A New Windows Virus, Say it ain't so...

[BlueTsunami]

Heres another Windows Virus sure to make you all warm and fuzzy....

SINGAPORE (Reuters) - A new Internet virus has been detected that can infect Microsoft's (Nasdaq:MSFT - news) Windows platforms faster than previous computer worms, said an anti-virus computer software maker.

The ZOTOB virus appeared shortly after the world's largest software maker warned of three newly found "critical" security flaws in its software, including one that could allow attackers to take complete control of a computer.

The latest worm exploits security holes in Microsoft's Windows 95, 98, ME, NE, 2000 and XP platforms and can give computer attackers remote access to affected systems, said Trend Micro Inc. (4704.T).

"Since most users may not be aware of this newly announced security hole so as to install the necessary patch during last weekend, we can foresee more infections from WORM_ZOTOB," it said.

....nice

Appearently (what was stated in the article), this Virus infects your PC...writes itself to the registry....and connects to a IRC room which would allow "hackers" to fully control your PC (that makes me laugh). It also prevents the users PC from connecting to your online Virus updater by blocking the connection (Yipee!).

To finish everything off, heres a nice snipet of the article...

More than 90 percent of the world's PCs run on the Windows operating system and Microsoft has been working to improve the security and reliability of its software.

Heh, I've updated my Virus Software (EZ AntiVirus) but haven't checked my Windows updates..(I think the good'ol Yellow Shield I was seeing this morning was there for a reason)....What about all of you?

Source,

Zotob Virus - Yahoo! News

 

[silence]

there were 3 "crtical" holes and i patched 2 of them, i didnt bother with third cause i dont use IE at all... and this is nothing unexpected. with holes that were described it was a call for virus writers to exploit before people patch.... and its not that easy to patch all comps in bigger organizations, so this virus will prolly spread fast....

 

[BlueTsunami]

there were 3 "crtical" holes and i patched 2 of them, i didnt bother with third cause i dont use IE at all... and this is nothing unexpected. with holes that were described it was a call for virus writers to exploit before people patch.... and its not that easy to patch all comps in bigger organizations, so this virus will prolly spread fast....

Yeah, I work at a large WebBased company and they have a server devoted to patching Windows (its called Patchlink). Problem is..they need to test the patches first...then deploy. I'm not sure how there going to deal with this threat (since alot of the user here deal with customers and may have important information stored on their PC).

As far as the regular end-user at home, i'm not to sure. I guess thats what the streamlined updates are for...downloads the updates in the background and informs you when to install and when to reboot. This type of hand holding is needed I guess...but it does make it easier..instead of having to actually go to the update site on IE.

I wonder what percentage of PCs have AntiVirus installed on their PCs (generaly, worldwide on Windows based OS's)? This Virus has the potential to be a pain in the ass to remove (for the non experienced and non informed users)...

 

[Guden Oden]

I believe with some security flaws, it's enough to have IE (or other software) *installed* on your system for the vulnerability to be exposed. Anyway, why not patch it regardless of if you use the software or not? It's dumb to leave doors open, even if they're never used...

Besides, in regards to this new bug, I'd think a standard hardware firewall would be enough to stop this virus in its tracks. If the computer isn't visible from the web, how would it get attacked?

If it can be compromised anyway, a firewall blocking outgoing requests might be enough to stop the virus from connecting to that IRC channel, as well as spread itself further.

 

[digitalwanderer]

I want to just start beating friends of mine that I try to convert to FF/thunderbird after "fixing" their PCs, (removing all the spyware/viri that got installed thru 'em), and setting FF/T-bird up for 'em all nice and bullety-proof....but then they just HAVE to use IE "a couple of times" for some god-awful reason and then end up bringing their PCs back to me to "fix".

I'm trying a new trick with a friend of mines husband's computer I'm fixing, I'm changing all his IE shortcuts to point to FF instead so if he wants IE he'll have to bloody hunt the .exe down himself to fire it up.

(Well damn it, I couldn't even fix his PC this time...I had to do a fresh install. Doing a fresh install is easy, doing a fresh install and then setting up a PC to just the way it was before you did the fresh install but without the problems can involve some serious time/effort!)

 

[BlueTsunami]

(Well damn it, I couldn't even fix his PC this time...I had to do a fresh install. Doing a fresh install is easy, doing a fresh install and then setting up a PC to just the way it was before you did the fresh install but without the problems can involve some serious time/effort!)[/I]

hahhahahaha....thats why I created a base image (GHOST Image) of my PC and two dell laptops (which have the same hardware)..with all the Software fixings (Burning Software, Firefox, Microsoft Office...etc..etc).....I HATE having to set up a PC/Laptop to the way it was before.....

 

[silence]

I believe with some security flaws, it's enough to have IE (or other software) *installed* on your system for the vulnerability to be exposed. Anyway, why not patch it regardless of if you use the software or not? It's dumb to leave doors open, even if they're never used...

Besides, in regards to this new bug, I'd think a standard hardware firewall would be enough to stop this virus in its tracks. If the computer isn't visible from the web, how would it get attacked?

If it can be compromised anyway, a firewall blocking outgoing requests might be enough to stop the virus from connecting to that IRC channel, as well as spread itself further.

Microsoft's patch bandwagon rolled into town yesterday loaded with three critical updates among a total of six security alerts. A cumulative security update for Internet Explorer (MS05-038), a buffer overflow vulnerability in Windows Plug-and-Play (MS05-039) and a security bug in the Print Spooler service (MS05-043) all pose a severe hacker risk and earn Redmond's dreaded critical sobriquet.

Of particular note is a flaw in IE's JPEG image rendering that creates a means for virus writers to infect vulnerable systems simply by tricking users into viewing a malicious constructed image. The same IE mega-patch is also designed to address an error in the way COM objects are launched which could lead to memory corruption problems and a validation error revolving around the interpretation of certain URLs that creates scripting risks.

you have to run IE to be vulnerable and since i run it only for testing when i am not connected and for _ONE_ site, while having both firewall and AV running.... i simply dont wanna bother with updating that POS.....

 

[Rur0ni]

Sounds like a bot.

 

[Skrying]

Every new computer I build for people now are stripped of any access to IE unless they really want to dig it up.

I'm personally get pretty damn tired of people who simply cant be smart and use an alternative broswer. Be it Firefox, Opera or whatever, just dont use IE is all I tell to them. I even load up Firefox for them and offer to install and setup Thunderbird for them too. Totally painless for them basically, but nope. I guess they simply like bringing their computer to my shop and paying me $30 to run a few spyware programs and run a quick virus scan on my shop's network.

I think Vista should ship with a pop up quiz about proper computer use and safety. And instead of a "must activate within 30 days" type of thing, it should have a "must install Firewall and Anti Virus software within 30 minutes" type of thing.

 

[Guden Oden]

you have to run IE to be vulnerable and since i run it only for testing when i am not connected and for _ONE_ site, while having both firewall and AV running....

Well like I said, OTHER viruses don't neccessarily work the same way as this particular one.

i simply dont wanna bother with updating that POS.....

It's not a bother at all, IE patches install at the same time as other hotfixes. There's more bother in clicking away the checkboxes for IE patches every month than simply clicking yes to everything and get all updates in one go.

 

[ANova]

These type of viruses have been around for ages, this is just another that uses the latest exploits.

 

[silence]

i have auto updates turned off.... i only install "critical" updates that could really cost me.
like these last 2....
and i didnt bother with SP2 either....


as i said, i do NOT use IE. hence i really dont care about patches for that POS. only time i turn on IE is when i have to check if site that we are going to deliver to client works same in IE as it works in FF.... and then i am offline....

soon i will prolly be making some changes and that ONE site i have to visit with IE wont be needed any more.... so i could easily use nLite and make myself IEless winXP install and enjoy security.

all i know is that i can surf pr0n with FF for hours and not get _ANYTHING_, while if i use IE some spyware sneaks in for sure.
just 2 weeks ago one of clients asked me to check their home comp.....

2500 spyware related problems
11 viruses (mostly trojans)

and they had SP2 and auto updates on....

 

[Moloch]

You should really get SP2.
Nothing bad, just good updates, and no I don't have any problems with programs.
But I feel the same way, I just get critical stuff with automatic updates off.

 

[Pete]

Apparently the authors have been arrested already.

 

[silence]

Apparently the authors have been arrested already.

that doesnt change fact how vulnerable WIN systems are.... removing as much of M$ stuff from your computer can mkae it much safer....

i ran AdAware and SpyBot after 48 days and both found _NOTHING_ (after latest upgrades)
also my NOD32 is up-to-date.... plus Kerio....

as i said, i only patch really critical flaws that could make me harm.... having automated updates sometimes causes more problems then it helps....it didnt happen once....

 

[Frank]

I agree with silence. I do this stuff for a living, and with a router, FF and a virusscanner you're comletely safe. I never have problems with people and companies that use that. I don't even update and fix Windows more than once or twice a year, except when those people require that, to feel safe...

Really, it's no big deal. I'm more irritated (or rather, completely mad) with router vendors that sudenly "upgrade" their firewall to block everything *except* http and pop, even all outgoing packets. That made me very angry yesterday, as I have spend two days figuring it out, and got some annoyed customers.

Hey, hardware vendors, if you close down consumer stuff completely they turn off the firewall and add their own computer as "default server", otherwise they cannot game and download anymore. And STAY AWAY from the (semi-) professional stuff!!! Let the professonals (your customers) do their stuff. Don't make them mad!

[/rant]

Sorry, but too much security is like threatening people with getting killed by terrorists "if we don't do that". It's just fearmongering. STOP IT!!!



Five years ago, I worked at a large multinational, and people had the habit to send *everyone* each and every "new virus spam". You know. I had it with that, and one morning one of the high managers send such a warning spam to everyone in the whole region.

So, I answered him, that I didn't knew what was a larger problem: all those stupid virus danger spams every day, that got send to half the people in the company, or the actual virii, which never happened anyway, as it was our job (of the IT department) to make sure they didn't. And we know very well what we are doing, thank-you-very-much.

Fifteen minutes later, my boss asked if I could come along.

"Frank, you accidentally send that reply to all recepients as well as to the sender."

"Yes."

"The sender is one of the Big Bosses here."

"Yes, I know. But now those irritating mails are definitely gone."

"Ah. Hm. Heh. It's your problem if he doesn't like what you did, you know that?"

"Yes."

And they were indeed gone from that moment on, and I never heard anything more from it either.

 

[pcchen]

I have to say, not finding any spyware/viruses doesn't mean there's none. Furthermore, current computer OS are too complex for most people to understand completely. You never know when a bug which you think is not important will come back to bite you.

 

[silence]

I have to say, not finding any spyware/viruses doesn't mean there's none. Furthermore, current computer OS are too complex for most people to understand completely. You never know when a bug which you think is not important will come back to bite you.

agreed. but my point is that you, as user, can make things better for yourself.
one of things people tend to forget is that IE and Outlook Express share lots of code (some 30% i think) and that patching IE might leave same hole open in OE.

so why use them? there are many great mail clients and OE isnt anything special.
i am prolly building new machine soon, all fresh and first thing i will do before installing WIN is to create my own version on WIN using nLite. that will plug more holes then any updates/patches M$ sends.

and there have been too many patches that made your computer work slower or that opened 3 holes after patching one.....

 

[digitalwanderer]

And they were indeed gone from that moment on, and I never heard anything more from it either.

I think you've just described every single manager I had at US Steel back when I was working as a Level 2 SysOp!