Another blemish against the assembly programmer.

I just watched the latest about the worm ?Code Red?
on ?The Screen Savers? and reported on several
other news services here in the states. Its now being
reported that the perpetrator of this IDIOCY created
this "thing" with quote "Assembly Langauge".

This can only be called EVIL INTENT by these hacking
NT morons!

I can only hope that the person or persons behind this
sorry excuse will be found and shot right between the eyes!

Pathetic!!

:(
Posted on 2001-07-31 18:54:04 by bcraven
I just read about it in the paper yesterday...
   Ha.Ha.Ha.Ha...Ha,Ha,Ha

   Apparently it poses a national threat to my government (the U.S.) because they invested heavily in to the M$ IIS (yes, the same monopoly that they are trying to punish).

   IMHO, anyone with the ability to set up a web server would use Apache on a Linux box. I once read on (I believe) the apache web site that someone came across a 404 on a M$ web site; the error was created by the Apache server that ran the M$ web site. The question is, who's product does M$ really have faith in?
Posted on 2001-07-31 20:59:40 by eet_1024
I have not seen this one turn up in my email yet, I am still getting spammed with SirCam and while I am not worried about being infected with something so corny, I am tired of the number of downloads at 160k at a time.

I have a perfect solution to email attachment viruses or similar, I use netscape set on text only and I NEVER run attachments. If you have an email client that autoruns anything, get rid of it.

After receiving 40+ copies of HYBRIS in email titled "hahahasexyfun4you" my ISP filtered it out.

I am not that charitable to people who distribute worms or viruses as they usually get the harmless people who don't know any better. I don't personally care if the Pentagon is so sloppy that it gets infected but I do object to targetting little people who harm nobody.

Regards,

hutch@pbq.com.au
Posted on 2001-07-31 21:22:26 by hutch--

I have not seen this one turn up in my email yet...


hutch,

this happen coz worm.redcode dont spread by email. :cool: it try to connect to port 80 and send the exploit code.

so, if you wanna see if you was targeted by it, look at firewall's log for incomming connections to port 80.

about hybris, you know... :(

ancev

ps: a curious thing about redcode... it only exists in memory: in any point the virus is written to disk. so, if we all turn the computers at same time... :grin:
Posted on 2001-07-31 21:47:45 by ancev
vecna, i heard the news say that codered only attacks WIN NT and 2000.
Posted on 2001-07-31 22:24:49 by nobody
vecno, do you think it destroy or infect any files once it reached you?
Posted on 2001-07-31 22:28:22 by nop
vecna,

Thanks for the info, I have been off the internet for 4 days due to a hardware problem with my ISP and was a little out of date with it. The AVP reference says its a server exploit rather than a binary virus that sets up the machine for DDoS so I have little to worry about with my old version of Windows and a firewall that only allows what I set a rule for.

It certainly does show that Microsoft have made another mess with their server design in win2k, XP and NT4/sp4+, lucky I run none of them.

Regards,

hutch@pbq.com.au
Posted on 2001-08-01 02:24:37 by hutch--
yeah, i've also heared, that "code red" attacks win NT / 2000 servers! so i think private users don't have to worry. they also say, that "code red" doesn't delete any files on your hard-drive. "code red"'s goal is to attack only one special web server at the end, by flooding it with "trash ".

that's what i heard.

[-alloces-]
Posted on 2001-08-01 07:29:25 by NOP-erator
For many years now when I?ve brought up the fact that I program in assembly language
to follow colleagues I get back the response ?Oh, your one of them people, aren?t they
the ones that create Viruses??. Yet most viruses these days are VB scripts launched as
attachments from within Outlook or Outlook Express. VB doesn?t appear to acquire the
stigma that ASM has over the years. I think this is unfair to say the least.

For almost 15 years I pushed assembly language by giving away my knowledge and
a great quantity of source code to anyone wanting to learn the language. I no longer care
to give it away because there are so many immoral and deranged minds out there. My
generation didn?t seem to have such a malicious nature towards others in the PC world
as there appears these days. Though the internet wasn?t the monster it is today it was
there and many thousands of Bulletin Board Systems around the world. My generation
wasn?t so preoccupied with ?How can we muck up the system?.

On the other hand perhaps we would have caused malice....
We were just to busy getting stoned! :rolleyes:
Posted on 2001-08-01 10:23:23 by bcraven
Bill, the only thing that's changed is that there are more people using computers. The busy getting stoned groups are still around. :)
Posted on 2001-08-01 10:30:36 by bitRAKE
Hey Vecna ( you seem to know a little about virus :))

By the way does Code RED use the same "old" overflow which cause a failure in the printer drivers ?

Jp
Posted on 2001-08-01 10:40:12 by JP?
craven, there were a lot more virii in the old days. Much more widespread.
Today, must virii seem to be of the stupid scripted email attachment
type, which (imho) only hits fools that deserve it, by running lousy
programs such as outlook. No, I don't condone virii, and I think spreading
them are stupid. But I can't help to smile a little when I hear about
this or that government agency being hit, because they use outlook.

Hutch, do yourself a favour and get a good email client, that will
allow you to view the email subject lines of your pop3 server before
actually downloading them. This can save you many a great spam...
this is especially important when you are on dialup.

About code red, I think it's a pretty interesting thing. First of all, afaik,
it only hits IIS servers. So only companies with demented sysadmins
will have a problem. It also brings a lot of focus on microsoft's COUNTLESS
bugs. Perhaps not the best way to do it, but I think it's important
to realize that m$ don't care much about good code or happy customers :|.
Also, the fact that code red only exists in memory is pretty intriguing, I think :). It would be very interesting to follow how it
spreads, will probably tell a thing or two about the internet infrastructure,
and which companies to be a bit sceptic about :).

Ah well, this board shouldn't be used for virus discussions. Hope
I didn't break any rules :)
Posted on 2001-08-02 21:31:18 by f0dder
It's too bad that MS is tarnishing their name with all these exploits. I really think they should start thinking about security. However, I'm positive it's scaring busness away from them. But, viruses will always be written, it's too bad that MS hasn't yet learned to secure their software because it's all of us that have to pay for it.

THanks,
_Shawn
Posted on 2001-08-02 22:08:12 by _Shawn
I think the biggest problem was that all their security updates required a reboot so IT managers keep waiting and waiting (can't have the money generating website down)
Posted on 2001-08-02 22:21:04 by Hiroshimator
For those inquiring about a good mail client ( just like f0dder said earlier .... Try and pick up Phoenix Mail 0.92 ...

It's about 900kb .. has plenty of features ... it's open source ( programmed in delphi ). You ca view the mail on the server before downloading it

Finally what I find really good is that you receive your email in plain text and that they are individually saved in *.txt file. So you dont end up your year with a gigantic 35 megabytes fragmented email database ( like outlook does ahahah )

Have Fun !
Jp
Posted on 2001-08-02 22:36:13 by JP?
Bill,

Don't let the idiot fringe stop you, by far the biggest majority of programmers learning assembler have nothing to do with viruses and trojans and they need your expertise. It seems the REAL talent in virus writing these days is in VBS scripting so its fair enough to let such "talent" go where its best suited. :tongue:

f0dder,

I long ago solved the problem of a Microsoft browser automatically running anything, I use Netscape set to text email and NOTHING ever gets run. 4.7? Netscape is a lot less buggy than Internet Exploder 5.? and its email is safe in a Microsoft hostile world so it is the best choice in terms of security, Exploder is best left for those who want to autorun every new email attachment virus that gets circulated.

If one good thing has come out of yet another virus scare its the knowledge that later M$ operating systems are bad security risks from a company that could not care less, if you have it, they already have your money so it does not effect them at all.

You may wonder why I still run win95b, I guess "code red" helps to answer the question.

Regards,

hutch@pbq.com.au
Posted on 2001-08-02 23:05:23 by hutch--
hutch, codered will only affect you if you run IIS 5 -- not default on
a win2k install. And 95 is probably the MS os that has had most
crash-exploits :). Windows2000 is actually pretty good... much more
stable than any patched win95 :). I "tested" it for three days in a row
while doing some intensive programming, and I was amazed at how
few crashes I had... NONE :). Had I been on any 9x, I bet one hand
would not have been enough to count the crashes...

All: just because you don't use outlook, don't feel safe. There's a
good chance that <whatever> email client supporting htmlview will
use the internet explorer control for this... which, as far as I can figure
out, means you are exploitable.

I use pmmail2000, a very decent email client. Has good filtering support,
is relatively small, and does what I need. And I have of course
turned off htmlview, as I HATE it. I don't need smart popglitter in
my emails...
Posted on 2001-08-02 23:54:18 by f0dder
Hutch,

You and Hiroshimator are what I consider good people. You for giving us MASM32,
Hiroshimator for this terrific forum. I?d like to meet you both in person and give you
both a good hand shake.:alright: Anyway, I can at least say thank you both very much.

I truly hope your assumption is correct regarding new asm programmers. I?ve calmed down
some since my first post on this ?code red? thing. My main duty where I work is network
administration and I have no option other then to do the best job I can with the tools I?m
given. I get very outraged when ?the idiot fringe? as you so correctly put it causes me
more work and concerns in securing the safety of the companies information. We are
a Tool and Die company mostly for the electronics industry. We make the tooling that
stamps out the metal parts of electronic components from chips to relays.


F0dder,

Your comment, I quote, ?which (imho) only hits fools that deserve it, by running lousy
programs such as outlook? is simply an arrogant response to something you know
nothing about. Please enlighten me as to a better environment that I can run a company
network intranet system other then MS Exchange and Outlook. Give me a break!! :mad:


bitRAKE,

Yes, your correct, there are many more PC users these days. You mean ?the aging
still getting stoned groups?. ;)
Posted on 2001-08-03 08:25:31 by bcraven
Sorry Bill, I "probably" chose a few very harsh words there. The real
fools aren't (of course) the people using outlook, but microsoft. Home
users don't know better, they get this email client with their OS, so
why should they try something else?

As for running a "company network intranet system", what do
you need?. What unique features do exchange sport? My dads
workplace (the danish EPA) uses exchange as well, and they have
had a number of problems because of the security holes :/.

Until a replacement is found for the M$ software, I guess the best
thing to do is to enlighten the users -- but this can be hard. "Why
can't I run this greeting card" or "why can't I watch this little funny
movie clip" or "why can't I run this little prank tool" are hard to answer...
When employees have internet access through a 112KByte/sec
(or faster) line, they don't think twice before sending such a "fun
little thing" to everybody in their contact list.

What surprises me the most is that they keep on running email
attachments without a thought. Even though they've been hit
a couple of times. This is of course only a single specific workplace
I know of, but I can imagine the situation being the same in many places.

Oh yes, they feel safe because they run AV software. Dr Solomon,
I think. Which has let more than one virus or trojan or whatnot
through. Lousy piece of software - but good support. At least if you're
with a big company, or the government...

Sorry if I sound bitter, cynical, or even arrogant. I've just become
annoyed at microsoft, and sometimes I take this out on system
administrators who probably don't have any choice :(.
Posted on 2001-08-03 14:57:42 by f0dder
f0dder,

Apologies accepted, I think.:confused:

Hey, I?ve had a dislike for Billy Gates since he stole
Windows from Steve Jobs who stole it from Xerox.
Posted on 2001-08-03 16:39:54 by bcraven