http://www.cnn.com/2009/TECH/ptech/01/16/virus.downadup/index.html?eref=rss_topstories

It can phone home and even reprogram itself. A true living computer virus could morph so quickly that no anti viri software could keep up.
Perhaps some day a virus will come along that will bring the confidence level of windows users to such a low point they will refuse to touch windows any longer.

In the past, when I heard these virus warnings I would worry (I once had a virus that wiped all my image files). For some strange reason, now it gives me a sense of relief??

he he. Was funny when MSN was infecting many of my friends with a virus, and I said, what?? I'm using linux. Viruses was a major reason I turned to using linux.

The funny thing here is that it very rarely attacks home individuals. The attack vector here is corporate networks. And while home users may cringe from switching OSs because of the familiar factor, businesses may be more pragmatic, especially with the economic landscape we have today. So maybe something like this may help FOSS adoption in the US business market finally.

the worst virus will be one that cant be detected.
that steals user information
and cant be removed except by wiping a drive.

Sleeper virus? Sounds like skynet to me.

Sleeper virus? Sounds like skynet to me.

I knew "import skynet" was a bad idea to run on my corporate network.

Friggn' Python.

Man someone went thru a lot to make that bad little sucker.
http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml
Looks like reformatting would be easier than to try to get rid of it. Then would come the problem of getting it right back. 9 million + infections so far and climbing fast.

While Microsoft did issue a patch to protect against the vulnerability exploited by Downadup, apparently applying the patch doesn't offer 100 percent protection.

However, Microsoft has issued an update for its Malicious Software Removal Tool, and says it can be used to detect and delete the worm.

Posted Jan 15, 2009

- Revision v1.00, Jan 16, 2009: The number of Downadup infections are skyrocketing based on F-Secure’s calculations. From an estimated 2.4 million infected machines to over 9 (nine) million during the last four days…
From here http://smokeys.wordpress.com/2009/01/15/outbreak-of-the-polymorphic-worm-downadup-aka-conficker-aka-kido/

I feel like writing CNN about that article. Possibly the worst journalism I've ever seen. They provide no actual details or facts.

Only by reading the F-Secure page could I actually learn anything about it. This thing wasn't just written by some idle script kiddies. It targets major corporate networks in a pretty serious way. I don't think it could affect a system running with a limited user account.

Holy ****, that thing is growing at an alarming rate. :(

Thank God I've been using Xubuntu a lot more. Btw, wouldn't dissecting this thing help provide answers on how to prevent it from entering into computers?

All I can say is this: Whoever made this is a loser, and I hope he rots in hell, or jail for violating the Internet Security Act of 1988.

and cant be removed except by wiping a drive.

In the past, viruses have installed parts of themselves to the BIOS. It's not as easy now as it once was, given the wide variety of BIOSes, but if coreboot gets more successful, that could be used as a basis for the malware writers to build on.

but if coreboot gets more successful, that could be used as a basis for the malware writers to build on.

Explain, or I pull the FUD alarm.

I too remember that there were some virii that would brick the MoBo, or overheat CPUs and Graphics Cards by over clocking.

Sleeper virus? Sounds like skynet to me.
I think it was the Cylons

Download source-code to a well-known open-source project.
Make a few malicious modifications to the source.
Compile.
Mirror.
????
Profit.
This strategy has been used many times, I know someone who got badly infected with a rogue OpenOffice.org installer. If coreboot gets to the point where there's a greater than 75% chance of having it "just work," a virus writer could add some malicious code to it and bundle it with the attack vector.

Called a Polymorph; been around for awhile.

Explain, or I pull the FUD alarm.

I too remember that there were some virii that would brick the MoBo, or overheat CPUs and Graphics Cards by over clocking.

I agree. I've heard of some rootkits that mess with the MBR, but is it even really possible for malware to affect the BIOS? I don't know much about that, but im curious.

I don't know. Something about this article is setting off alarms in the BS section of my brain. I'm not concerned about my home computer in the least. I am, however, a little more concerned about my financial records.

I got a call from my bank back home in Iowa that my debit card information was possibly included in a file that was recently hacked into, so now I have to monitor my expenses online until the new card arrives here in Alaska in about two weeks. I doubt it has anything to do with this virus, but I'm still concerned.

All I can say is this: Whoever made this is a loser, and I hope he rots in hell, or jail for violating the Internet Security Act of 1988.
Whoever made this is a jerk, a criminal, and likely a rather despicable person. However, I do have some twisted respect for the effort they put in. It's certainly more elegant (and therefore more dangerous) than most of the "FREE SCREENSAVERS!!!1!!1" scum.

Download source-code to a well-known open-source project.
Make a few malicious modifications to the source.
Compile.
Mirror.
????
Profit.
This strategy has been used many times, I know someone who got badly infected with a rogue OpenOffice.org installer. If coreboot gets to the point where there's a greater than 75% chance of having it "just work," a virus writer could add some malicious code to it and bundle it with the attack vector.

Then why aren't there any Linux viruses in the wild?

Whoever made this is a jerk, a criminal, and likely a rather despicable person. However, I do have some twisted respect for the effort they put in. It's certainly more elegant (and therefore more dangerous) than most of the "FREE SCREENSAVERS!!!1!!1" scum.

But they're so pretty!

Oh sh-

Then why aren't there any Linux viruses in the wild?
This is going to depend on your definition of virus. If you define a virus as self-propagating, Linux's limited-user-by-default policy is a huge factor. If the malware spreads through social engineering, it could certainly work on Linux. Two reasons there aren't many of that sort of malware on Linux:

1. Few users
2. Most users are fairly competent

This is going to depend on your definition of virus. If you define a virus as self-propagating, Linux's limited-user-by-default policy is a huge factor. If the malware spreads through social engineering, it could certainly work on Linux. Two reasons there aren't many of that sort of malware on Linux:

1. Few users
2. Most users are fairly competent

You also forgot that:

3) Kernel and other software vulnerabilities are quickly patched as the sun never sets on Free and Open Source Software, thus rendering most viri sterile.

If coreboot gets to the point where there's a greater than 75% chance of having it "just work," a virus writer could add some malicious code to it and bundle it with the attack vector.

But isn't that kind of like saying "If we could build a 50-story building on the head of a pin, we could ..." Sure, at some point it may be technically possible. But the hoops you would have to jump through to make that possible wouldn't be worth the effort for most malware writters. I mean, you'd have to reflash the BIOS before it would work. Plus, you'd need root access to the system before that could happen. At least, I think.

Well, the last time I installed my favorite .deb file, I gave it root access. So that's not a problem. I don't know about refreshing the bios, but based off of what I've seen, it can't be too hard.

Oh, and it's viruses, not virii.

I feel like writing CNN about that article. Possibly the worst journalism I've ever seen. They provide no actual details or facts.


That is PRECISELY what most US network news stations have been for many years.

That is PRECISELY what most US network news stations have been for many years.

Well, their name is a disclaimer. It does, after all, stand for Crappy News Network.

Well, the last time I installed my favorite .deb file, I gave it root access. So that's not a problem. I don't know about refreshing the bios, but based off of what I've seen, it can't be too hard.

Oh, and it's viruses, not virii.
How did you know to trust that .deb? Malicious Debian packages are not particularly hard to write.

That is PRECISELY what most US network news stations have been for many years.
True.

But isn't that kind of like saying "If we could build a 50-story building on the head of a pin, we could ..." Sure, at some point it may be technically possible. But the hoops you would have to jump through to make that possible wouldn't be worth the effort for most malware writters. You could take Coreboot, and add some code to some non-essential but fairly common BIOS call. This code could re-infect the system every time it was called. This code would have to assume it was being called by a certain OS (possibly autodetected by the attack vector,) and it would also have to count on a few other variables. My estimate is that such a virus would break between 75 and 85 percent of all systems it infects, but that might still be worthwhile.
I mean, you'd have to reflash the BIOS before it would work. Plus, you'd need root access to the system before that could happen. At least, I think.I've reflashed a BIOS from within Windows XP without entering a single password. There are a lot of utilities available online for doing this.


Just an interesting thought I had.

I agree. I've heard of some rootkits that mess with the MBR, but is it even really possible for malware to affect the BIOS? I don't know much about that, but im curious.
Yes, it would be possible to flash the BIOS with malicious firmware.

In fact, the jailbreak mod for the iPhone worked by exploiting a buffer overflow vulnerability to run a syscall that would download and then install the replacement firmware.

I know that the iPhone doesn't have a BIOS, but it's still disquieting.

I've reflashed a BIOS from within Windows XP without entering a single password.

Just another reason not to use Windows. Sorry if that sounds elitist, just my opinion.

But seeing as it was XP, you were probably on an administrator account though. I wonder if the same can be said of a limited account.

Yes, it would be possible to flash the BIOS with malicious firmware.

Though, it'd be difficult to fit all that malicious code in there. I'm sorry if I sound stubborn, but most BIOS's are already cramped in terms of available space. Even the CMOS doesn't have that much space.


But seeing as it was XP, you were probably on an administrator account though. I wonder if the same can be said of a limited account.

Windows XP did not pose a restriction on accessing direct hardware. At the time of planning, it wasn't considered that much of an issue. A limited account can access the BIOS. Vista and 7 have strict UAC guidelines that do not permit direct access to the hardware. Limited accounts are not allowed to access essential hardware in Vista and 7.

Oh, and it's viruses, not virii.

According to wikipedia "it would be pure conjecture to guess whether this should give us vīra, vīrua, or something else. There quite simply is no plural for this word in Latin."

They do explain that virii is incorrect as it would be the plural of virius but still even though medical literature uses viruses that is not technically correct either.

Oh, and it's viruses, not virii.

You sure about that? I mean, why not virusen, just like we have boxen as the multi-plural for computer boxes? I'd say "Why not Virex?" but that word has already been taken and copyrighted.

Just another reason not to use Windows. Sorry if that sounds elitist, just my opinion.

But seeing as it was XP, you were probably on an administrator account though. I wonder if the same can be said of a limited account.Haven't used Windows since last summer. Been using Ubuntu most of the time since '07.


Though, it'd be difficult to fit all that malicious code in there. I'm sorry if I sound stubborn, but most BIOS's are already cramped in terms of available space. Even the CMOS doesn't have that much space.So take out the splash screen, RAM check, netboot, and advanced options. It's a virus! It only has to get the computer booting to the point where it can spread itself and launch DDoS attacks. Besides which, you only need two syscalls: one to download the payload, and another to launch the payload. All self-spreading, packet flooding, and so on will be run by the payload.

To beat a black hat, you gotta think like one.

According to wikipedia "it would be pure conjecture to guess whether this should give us vīra, vīrua, or something else. There quite simply is no plural for this word in Latin."

They do explain that virii is incorrect as it would be the plural of virius but still even though medical literature uses viruses that is not technically correct either.

People are so weird when it comes to virii. Cactus' plural is Cacti, so virus' plural should be viri.

Keep in mind people that we are not speaking Latin, but English. English has its own rules, and Latin isn't even in the same language family. You're comparing apples to lemons.

People are so weird when it comes to virii. Cactus' plural is Cacti, so virus' plural should be viri.

Keep in mind people that we are not speaking Latin, but English. English has its own rules, and Latin isn't even in the same language family. You're comparing apples to lemons.
If you take a latin word, the latin grammarical rules apply. Though, every university I've seen considers Virii an acceptable term, considering virus has no plural form.

If you take a latin word, the latin grammarical rules apply. Though, every university I've seen considers Virii an acceptable term, considering virus has no plural form.

*ahem* Latin is a dead language, and we have had the word as a 'loanword' for over 500 years. I think it's time for us to quit being language whores and accept it into our language fully. You're halting the process of lingual evolution.

And btw, if Latin rules truly apply, why aren't we pronouncing it "Weeroos"?

And btw, if Latin rules truly apply, why aren't we pronouncing it "Weeroos"?

Who says none of us do. Sometimes, when I've done too much Latin (I'm in Latin 2 in high school :P) I pronounce tols of words like they would sound in Latin. It gets annoying.

English is a funny language in that the rules are consistently changing and there are differences in acceptable grammar depending on if it is spoken in England, Australia, America or the non-French speaking providences of Canadia. Yes, I know it's Canada but I like to call it Canadia. Using this as an example; Everyone knows what I am referring to when I say Canadia regardless of whether it is considered proper which is the purpose of language.

Who says none of us don't.

:confused:

Update: Virus spreads quickly, but may be a dud (AP) (http://tech.yahoo.com/news/ap/20090118/ap_on_hi_te/computer_virus)


NEW YORK - A computer virus that may leave Microsoft Windows users vulnerable to digital hijacking is spreading through companies in the U.S., Europe and Asia, already infecting close to 9 million machines, according to a private online security firm.

Fortunately, however, it may be a dud.

Though computer bugs have become a common affliction, Finland-based F-Secure says a virus it has been tracking for the past several weeks has surged more rapidly through corporate networks than anything they've seen in years.

But the virus doesn't appear to be working as its designers intended. F-Secure's chief security adviser, Patrik Runald, said the virus's coding suggests a type of bug that alerts computer users to bogus infections on their machines and offers to help by selling them antivirus software.

Instead, the virus is simply spreading to little effect, though it may still pose a threat to infected computers.

"The gang behind this worm haven't used it yet," F-Secure's chief research officer, Nikko Hypponen said by phone. "But they could do anything they like with any of these machines at any time."

Microsoft issued a security update Tuesday to deal with the so-called "Downadup" or "Conficker" virus, which appears to be a new version of a bug that popped up in October.

"Over the last couple of weeks, a new variant of this worm has been affecting customers," the company acknowledged in a blog post. Microsoft said the virus is spreading by gaining access to one computer and then guessing at passwords of other users in the same network: "If the password is weak, it may succeed."

A company representative couldn't immediately be reached Saturday to comment on F-Secure's estimate of infected machines.

Most computers with Windows will automatically download Microsoft's security update, but Hypponen said the virus disables updates on infected machines.

While the origin of the virus is a mystery, F-Secure's best guess is it came from Ukraine. Hypponen said it is coded to avoid computers there, which may indicate whoever wrote the virus was trying to avoid drawing attention from local authorities.

According to wikipedia "it would be pure conjecture to guess whether this should give us vīra, vīrua, or something else. There quite simply is no plural for this word in Latin."

They do explain that virii is incorrect as it would be the plural of virius but still even though medical literature uses viruses that is not technically correct either.


Do you speak Latin? I don't.

:confused:

Oops, edited. :oops:

I knew "import skynet" was a bad idea to run on my corporate network.

Friggn' Python.

Don't worry, John Connor will save us all.

Don't worry, John Connor will save us all.

That gives us a ton of hope.

Perhaps this was not really a "virus" in the way that we describe it now; perhaps it is a wake up call to show us how vulnerable we really are. In either case, it is pretty scary to have your data at the mercy of a virus that could do basically anything it wishes.

Actually, the majority of viruses that simply open telnet or SSH sessions to master servers and wait for instructions. Others connect to secret IRC channels and wait for orders. Some look for http servers at certain domain names that are generated based on the current date. In any case, it's not uncommon for a virus not to have a payload at first.

it's not uncommon for a virus not to have a payload at first.

So at what point do we call Arnold?

Im going to be honest, even though the bug may be a complete dud, an attempt to wake us up, or skynet waiting to activate the raptors...I sure am glad I switched to linux from windows last week...*shudder* ...raptors...

Conficker took down our company network last week for about 4 days. Our PDCs got infected and it just blew up from there. Luckily our servers that hold sensitive information run Red Hat.

That AP article clearly does not know what's going on. Even the F-Secure guy points that out.

I guess it's a good thing that I password protect all of my Windows Machines. Unfortunately, this means I will have to lock the BIOS on my dad's computer since he sucks at keeping viri off of it, and because he's on my network. #-o

If you think about it, since this virus can mutate on its own, it's very possible it could start affecting machines with WINE on them.

I never got affected by Blaster, My Doom, or Code Red, so I can assume that I won't get affected by this either.

I guess it's a good thing that I password protect all of my Windows Machines. Unfortunately, this means I will have to lock the BIOS on my dad's computer since he sucks at keeping viri off of it, and because he's on my network. #-o

If you think about it, since this virus can mutate on its own, it's very possible it could start affecting machines with WINE on them.

I never got affected by Blaster, My Doom, or Code Red, so I can assume that I won't get affected by this either.

WINE by default does not allow access to anywhere above ~/.wine, but some users might have it configured to do so...

WINE by default does not allow access to anywhere above ~/.wine, but some users might have it configured to do so...

It could still trash a WINE install if it got instructions to do so, or spy on your web browsing. It's always a bad idea to give WINE root permissions.

It could still trash a WINE install if it got instructions to do so, or spy on your web browsing. It's always a bad idea to give WINE root permissions.
My WINE install isn't oft used, so I don't really think it's a problem for me. Even then, I don't really do any web browsing with it.

WINE by default does not allow access to anywhere above ~/.wine, but some users might have it configured to do so... Couldn't be more untrue. By default, WINE's drive setup looks like this: