homepage Welcome to WebmasterWorld Guest from 54.225.57.156
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Google / Google News Archive
Forum Library, Charter, Moderator: open

Google News Archive Forum

This 31 message thread spans 2 pages: 31 ( [1] 2 > >     
Virus using Google to attack microsoft.com
DDOS against microsoft.com coming in the next few days.
grelmar




msg:169607
 9:43 am on Jul 28, 2004 (gmt 0)

The virus gangs are getting cute.

The Mydoom-M virus which was responsible for the on again off again problems for Google, Yahoo, Lycos and Altavista by using them to find email and domain addresses, was aparently the first part of a staged attack against microsoft.

Mydoom M left a back door which is rapidly being exploited by a secondary worm, named Zindos A, whose purpose is to launch a disdributed denial of service against microsoft.com

So, MS, one of the big "search" winners as a result of the temporary problems suffered by Google et al on Monday, is set to take an even bigger hit as a result.

I don't know if it's poetic justice , or what.

What I believe is that this is one of the most deeply thopught out DDOS attacks ever created.

[f-secure.com...]

[f-secure.com...]

 

Leosghost




msg:169608
 9:54 am on Jul 28, 2004 (gmt 0)

nice touch.. two part virii are improving ....without opening all the "worm cans" again ..weren't M$ supposed to have fixed the Mydoom openings somewhere in their latest batch of patches ..

amznVibe




msg:169609
 10:12 am on Jul 28, 2004 (gmt 0)

Was this a related or seperate attack:
[webmasterworld.com...]

Namaste




msg:169610
 10:14 am on Jul 28, 2004 (gmt 0)

who's patched? my mom's not patched. Patches are only downloaded by savvy users. Which are always a minority.

Leosghost




msg:169611
 10:41 am on Jul 28, 2004 (gmt 0)

related attack..
be nice to your mom ..install ff chez elle

webnewton




msg:169612
 12:17 pm on Jul 28, 2004 (gmt 0)

You've provide quite a sensational heading to your post grelmer.
Virus using Google to attack microsoft.com

I must say you can make it to a successful script writer.
;>)

Teknorat




msg:169613
 1:04 pm on Jul 28, 2004 (gmt 0)

Google has nothing to do with it. Still it will be interesting to see if anything happens to microsoft.com

duckhunter




msg:169614
 1:15 pm on Jul 28, 2004 (gmt 0)

Just goes to show there are vulnerabilities for everyone regardless of your OS. If hackers were to turn their energies against Unix or the Mac or anyone else for that matter instead of M$ , they would be, well, doomed.

goodroi




msg:169615
 1:20 pm on Jul 28, 2004 (gmt 0)

Very true statement. I agree that the less common browsers and OS (like Opera and Unix) are currently more secure. But it is not because they are better programs. It is simply because they are much less visible targets.

finer9




msg:169616
 1:46 pm on Jul 28, 2004 (gmt 0)

or better yet install the auto-updates for your mom

michael heraghty




msg:169617
 2:50 pm on Jul 28, 2004 (gmt 0)

It is simply because they are much less visible targets.

And, of course, less *valuable* targets. With IE boasting over 90% market share, no-one should be surprised that virus-writers target it. One of the many flip-sides to success.

robotsdobetter




msg:169618
 3:13 pm on Jul 28, 2004 (gmt 0)

I bet who ever is doing this is very happy!

This reminds me that I still need to get the adware on my computer off. The sad thing for me is nothing is working to get it off.

rj87uk




msg:169619
 3:31 pm on Jul 28, 2004 (gmt 0)

People dont virus windows because its more used...its just more susceptable to virus'. For a start there is not code in the OS to stop any program talking to any other program, unlike linux/unix which has a single core (you mighta heard of it, its called the kernal). This means that programs running in Linux need to be OK'd by the kernal before it can do anything, whereas microsofts botch job of an OS lets everything talk to everything else without a process authorisation code. I know of plenty of so called hackers and script kiddies that try to write proggies to kill linux but its just too difficult to get anywhere so they just kill Micro$oft Windblows instead! Only when the internet came out and people started writing code in javascript to try and bring a processor down did linux start to worry, but again, most holes have been ficed in linux to counter this...which was done about, oh, i dont know, 100 years ago say, lol Whereas were still waiting for microsoft to trap bad executaion code in IE6. As for Apple Macs, as much as I dislike em, theyre also based on linus, hence the very few actual virus problems youve seen for them.

Also, the reason a lot of people have MS Windows is because people not in the know buy their PC from companies like PCWorld who automatically throw Windows onto the machines, coz its easier. Hence the amount of people out there with windows. Might I mention gamers...they aint gonna go out n install Linux either coz no bugger writes games for it.

Basically what I am trying to say is: windows sucks......

Windows = Costs money and doesnt do what it should.
Linux = Costs bugger all and is safe as houses.

'nuff said, and im out.

Love n kisses

Me

superpower




msg:169620
 3:45 pm on Jul 28, 2004 (gmt 0)

rj87uk, the reason why windows runs that way is most people don't want to and/or don't know how how to manage all the permissions and processes like a linux sysadmin - Windows basically runs as root on most systems kinda like lindows does with linux and for the same reason - ease of use.

rj87uk




msg:169621
 3:57 pm on Jul 28, 2004 (gmt 0)

Troo, thats the reason most people shouldnt have PCs in their homes. Only let the techs use PCs...the world would be a better place.
Anyone found with a pc and no tech licence would be shot at their pc/doorstep. lol

asta

Milamber




msg:169622
 4:08 pm on Jul 28, 2004 (gmt 0)

robotsdobetter said:
This reminds me that I still need to get the adware on my computer off. The sad thing for me is nothing is working to get it off.

Try SpySweeper.

goodroi




msg:169623
 4:11 pm on Jul 28, 2004 (gmt 0)

rj87uk, that is a little drastic to shoot them on their first offence. I propose a $1,000 fine for the first time they do something stupid with a computer, the second time you can shoot them while shouting out loud RTFM! And yes be nice to all mothers and install the updates for them :)

But to get back on topic, I wonder what the next variation of this virus will target and if it will have a revenue stream built into it?

satanclaus




msg:169624
 4:28 pm on Jul 28, 2004 (gmt 0)

I have my fathers computer set for auto-updates. It was the only way I didn't have to re-install the O.S. every 2-3 months.

Virus guys come up with some great trickery. I only wish they'd devote that skill to improving the computing experience.

grelmar




msg:169625
 5:06 pm on Jul 28, 2004 (gmt 0)

Was this a related or seperate attack:
[webmasterworld.com...]

Actually, not related.

This one didn't use any server vulnerabilities. It simply used the initial virus to infect and create backdoors in as many PCs as possible, as quickly as possible, by scanning not only that PC for e-mail addresses (an old trick), but by also using that PC to launch search queries on Google, Yahoo, and other search engines, looking for more domain names and e-mail addresses.

It also sent off a "report" saying "this PC is infected", and left a list of other PCs infected on the machine, so that the secondary worm could come along and rapidly migrate across a wide range of boxes with a vulnerability built in.

The second worm is the one that launches the DDOS against microsoft.

It's a very complicated strategy for a virus/worm denial of service attack. Someone put a lot of time, thought, and effort into this.

In MS's favor: I've checked their site a couple of times today, and their servers are responding just fine. I'm guessing there's a horde of server admins sitting glued to their keyboards right now in Redmond.

BigDave




msg:169626
 5:09 pm on Jul 28, 2004 (gmt 0)

I haven't run any MS updates since they changed their EULA, and I never will. Of course, I haven't used outlook since I worked at intel in 99 and I was requiired to, and I only use IE to check pagerank and compatability on my own site.

As for linux, there are vulnerabilities that you can exploiit, you just can't do all that much with them. There are also enough differences that you just can't assume that what your virus wants to use will be where it needs to be for them to use it.

greyhat




msg:169627
 5:17 pm on Jul 28, 2004 (gmt 0)

superpower, Windows XP does not really provide an easy way to run as anything but Administrator. XP Home home has two choices: an account that can do everything and an account that can do nothing (only has access to My Documents). With that kind of choice, of course people choose Administrator.

On Unix-type systems, methods for temporarily elevating priveleges (su/sudo) are used by the GUIs, so when you are installing the OS they make you create a regular account, and later just ask for the root password when you want to do something that a regular user can't do, like install software or modify system-wide settings. Mac OS X and some graphical desktops (like KDE and Gnome) for other *nix OSes use this system, and it works quite well.

decaff




msg:169628
 6:50 pm on Jul 28, 2004 (gmt 0)

grelmar..

Where does is state in either of the articles you posted that this virus combo acutally uses Google to attack Microsoft? I would be very cautious making such a claim without definitive proof...very serious claim you are making...

rfgdxm1




msg:169629
 12:01 am on Jul 29, 2004 (gmt 0)

>Where does is state in either of the articles you posted that this virus combo acutally uses Google to attack Microsoft? I would be very cautious making such a claim without definitive proof...very serious claim you are making...

From a quick read of the URLs cited, this virus combo *doesn't* use Google to attack Microsoft. That would imply somehow compromising Google. The malicious code here just *searches* Google, and uses the results from those searches as part of the attack.

jcoronella




msg:169630
 1:13 am on Jul 29, 2004 (gmt 0)

virus combo *doesn't* use Google to attack Microsoft.

I guess "Virus uses government networks to attack Google" would be just as "accurate".

grelmar




msg:169631
 2:16 am on Jul 29, 2004 (gmt 0)

Mydoom M used Google and the other SE's to spread by using them to query for domain names and email addresses from an infected machine.

Google IS used as a part of the attack. Look at the description of MyDoom M [f-secure.com].

The purpose of the spread of Mydoom M was to provide a large number of willing zombies for Zindos to come along and exploit for it's attack on microsoft.com

The way they work hand in hand, and came out in such rapid sequence, is highly suggestive they were created by the same author/team. If the first used Google (and the other SEs) to aid in its propogation, then the SE's are a part of the methodology of the attack on microsoft dot com, which is the end result the attacker was trying to achieve.

There is no lapse in the logical sequence.

I did not mean to imply that Google was infected. But Google doesn't need to be infected to be a part of the attack. It simple has to exist as a valuable search tool.

[edited by: grelmar at 2:23 am (utc) on July 29, 2004]

edit_g




msg:169632
 2:18 am on Jul 29, 2004 (gmt 0)

Google have a witty description of the problem up at their blog - [google.com...] from their VP of operations Urs Hoelzle.

Teknorat




msg:169633
 6:44 am on Jul 29, 2004 (gmt 0)

The only thing Google did was supply the email addresses people. Nothing more.

Muskie




msg:169634
 5:03 pm on Jul 29, 2004 (gmt 0)

To correct rj87uk Mac OS X is not based on Linux. If you're too lazy to check a fact like that in google here is a link you might find enlightening.
[kernelthread.com...]

It could be argued it is based on BSD which is a different operating system than Linux using a different kernel.

"Nothing is as terrible to see as ignorance in action."
--Goethe

j4mes




msg:169635
 6:43 pm on Jul 29, 2004 (gmt 0)

So has anyone dissected this thing to find out when it's going to hit M$? Or does anyone have a copy they want to send me so I can dissect it? :)

grelmar




msg:169636
 7:31 pm on Jul 29, 2004 (gmt 0)

f-secure is working on it, and have it fully decoded, methinks, but they're being sparse with the details.

This 31 message thread spans 2 pages: 31 ( [1] 2 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google News Archive
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved