Microsoft working with the feds; Virus attacks may be terrorism

WORLD TRIBUNE ^ | 8/21/03 | World Tribune Staff Writer

[Pro-Bush]

Microsoft working with the feds; Virus attacks may be terrorism

Evidence gathered by Microsoft, the FBI, and the Secret Service on the worldwide attacks made against computers running the Windows operating system fits the profile of "terrorist activity."

Industry sources citing Microsoft officials told World Tribune.com that recent attacks against from the "Blaster" worm and its variants, coupled with an email virus called "SoBig-F" show signs of a coordinated attack by an entity wanting to disrupt world commerce. Microsoft is cooperating with both the FBI and the Secret Service and will report their findings in the next few days.

While at present no terrorist organizations have claimed responsibility for these attacks in cyberspace, Microsoft is an obvious target for terrorists as the largest, most recognizable, and most profitable software company in the world.

The Blaster worm exploits a flaw in the Remote Procedure Call (RPC) component used by Microsoft Windows, the operating system installed on an estimated 90 percent of all home and corporate desktop computers worldwide.

A patch was made available free of charge by Microsoft in July 2003, but few home or corporate users downloaded the fix. The Blaster worm seeks out any Internet-enabled Windows computer without the fix, installs malicious code that takes control of the computer, and beings attacking a Microsoft corporate Web site used to distribute software fixes to Windows users. SoBig-F is a rehash of a virus first spread by hackers in January 2003. The "F" strain clogs e-mail systems full of messages with subjects like "Re: Details" and "Re: Wicked screensaver," and then installs a "Trojan horse" program that is used to spit out thousands of copies of the virus from the victims' computers.

Microsoft officials said the company is working proactively to halt the spread of the Blaster and SoBig attacks by encouraging Windows users to regularly update their computers using the free Windows Update feature in Windows 2000, XP, and Server 2003.

Late Wednesday afternoon, Microsoft posted two "critical updates" to Windows Update that fixed flaws in their Internet Explorer Web browser and a collection of common Windows operating system components that would "allow an attacker to compromise a Microsoft Windows-based system and then take a variety of actions, including executing code." Sources inside Microsoft say that up to three more of these critical updates will be released in the next few days to coincide with the Blaster and SoBig-F investigation.

[Pro-Bush]

Hmmm. This could get interesting. Who would want to halt world commerce?

[lelio]

show signs of a coordinated attack by an entity wanting to disrupt world commerce

Its disrupting world commerce alright, Microsoft's share of it. People should wake up and realize that MSFT is the world's biggest virus petri dish maker.

[milan]

People should wake up and realize that MSFT is the world's biggest virus petri dish maker.

I work in IT and I love the absolute ignorance of these comments. If Linux was on top, the virus/worm activity would be directed at them. This is the typical "success should be punished" mentality that the Democrats display.

[Pro-Bush]

c'mon you can't blame microsoft for this one...They are the biggest Gorilla out there, it is obvious that any hacker would attack the Windows OS platform to acheive maximum damage.

[Peace will be here soon]

Maybe it is the wake-up call everyone needs. If more people and companies would pay closer attention to protecting their systems, this kind of stuff wouldn`t happen for the most part.

[LibKill]

It's probably some bored geek kids with WAY too much time on their hands. Of course, they should be shot when caught. There is no excuse for this kind of vandalism.

[RWG]

This is the typical "success should be punished" mentality that the Democrats display.

The blue screen of death is success?

[goodseedhomeschool (returned)]

Terrorists was my first thoughts on this. I had over 118 sobig spams in my email this morning. Clogged everything. It really makes you stop and think about some very important computer systems and how it would effect those. Shuddering here....

[lelio]

I work in IT and I love the absolute ignorance of these comments.

You can think what you want about MS being the biggest so that it is the biggest target, but that's like saying as GM's the largest car maker it can have the most defects as people are looking for them.

And is that supposed to make me feel any better the next time a virus like this comes out? And it will in another 6 months to a year, and probably after MS says "No way will this ever happen again."

[milan]

If more people and companies would pay closer attention to protecting their systems, this kind of stuff wouldn`t happen for the most part.

You're right. Microsoft is very good about releasing patches and making it easy to install. For that matter, RedHat and Mandrake are also very good about ease of updates. "What's that he said; RedHat needs updates?!?" < / sarcasm>

99% of virus problems are from people too lazy or uninformed about updates and virus protection.

[milan]

And is that supposed to make me feel any better the next time a virus like this comes out? And it will in another 6 months to a year, and probably after MS says "No way will this ever happen again."

Then use Linux and shut up!

[TomGuy]

Hate to burst your petri dish, but if MSFT ceased to exist tomorrow, the Linux, or the replacement would be the next target.

Whenever any other platform becomes a significant platform, then it will become susceptible to cyberattacks.

[milan]

I haven't had a virus in years...apparently you had. Where's the problem? The OS or the user?

[lelio]

The blue screen of death is success?

Well it is ... it means another system won't be sending me a "Wicked screensaver" or a notice about a movie I should see.

Hrmmm ... I wonder if I could configure my firewall so that if I notice an incoming SoBig email I'll nmap their IP address and see if I can send them a winpopup message that says "Patch your machine, dork"

[Dog Gone]

Who would want to halt world commerce?

Has anyone investigated whether Nancy Pelosi knows how to create viruses?

[Pro-Bush]

Maybe it is the wake-up call everyone needs. If more people and companies would pay closer attention to protecting their systems, this kind of stuff wouldn`t happen for the most part.

Symantec & Network Associates (McAfee) are making some big bucks this quarter. Those companies will be the next sweethearts on wall street.

[milan]

The blue screen of death is success?

Most blue screens happen when windows is booting and it usually gives a decent error message.

Have you ever had a failed boot on Linux or Unix? Try solving those. A blue screen is a welcome crash. Figure out a Unix SCSI boot problem then come complain about a blue screen. Windows is easy.

[milan]

Hrmmm ... I wonder if I could configure my firewall so that if I notice an incoming SoBig email I'll nmap their IP address and see if I can send them a winpopup message that says "Patch your machine, dork"

Considering the conversation, I don't think you could do this.

[Pro-Bush]

Terrorists was my first thoughts on this.

I am still in that camp

[glorgau]

And it wasn't terrorism before 9/11?

MS operating systems are hit by the most viri because they are the easiest thing to hit. The technical sophistication of the latest MSBlaster virus was childish. The idea of having executables attached to email in Outlook and Outlook Express is downright stupid. MS could have cleared much of their vunerability if they didn't want to leave "hooks" in their applications. The "hooks" are their so they can screw over any possible competitors. this is well documented behavior since the DR-DOS, Lotus 1-2-3 days. To say that this is "terrorism" is nothing more than the opportunistic ramblings of some marketing droid. Can we all say FUD?

< rant >
It is just pathetic what most moron users will accept in the computing world. People work with the melange that is a Microsoft operating system and think that is the way the world must be.
< /rant >

[lelio]

Hrmmm.... Howard Dean is a big time blogger. Makes one wonder. If I see him with a can of Jolt Cola I reckon its him.

I'm waiting for the next SoBig variant that scans your hard drive and then emails out images it finds under "My Pictures" Dang could that be embarassing.

[ninenot]

APparently not, because this AM's reports on the virus indicated that it ALSO masks the sender address.

Interestingly, I got a virus from what appeared to be a Microsoft email to me--about 60 days ago. The virus was not at that time defined by Norton--but it was about 3 days later. The message was 'Response to your Question.'

Didn't cause any problems for me, except the box got a little slower--just a little--and on my regular Norton update day, after the download and scan, it told me I had a virus.

Cleaned up, no problem since. I think.

[Pro-Bush]

Has anyone investigated whether Nancy Pelosi knows how to create viruses?

I don't think so, but I believe Barbara Boxer can.

[milan]

I'm waiting for the next SoBig variant that scans your hard drive and then emails out images it finds under "My Pictures" Dang could that be embarassing.

With as many pictures as I have, it might bring the internet down... ;)

[Pro-Bush]

Tell me how you REALLY feel about Microsoft...</sarcasm

[knews_hound]

We think alike.

Cheers,

knews hound

[Malsua]

>>Hate to burst your petri dish, but if MSFT ceased to exist tomorrow, the Linux, or the replacement would be the next target. <<

Yup. Linux is still a target.

Wanna do an experiment? Get a REDHAT 6.anything version. Secure it but use it like a real server with an Open FTP port and a few other services.

It will be comprimised and rooted in a few days or less.

I kept up with patches, kept my linux box as current as I knew...then I got a call from my ISP that said my IP was port scanning any number of financial houses.

I unplugged it and found a hacker's toolchest buried deep in the man pages. Complete with updated PS, Grep, and a number of other tools that hid the activity. The wank had both ethernet interfaces in promiscuous mode all the time and had logs of all the activity. Thank god for HTTPS.

I unplugged it and bought a cheap hardware solution for my at home NAT needs. Just take a look at all the patches out there to fill security holes on 'nix boxes. It's as many as any Windows system.

-Mal

[jude24]

I've gotten over a hundred today, as well.

Thankfully, my ISP virus-scans my email, and I also have Norton Antivirus and ZoneAlarm installed on both my computers. But most people dont bother with what I have done.

[milan]

You said it all. Linux and Unix are as suceptible as Microsoft. You just don't hear about it as much.

The Microsoft attacks are in line with "well, Honda Civics are the most widely stolen vehicles on the planet...we should sue Honda! Can't they do something to keep the thieves from stealing them." The whole time the thieves are stealing them; not because they are easy to steal, but becuase their numbers are greater and they are easier targets becuase of their commonality.

[rivercat]

Who would want to halt world commerce?

Well, aside from Al Qaida, how about the Linux open-source crowd? :)

[MizSterious]

Makes ya go "hmmmmm...."

[milan]

Well, aside from Al Qaida, how about the Linux open-source crowd? :)

Should have left the smiley off the sentence...you are probably more correct than the FBI.

[ex-Texan]

*BUMP* !

[lelio]

But most people dont bother with what I have done.

And that's what kills me about this: those of us that lock our doors are having to fend of a million zombie burglars as some people are just plain lazy.

If it just mucked up their own computer and spews their own personal information then I wouldn't mind. Heck I would laugh at seeing a copy of someone's nekkid picture that they kept under My Pictures.

Is "Kim Commando" the PC call in lady still on the radio? Perhaps if you've been a SoBig spreader you should be forced to go to a Boot Camp at your expense.

[snooker]

The terrorists put the holes in crappy windoze then exploited them to disrupt the economy.

I knew it wasn't the software designers fault or duty to build a decent secure product.

[Robert_Paulson2]

fight terrorism...
download linux or another unix distro that does not have the "come and kill me" entrances for computer viruses.

macs work nicely.. but osx is a unix.

[jacquej]

Is the reason Macs seem less vulnerable to viruses that there are fewer of Macs used, or is it that the OS system is more resistant to attacks?

I have always wondered about that.

[rivercat]

You're right. I work with a bunch of enviro-socialist-linux-open-source nutballs that would like nothing more than to see corporate America brought to its knees.

[jude24]

Maybe ISP's ought to start requiring that you buy an antivirus and a firewall to get internet access. It would certainly make their job easier.

[milan]

macs work nicely.. but osx is a unix.

As much as I defend Microsoft, I will say this: the only software package I can get to crash on OS X in my office...is MS office X. Kinda funny.

[milan]

enviro-socialist-linux-open-source nutballs

Can I use that?

[Robert_Paulson2]

Have you ever had a failed boot on Linux or Unix?

no not for three years.... but hey, I almost never have to "reboot" unless I am adding a new video card or something.

last time it was so long between reboots, I had to lookup my year old password, I had forgotten it...

[Gorzaloon]

The blue screen of death is success?

What's that, something like a bomb icon?

[lelio]

ISPs could do a lot to confront this by blocking outgoing SMTP and NetBios attempts. Force users to send email through their own servers unless they have some sort of agreement otherwise. Don't allow incoming Windows file sharing requests.

Just doing those two things will stop 90% of the viruses out there.

[milan]

You are right, but answer me this: Can you take your average Windows user and let them loose on Linux?

[MarkL]

Have you ever had a failed boot on Linux or Unix? Try solving those. A blue screen is a welcome crash. Figure out a Unix SCSI boot problem then come complain about a blue screen. Windows is easy.

"Double Panic!"

Fun stuff!

Mark

[Gorzaloon]

Is the reason Macs seem less vulnerable to viruses that there are fewer of Macs used, or is it that the OS system is more resistant to attacks? I have always wondered about that.

They are less vulnerable to worms and viruses for exactly the same reason no one could steal my Studebaker with a key.

[jacquej]

That doesn't help me much, lol! I dunno about Studebakers and keys...

[Lael]

I'm waiting for the next SoBig variant that scans your hard drive and then emails out images it finds under "My Pictures" Dang could that be embarassing.

Actually, the 'payload' could include a variation of Norton Utilities [tm] Undelete function and a search for deleted JPEGS prior to the E-Mail out function.

Whether or not there is pornography, just the use of all that bandwidth for images would take the Internet down.

Since I am not in the Virus writing club, if I could think of it, I'll bet someone is working on it if not already done.

Symantec maintains a vast encyclopedia of viruses. Very, very few make it "into the WILD."

Figuring out a method of distribution that is 'overwhelming' seems to be the thing that stops most viruses.

[joanil]

So, by your reasoning MS is success?

Ooops, time to reload windows again.
My Microsoft OS 95/98/2k (add as needed) has become inoperational again....................

Gee , now is fun.
All my desktop stuff is vanished
Golly, lets load windows again,
surely our programs are safe now............

Oh my, it crashed again...............
can anyone save my valuable data?!?

Sorry, you did choose MS as your vendor did you not????
If so.............. Reload Disk./>