Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Linux Software

Pro-Linux Mail Trojan Running Around 148

Xeno noted a story making the rounds about a Pro Linux Virus. Well, they're calling it a vrisu, but its a trojan. Its a flash thingee embedded in emails. It mails itself, and then renames zips and jpegs to have have a Pro-Linux message. Very bad advocacy, but when I turn off Dad Mode, I gotta laugh about it.
This discussion has been archived. No new comments can be posted.

Pro-Linux Mail Trojan Running Around

Comments Filter:
  • Read that as `big-indian` for a moment! Amusing!
  • I think it's this thing called Windows, I heard about it when playing XBill. It seems to take over your computer and spit out the word "Microsoft" all over the place. Microsoft gave a half answer to it, called FORMAT.EXE and even there own version of FDISK, but they also encourage people not to use it.

  • What does encrypting te meat have to do with the DMCA?
  • Thanks for the info on ESR, that has nothing to do with the subject. On robes, note that they are worn by judges, clerics and academitians. Whatever!

    Only during ceremonies or official duties. I don't recall there being a history of, nor official use of, long flowing robes in computer science and/or engineering. And least, not in the last 300 years.

    As for it being irrelevant -- no, it's not irrelevant. The point demonstrated is that zealots don't necessarily follow logic or clear thinking when pushing their position on other people. This includes ESR -- though he's not even in the same league of fruitloops as RSM.

    What have you done with your life, Simon Cookie? Your homepage, dripping with sappy poetry and a copyright notice(!), does not show much.

    Plenty, thanks. The copyright notice is because -- guess what? -- the site is copyright to me. That includes all articles posted therein, and all the material on it. If you want more details, I'm afraid you'd have to ask me privately. Let's put it this way; I've done a lot more at my tender age of 25 years than most people have done by age 40.

    Simon
  • i don't know that i'd trust every 'real' linux user to have half a brain, but it's entirely possible that you are essentially correct. it's a time honored political tradition to slap a few of your opponents stickers on car windows so that they are difficult to remove...which is pretty much what this sounds like to me.
  • So?

    This is intended to fix the security holes of people who are completely clueless...people dumb enough to run something from an unknown source. People with any common sense wouldn't trust the "benign virus" they received to be a benign virus. They, however, also would not accept a real virus, so their computers aren't the ones that need fixing. People without common sense would run the benign virus or a real virus, which is the whole point. And whether or not a benign virus is created is unlikely to affect the number of viruses those users receive, and they aren't likely to pay enough attention to news about viruses to realize there is a benign virus out there. (If they paid attention to news about viruses, they would not run a supposedly benign program without absolutely knowing it was benign, and there is no problem. Any conscientious news program mentioning there was a benign virus would also warn not to believe that was what you received.)

    I assume that you aren't trying to argue that this provides people important code to work with to create viruses. That code is already out there. In fact, this virus would likely be constructed using known code that any cracker can alrady access.

    So... affects the intended targets
    no increased threat to anyone
  • Your suggestion would be effective initially, but within a matter of weeks some script kiddie (or more likely, several dozen) would just create a lookalike "trojan", even including a helpful or educational disclaimer, but with a malicious payload. The original benign "trojan" would not only be disregarded and avoided, its creator might even be blamed for the script kiddie's version.

    You have to remember the whole principle trojans operate on: masquerade as something helpful and then do something harmful. This principle will work even on another trojan.

    -The One God of Smilies =)
  • For as long as Windows allows .exes to run without user-intervention, these incidents will continue to hit the press. Windows needs a file-system that allows a umask 177 [askjeeves.com]. Actually, since 9x only respects the last field (other), that's pretty irrelevant, anyway.

    These incidents come and go and in 3 months, another virus will take down several thousand Win PC's and we'll read about it on ZDNet, but, the desktop will still run Win-something.

    Since it's not going to change any time soon, I'll silently chuckle at these little outbreaks hoping my e-mail never chmods anything +x without my permission. As far as this being a black mark for Linux; hardly. The only ones paying attention to that element aren't Windows users, anyway. >:)

    Linux rocks!!! www.dedserius.com [dedserius.com]
  • The philosophical differences revolve around the terms open source and free. Java is neither, all claims to the contrary. Linux, at least in theory, is both.

    I simply don't understand the authors "at least in theory" part. Hell, what means the word "Linux" for him??

    --
  • It is a nice theory.. but I know enough rabid stupid Linux users to believe that a Linux user pulling something like this off isn't implausible.

    Linux's greatest enemy isn't Microsoft, it's the zealots within its ranks.

  • I can see it now: the dreaded vrisus and jabberwockys scampering around on a green irish field, playing in the sun...

    I'm of 100% Irish heritage, but I don't go out in the sun all that much. More a child of the night.

    --
    Evan "JabberWokky" E.

  • Well if one were to pronounce it with an American accent i.e. the "u" at the end becomes an "uh" which sounds like an "a", it would sound a lot like...Vrisuh...Frizuh...Frieza!

    Now I'm worried ;-)
  • Many, many times... I'm at one of those famous Fortune 500 companies the anti-virus types refer to, and I get these .exe and/or .vbs attachments all the time - users are obviously still clueless enough to open them.

    If we could have a "Bitchslap Utility" to give such users a wake-up call after they run said attachments, that would be damn useful...

  • I think whoever made this post is confused. This Trojan isn't pro-Linux... It's one of the the more anti-Linux thing any Windows user could do to other Windows users. The media will get ahold of this and portrey it as "those baby Open Source people are not resorting to dirty little tricks to try to promote Linux." It looks *really* bad.
  • Vrisu...didn't he have a dream that created the world?
  • Six months? Shit, if it were any more destructive, it would set us back 9 years (1990 ring a bell?)

    But you are absolutely correct -- with one exception. There are immature people in all aspect of computer technology. Hence the reason we have virii today, eh?

    I think its these idiots who grab the mike at every possible (in)convenience.

    In my opinion, these virus authors are about as sorry as crackers.
  • Is there no way that you Slashdot wizards can prevent idiots like this from linking to that stupid asshole picture anymore? I've seen it 4 or 5 times on SlashDot and it always pisses me off. Juvenile cretins. Grow up!
    With Regards,

    Phillip H. Blanton
  • your proxy blocks M$N?? Is your company taking resumes??
  • the word vrisu as vrisu, Ahh there it goes again!!

    ive.also.got.the.one.that.disables.the.space.on. th e.keyboard.

    Wanted: Slashdot editor, must be incapable of spelling simple words when excited. Helps if you have keyboard that remaps the tab key as a submit button.

    In all fairness though, he got all the right letters..
  • Nope - not at all. MSNBC regulary carries articles that aren't exactly in MS's favour either.
  • link is right try try again i checked it before i posted angelfire sucks like that
  • You know, I thought of this, but isn't that usually done at Haloween :-}
  • It alters data.. If only the file name, it still changes data, and leaves the possiblilty of doing damage. Since it also emails itself around mabey virus-worm is a better term.

  • by aim4min ( 100897 ) on Friday December 01, 2000 @04:55AM (#589315)
    It seems that even after patch after patch of the MS outlook system, virus still spread like wildfire. MS should employ a virtual machine to run attachments, that way it could sandbox the application. If it does not do any damage, then it can be let loose into the real operating system. Virus have been getting more and more complex. Connecting to newsgroups, sending email... what's to stop them from quiety sitting on your computer (not doing ANYTHING) just spreading... and then one day, some malicious hacker launches a DDOS against yahoo or something.
  • "vrisu" is probably the Hindu god of malign stupidity: the kind of stupidity, that knows it's stupid to do something some way, yet perseveres it the folly. The kind of stupidity, that could lead to a Darwin award [darwinawards.com].

    Stefan.
    It takes a lot of brains to enjoy satire, humor and wit-

  • by CvD ( 94050 )
    Hey, I came accross a "usefull" virus once. When run, it installed dnet.exe, the client for Distributed.net. How's that for useful? Most people have way too many MHz for their own good anyway.

    Cheers,

    Costyn.
  • Having only today spat the dummy at the users here on the subject of binaries of unknown source (no harm was done as it turned out, but it's the principle of the thing), may I recommend to UK sysadmins that they draw to their users' attention section 3 of the Computer Misuse Act 1990, which makes it an offence punishable by up to five years in Her Majesty's Holiday Camp to cause a computer to do anything unauthorised that damages data with intent to damage data.

    If you explain to them what types of attachment are likely to do this, and that therefore they have no excuse, the threat(rather thin, as it happens, where it's stupidity rather than malice) of prosecution should concentrate their minds rather nicely.

  • If all it is is a flushing toilet, then it isn't huge at all. Even the largest game I have ever made in Flash, with .mp3 soundtrack and a mind boggling vector count, was only 3 megs big. Even if the flushing toilet animation were produced at 2000 by 2000 size, it wouldn't be that large. My average animation is only 30KB. What is the deal?
  • and I type 100 words/min with 2 fingers.
    ________________________________________________ __
  • You rang commisioner?
  • Nothing involving people is that simple. People try to think about what they do, but not all the time, not very clearly, and almost never with complete information. It's messy. In this case, the incomplete information ("There's a benign trojan, and this is what it looks like", or, "It can be ok to run random email attachments") would do far more damage than the code would do good.

    The only way a plan like this could do more good than harm would be if it was completely secret. And in that case, the original poster would not have heard of it, and it wouldn't be discussed on Slashdot. ;-)

  • This is nothing more than a script kiddie giving the linux world bad publicity. How often is it that a whiny, opinionated, immature h4ck3r convinces a corporation to change OS paradigms?

    Clearly, the way for us Linux zealots to take over the world is the same way the Russians gave Napoleon the smack-down: we just have to wait until MS products begin to weaken companies' infrastructures (uh, kinda like freezing your ass off in a Siberian winter, kinda) and THEN maybe we can hire John Doe to send out an e-mail worm or something.

    Blah, I don't know. I'm just very unimpressed with this.
  • WRONG SOLUTION, damnit!

    You should never, ever let your OS take care of files. You should *always* open a program, and let the program try to open the files. Letting the operating system guess on the file types is doomed to failure, and its like -begging- to get infected by bad things.

    The idiot that moderated you up should be shot for stupidity.

    --
  • Bravo! Bravo, bravo, bravo!!!

    This is a black eye for Linux. Shame on Commander Taco for thinking this is funny. Because it isn't. I hope they find zl4xym432@yahoo.com and fsckn' give him the Mitnick treatment.


    ---- Hey Grrl Geeks! Your very own geek news site has arrived!

  • by JanneM ( 7445 ) on Friday December 01, 2000 @04:35AM (#589326) Homepage
    Well, they're calling it a vrisu,

    I can see it now: the dreaded vrisus and jabberwockys scampering around on a green irish field, playing in the sun...

    Sorry.

  • What? Are you joking? I can't tell. Seriously. What the hell are you talking about?

    If you're not joking, are you implying Windows can't figure out what its own binary looks like? Wtf?

    If you are joking, not funny.
  • As the subject says: don't jump to conclusions. It could just as well be an immature Linux hater who thinks that he has found a nice way to cause some harm to The Enemy.

    --

  • What more can I say?

    Flavio
  • This trojan is a Windows .EXE So it was developed under Windws and only runs on Windows, and we are supposed to believe that it was created by a Linux User/Advocate. It also preports to be TUX, yet does not even know his real name, mistaking it for "The Penguin"

    This does not ring true to me!

    A M$ supporting fifth columnist attempt at black propaganda seems more likely to me.

    Just consider the ethics of your average Linux advocate compared with M$. Throw in a little history of M$ FUD and Black Propaganda, it wouldn't surprise me if this came from M$ themselves.

  • This is such a stupid argument. I don't care if /usr/bin/gcc gets deleted, I'll just reinstall it. If all of my personal work gets deleted it's much more painful. Now tell me again how permissions help me?

    First, You will care if your registry or important system DLL gets deleted (since you won't be able to boot). Second, if you need to run an untrusted attachment, you would do so as nobody to contain the damage. As nobody chroot-ed to /usr/local/jail if you want to be even more careful.

    In a networked environment, you will really appreciate a proper concept of permissions and untrusted users when the nitwit in the next cubicle runs a trojan and loses everything, but all of YOUR files on the same server are fine.

  • ......that the original site talking about this "bad press for Linux" trojan is MSnbc.com? Nah, no competitive motivation here at all.
  • by Mike Connell ( 81274 ) on Friday December 01, 2000 @04:37AM (#589333) Homepage
    > Well, they're calling it a vrisu, but its a trojan

    Well, whatever it is, it certainly isn't a "vrisu". Isn't that a Hindu God for something?

    Mike.
  • by Gothmolly ( 148874 ) on Friday December 01, 2000 @04:37AM (#589334)
    Good thing that the flash plugins for linux-netscape never seem to quite work, and so remain uninstalled.
  • I am not catching the logic here. the slashdot crowded average IQ seems drop 10 points every month. Now it seems much nearer to the the average IQ of a m$ window users.
    What does the action of ONE single person got to do with linux? So what the bloody hell if a single linux user write a trojan or whatever they called it. Windows users does that ALL the time. Okay that's not the main point. But just ask yourself this logical qn, if one out of americans is a black-hating, wife raping, child molesting communist, are all the other americans the same?
    I do think that the writer of the original message pretty much a child himself
  • Sigh. Although they say that any news on a product is good marketing, don't actions like this just make the Linux community seem like a bunch of script kiddies who can't control their urge to do "destructive" stuff in order to spread the word about Linux? Is this a good move in this movement to try to establish Linux in such markets as the business world?
  • Has anybody calculated the number of people kept employed due to virus outbreaks and the millions of $ generated into the economy due to the spikes on sales charts of anti-virus companies?

    Viruses are bad. Very bad.

    At least, that's what symantec and McAfee say. They should know, they wouldn't exist if it weren't for them.

    If it weren't for hypocrisy, this industry would have collapsed a long time ago.

    w/m
  • again it works try again
  • Damn, I knew I would see this on Slowdot, having seen it on several other newssites! ;-)
  • <Conspiracy Theorist> It's obviously been written by microsoft in order to make people nervous so that when they see Linux they immediately think of evil Haxors that will try to steal their Quicken files.</Conspiracy Theorist>

    To whoever wrote this: thanks a lot. I've received an attachment virus on a Windows machine in the past; I did not click, I sent it over to my Linux box for examination. The things not only are stupid to write as their only intent is to cause trouble, they have no challenge; any two bit hacker could write one in no time at all. You want to further the linux cause, like most of us on slashdot do, go out and write some beautiful code that fills a niche that Microsoft doesn't cover, or donate to one of the many projects out there. Destruction is easy, building is much more rewarding in the end when it's time to look at what you've done.

  • How long will it be before the author of this virus comes up with another one which, upon excecution:

    1.) Downloads the kernel
    2.) Alters the MS startup files to install/run linux
    3.) Reboots

    Or something more clever than that?
  • Too bad you published your father's picture.


    The willingness of humanity to follow without question is the fall of them.
  • Christ, Wes... ;)

    --
    "Give him head?" [pdqsolutions.com]
  • Linux users don't use windows. How could they then write a virus on windows?
  • The virus cause an email to be sent to z14xym432@yahoo.com [mailto] so I suppose you can email your comments to him/her there.
  • by cr0sh ( 43134 ) on Friday December 01, 2000 @09:01AM (#589346) Homepage
    Why do these people write these? Why do people CONTINUALLY get infected by them?

    What I really don't understand is why someone hasn't written a benign virus/trojan - same manner as the Mellisa/ILOVEYOU trojan, except that when run by the clueless, it would remove any other trojan VBS scripts (or quarantine them) on the machine, ask to send copies to "friends" (upon which it would email itself to people on the address list), then remove itself from the machine.

    If the "hacker" wanted to go further, he could place a little "Agree or Disagree" EULA/disclaimer at the beginning the user would have to agree to in order for the code to run. He could also insert a little "educational" note on why the virus ran, and how to protect against future attacks by less benign viruses in the future (up to and including installing Linux?). Finally, he could encrypt the "meat" of the VBS trojan, and put a little blurb in the EULA about the DMCA clauses prohibiting the alteration or creation of software to remove copyright controls on software.

    Such a "hack" would be more worthy of a /. story than this dreck - which is only going to serve to harm the Linux community in general.

    Worldcom [worldcom.com] - Generation Duh!
  • www.linuxgod.net/uptime.py

    Ooops you can't view that, It requires you have python. Because everyone knows python on winblows sucks, and no one can get it to work because it doesn't exist for the M$ platform.

    Flash works fine on here, I don't have any problems with it. It may run slow on your machine, but it runs as fast as Quake3 (130fps) on here. Too bad winblows can't run Quake3 that fast with a V3.

    And you don't have the choice to modify your driver so your fucked.Windows [geocities.com] doesn't even have as many drivers as Linux 2.4. No, not even your 2000. [geocities.com]Count them. Learn a thing or 2. Windows lacks software, and hardware support. You are digging your own grave by going there. Why not back up your claim with facts instead of shooting into the wind? You have no facts for your claims. You are living in your own little dream world, I believe everyone can see that just by looking at your idiotic posts. While your living in your home|network world, and wondering why the hell your OS is taking up 111 of your 128mb of ram with LITTLE or NO network utilities, and 3 days uptime, im sitting here running an entire site with over 130 visitors a day running off 64mb ram and a 200mhz processor with 11 services running, and an uptime of 107 days [netcraft.com]. Thats somthing that M$ can't even beat [netcraft.com]. Much less you [geocities.com].

    Just a Notice to you. You will not be able to reply to this account any longer because you are now blocked to myself and other readers starting at 3:00am CT, (1 1/2 hours from now) today. This account will be frozen and used for profile, and having-the-account-just-for-the-hell-of-it-because -linuxgod-is-the-name-of-a-machine purposes. I hope you can figure out the nick I will be under from now on, ( which is my gaming NIC, and was created on this site a year ago ), it will be fun as hell. GoodBy


    The willingness of humanity to follow without question is the fall of them.
  • You should never, ever let your OS take care of files. You should *always* open a program, and let the program try to open the files.

    Right. Your shell has no business opening up that file, scanning for the #! line, and passing it off to the interpreter. You should *always* type "sh filename" or "perl filename" or whatever. In fact, you'd better put the full paths to the interpreter and script in there, just in case someone screwed with your PATH variable.


    Chelloveck
  • The bad news: this virus set back the Linux movement nearly one year.

    The good news: on NASDAQ, RHAT is now trading in the 200 range, LNUX at 180.

    ;-)

  • Perhaps in this situation though, this particular trojan was concocted by a MS advocate that is afraid of how close Linux is getting. Wants to put a bad spin on things. Dunno, just a thought.

    Is this because Linux users are by nature not malicious, petty, vengeful, or stupid?

    Please -- open your eyes. You're dealing with people here. In any given sample, you'll have a certain number of misguided kooks who don't have a clue. Does the fact that it was a stupid thing to do automatically mean that it wasn't a Linux user? Nope. Sorry. The OSS community has its fair share of kooks and idiots too (as evidenced when ESR turned up to that Windows Refund thing in a jedi robe... what a schmuck).

    Simon
  • i use windows on two of my machines at work, i got hit. linux users don't always have a choice about whether or not they get to run linux 100% of the time. hell, if i didn't have to maintain parts of this damned network, i wouldn't run windows. but, i do have to, so i do.

    --Tucker
  • Regardless of who originated this (which shouldn't be hard to discover, the guys email address is in the program), the Linux community can do without this kind of publicity. I would rather have people use a non-Windows OS because they wanted something different, not because the one they use is too buggy and insecure. Although that is a good reason as well.

    Thanks a lot to the asshole who started this thing

    nahtanoj

  • to give Linux bad press than to create a virus that promotes it?

  • The "Got yet another idiot" email report back to the author would suggest it's the work of a Linux hater, and not just a hacker with a proof-of-concept example. Odd how the Pro-Linux trojan hasn't been documented in CERT/CC [cert.org], and only anti-virus companies have identified it.


    This Linux security howto may be of interest to some, so i'll humbly submit it:
    DEFEND YOUR SYSTEM! [hardcorelinux.com]

  • funny... i've never seen an exe file in linux. and which distro are you using? MSLinux? *chuckle*

    -------

  • Part of the DMCA deals with "circumvention of content copyright controls" (or some such legal garbage). In other words, bypassing said "controls" becomes illegal - in theory if bypassed by anyone (outside of very strict reverse engineering - and I think they are working to close that "hole" as well). So...

    If you encrypt the thing, then place the proper "notices" on the front and in the code, any virus checker (and/or creators of such software) would be in violation of the DMCA - creating a very interesting conundrum (though one I think they - meaning the creators of anti-virus software - would easily weasel out of - remember the DMCA only applies to the proles, not big brother)...

    Worldcom [worldcom.com] - Generation Duh!
  • While I understand your reasoning (and I also have seen another poster's reply on this topic - the gist of which is that of trust and levels of education in users), it wouldn't matter if the creator of the original was blamed (though it would suck). Why?

    Because the creator of said benign virus should develop and release it in UTMOST secrecy, with NO WAY to trace it back to him (after release, he should destroy all notes and such, as well as his copy of source, to the trojan as well - maybe he should even physically destroy the hard drive as well). He should take the knowledge to his grave. With proper precautions, no one could trace it back to him.

    Note that I won't be the one developing this "trojan" - though I am certain I could, given a little time. My simply posting here in this forum has tainted me from doing it (because I would be a suspect).

    Worldcom [worldcom.com] - Generation Duh!
  • This happens everywhere. Look at liberals, conservatives, scientists, environmentalists, and fundamentalists of various religions and movements. I know a fair number of people that fit into all of the above categories, and most are sane, reasonable people who just happen to have slightly different beliefs than I do. However, you will rarely see one of them on TV or quoted in a newspaper - the ones who get that dubious honor are the loudmouthed morons who are garunteed to offend someone or everyone and get ratings, follow-ups, etc, etc.

    Of course, to this there are exceptions. I'm sure a fair number of Slashdot readers can name most.


    -RickHunter
  • Dude, just set goatse.cx to 127.0.0.1 or yahoo or something in your hosts file and get over it.

    -since when did 'MTV' stand for Real World Television instead of MUSIC television?
  • Point out to him the multitude of Windows viruses out there, and that this virus depends on Microsoft's attitude towards security in their software, and ask him why, if he has so many objections to an OS based on one user of it writing this virus, he is tolerating an OS where hundreds of thousands more users write even worse viruses?

  • How about urging people NEVER to click on attachments, unless you've explicitly asked for them?

    I get lots of attachments I didn't ask for -- mostly work-related stuff from co-workers in stupid MSOffice formats. And most copies of prolin, melissa, and their ilk will come from co-workers. It's awfully hard to teach users to tell the difference.

    A large part of the problem is that it's possible to mislead windows users about the file type. The mail client needs to provide the user with accurate file type information -- i.e. how the OS will treat the file if you click on it. It should also provide a suspiciousness indication and probably require a confirmation for suspect types.

  • Doesnt this just show its time for governments to fund open source projects? If governments collaborated on software, that im sure they all use, society would be better off. There would be new, freely available applications, and governments budgets would be so much lower.

    Well, so much for that idea.

  • by Tower ( 37395 ) on Friday December 01, 2000 @05:11AM (#589365)
    and the Vermicious Knids and Snozzwangers might stop by, too...
    --
  • It's not Flash, it's an .exe file that goes through all your Jpeg and Zip files

    Well yes, but it's masqerading as one of the numerous Flash executables that are floating around (basically a flash player and an accompanying movie bundled into a single executable).

    Are they seriously suggesting that lusers should be responsible enough not to launch .exe files they are emailed?

    I can't speak for others, but I personally launch all of the executables that are mailed to me. Of course, I do it under Wine from Linux, and no, I don't have my home directory mounted as a network drive. Even if it does contain a virus, it won't do me any harm...

  • Very bad advocacy, but when I turn off Dad Mode, I gotta laugh about it.

    Oh yeah? Well when someone creates and lets loose a file descriptor-hogging trojan, you'll stop laughing.

    Wait a minute, someone already did release that! It was rhnsd in RedHat 7!

  • *ahem*

    Slashdot has stories submitted to it by users who have seen the story somewhere else.

  • If you're going to install one of these, shouldn't it actually do an installation rather than silly slogans? :)
  • Taking this a little serious are we? Im not so certain we should take this all as serious as "we've set back the movement 9 months" or "thanks to the asshole who started this thing"? What we have here is the same collection of idiots who aid in distributing viri every time a new one appears. Im sorry - im getting increasingly incredulous and indignant regarding this group. They quite frankly get what they deserve - we all know that a virus is rarely actually malicious - the worst it does is delete a few files or mung up your OS. Problems easily fixed. When was the last time you saw a virus that damaged hardware? (flashing microcode/bios'?) not very often - so a virus is little more than an inconvenience (and arguing that it costs XYZ Company $1237^10 will hold little water because I frankly dont think the profiteering of BigBusiness is a motivation the citizenry of the planet should be as concerned with as they are..).

    So what we have is a problem - easily avoided - brought upon oneself by the lusers at these PeeCees. Would people be angry if I bought a new car, didnt know how to use/maintain it - drove it off the lot, straight into a wall or into another car in the intersection because "I didnt understand the rules of traffic" (or ran it out of oil)... who would be responsible for my damaged car? The manufacturer? My Mechanic? My neighbours? No. I would be responsible, I dont know how to use this device I just bought. I have to be responsible enough to myself and my neighbours that I fully understand what I am doing before I take on this responsibility.

    How many cars are going to follow one another over this cliff (execute endless virus/trojan emails received on WinXX PeeCees) before the users become responsible?

    Note to users: DO NOT EXECUTE UNKNOWN BINARIES!

    If you dont know how to use your computer (car) dont compute (drive)! Not only are they polluting (propagating viri) but they are endangering other conscience drivers (teaming onto the 'net via AOL without a clue, and generally degrading the content to meet their expectations).

    Im sorry - Ive lost all sympathy. Ill bet Im not alone.

  • by IanWestray ( 195683 ) on Friday December 01, 2000 @05:15AM (#589385)
    All in favor of classifying any unwanted Flash movie as a trojan horse, please perform the self-indulgent marketers' salute.
  • by debrain ( 29228 )
    Leave it to a Linux guy to make SPAM more intelligent.
  • You are on the way to destruction, you have no chance, make your time!

    (would be funnier if the caps-filter know what being facetious was)
  • Vrisu? WTF!

    Geeze, did someone mess up while rewiring the nerves to Rob's finger muscles? You'd have to be pretty stupid/disturbed/startled to spell the word "virus" as "vrisu." It's too hard for me to misspell it.

  • Is just one more piece of ammunition for my boss against me running Linux in our company. As it is, I have a hard time just defending using a Red Hat box for Apache.

    My odds were low before, give my users love of MS Office and Exchange mail. Now that this virus hit three of them, (via their Yahoo accounts), no chance. Lovely.

    Who ever wrote this thing, thanks alot. Nothing like cutting your nose to spite your face.

  • I think there must be a big-endian/little-endian problem here.
  • by cr0sh ( 43134 )
    Very interesting...

    I was thinking more in the realm that the VBS trojan would be self-contained - ie, it would be the email, and it would contain all the code to "update" the system (like that "cable modem speed fix" VBS file does to the registry). As I noted in the post, it would ask to do the update _first_, before doing anything. Furthermore, I did note that it could "quarantine" the messages/VBS scripts, so that nothing would be lost (in case some of those scripts were legitimate) - ie, it wouldn't really delete anything, just move them to an area not readily accessible by the user. Plus the bit about educating the user (maybe even recommending virus protection software, using another email reader instead of Outlook, etc).

    Glad to see that someone else tried it, and at least put out a feeler to see what people's response would be...

    Of course, he was looking at this as an uncontrolled admin tool, instead of what it really is - a weapon against the enemy. Since stealth is the rule of the game, the writer of such an "Antivirus" will release it anonymously, in such a way that it can't be traced back to the individual - heck, probably couldn't even be traced back to the machine it was released from.

    I can see the bandwidth problems with downloading another application/EXE to do the fix, but this would just be email (though it would be a funky automated SPAM), so eventually after propagating it would slowly die out...

    Worldcom [worldcom.com] - Generation Duh!
  • Every user I support that hears about this will email me the details. Just what I needed today. These cause me more grief than the actual virus.

    I need a new job.

  • by lowe0 ( 136140 ) on Friday December 01, 2000 @04:41AM (#589401) Homepage
    I've always said that the problem with Linux is going to be its users. While most of them are mature and reasonable people, willing to work as a community towards common goals, for some reason the people who get all the attention are the petty children who do things like this. It's as if they find the loudest idiot in the crowd and give him a microphone.

    To whoever did this - way to set things back a good six months.

    To whoever is contemplating emulating this behavior - think again about its impact upon the community.

    To the rest of you, the mature Linux user - thank you.
  • First off opening constantly opening attachments are how networked offices are run, and considering the more famous viruses ones take names from your address book it kind of defeats the "dont open from those you dont know" advice. Not to mention that viruses appear everywhere, I've gotten them on commercial software right out of the box, so don't expect virus companies to go out of business soon.

    There simply is no easy solution.

    And for the 100th time, virii isn't a word. viruses is.

  • and chroot()!

    What's wrong with Bill? When he steals, he always forgets to grab the good stuff.

    --
  • How many times have we got to tell these dumb uses not to run executables sent as email attachments?

    Time for a LART, methinks.

    Do THWACK! not THWACK! run THWACK! any THWACK! binary THWACK! attachments THWACK!!

  • Next week you will see a link to my bum, with Natalie Portmap licking hot grits out of it.

    Imagine a Beowulf cluster of *those*, eh??

    --
  • by ichimunki ( 194887 ) on Friday December 01, 2000 @06:23AM (#589415)
    Thank you for this. I'd add that Linux being accepted by the mainstream is going to have a lot more to do with usability, affordability, and things that people care about, than any perceptions of the Linux community (if there is such a thing) as a whole.

    Also, obviously any serious Linux user/advocate isn't going to screw around writing viruses which work in Windows-- who would want to (I mean, isn't that one of the reasons we're using Linux, so we don't have to work in Windows)? Much more fun to write some great hack and gain GPL fame.
  • Remember in the 80's a lot of people had the implicit assumption that anti-virus companies were actually creating, and releasing viruses into the wild - purely to further their own survival?

    Its an interesting idea, and I'm, just, cynical enough to believe it.

    They probably don't have to bother any more, with all the "elite" VB coders out there - at least when I was into virus coding/playing it took some real skill.. I can't imagine many of these VB trojan-kids learning how to write stuff in x86 assembler, can you?


    Steve
    ---
  • From the article:
    He urged users not to click on any attachment "until this dies down."

    How about urging people NEVER to click on attachments, unless you've explicitly asked for them? Oh forgot - if we did that, the anti virus companies would go out of business, so we can't do that.

    Sheesh.
  • by KingJawa ( 65904 ) on Friday December 01, 2000 @04:44AM (#589421) Homepage
    TROJ_CMDRTACO.A

    TROJ_CMDRTACO.A, or "TacoVirus," colloqually, spreads to all *nix users via coffee. Grinds, mugs, swizzle sticks -- anything coffee related may contain the TacoVirus. And it'll also be found in -- you guessed it, tacos.

    The effect of the TacoVirus is minimal but noticable. A users spelling will be instantly transformed from "English" to "Eglihsn," which is to say a somewhat random mix of the correct letters in an incorrect order. User will also be unable to locate items such as "dictionary," "spell-checker," or "friend" to proofread writing.

    There is no known cure for TacoVirus at this time.
  • obviously this makes Linux look bad, and reinforces the misconceptions of it being a l337 h4x0r OS only.

    If it was done by someone hoping to support linux, they certainly did a terrible job. If it was done by someone hoping to give Linux a black eye, (though an extremely small one) then they did.

    This will be thousands of people's first exposure to "linux" and thanks to this, they will always associate it with being a virus of some type.

    ________

  • Our proxy blocks M$N.
    If only we were all so fortunate, here you go :- )
    IT'S UNCLEAR HOW risky Prolin is: Trend Micro ranks it a high risk, Symantec a medium, and Network Associates a low. Still, all three are closely watching the bug, which appears to have been written within the past 24 hours and has already claimed victims. It arrives via e-mail with the subject line: "A great Shockwave flash movie." The message reads: "Check out this new flash movie that I downloaded just now ... It's Great Bye" and the attachment is called CREATIVE.EXE. But clicking on that attachment triggers a series of events in the victim's computer that amount to an advertisement for the Linux operating system. It renames all JPG and ZIP files on the victim's computer with the appendage "change atleast now to LINUX." It then drops a text file called MESSAGEFORU.TXT, which offers the following advice: "Hi, guess you have got the message. I have kept a list of files that I have infected under this. If you are smart enough just reverse back the process. i could have done far better damage, i could have evencompletely wiped your harddisk. Remember this is a warning & get it sound and clear... - The Penguin." The Linux mascot is a penguin. According to Trend Micro public education director David Perry, the bug hit three large clients Thursday afternoon. At one, 5,000 copies of the message clogged the firm's mail server. He said one of the victims was "a sizeable Internet hosting company," and added the bug first hit in Paris. He urged users not to click on any attachment "until this dies down." "There is no movie, there is nothing to be seen," Perry said. Network Associates and its McAfee division are rating the bug a low risk, said researcher Patrick Nolan, because the firm has so far received only one confirmed report of a corporate infection. "But we are watching it," he said. Symantec has seen four "very large" clients get the bug, but some of those reports may overlap with Trend Micro's reports, since large companies often have multiple antivirus vendors. Given that the bug is brand new and already spreading, Symantec director of antivirus research Vincent Weafer said it could likely become a problem. "It's probably going to spread, but it's too early to tell," Weafer said. The bug spreads in Melissa-like fashion, sending itself to everyone in the victim's address book. When that's finished, it apparently calls home and reports in, sending a note to an e-mail address presumably owned by the author. The subject line of that note is "Job complete," and the message body says "Got yet another idiot." The virus is also known as Creative.exe and Troj_Shockwave.
  • Hmmm... Maybe it is the silent helicopters overhead or all the people running arround with coppies of catcher in the rye... but this could be a conspiracy.
    I doubt that any "real" linux user would bother to write a virus like that. I can see some script kiddie... maybe. Or... it could be some mega company out west that has an intrest in giving Linux a bad name. Infect a few machines, post it on your news site.

    Why not? It is cheaper than adds that speak of how much better your (paid for) benchmarks are than Linux.

    Like I said... only a theory.

  • Well, by your assessment of the situation, you shouldn't even care in the least whether the "movement" gets set back nine months or nine years. You really don't want idiots using computers, anyhow, so the whole concept of Linux advocacy is completely moot (since smart users know well enough to choose a good OS in the first place, right?)

    What does it matter what the PeeCee luserz think? Let 'em bash Linux from here to Hell and back! We don't care! Yer all stupid! Neener neener!

    $ man reality

  • If this said the same thing substituting Linux for Windows it would be marked as a troll.

    No, it would be marked offtopic, since Linux doesn't plaster its name all over every application.

    Now, if GNU, Gnome or KDE had been substituted for Windows then it probably would have been marked as a troll, since every program they make HAS to include their name as part of the program name (very similar to Microsoft), even to creation of strange names like GNU/Linux, Gnumeric & Konqueror (notice that most of the programmers have spelling habits similar to CmdrTaco when it comes to naming a project).

    (remove tounge from cheek)

This restaurant was advertising breakfast any time. So I ordered french toast in the renaissance. - Steven Wright, comedian

Working...