished."

    What kind of stupid statement is that??? The U.S. shares the honor of being a country which will execute people for crimes committed in childhood with only one other country in the world -- Libya. Great company there.

    Your statement implies that our government is soft on the law-breaking young -- HARDLY! Rather, it's attitude towards (non-white, anyway) children is nothing short of bloodthirst.

  • Justice (Score:2, Interesting)

    by Shadowin ( 312793 )
    The kids face up to five years -- of course since they aren't in the U.S., they might actually be punished.

    Ok, I know I'll probably get marked as troll, but oh well.
    The way I see, is these kids are kinda like Big Tobacco. They make something that's harmful, and the people that use it do so of their own free will, despite the countless warnings given out that they should not. It seems funny to me that the same people who think Big Tobacco shouldn't be punished, also think that any mischeivous kids should be severely punished. Well, that is unless it's their own kid.

  • Defense against information warfare (Score:5, Interesting)

    by xiphosuran ( 170221 ) on Sunday December 09, 2001 @02:04AM (#2677813)

    These virus writers are doing a public service. Serious problems with our communications infrastructure might not be fixed if it weren't for them.

    Imagine what could happen if the first exploits of these security flaws came, not piecemeal from a scattering of amateurs, but rather from some adversary who could call on the services of numbers of technically proficient individuals. A hostile government say, or a terrorist movement that drew in disaffected persons in many countries. What if the vast majority of business users had no idea of how vulnerable they were until the system suffered a massive failure?

    There is an enormous learning process going. People are finding out the hard way, what they would never otherwise have the time to focus on: computers can fail, for very subtle reasons, and we are more dependent on them every day.

  • I'm a little confused by this:
    of course since they aren't in the U.S., they might actually be punished.

    The US has the toughest Anti-hacking laws of almost anywhere, other then china of course, where you can be exicuted for it (actualy, that's pretty much the way things are with any crimes these days, the US punishes harder then any country other then china). And, our laws have only been made tougher by the new anti-terrorism bills. In fact, had these kids been in the US they could have been tried as terrorists. (and I mean they must be terrorists, they're from the middle east!)

  • Why let it go so far? (Score:3, Informative)

    by rnicey ( 315158 ) on Sunday December 09, 2001 @02:43AM (#2677849) Homepage
    We run Sophos antivirus on the mail gateway. Sure it doesn't stop them all, but most anything that is a single click fatality is screened out. It happily killed all 120+ attempts of the Goner-A worm to arrive on one of my customer service rep's desktops.

    I really have little sympathy for IT admins who get killed by this stuff, there are a million tools out there to stop this stuff from doing damage way before idiot humans get their hands on it.

    I personally would like to see more ISPs use this stuff, after all they're not obliged to carry any traffic they deem high risk to their users. They already block dodgy ports so windows shares aren't wide open, why not a complimentary virus scan on mail?

  • We must now bomb Irael (Score:4, Funny)

    by Anonymous Coward on Sunday December 09, 2001 @05:20AM (#2678067)
    The new US Patriot Act (HR 3162) makes creating and spreading virus and worms an act of terrorism. As such King George must require extradition of the offending youths and hold a military tribulan. If israel refuses to give up these kids, then we must bomb Israel at a cost of $1 billion dollars per month to US taxpayers as punishment for harboring terrorists. We must make sure to hit any buildings with big red crosses on them and then deny it. We must kill many civilians and deny it and when US soldiers get killed, we muist blame it on friendly fire.

Slashdot Top Deals

When we write programs that "learn", it turns out we do and they don't.

Close