nice touch.. two part virii are improving ....without opening all the "worm cans" again ..weren't M$ supposed to have fixed the Mydoom openings somewhere in their latest batch of patches ..

Was this a related or seperate attack:
[webmasterworld.com...]

who's patched? my mom's not patched. Patches are only downloaded by savvy users. Which are always a minority.

related attack..
be nice to your mom ..install ff chez elle

You've provide quite a sensational heading to your post grelmer.

Virus using Google to attack microsoft.com

I must say you can make it to a successful script writer.
;>)

Google has nothing to do with it. Still it will be interesting to see if anything happens to microsoft.com

Just goes to show there are vulnerabilities for everyone regardless of your OS. If hackers were to turn their energies against Unix or the Mac or anyone else for that matter instead of M$ , they would be, well, doomed.

Very true statement. I agree that the less common browsers and OS (like Opera and Unix) are currently more secure. But it is not because they are better programs. It is simply because they are much less visible targets.

or better yet install the auto-updates for your mom

It is simply because they are much less visible targets.

And, of course, less *valuable* targets. With IE boasting over 90% market share, no-one should be surprised that virus-writers target it. One of the many flip-sides to success.

I bet who ever is doing this is very happy!

This reminds me that I still need to get the adware on my computer off. The sad thing for me is nothing is working to get it off.

People dont virus windows because its more used...its just more susceptable to virus'. For a start there is not code in the OS to stop any program talking to any other program, unlike linux/unix which has a single core (you mighta heard of it, its called the kernal). This means that programs running in Linux need to be OK'd by the kernal before it can do anything, whereas microsofts botch job of an OS lets everything talk to everything else without a process authorisation code. I know of plenty of so called hackers and script kiddies that try to write proggies to kill linux but its just too difficult to get anywhere so they just kill Micro$oft Windblows instead! Only when the internet came out and people started writing code in javascript to try and bring a processor down did linux start to worry, but again, most holes have been ficed in linux to counter this...which was done about, oh, i dont know, 100 years ago say, lol Whereas were still waiting for microsoft to trap bad executaion code in IE6. As for Apple Macs, as much as I dislike em, theyre also based on linus, hence the very few actual virus problems youve seen for them.

Also, the reason a lot of people have MS Windows is because people not in the know buy their PC from companies like PCWorld who automatically throw Windows onto the machines, coz its easier. Hence the amount of people out there with windows. Might I mention gamers...they aint gonna go out n install Linux either coz no bugger writes games for it.

Basically what I am trying to say is: windows sucks......

Windows = Costs money and doesnt do what it should.
Linux = Costs bugger all and is safe as houses.

'nuff said, and im out.

Love n kisses

Me

rj87uk, the reason why windows runs that way is most people don't want to and/or don't know how how to manage all the permissions and processes like a linux sysadmin - Windows basically runs as root on most systems kinda like lindows does with linux and for the same reason - ease of use.

Troo, thats the reason most people shouldnt have PCs in their homes. Only let the techs use PCs...the world would be a better place.
Anyone found with a pc and no tech licence would be shot at their pc/doorstep. lol

asta

robotsdobetter said:

This reminds me that I still need to get the adware on my computer off. The sad thing for me is nothing is working to get it off.

Try SpySweeper.

rj87uk, that is a little drastic to shoot them on their first offence. I propose a $1,000 fine for the first time they do something stupid with a computer, the second time you can shoot them while shouting out loud RTFM! And yes be nice to all mothers and install the updates for them :)

But to get back on topic, I wonder what the next variation of this virus will target and if it will have a revenue stream built into it?

I have my fathers computer set for auto-updates. It was the only way I didn't have to re-install the O.S. every 2-3 months.

Virus guys come up with some great trickery. I only wish they'd devote that skill to improving the computing experience.

Was this a related or seperate attack:
[webmasterworld.com...]

Actually, not related.

This one didn't use any server vulnerabilities. It simply used the initial virus to infect and create backdoors in as many PCs as possible, as quickly as possible, by scanning not only that PC for e-mail addresses (an old trick), but by also using that PC to launch search queries on Google, Yahoo, and other search engines, looking for more domain names and e-mail addresses.

It also sent off a "report" saying "this PC is infected", and left a list of other PCs infected on the machine, so that the secondary worm could come along and rapidly migrate across a wide range of boxes with a vulnerability built in.

The second worm is the one that launches the DDOS against microsoft.

It's a very complicated strategy for a virus/worm denial of service attack. Someone put a lot of time, thought, and effort into this.

In MS's favor: I've checked their site a couple of times today, and their servers are responding just fine. I'm guessing there's a horde of server admins sitting glued to their keyboards right now in Redmond.

I haven't run any MS updates since they changed their EULA, and I never will. Of course, I haven't used outlook since I worked at intel in 99 and I was requiired to, and I only use IE to check pagerank and compatability on my own site.

As for linux, there are vulnerabilities that you can exploiit, you just can't do all that much with them. There are also enough differences that you just can't assume that what your virus wants to use will be where it needs to be for them to use it.

superpower, Windows XP does not really provide an easy way to run as anything but Administrator. XP Home home has two choices: an account that can do everything and an account that can do nothing (only has access to My Documents). With that kind of choice, of course people choose Administrator.

On Unix-type systems, methods for temporarily elevating priveleges (su/sudo) are used by the GUIs, so when you are installing the OS they make you create a regular account, and later just ask for the root password when you want to do something that a regular user can't do, like install software or modify system-wide settings. Mac OS X and some graphical desktops (like KDE and Gnome) for other *nix OSes use this system, and it works quite well.

grelmar..

Where does is state in either of the articles you posted that this virus combo acutally uses Google to attack Microsoft? I would be very cautious making such a claim without definitive proof...very serious claim you are making...

>Where does is state in either of the articles you posted that this virus combo acutally uses Google to attack Microsoft? I would be very cautious making such a claim without definitive proof...very serious claim you are making...

From a quick read of the URLs cited, this virus combo *doesn't* use Google to attack Microsoft. That would imply somehow compromising Google. The malicious code here just *searches* Google, and uses the results from those searches as part of the attack.

virus combo *doesn't* use Google to attack Microsoft.

I guess "Virus uses government networks to attack Google" would be just as "accurate".

Mydoom M used Google and the other SE's to spread by using them to query for domain names and email addresses from an infected machine.

Google IS used as a part of the attack. Look at the description of MyDoom M [f-secure.com].

The purpose of the spread of Mydoom M was to provide a large number of willing zombies for Zindos to come along and exploit for it's attack on microsoft.com

The way they work hand in hand, and came out in such rapid sequence, is highly suggestive they were created by the same author/team. If the first used Google (and the other SEs) to aid in its propogation, then the SE's are a part of the methodology of the attack on microsoft dot com, which is the end result the attacker was trying to achieve.

There is no lapse in the logical sequence.

I did not mean to imply that Google was infected. But Google doesn't need to be infected to be a part of the attack. It simple has to exist as a valuable search tool.

[edited by: grelmar at 2:23 am (utc) on July 29, 2004]

Google have a witty description of the problem up at their blog - [google.com...] from their VP of operations Urs Hoelzle.

The only thing Google did was supply the email addresses people. Nothing more.

To correct rj87uk Mac OS X is not based on Linux. If you're too lazy to check a fact like that in google here is a link you might find enlightening.
[kernelthread.com...]

It could be argued it is based on BSD which is a different operating system than Linux using a different kernel.

"Nothing is as terrible to see as ignorance in action."
--Goethe

So has anyone dissected this thing to find out when it's going to hit M$? Or does anyone have a copy they want to send me so I can dissect it? :)

f-secure is working on it, and have it fully decoded, methinks, but they're being sparse with the details.