PDA

View Full Version : A Cautionary Letter



lukjad007
September 14th, 2008, 05:31 PM
To my classmate:

To my classmate who gave me a file and told me to check it out. Thanks you. I asked if it was a trojan and you said no. So I activated it and a message popped up saying: "Virus activated. This computer will shut down in 20 seconds. All unsaved work will be lost." Then a second message "Computer over? Very Yes!"

We shared a chuckle as the computer rebooted. Or tried to. The "cool program" had deleted the files need ed for Windows XP to load. It deleted my boot record and a bunch of other files that you don't want to lose. Since no one in the class, even the teacher knew the master password, I had to make a full reinstall, not just a repair. In the process, XP deleted my Ubuntu partition. You swore that it was not your program. You said you really thought that it was just a funny joke "virus". I had no proof for the moment so I said nothing. Later after I had reinstalled Ubuntu (accidentally uninstalling Windows XP) I decided to take a look at your program.

It turns out that you did design it, at least in part. You even had the gall to sign it. Now, I'm no expert, but even I can tell that a line that says "del: \windows\..." is not there just to make a message pop up and can do bad things to a system. Now, I could have believed that you just downloaded it from some site had you not signed it. I spent five seconds looking at the code and saw the damage potential. Now, I don't want to spend 4 hours of class time reinstalling my two OSes, security devices, and software. So I have a request. The next time you want to Next time you feel like showing me how cool you are with a nifty little program you made, just do it on your own box.

Now, I said earlier that I wanted to thank you. Here is why. You taught me a few things, like how to install Windows XP, Avast Antivirus, Firefox etc.; you taught me never to trust anyone at work ir at school; and the best of all, you forced me to take a crash course in how a trojan works.

The last lesson is the most valuable right now since I had to show you my appreciation of your wit. I didn't want to just send give you your own trojan, that would show you I was only a copycat. To prove to you that I really cared, I modified your trojan to remove the nasty bits. After all, knowing you, you find yourself funny, but I doubt that you would find your own "humour" funny once it was directed at you. So while your computer will shutdown, it will start up any you will be missing no files. If you feel the urge to complain , please remember that I have copies of your "cool program" that trashed my system.

Another reason why I chose to let your system live is that we are different. I do not revel in the suffering of others. and I do not consider myself above the rules.

This is a warning. I will not stand for this type of rubbish. If you pull this type of prank again, I will notso kind. My terms are simple:

Leave me be,
Or learn about format c\.

Sincerely yours,

Lukjad007


(Please note that the last two lines are hyperbole.)

fatality_uk
September 14th, 2008, 05:49 PM
caveat emptor

lukjad007
September 14th, 2008, 05:56 PM
caveat emptor
Caveat venditor

sisco311
September 14th, 2008, 07:01 PM
Now, I said earlier that I wanted to thank you. Here is why. You taught me a few things, like how to install Windows XP, Avast Antivirus, Firefox etc.; you taught me never to trust anyone at work ir at school; and the best of all, you forced me to take a crash course in how a virus works.

trojan horse (http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29)

karellen
September 14th, 2008, 07:04 PM
It deleted my boot record and a bunch of other files that you don't want to lose. Since no one in the class, even the teacher knew the master password, I had to make a full reinstall, not just a repair. In the process, XP deleted my Ubuntu partition.

how can installing XP delete you Linux partition? I guess it just rewrote the MBR and Ubuntu couldn't boot. if you've had a live cd it could've been fixed... http://ubuntuforums.org/showthread.php?t=144602

lukjad007
September 14th, 2008, 07:06 PM
Is that what it is? I was not sure. Since there was no real other use (i.e. it was not pretending to install Openoffice) I wasn't sure.

lukjad007
September 14th, 2008, 07:08 PM
how can installing XP delete you Linux partition? I guess it just rewrote the MBR and Ubuntu couldn't boot. if you had live cd it could be fixed... http://ubuntuforums.org/showthread.php?t=144602
Thanks! I'll have to look into that.

smoker
September 14th, 2008, 07:38 PM
why didn't you scan it for viruses before you ran the programme?

bashveank
September 14th, 2008, 07:39 PM
Is that what it is? I was not sure. Since there was no real other use (i.e. it was not pretending to install Openoffice) I wasn't sure.

Well it's not a virus; a virus propagates.

cardinals_fan
September 14th, 2008, 07:42 PM
Why are you running as admin...?

t0p
September 14th, 2008, 07:47 PM
why didn't you scan it for viruses before you ran the programme?

I doubt very much a virus scan would have done much. Because I don't think the program in question was a virus. It didn't spread itself about.

If you want to split hairs for a definition, I guess it was a trojan horse. And not a very cunning one. The creator used social engineering to finesse his victim into loading it.

lukjad007
September 14th, 2008, 07:48 PM
I'll change the post to reflect that.

GepettoBR
September 14th, 2008, 07:48 PM
You should have done like in that old XKCD and written a tacky love poem to his MBR.

t0p
September 14th, 2008, 07:50 PM
Why are you running as admin...?

That's one of windows' big security faults isn't it? Everyone running as admin all the time cos apps need the privileges?

I'm asking, cos I haven't run windows in a while.

lukjad007
September 14th, 2008, 07:51 PM
Why are you running as admin...?
Default settings. I am at a tech school and that is how they set it up.

lukjad007
September 14th, 2008, 07:53 PM
You should have done like in that old XKCD and written a tacky love poem to his MBR.
Drat! Too late. :)

chewearn
September 14th, 2008, 07:55 PM
Why are you running Windows?

cardinals_fan
September 14th, 2008, 07:56 PM
Default settings. I am at a tech school and that is how they set it up.
Why would they possibly set up computers at a tech school with admin privileges? Somebody handling the computers made a really dumb decision.

GepettoBR
September 14th, 2008, 08:04 PM
Why would they possibly set up computers at a tech school with admin privileges? Somebody handling the computers made a really dumb decision.

Unlike most Linux distros, Windows doesn't tell you that you don't have privileges if you're not admin - it just refuses to do anything admin-related. So I can see why it's necessary to run as administrator in a tech class. The fault isn't with the people at pinky's school, but with the way Windows was designed.

lukjad007
September 14th, 2008, 08:08 PM
@cardinals_fan
Well, I need to install and configure networks. That sounds pretty much like an admin task... :)

cardinals_fan
September 14th, 2008, 08:12 PM
Unlike most Linux distros, Windows doesn't tell you that you don't have privileges if you're not admin - it just refuses to do anything admin-related. So I can see why it's necessary to run as administrator in a tech class. The fault isn't with the people at pinky's school, but with the way Windows was designed.
*shrug*

I'm using Windows with a limited account right now.

bingoUV
September 14th, 2008, 08:16 PM
how can installing XP delete you Linux partition? I guess it just rewrote the MBR and Ubuntu couldn't boot. if you've had a live cd it could've been fixed... http://ubuntuforums.org/showthread.php?t=144602

Easy, the user might have asked windows to format whole hard disk and install. Since he was installing for the first time, he may not have noticed.

pp.
September 14th, 2008, 08:19 PM
So I can see why it's necessary to run as administrator in a tech class. The fault isn't with the people at pinky's school, but with the way Windows was designed.

It's not the OS that's unsafe, but the user. You just don't open suspicious documents in an adminstrative account. You don't open any documents there if you can help it. You use the administrative account the shortest possible time. And if you need an account that can be thrashed, you use a virtual machine which can be restored by just copying the image.

lukjad007
September 14th, 2008, 08:34 PM
Just so you know, I was in an account that was setup by me. It had admin powers but was not the admin account. We are using 10 year old PCs that have anywhere from 4-30 gig HDs and 128-256 RAM. We cannot run virtual boxes. I cannot even install 8.04. As for the package, yes, I should have been suspicious. But then again, he had worked to gain my confidence. I put a measure of trust in him. It turns out that it was unfounded. I have learned from this experience.

pp.
September 14th, 2008, 08:40 PM
I have learned from this experience.

Welcome to the club. I would think that most people who know what I outlined above have paid their tuition, much as you did.

GepettoBR
September 14th, 2008, 09:01 PM
It's not the OS that's unsafe, but the user. You just don't open suspicious documents in an adminstrative account. You don't open any documents there if you can help it. You use the administrative account the shortest possible time. And if you need an account that can be thrashed, you use a virtual machine which can be restored by just copying the image.

I disagree from your use of the word "dangerous". Surely, giving the default account admin privileges isn't dangerous strictu sensu since it isn't a direct cause for any problems, but it makes them a whole much easier to happen. It is a lack of safety, which I, at least, consider equivalent to danger. In Linux, for example, running the famous "rm -r /" will do nothing if you don't have root access, but will trash your system if you do. That's the danger of an admin account, and that's what I meant - sorry if I was ambiguous.

pp.
September 14th, 2008, 09:12 PM
I disagree from your use of the word "dangerous". Surely, giving the default account admin privileges isn't dangerous strictu sensu since it isn't a direct cause for any problems, but it makes them a whole much easier to happen. It is a lack of safety, which I, at least, consider equivalent to danger. In Linux, for example, running the famous "rm -r /" will do nothing if you don't have root access, but will trash your system if you do. That's the danger of an admin account, and that's what I meant - sorry if I was ambiguous.

I don't quite see if your post is meant in reply to mine since mine does not mention the word 'dangerous' at all.

Still, you can trash your linux or unix machine by doing things in an administrative account or by executing those things using administrative privileges.

The same is true for Windows. When you routinely use an account with administrative powers you run the same risks as you would doing so in linux or unix.

In fact, you can use an account in Windows without any administrative privileges and execute your individual adminstrative commands with the privileges of an administrative account. It might not be as complete or convenient as sudo and co in linux, but it's there, and it's been there at least since Win2k, possibly in NT.

bingoUV
September 14th, 2008, 09:23 PM
Just so you know, I was in an account that was setup by me. It had admin powers but was not the admin account. We are using 10 year old PCs that have anywhere from 4-30 gig HDs and 128-256 RAM. We cannot run virtual boxes. I cannot even install 8.04. As for the package, yes, I should have been suspicious. But then again, he had worked to gain my confidence. I put a measure of trust in him. It turns out that it was unfounded. I have learned from this experience.

It happens. It has nothing to do with computers/Ubuntu/Windows. It was just a breach of trust which could have taken place by your opening of a parcel from your friend which had a spring loaded sharp nail carefully arranged to injure the opener.

There is a whole paradigm difference when dealing with real flesh-bone-blood human beings as compared to dealing with their online representations i.e. email,online identity, webservers etc.

Distrust is the first thing you should think when dealing with the online entities. HTTPS, and not certified by a good root CA? Get suspicious.

But you don't have a choice in trusting a (so-called) friend. Even if it results in some harm to you, it is imperative to survive socially. Your life wouldn't remain worth living if you start distrusting each and every friend/acquaintance/relative. Warn a few others about this jerk, and move on.

lukjad007
September 14th, 2008, 09:27 PM
@pp.

How do you set up an account like that? Is have time to do that tomorrow so I mind as well set it up.

lukjad007
September 14th, 2008, 09:30 PM
@BingoUV

I'll get over it. I just am a little mad. Thanks for the support.

pp.
September 14th, 2008, 09:36 PM
@pp.

How do you set up an account like that? Is have time to do that tomorrow so I mind as well set it up.

Create two accounts.

One is the 'harmless' one which has just user privileges. This is the one you are going to work in from now on when mailing, browsing the web, opening word documents with macros and whatever plain users do.

Create another account which has all privileges required to perform your administrative tasks. Mine, for example, has local admin and domain admin privileges, which has quite a potential to do some damage.

Whenever you want to execute a 'dangerous' command, you locate the command in the start menu or in its folder in the file system. Right-click on the command while holding the shift key on the keyboard. Select 'run as' (or equivalent, I know the German command which is 'ausführen als'). A dialog then pops up which lets you enter the name and the password of the powerful administrator's account.

You can run the command prompt window that way, if you have to.

lukjad007
September 14th, 2008, 09:49 PM
Thanks! I'll try that.

GepettoBR
September 14th, 2008, 09:56 PM
I don't quite see if your post is meant in reply to mine since mine does not mention the word 'dangerous' at all.

Still, you can trash your linux or unix machine by doing things in an administrative account or by executing those things using administrative privileges.

The same is true for Windows. When you routinely use an account with administrative powers you run the same risks as you would doing so in linux or unix.

In fact, you can use an account in Windows without any administrative privileges and execute your individual adminstrative commands with the privileges of an administrative account. It might not be as complete or convenient as sudo and co in linux, but it's there, and it's been there at least since Win2k, possibly in NT.

Sorry, you said "unsafe" - I really should form the habit of proofreading my posts. This sudo-like Windows feature you mentioned is a big part of Vista's "new" security solution, so I imagine it was something of a hidden setting on previous releases? I have never heard of it, but then again I always operated Windows with an administrative account - my computer security was always based on who I trusted to send me files, and I was lucky enough not to run into any jackass friends like Pinky did.

pp.
September 14th, 2008, 10:41 PM
This sudo-like Windows feature you mentioned is a big part of Vista's "new" security solution, so I imagine it was something of a hidden setting on previous releases?

As I said above, it's already there in Win2k and possibly in NT. I have no way of checking that. All it takes is a shift-rightClick. Many applications have menues with options which are displayed only when the the menu is shift-clicked.

RedPandaFox
September 15th, 2008, 12:22 AM
If I were you id have sent a file that when opened, had a pop up saying some thing like
"Windows has detected a "hard virus" intended to damage hardware"

Then get a program to speed up the fan so its loud and a VB to pop the DVD drive in and out then have another message

"CPU detected at dangerous temperature level action required before CPU meltdown"

And watch his reaction :)

Iv seen it done once before but it was with someone, a little dim... She ran out of the room screaming... It was at a lan and she was just there to try and get movies

lukjad007
September 15th, 2008, 12:28 AM
Well, I didn't have the time to come up with another one. Plus, I prefer the poetic justice of him sweating on his own trojan.

GepettoBR
September 15th, 2008, 01:01 AM
Well, I didn't have the time to come up with another one. Plus, I prefer the poetic justice of him sweating on his own trojan.

I agree. Your response was among the best possible responses.

lukjad007
September 15th, 2008, 01:05 AM
Thanks. I really didn't want to start a "my horse is better than your horse" thing. Just to scare him off.

jimi_hendrix
September 15th, 2008, 02:06 AM
If I were you id have sent a file that when opened, had a pop up saying some thing like
"Windows has detected a "hard virus" intended to damage hardware"

Then get a program to speed up the fan so its loud and a VB to pop the DVD drive in and out then have another message

"CPU detected at dangerous temperature level action required before CPU meltdown"

And watch his reaction :)

Iv seen it done once before but it was with someone, a little dim... She ran out of the room screaming... It was at a lan and she was just there to try and get movies

i am so learning how to write one of those


Plus, I prefer the poetic justice of him sweating on his own trojan.

you must be really patient...my reaction would involve a shut down script in his boot folder for dos (at least i think that possible and a boot folder exists?!)...

zmjjmz
September 15th, 2008, 02:08 AM
Thanks! I'll try that.

Or you could try suDown.

cardinals_fan
September 15th, 2008, 02:27 AM
you must be really patient...my reaction would involve a shut down script in his boot folder for dos (at least i think that possible and a boot folder exists?!)...
Nice one.

aysiu
September 15th, 2008, 02:32 AM
Or you could try suDown.
Or, better yet, SuRun.

Ptero-4
September 15th, 2008, 06:57 AM
Why not free some TB of your "friend´s" HD by removing all the garbage in his "windows" folder like he did with your´s.

lukjad007
September 15th, 2008, 11:23 AM
lol
But then he would run crying to the teacher.

jimi_hendrix
September 15th, 2008, 11:51 AM
lol
But then he would run crying to the teacher.

say you didnt know it would happen

lukjad007
September 15th, 2008, 12:09 PM
I'm like Superman. I nerver lie. ;)

3rdalbum
September 15th, 2008, 12:49 PM
why didn't you scan it for viruses before you ran the programme?

A virus scanner only finds viruses that it knows about. Since the virus was something that the classmate wrote and gave only to the poster, a virus scanner will not detect it.