I just read an article on the web about the Storm worm.. In it they gave suggestions on how to avoid it. Switching to Linux wasn't one of them LOL!! I'm not worried ! LOL!

You mean this

http://www.snopes.com/computer/virus/storm.asp

Whoa! I got that email once. But when I saw video.exe that gave it away. Deleted it immediately:o

Has anyone heard about it? Wired wrote a pretty good article on this "new generation" of virus. I was pretty impressed with the design. I can't help but look at it as beautiful. I'm also glad I'm using Linux. Link here:
Gathering "Storm" Superworm (http://www.wired.com/politics/security/commentary/securitymatters/2007/10/securitymatters_1004)

Has anyone heard about it? Wired wrote a pretty good article on this "new generation" of virus. I was pretty impressed with the design. I can't help but look at it as beautiful. I'm also glad I'm using Linux. Link here:
Gathering "Storm" Superworm (http://www.wired.com/politics/security/commentary/securitymatters/2007/10/securitymatters_1004)

Hmm. At least they specified Windows PC. There are many other OS's one can use on a PC :razz:

Anyway, which version of Windows does this effect? All?
Also, what makes our boxes immune to it (or a similar thing targeted toward Linux?) Normally, would it require a password, force us to change the filetype (nautilus loves to warn me when the mime-type and file extension don't seem to match), and enable it to be executible? Are there different things about Linux that make it immune (less holes in the code, not every box is running the same stuff?)

Any security experts out there? :)

It is quite a problem with my Windows users at work. I too am happy to be on Linux!

Paul

Seems like you need to open an attachment. Haven't users learned not to open attachments yet?

Seems like you need to open an attachment. Haven't users learned not to open attachments yet?

Trust me, they haven't. It's like giving monkeys bazookas. :)

Hmm. At least they specified Windows PC. There are many other OS's one can use on a PC :razz:

Anyway, which version of Windows does this effect? All?
Also, what makes our boxes immune to it (or a similar thing targeted toward Linux?) Normally, would it require a password, force us to change the filetype (nautilus loves to warn me when the mime-type and file extension don't seem to match), and enable it to be executible? Are there different things about Linux that make it immune (less holes in the code, not every box is running the same stuff?)

Any security experts out there? :)
Yes, you'd need to do that to get a virus on Linux. A way to trick someone into doing that is to go "hey here's a deb!" and the user goes "ooo lemme try!" which is really no different from how a lot of Windows viruses get in. It's social engineering, and it's proof that PEBKAC is the biggest issue in security. The user might have to jump through 10 hoops to install the virus, but if he's gullible enough to believe that it'll REALLY give him naked pictures of $celebrity, he'll do it.

The average user has gotten better about not clicking on random attachments. Part of the problem with storm is that the hook e-mails are especially well-written. They use proper grammar, and usually refer to current events or tell you about "e-card" that someone sent you.

Linux won't run the trojan in this case, but that does not make us safe from the real threat, which is a massive DDoS attack. Like the author pointed out, no one yet knows what this botnet's controllers have in mind, but with the number of computer's they control, it could quite plausibly be something more akin to all-out online warfare rather than the usual "I pwned ur 'puter" attack.

It's pretty scary, IMO. If you'll recall, there was a massive DDoS that shut down the network of Lithuania earlier this year, for about a week. Some people speculated that the the storm botnet was behind it. Lithuania's a relatively small country, but the botnet keeps getting stronger.

The other thing that concerns me is that it's mainly people in the tech community who know about this. I've gotten all my info on this from Wired and Slashdot. I've yet to see anything about it in the big newspapers or network news stations.

The average user has gotten better about not clicking on random attachments. Part of the problem with storm is that the hook e-mails are especially well-written. They use proper grammar, and usually refer to current events or tell you about "e-card" that someone sent you.

Linux won't run the trojan in this case, but that does not make us safe from the real threat, which is a massive DDoS attack. Like the author pointed out, no one yet knows what this botnet's controllers have in mind, but with the number of computer's they control, it could quite plausibly be something more akin to all-out online warfare rather than the usual "I pwned ur 'puter" attack.

It's pretty scary, IMO. If you'll recall, there was a massive DDoS that shut down the network of Lithuania earlier this year, for about a week. Some people speculated that the the storm botnet was behind it. Lithuania's a relatively small country, but the botnet keeps getting stronger.

The other thing that concerns me is that it's mainly people in the tech community who know about this. I've gotten all my info on this from Wired and Slashdot. I've yet to see anything about it in the big newspapers or network news stations.

E cards have been known to carry virus for many years.

It's pretty scary, IMO. If you'll recall, there was a massive DDoS that shut down the network of Lithuania earlier this year, for about a week. Some people speculated that the the storm botnet was behind it. Lithuania's a relatively small country, but the botnet keeps getting stronger.
Yes, that would sure be the scary part.

E cards have been known to carry virus for many years.
You're right. In retrospect, I wish to retract the first sentence of my last post. :)

It's pretty scary, IMO. If you'll recall, there was a massive DDoS that shut down the network of Lithuania earlier this year, for about a week. Some people speculated that the the storm botnet was behind it. Lithuania's a relatively small country, but the botnet keeps getting stronger.

Wasn't it Estonia? Naaw, with the Baltic countries, who knows which one is which. In that way, they are the same as the Balkans. ;)

So I did some quick math and the 'Slammer' worm they talked about briefly in the article infected
75000 computers in ten minutes.
7500 in one minute
125 in a second...insane.

Has anyone heard about it? Wired wrote a pretty good article on this "new generation" of virus. I was pretty impressed with the design. I can't help but look at it as beautiful. I'm also glad I'm using Linux. Link here:
Gathering "Storm" Superworm (http://www.wired.com/politics/security/commentary/securitymatters/2007/10/securitymatters_1004)

great article and i agree with you - it IS beautiful and intricate and yet so destructive... i love reading stuff like this.

Wasn't it Estonia? Naaw, with the Baltic countries, who knows which one is which. In that way, they are the same as the Balkans. ;)
The who and where is beside the point the point is that it might be a really possibility. ;-)

Wasn't it Estonia? Naaw, with the Baltic countries, who knows which one is which. In that way, they are the same as the Balkans. ;)
Yeah, my bad. It was Estonia.

some more info from about 2 months ago:

http://www.usatoday.com/tech/news/computersecurity/wormsviruses/2007-08-02-storm-spam_N.htm

The other thing that concerns me is that it's mainly people in the tech community who know about this. I've gotten all my info on this from Wired and Slashdot. I've yet to see anything about it in the big newspapers or network news stations.

Zombie 'puters are the reason I carry a flash drive with Spybot S&D, AdAware SE, AVG Free AV, and AVG Rootkit everywhere with me. Any time I see a Windows computer, I check its protection levels, and if there's an expired anti-virus that is therefore out of date, I install my toolkit and clean it up. I call it "for the sake of my inbox" because zombies tend to send out spam.

great article and i agree with you - it IS beautiful and intricate and yet so destructive... i love reading stuff like this.
Nicely put. It's scary and could potentially make all our lives "heck," but at the same time it's a work of genius. If only these folks could use their talents for good purposes. :)

Nicely put. It's scary and could potentially make all our lives "heck," but at the same time it's a work of genius. If only these folks could use their talents for good purposes. :)
I have an idea of a good purpose that could come of the Storm virus...one day, all at once, all the infected Windows computers start doing even more stupid things than they usually do, and flashing "that's what you get for using Windows!" on the screen. That could get people to wake up and switch to something with some semblance of security.

There have been a few threads that have referred to this worm, but DAMN.. this thing is scary as hell. First read this:

http://wolfgang.lonien.de/?p=456
http://www.schneier.com/blog/archives/2007/10/the_storm_worm.html

And then you can look at a few threads where its briefly discussed:

http://ubuntuforums.org/showthread.php?t=411987
http://ubuntuforums.org/showthread.php?t=385473&highlight=Storm+worm+windows

So, what do you guys think? This could really be a big problem (not for Linux, but still the computer world). What do you guys think the makers of this thing intend to do? Hopefully someone will figure out a solution. At any time these guys could flip the switch and down MILLIONS of computers, and its only getting stronger. This could be business, and home use. Microsoft should really be onboard with trying to figure out a solution/rewrite some aspects of their OS, because this almost seems like it could be ECONOMICALLY DEVASTATING if left unchecked...

Thoughts?

I'm unconvinced that any OS is going to be safe if users are going to be downloading and running executables from untrustworthy places. If these idiots are going to run Video.exe they are going to run video.deb.

I'm unconvinced that any OS is going to be safe if users are going to be downloading and running executables from untrustworthy places. If these idiots are going to run Video.exe they are going to run video.deb.

well sure... once the virus is found though, Linux can be thoroughly modified, whereas windows cant... anything can be compromised these days.

But I didnt really want a discussion about how secure linux is. Im really concerned that this could SCREW alot of people a year down the road when quite possibly BILLIONS could be infected. Screw windows and linux at this point- that could be devastating to the computer world...

I hope the news about this gets stronger so I can convince more people to use linux :)

I find it funny how every thing seems to suggest it is some Russian cracker or the like, for all we know it could be corporate owned or managed by a state.

I find it funny how every thing seems to suggest it is some Russian cracker or the like, for all we know it could be corporate owned or managed by a state.

Do you mean like a back door being installed by the CIA, the German Government or by the United Secret Services Of All States?

Actually, it's a bunch of different trojans, not a worm or a virus.

Do you mean like a back door being installed by the CIA, the German Government or by the United Secret Services Of All States?

Not necessarily that extreme... but maybe an idle botnet that could be used as a weapon if it had to be... possibly some corporate plan to take out the competitor illegally... I dunno, fun stuff to wonder about. I hope that if the creator(s) get caught they become those mythical crackers who get paid to solve problems while in jail, too bad they can't be programming for OSS instead, obviously very good problem solvers.

Maybe a forum admin could merge threads or something.. I dont know how I missed this thread, which is discussing the same issue:

http://ubuntuforums.org/showthread.php?t=567650

There have been a few threads that have referred to this worm,

then why start another one?

then why start another one?

Hey hey, peace man :) They didnt really go into the effects it could pose, nor the possible affect on world economic climate should it manage to down millions of computers. Thats what I wanted to hear ideas on, but then I discovered the thread I posted above, which goes into those things. Had i have located it earlier, I wouldnt have made this thread.

Truce? :)

Hey hey, peace man :) They didnt really go into the effects it could pose, nor the possible affect on world economic climate should it manage to down millions of computers. Thats what I wanted to hear ideas on,

i don't get it. the one thread that didn't go into what you wanted to discuss could have easily gone that direction if you posted what you just posted above in that same thread.

no need to call a truce, i'm not upset about it, just pointing out something that's pretty obvious. ---->:KS

Best possible outcome here (other than just being Idle):

Downloads and installs Gutsy Gibbon on every computer in the botnet the day it comes out. That'd shoot our user levels up, would also probably flood the forums with threads like "WHERE IS TEH START MENUZ!?!?" and ""OOOOH SHINY CUBE" and "YOU MEAN YOU WANT ME TO **TYPE** SOMETHING TO INSTALL IT?!"

Best possible outcome here (other than just being Idle):

Downloads and installs Gutsy Gibbon on every computer in the botnet the day it comes out. That'd shoot our user levels up, would also probably flood the forums with threads like "WHERE IS TEH START MENUZ!?!?" and ""OOOOH SHINY CUBE" and "YOU MEAN YOU WANT ME TO **TYPE** SOMETHING TO INSTALL IT?!"

Thats the worst possible outcome...

Zombie 'puters are the reason I carry a flash drive with Spybot S&D, AdAware SE, AVG Free AV, and AVG Rootkit everywhere with me.

But will any/all of those detect Storm?

If Microsoft didn't limit the number of installs one could do with WinXP, I'd reinstall it on my housemate's computer at least once a month, if not more often.

Linux is not a viable option for my housemate. :(

xan

jonathon

But will any/all of those detect Storm?

If Microsoft didn't limit the number of installs one could do with WinXP, I'd reinstall it on my housemate's computer at least once a month, if not more often.

Linux is not a viable option for my housemate. :(

xan

jonathon

If you want to re-install Windows that often, you should consider running Windows in a virtual box.

Thus, you can copy the whole machine and restore it once a month. Keep the user data on a separate drive, and bob's your uncle.

Wow, it's incredible. The first awe-inspiring worm! Are we pretty much safe using Linux then?

/cuddles Ubuntu

Thats the worst possible outcome...

Just realised after i posted it that an influx of people like that would be a bad thing :D Still more Linux users, surely if they went to another forum it would be ok :D!

Very interesting about the worm, and that it's so elusive. Almost sounds like something out of some sort of movie...

I see it seems to affect most versions of Windows...does it also affect Vista?

Wow, it's incredible. The first awe-inspiring worm! Are we pretty much safe using Linux then?


Not really, the human engineering that it uses to get itself installed will work on Homo Linuxus as well as it works on Homo Windowus. As people say "here, have a .deb!" or "here, add this repo!" would work on some people.

Chances of the controllers changing tack and targeting the small and nimble Linux when they've got a large, slow-moving target like Windows is pretty slim, though. Which makes me feel all warm inside.

Technically it is pretty amazing, but obviously this is not a 1 or 3 man show, an amazing amount of planning and strategy has gone into this, I guess it is pretty impossible to find out who is behind this.

Good grief, this thing gets more like Skynet from the Terminator movies all the time. Now it's fighting back against the people trying to stop it:

http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/export/home/httpd/htdocs/news/2007/102407-storm-worm-security.html&pagename=/news/2007/102407-storm-worm-security.html&pageurl=http://www.networkworld.com/news/2007/102407-storm-worm-security.html&site=security