Worms and Viruses, Oh My

[Joshua]

Two new computer attacks are wreacking havoc with PC users this
week, clogging email systems and overwhelming corporate networks. The
first, which oddly enough seeks to undo the damage from the infamous
MSBlaster worm, is a worm called W32.Welchia or W32/Nachi; it
aggressively looks for new hosts that MSBlaster has infected, then
downloads and installs the Microsoft patch that fixes the
vulnerability. The second, SoBig.F and its variants, is a virus and is
more malicious. This virus infects users through email, searches for
email addresses on the users' systems, then sends itself through email
messages to each of those email addresses.
W32.Welchia and SoBig.F would be bad enough on their own, but the
combination of both is causing headaches for IT departments and end
users around the world. W32.Welchia replicates using the same remote
procedure call (RPC) vulnerability that MSBlaster used, and although
it seeks to help users battle MSBlaster, it's faster, more aggressive,
and better written than MSBlaster, so it's hogging bandwidth at many
companies. Security experts say W32.Welchia hasn't affected the wider
Internet, however.
The news isn't nearly as positive for SoBig.F and its variants.
Thanks to its rapid replication process, this virus has already
affected millions of users worldwide, dragging down email systems.
SoBig.F doesn't just look in your address book for email addresses,
either, as many previous viruses did. Instead, it also harvests email
addresses from Web pages and other locations. Infected email messages
include an attachment and subject lines such as "Re: Approved," "Your
Details," and "Thank you!" Obviously, if you receive such an email
message, you should delete it and not open the attachment.
As always, the advice is to keep your antivirus definitions
up-to-date and consult with companies such as McAfee, Microsoft, and
Symantec for the most recent security updates, virus-scanning
applications, and other information.

[Joshua]

RELIGIOUSLY!!

[bachviet]

Originally posted by DarkFury
/me runs LiveUpdate everyday now just to make sure that I don't miss any of Symantec's updates...

[gdllv]

FYI: LiveUpdate periodically checks for new updates from Symantec

[ray]

i use mcafee :-/

[ribitch]

yet another reason i love my mac.....


joking aside, the number of infected computers out has been insane. I have had to bail out tons of people due to holes in their firewalls and lack of proper OS updates. Its been great of my company though, the virii are making use really busy.

[eSDee]

Originally posted by ribitch
yet another reason i love my mac.....

Norton hasn't released an update since December for the Mac. I love my PC but from a sysadmin pov, Macs are dope.

[ribitch]

Originally posted by eSDeeLoco



Norton hasn't released an update since December for the Mac. I love my PC but from a sysadmin pov, Macs are dope.

I dont even bother with mac AV. I have yet to hear about a virus for OS X. I c ant even name a mac virus off the top of my head, but i could name over a dozen PC ones. I am not saying a virus for a mac cant be done though. Until the threat is like that of a pc, i wont be worrying.

[eSDee]

Originally posted by ribitch


I dont even bother with mac AV. I have yet to hear about a virus for OS X. I c ant even name a mac virus off the top of my head, but i could name over a dozen PC ones. I am not saying a virus for a mac cant be done though. Until the threat is like that of a pc, i wont be worrying.

Well as you know, OSX is Unix based so there are vulnerabilities. However so far Mac seems to be exempt from the terrorists that love to take on MS software and OS's. I'm happy for that, but as a sysadmin who knows a thing or two about code, I know that it's just a matter of time before people start going after Mac.

[Joshua]

I think we don't see too many mac viruses since macs account only for a very small percentage of the market, therefore, spreading them would be tough. I think we'd only see it if there was a universal virus that could affect every platform, OR if there was a way to spread it via Itunes.com which is only for macs.

Bottom line, not many mac viruses cuz not many macs. /me runs from Ribitch.

[bachviet]

Not enough interest in Mac attack because why waste time on a so little market.

[ribitch]

actually, at defcon, they talked about OS auditting and finding vulnerbilities. Anyways, during this lecture the dude talked about how many *nix based OS's shared much of teh same code, therefore one vulnerbility on one system usually exsisted between many variants of *nix.

With this being said, a virus could be written to exploit linux while at the same ime exploiting FreeBSD, NetBSD, OS X, and Solaris.

When combined, these OS's account for a large percent of the server market as well as a large percentage of the overall computer market. Sure its not as large as windows takes up as a whole, but a virus could do a ton of damage on the net or to the enterprise market.

Its not really a "why attack such a small market" when that small market depends on many opensource apps that are run on several different OS's. These OS's are also patched more often than that of teh typical windows user. So by design and usage, windows is the easiest of the OS's to exploit, as well as the most common OS that will not be patched to fix the vulnerbility.

[Jeffbx]

Originally posted by ribitch
So by design and usage, windows is the easiest of the OS's to exploit, as well as the most common OS that will not be patched to fix the vulnerbility.

Eh, I don't believe that. Only the admin will apply a patch, so your machine is only as secure as the admin makes it. In one of my past jobs, our UNIX systems were compromised twice while our Windows systems were never touched, simply because the UNIX admin never kept up with the patches.

Doesn't matter what OS you run if you don't pay attention to the updates.

The vast majority of systems out there are Windows, so that's the ones you hear about (esp. from the home users) when there are problems. Also, there are WAY more people interested in seeing Windows users suffer, so they keep cranking out the exploits. Focus these b*stards on any other platform, and you'll see the same security flaws on *NIX, Mac, Xbox, cell phone networks, whatever.

[ribitch]

http://164.106.251.250/docs/netsec/d...-11-cesare.pdf

Thats a PDF link to the Defcon11 presentation that I referenced. It was also presented at blackhat this year. The entire defcon11 CD is contained at that server if anyone is interested. I have no clue whos site it is, but it appears to be all there. There are some pretty good PDF's and utilities on it.

[ribitch]

http://www.lowendmac.com/lite/03/0813.html

There you go, a article on the first OS X virus.

[eSDee]

Originally posted by DarkFury






BTW... haven't y'all learned by now... don't try to debate Ribitch on "Apple vs PC". It just ain't gonna go nowhere... and he'll find something to counter it.


Even still... bottom line is: A majority of folks are STILL gonna use a PC and Apple is STILL gonna be at the bottom of the barrel... at least until they stop being so "proprietary" and expensive on both the hardware and software sides of the ball.

Macs are definitely not "bottom of the barrel" as that would imply their worth is less than those above it. I agree about the hardware being more expensive than most low- end PC's, but they are getting better. Consider the eMac which has a DVD burner, 17 inch monitor, 80 GB HD, ATi Radeon 4x AGP vid card all for $1300. That's not bad considering a good DVD burner on the PC will cost you a couple of hundred bucks. Software is not proprietary as it used to be either, as many of the big players are finally on board making software for the Mac.

Bottom of the barrel would be more like "E- machines" or "Packard Bell".

[Joshua]

With the advent of the Pentium 4 processor, high end video cards, and oodles of RAM, I don't even see an advantage for Macs with multimedia.

Originally posted by DarkFury
Yet and still... unless you do most of your work with "mutimedia", I still don't see the point in going "Mac Attack".