 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
And so today I spent my morning reading Wikipedia's "list of notable
computer viruses and worms".
All the big names are there - Byte Bandit, Chynoble, Melissa, Code Red,
SQL Slammer, Sobig, Sober, MyDoom, MS Blaster, Klez, Nachi, etc. Plus
there's a few I haven't even heard of. (Obviously most of these are PC
viruses, and it wasn't until the late 90s that I started using that
platform.)
In all the time I've been using computers, I have only seen 2 virus
infections. At uni, I unwhittingly infected a PC with the Happy99 virus.
[At least, I'm pretty sure that's what it was. As far as I know, nothing
further came of this incident.]
Later, my laptop became infected with MS Blaster. This is the only time
a computer that I personally own has become infected with a virus.
I remember being distinctly unimpressed my McAfee's ability to detect
the virus, yet do absolutely nothing to actually remove it. It just
whinged "oh dear, the file cannot be deleted, what shall I do?" In the
end, I had to go delete it myself manually. (IIRC, it was read-only or
something, and that was all that was stopping it.)
Of course, the machine instantly become reinfected. In the end I
reinstalled Windows XP. But as soon as I attempted to access the
Internet to download the patch, the laptop was reinfected and started
rebooting faster than I could download the patch. In the end, I had to
use my mum's old PC (Windows 98) to download the patch so I could
install it.
Melissa, Code Red, SQL Slammer and ILOVEYOU are all legendary names, but
until today I didn't actually know precisely what they did or how they
worked. It's interesting how some of these expoit bugs that were fixed
months ago. Others merely use minimalistic social engineering tricks.
It's surprising how stupid some people are. For example "why did you
open this attachment 12 times??" "Well I wanted to see what was in it!"
I guess most people don't realise that clicking on an attachment is what
infects PCs; they probably think it's something like the common cold
that "just happens" one day.
I've heard legends of boot-block viruses, file infectors and Word macro
viruses - but I've never actually met one in real life. With the
possible exception of the latter, I would imagine these are all pretty
rare now.
Anybody else here have any interesting virus experiences?
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible wrote:
> I've heard legends of boot-block viruses, file infectors and Word macro
> viruses - but I've never actually met one in real life. With the
> possible exception of the latter, I would imagine these are all pretty
> rare now.
Never encountered a boot-block virus. Had a Word document that contained
a virus at once. Of course, that was averted by the whole "This file has
a macro in it, do you want to run that macro" dialog. Uhh, no ... I
wasn't expecting any macros. I met the ILOVEYOU virus. It filled up my
entire inbox. Oh what fun that was. Of course, I knew the e-mails were
bogus when one of the first 10 was from the CEO. I downloaded the
script, and opened it in a text editor, just to see what it contained.
> Anybody else here have any interesting virus experiences?
The most interesting was the Worm that was infecting computers via file
shares. I had stored a few executables on the network share after
building them, then ran them (moments after the build completed, about
the time it took for me to go grab a drink from the fridge) They didn't
work ... Rebuild and execute again ... Didn't work ... Hmm... Build the
Debug versions (local to my machine) and they worked flawlessly. Hmmm.
Suddenly my boss shows up at my cubicle (He was also head of IT at the
time) says "Don't touch a thing" and yanks the network cord out of the
back of my machine. He then instructs me to open our virus software,
download the latest update and do a full system scan. My system had been
affected by the files I built moments before. All because someone
attached a dodgy laptop to the LAN and logged in, reconnecting
themselves to all of the file shares on the server, and infecting every
single writable executable on the file share. That virus was
particularly virulent. The writability hole was plugged on the shares I
used so that devs were the only ones with write privileges, but it would
appear from time to time (probably from the same individual, I dunno)
and totally cripple the network.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Mike Raiford wrote:
> I met the ILOVEYOU virus. It filled up my
> entire inbox. Oh what fun that was. Of course, I knew the e-mails were
> bogus when one of the first 10 was from the CEO. I downloaded the
> script, and opened it in a text editor, just to see what it contained.
Anything interesting?
> The most interesting was the Worm that was infecting computers via file
> shares. I had stored a few executables on the network share after
> building them, then ran them (moments after the build completed, about
> the time it took for me to go grab a drink from the fridge) They didn't
> work ... Rebuild and execute again ... Didn't work ... Hmm... Build the
> Debug versions (local to my machine) and they worked flawlessly. Hmmm.
> Suddenly my boss shows up at my cubicle (He was also head of IT at the
> time) says "Don't touch a thing" and yanks the network cord out of the
> back of my machine. He then instructs me to open our virus software,
> download the latest update and do a full system scan. My system had been
> affected by the files I built moments before. All because someone
> attached a dodgy laptop to the LAN and logged in, reconnecting
> themselves to all of the file shares on the server, and infecting every
> single writable executable on the file share. That virus was
> particularly virulent. The writability hole was plugged on the shares I
> used so that devs were the only ones with write privileges, but it would
> appear from time to time (probably from the same individual, I dunno)
> and totally cripple the network.
Wow. o_O
Sounds like almost as much fun as that time I accidentally configured
our email server as an open relay. Needless to say, on Monday morning
the server was nonfunctional. I forget what I was actually *trying* to
do... but I missed out the step where you configure some setting or
other that requires authentication or something, essentially yielding an
open-relay configuration.
Oops. x_x
An a final thought... How many users would see a macro popup and decide
to press "no"? It seems to me that lots of applications generate far too
many popups (e.g., endless "are you sure?" messages where there is
actually no danger), and users tend to just blindly click Yes to get rid
of these irritations.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible <voi### [at] dev null> wrote:
> In the end I reinstalled Windows XP.
The (newbie) answer to all problems.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> In the end I reinstalled Windows XP.
>
> The (newbie) answer to all problems.
Well, if your PC reboots every 20 seconds, what else can you
realistically do? There isn't sufficient time to install any tools or
run any kind of diagnostics.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
48970aa6$1@news.povray.org...
> Well, if your PC reboots every 20 seconds, what else can you realistically
> do? There isn't sufficient time to install any tools or run any kind of
> diagnostics.
??? If you were able to find and download the patch from your mum's PC then
you could also find instructions on the internet about 1) how to stop the
rebooting before it happened and 2) to get rid of the worm without
reinstalling.
G.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Well, if your PC reboots every 20 seconds, what else can you realistically
>> do? There isn't sufficient time to install any tools or run any kind of
>> diagnostics.
>
> ??? If you were able to find and download the patch from your mum's PC then
> you could also find instructions on the internet about 1) how to stop the
> rebooting before it happened and 2) to get rid of the worm without
> reinstalling.
Well by the time I got that far I'd already reinstalled twice.
Reinstalling is probably simpler than following a tricky sequence of
registry edits and hoping that you don't accidentally break your PC and
that all traces of the virus are actually gone...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Mon, 04 Aug 2008 14:02:40 +0100, Invisible <voi### [at] devnull> wrote:
>Anybody else here have any interesting virus experiences?
I was banging my head against the wall, working to figure out why our web page kept
crashing, when Code Red was announced. That was quite a fun-filled few days.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
489713b0@news.povray.org...
> Reinstalling is probably simpler than following a tricky sequence of
> registry edits and hoping that you don't accidentally break your PC and
> that all traces of the virus are actually gone...
What registry edits? All you had to do to prevent the reboot was to go to
the command line and type "shutdown -a" (or go the control panel and perform
a similar task). It took a couple of seconds and the trick was explained on
every AV site.
G.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Reinstalling is probably simpler than following a tricky sequence of
>> registry edits and hoping that you don't accidentally break your PC and
>> that all traces of the virus are actually gone...
>
> What registry edits? All you had to do to prevent the reboot was to go to
> the command line and type "shutdown -a" (or go the control panel and perform
> a similar task). It took a couple of seconds and the trick was explained on
> every AV site.
That stops the machine rebooting, but it still doesn't remove the virus.
Personally, I just assumed that "fatal system error" means that there's
no way to prevent the system from being rebooted. I don't recall the
McAfee site containing any instructions on how to prevent this, or even
suggestion that it is *possible* to prevent this. Oh dear, I must be a
really stupid n00b for not knowing something so "obvious". Get off my case!
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
