Linked by Thom Holwerda on Fri 3rd Feb 2006 22:41 UTC
Bugs & Viruses Security watchers say the Kama Sutra worm, which is programmed to overwrite files on infected Windows PCs today, will have a damaging but not catastrophic effect. The Kama Sutra worm (or Nyxem-E or Blackworm) poses as an email message offering a variety of salacious content. Subject lines used in the malicious emails include: The Best Videoclip Ever, Fw: SeX.mpg, Miss Lebanon 2006 and Fuckin Kama Sutra pics. The worm, which can also spread across network shares, only affects Windows PCs.
Order by: Score:
community awareness
by Resolution on Fri 3rd Feb 2006 22:57 UTC
Resolution
Member since:
2005-11-14

This virus wasn't as damaging as it could have been thanks in part to the spread of information by the media, security news sites, and fast action from the antivirus vendors.

It's nice to know that threats like these can be contained with a little communication.

Reply Score: 1

Does anyone?
by thavith_osn on Fri 3rd Feb 2006 23:10 UTC
thavith_osn
Member since:
2005-07-11

Does anyone have any of those pictures? I'd love to see Miss Lebanon 2006 :-)

Reply Score: 5

RE: Does anyone?
by Tyr. on Sat 4th Feb 2006 18:14 UTC in reply to "Does anyone?"
Tyr. Member since:
2005-07-06

Does anyone have any of those pictures? I'd love to see Miss Lebanon 2006 :-)

Here you go : http://www.lebanonlinks.com/page.asp?news=misslebanon2005
I think the outgoing miss Lebanon was hotter though : http://www.funonthenet.in/content/view/231/31/

I'm actually a feminist, I swear :-)

Reply Score: 4

RE[2]: Does anyone?
by DeadFishMan on Sun 5th Feb 2006 01:45 UTC in reply to "RE: Does anyone?"
DeadFishMan Member since:
2006-01-09

I think the outgoing miss Lebanon was hotter though : http://www.funonthenet.in/content/view/231/31/

Wow! She IS gorgeous!!! :-D

Reply Score: 1

Rather easy to ignore
by JustAnotherMacUser on Fri 3rd Feb 2006 23:26 UTC
JustAnotherMacUser
Member since:
2006-01-08

The Best Videoclip Ever, Fw: SeX.mpg, Miss Lebanon 2006 and f--kin Kama Sutra pics

I get thousands of those types of spam a week, this virus died the minute it was spread with headings like that, just swirling around in the sea of my automated junk mail filter.

Not that it would have affected my machine anyway, but as far as destructive viruses go, this was poorly researched for maximum effectiveness.

Now that last Paypal phishing scam was pretty good, just asked for wayyyyy too much information on the included link, which was the tip off.

They are getting better that's for sure.

Reply Score: 2

files
by postmodern on Fri 3rd Feb 2006 23:30 UTC
postmodern
Member since:
2006-01-27

There are many files on a computer, overwriting a couple probably wont damage any critical files.

Reply Score: 1

Too bad eh..
by Bringbackanonposting on Fri 3rd Feb 2006 23:35 UTC
Bringbackanonposting
Member since:
2005-11-16

Too bad for anyone running windows software. My thoughts are with them...errr, nah.

Reply Score: 2

RE: Too bad eh..
by CrazyDude0 on Fri 3rd Feb 2006 23:53 UTC in reply to "Too bad eh.."
CrazyDude0 Member since:
2005-07-10

Again, this is not a technical problem with Windows. You can spread such viruses on Linux and they can at least eat up your data files even if you are not root.

It is just that worm writers target Windows because of large installed user base and also because Linux users are mostly techie people.

Reply Score: 4

RE[2]: Too bad eh..
by SlackerJack on Sat 4th Feb 2006 00:20 UTC in reply to "RE: Too bad eh.."
SlackerJack Member since:
2005-11-12

Your saying linux users are more techie people, yet you think they would make this script execuable?, thats a contradiction. Remember please that scripts dont come executable in Linux. since this is what makes Linux desktop much more secure.

Reply Score: 5

RE[3]: Too bad eh..
by jaylaa on Sat 4th Feb 2006 00:35 UTC in reply to "RE[2]: Too bad eh.."
jaylaa Member since:
2006-01-17

Remember please that scripts dont come executable in Linux

Why don't they? Is that just by convention or is there actually some safeguard which prevents it?

Reply Score: 1

RE[4]: Too bad eh..
by raver31 on Sat 4th Feb 2006 00:52 UTC in reply to "RE[3]: Too bad eh.."
raver31 Member since:
2005-07-06

yes, there are safeguards against it.

first and foremost...

all files you download are simply that, files.
you have to make them executable, then run them.
Sometimes however, you can download a binary file from a webpage with the execute bit set, but that leads to the next stage.......

Permissions.

although YOU downloaded the file and YOU set the execute bit to true, if you had a titter of wit about you, you would have already set up your partitions so that files on /home cannot run, so any downloads on there will need to be physically moved into your path so that they can run.

As you can see, malware would be ineffective against safegaurds like these. Any that did find its way into your system would sit there dead in your /home

HOWEVER

I have seen some people set up there systems so that users can run programs from their /home. This is VERY bad practice, and destroys one of the defenses Linux has over malware.

Reply Score: 3

RE[5]: Too bad eh..
by raboof on Sat 4th Feb 2006 09:34 UTC in reply to "RE[4]: Too bad eh.."
raboof Member since:
2005-07-24

I have seen some people set up there systems so that users can run programs from their /home. This is VERY bad practice, and destroys one of the defenses Linux has over malware.

This is a trade-off. I like to be able to install things local to my homedir, without becoming root, so i'm sure the installation procedure doesn't mess with the stable part of my system.

Also, though not allowing executables in homedirs is a possibly layer of defense, it's not a very strong one. If an exploit can write a malicious file, it can probably also append something to your .bashrc, for instance.

Reply Score: 1

RE[5]: Too bad eh..
by thecwin on Sat 4th Feb 2006 12:10 UTC in reply to "RE[4]: Too bad eh.."
thecwin Member since:
2006-01-04

Actually, lots of people use their ~/.local or ~/software/ or something as a place for testing untrusted software.

Reply Score: 2

RE[4]: Too bad eh..
by Richard James on Sat 4th Feb 2006 01:24 UTC in reply to "RE[3]: Too bad eh.."
Richard James Member since:
2005-07-07

Remember please that scripts dont come executable in Linux

Why don't they? Is that just by convention or is there actually some safeguard which prevents it?


That is due to umask. When you download a file it is created as a new file. All new files in Linux have their permission set from the umask which is by default 022 on most systems.

The permissions are umask & 077, so umask of 022 is 644 which is -rw-r--r-

if you create a file that is a script in Linux you will then have to chmod the permissions to execute before it is run.

Yes this is a security safeguard.

Reply Score: 3

RE[5]: Too bad eh..
by GvG_ on Sat 4th Feb 2006 23:28 UTC in reply to "RE[4]: Too bad eh.."
GvG_ Member since:
2005-07-07

The permissions are umask & 077, so umask of 022 is 644 which is -rw-r--r-

Me thinks you're a bit off here. With an umask of 022 and a creation mode of 0777 the resulting permissions would be 0755, which is -rwxr-xr-x.

Reply Score: 1

RE[6]: Too bad eh..
by Richard James on Sun 5th Feb 2006 03:44 UTC in reply to "RE[5]: Too bad eh.."
Richard James Member since:
2005-07-07

Me thinks you're a bit off here. With an umask of 022 and a creation mode of 0777 the resulting permissions would be 0755, which is -rwxr-xr-x.

Yeah my bad

reading the man page it says

"The umask is used by open(2) to set initial file permissions on a newly-
created file. Specifically, permissions in the umask are turned off from
the mode argument to open(2) (so, for example, the common umask default
value of 022 results in new files being created with permissions 0666 &
~022 = 0644 = rw-r--r-- in the usual case where the mode is specified as
0666)."

I don't know where the mode is specified.

Reply Score: 1

RE[3]: Too bad eh..
by Wrawrat on Sat 4th Feb 2006 00:46 UTC in reply to "RE[2]: Too bad eh.."
Wrawrat Member since:
2005-06-30

If they can click an executable file, they can make the script executable by changing its permissions... Never overestimate the user when it comes to attachements. At first, the complexity of the commands (compared to point and click) might put them off, but if they want to see that Miss Lebanon, they will try to.

Call me a pessimist, but if some people are gullible enough to open an attachement from an unknown source...

Reply Score: 1

RE[4]: Too bad eh..
by SlackerJack on Sat 4th Feb 2006 01:05 UTC in reply to "RE[3]: Too bad eh.."
SlackerJack Member since:
2005-11-12

So which is it?, people have been ranting Linux is not ready for the desktop because it's not easy to install or run stuff. Now your saying a new computer user can make the script executable from his email?

Do I hear double standards here?, Yes I think so.

Reply Score: 3

RE[5]: Too bad eh..
by Wrawrat on Sat 4th Feb 2006 01:28 UTC in reply to "RE[4]: Too bad eh.."
Wrawrat Member since:
2005-06-30

Eh? Did I ever mentionned "Linux is not ready for desktop" or "new computer users"? You might hear things, but your sight must be failing...

But since you're asking, instructions could be attached to the malicious mail. The user might ask a friend. Or anything else: just be imaginative. The fact is, if the user wants to run the attachement, he will.

Don't take this as an attack against Linux or Unix-based system. That's what I use. My point was that the weakest link in security is often the user. I'm paranoid enough for keeping my systems secure (or at least I think), but some just don't care.

Edited 2006-02-04 01:29

Reply Score: 2

RE[6]: Too bad eh..
by SlackerJack on Sat 4th Feb 2006 01:43 UTC in reply to "RE[5]: Too bad eh.."
SlackerJack Member since:
2005-11-12

And pigs might fly when that happens, again your saying what the average user hypothetically will do that. What i'm saying is that people say Linux is not easy for average joe because of this method, yet a unknowing Windows user will just click and BAM!, thats the difference.

Reply Score: 2

RE[7]: Too bad eh..
by Wrawrat on Sat 4th Feb 2006 02:12 UTC in reply to "RE[6]: Too bad eh.."
Wrawrat Member since:
2005-06-30

Hey, I never claimed it was easier in Linux! I just said it's not completely impervious to these scams because it depend on the clueness of the user. As for flying pigs, I wouldn't be much surprised if they do soon. This kind of virus started years ago and there are still people opening these attachements.

Reply Score: 1

RE[2]: Too bad eh..
by DeadFishMan on Sat 4th Feb 2006 05:00 UTC in reply to "RE: Too bad eh.."
DeadFishMan Member since:
2006-01-09

Again, this is not a technical problem with Windows. You can spread such viruses on Linux and they can at least eat up your data files even if you are not root.

It is just that worm writers target Windows because of large installed user base and also because Linux users are mostly techie people.


Some people have this misconception that Linux would be an as easy target as Windows if virus/worm authors started to deploy their warez against it. No, Linux is not vulnerable to the same threats and you know why? Because, unlike Windows, Linux e-mails clients do not allow automatic scripts (of any kind) to be executed when receiving an e-mail. Its webbrowsers also do not allow arbitrary execution of code. And even if we acknowledge that the user data might be compromised by some sort of worm/virus, the Unix security model will ensure that only that user's files will be the only ones damaged. In other words, your clueless sister will be the only one that will lose something on your family computer. Windows can't claim that.

People tend to give this excuse that the majority of Windows out there is the main culprit of the huge number of threats to that platform but they forget that on the Internet, the majority of the servers run on some sort of *nix OS or even some sort of hardware appliance. Now think about it for a second: If you were a virus writer whose main goal was to create the biggest havoc that you could, would you try to write something to attack the client machines or would you try to own a server or a router, effectively putting a whole segment of the internet on your hands?

Fact is, there are a couple of IOS (Cisco's Internet Operating System) exploits on the wild. The same for *nix exploits. But they're few and between mainly because they usually exploit some security vulnerability that were already fixed by the vendor, relying on a lazy sysadmin or the fact that some companies have policies in place that delay the patching of their systems.

On Windows' case, it was a MS design decision that led to so many ports open on the platform for the virus community. They though that would be a nice idea if the user could send an e-mail with some VBscript on it to his or her account in order to automate this or that function. When Sun created Java applets, they thought of sandboxing it to prevent people abusing it. MS went a step further allowing ActiveX to have unlimited access to the user's hard drive just by accessing a web page what required them to create later the concept of signed ActiveX components (that didn't fare well either, by the way). All that because MS usually puts convenience before security when designing its products.

So no... There is no way that I can agree to the assertion that Linux (or Mac OS X or any other OS fot that matter) would be as vulnerable as Windows is nowadays. But I'm looking forward to see what Vista will bring to the table. But please, stop this nonsense. Current Windows releases have its share of threats because of its inherent weakness, nothing else.

Reply Score: 5

It did do something
by ValiantSoul on Fri 3rd Feb 2006 23:53 UTC
ValiantSoul
Member since:
2005-07-20

At my place of work we actually did have a small outbreak - luck us it didn't get on any of our developer's machines because we have write access to a server's network share with all of the documentation for everything we create, source code, test results, etc. We had it under control and machines updated to catch it within an hour of the first occurance so thumbs up to our IT team.

Reply Score: 1

RE: It did do something
by vimh on Sat 4th Feb 2006 00:17 UTC in reply to "It did do something"
vimh Member since:
2006-02-04

I'm assuming they were given a swift kick in the shins for being foolish enough to click on such a link?

Reply Score: 3

RE[2]: It did do something
by Celerate on Sat 4th Feb 2006 02:00 UTC in reply to "RE: It did do something"
Celerate Member since:
2005-06-29

It's amazing how many people still fall for the old free porn ruse, it's a classic used for spreading viruses and frankly anyone with common sense should know better to fall for it.

Reply Score: 2

Destructive junk
by Alwin on Sat 4th Feb 2006 00:36 UTC
Alwin
Member since:
2005-07-17

About maximum effect for a virus, worm, etc:

Anything that puts a carbon-based unit in the loop (e-mail based, phishing scams and so on) just won't cut it. Humans don't continuously read their e-mail, surf the web, or chat. They do that with intervals. That automatically limits how fast it can spread, and gives others (software vendors, AV companies, sysadmins) time to take action.

So IMO the most fast-spreading and/or destructive threats simply MUST be things that don't need human interaction to spread. Only then you have (in theory) the potential to infect every machine hooked up to the net, within hours.

Kind of sad that most malware isn't destructive, and only wants your CPU cycles or bandwidth. Imagine what a super-destructive and fast spreading worm could do: kill off all those zombies and unpatched systems. That would do wonders for spam levels, AND promote more secure systems like Linux, MacOSX or *BSD.

I for one, would welcome a worm that knows many ways to get in, spreads like crazy, and wipes clean the harddisk of any vulnerable machine it finds. Even while I couldn't be 100% sure to be among the 'survivors' =8-[

Learning the hard way is one way to teach those countless, clueless dummies that (possibly without even knowing) make online life less fun for others.

Reply Score: 3

RE: Destructive junk
by xeniast on Sat 4th Feb 2006 01:30 UTC in reply to "Destructive junk"
xeniast Member since:
2006-02-04

Got Root !

Reply Score: 1

RE: Destructive junk
by Celerate on Sat 4th Feb 2006 02:11 UTC in reply to "Destructive junk"
Celerate Member since:
2005-06-29

I think that may be an extreme measure. Some people are forced to use computers even though they really shouldn't be allowed near one for safety's sake. You can blame this on businesses such as banks for example, which are closing earlier and pushing internet banking like a street drug at everyone in order to cut down on staff and save money. How about the people who have to use computers as part of their jobs, and these days it's getting harder and harder to go through school without needing a computer.

Reply Score: 1

People need to remember
by kensai on Sat 4th Feb 2006 00:37 UTC
kensai
Member since:
2005-12-27

Windows isn't getting more viruses or is more insecure because it's user base is bigger, is just because it is for sure less secure than Linux. non-root user can't damage anything on the system and you would be running as non-root forever (I hope). With a virus like that maybe it can damage a few of your /home/user directory files and nothing more a thing that will be fixed easily or erase and create user again. And about FreeBSD don't even think about a virus doing more damage on it since it is even more secure than Linux. So don't take me for a Linux zealot, just take me as a FreeBSD user that likes to correct some wrong statements.

Reply Score: 1

RE: People need to remember
by Wrawrat on Sat 4th Feb 2006 00:57 UTC in reply to "People need to remember"
Wrawrat Member since:
2005-06-30

But what is more important: your system or your data files?

A borked system can take hours to fix up, but data is often impossible to restitute. If you didn't made backups, that's it. Yet, the average user (in contrast to your average OSN reader) isn't familiar with these procedures. You should not take destructive viruses lightly even if you are running a Unix/Unix-based system.

Just take me as a knowledgeable user. ;)

Reply Score: 2

RE: People need to remember
by Bending Unit on Sat 4th Feb 2006 09:55 UTC in reply to "People need to remember"
Bending Unit Member since:
2005-07-06

Oh, how comforting. Except that I don't care about system files, it my own stuff that's important, you know the files in /home/user. Corrupted files are not easily detected and can overwrite your healthy files on your backup drive.

Reply Score: 2

everybody knows
by happycamper on Sat 4th Feb 2006 01:02 UTC
happycamper
Member since:
2006-01-01

I guess at symantec a sombody cried out abort, abort, abort.

Reply Score: 1

RE[4]: Too bad eh..
by eMagius on Sat 4th Feb 2006 01:02 UTC
eMagius
Member since:
2005-07-06

That's one of the downright stupidest ideas I've ever heard.

Not allowing users to run their own programs and scripts in the name of security? Are you serious?

Browser: ELinks/0.10.5 (textmode; OpenBSD 3.9 i386; 80x48-2)

Reply Score: 1

RE[5]: Too bad eh..
by Varg Vikernes on Sat 4th Feb 2006 02:20 UTC in reply to "RE[4]: Too bad eh.."
Varg Vikernes Member since:
2005-07-06

It's like that IE dialog that pops up when you download an exe. It's annoying and nothing else. If someone wants to run it he will, be it a dialog to click through or chmod it.

Reply Score: 1

RE[5]: Too bad eh..
by eMagius on Sat 4th Feb 2006 01:21 UTC
eMagius
Member since:
2005-07-06

My previous post should have been RE[5] (response to raver31), not RE[4].

Hey, OSnews editors -- stop screwing over users of non-craptastic browsers!

Browser: ELinks/0.10.5 (textmode; OpenBSD 3.9 i386; 80x48-2)

Reply Score: 1

Who?
by Trollstoi on Sat 4th Feb 2006 10:27 UTC
Trollstoi
Member since:
2005-11-11

Who is Miss Lebanon?

Reply Score: 1

You know...
by deathshadow on Sat 4th Feb 2006 11:43 UTC
deathshadow
Member since:
2005-07-12

There is NO reason for this type of virus/worm/whatever you want to call it today to continue to propagate apart from the total ignorance of Joe user.

Frankly, with all the free porn available across the web, anyone that opens a sex spam's attachment get's what they {censored} deserve... The NEED to have their computer borked two or three times to break them of being a moron.

Reply Score: 1

still waiting for the big one
by JohnMG on Sat 4th Feb 2006 17:41 UTC
JohnMG
Member since:
2005-07-06

(meh, nevermind)

Edited 2006-02-04 17:55

Reply Score: 1

One more reason for switching to Linux
by jbalmer on Sat 4th Feb 2006 18:14 UTC
jbalmer
Member since:
2005-12-18

This is one more reason in the kitty for switching to Linux as soon as possible. Windows users please note.

Reply Score: 1

A great new precedent has been set
by Sandwich Boy on Sun 5th Feb 2006 02:32 UTC
Sandwich Boy
Member since:
2005-07-10

For having the word 'f--kin' on the OS News front page.

--
What the hell is wrong with ELQ?
http://www.bedoper.com/bedoper/2006/39.htm

Reply Score: 1