Home > Privacy, Security > Hacker Code Could Unleash Windows WormHacker Code Could Unleash Windows Worm Eugenia Loli 2003-07-26 Privacy, Security 41 CommentsA hacker group released code designed to exploit a widespread Windows flaw, paving the way for a major worm attack as soon as this weekend, security researchers warned. About The Author Eugenia LoliEx-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.Follow me on Twitter @EugeniaLoli 41 Comments 2003-07-26 2:19 am Being a security guy… I haven’t been feeling a lot of love for MS lately Large companies need to be able to be very nimble when it comes to asset management and maintenance.Patch’m if you got em… this will be no joke. 2003-07-26 2:34 am MS tries hard but I think their people are under payed, so they set up these holes on purpose for revenge or something.Why did they release code that would help attack windows computers, because it is known that people don’t update windows like they should, now all hell is going to break lose. Assholes. 2003-07-26 2:43 am Firewall. That’s all that needs to be said. 2003-07-26 3:00 am just today a rep calls up and non-challantly states: “i’ve got a message popping up saying ‘keystroke logger trojan’ detected. quarantine failed. delete failed. i don’t need to be worried do i?”almost every single user shows their complete ignorance when it comes to being infected. they also seem to always want to downplay the fact that they got nailed.“everyone gets these …uh right?”grrrrrrr 2003-07-26 3:23 am >> MS tries hard but I think their people are under payed, so they set up these holes on purpose for revenge or something. <<No, just incompetent. This is what happens when pure marketing drives your release cycle. The “year long security push” was nothing more than yet another marketing ploy. It takes years of experience to be good at creating secure software. One year doesn’t cut it. 2003-07-26 3:24 am Dude, you found the silver bullet! Here all of IT is scrambling to protect themselves… and the answer was right there! Thank you for coming to the rescue.phew… that was a close one… never mind, false alarm.🙂 2003-07-26 3:27 am Way to go opensource security nuts. This isn’t going to put a halt on open source movement is someone runs with this. Don’t you people get it. Do idiot things like this to make windows look bad will only hurt you. Now people will know people in opensource as computer hackers in the virus sense more so then they do now. Security through obscurity is the best way even if you don’t like it. So this might make MS move on making a patch sooner, big deal they can’t do a damn thing about people patching. If everyone left auto updates on and ran latest versions of windows with nice auto updating in it,things would be better. But of course having the latest version of windows suports MS, and has evil XP call home to mother ship software, and letting MS auto update a computer is evil. So lets just show all the bad guys out there who are to dumb to find a vulnrability in windows on there own, everything they need to know so they can go nuts. MS may not be the best thing but at least you have to work at figuring out were it’s flaws are, you don’t have the blueprints to how to attack downloaded with the OS. Give opensource projects time, if they grow in market then virus folk will have a feild day, cause once linux hits mainstream, if it ever does, most the users won’t be patching linux either.If you are one who can find flaws in windows, do the right thing, tell MS, and maybe anti virus companies. And other then that shut up. No one else needs to know, there is nothing they can do. Let MS fix it and let the patches and SP’s out to get the problem taken care of before people can do bad.This group could very well be all windows users and have nothing to do with the opensource movement, but they released code in the same manner as the open source community, so it’s very much opensource attacking MS. Only people wanting to see Windows get attack, and want 15 minutes of glory on slashdot, do such things. 2003-07-26 3:33 am I thought we learned our lesson about windows, CodeRed and firewalls. 2003-07-26 3:50 am Microsoft will imdemnify you if your PC gets 0wned, and used to send gigabytes of spam, used as a P2P node without your consent making you guilty of copyright infringement or as a child-porn repository. 2003-07-26 3:58 am It was pretty piss poor to release example code so early.BTW, LSD, the group of guys who found the vulns, handled it like pros.Hat’s off to those guys.XForce and others, A+ for effort, but the notoriaty aint worth it. 2003-07-26 4:05 am I keep hearing about all these critical security flaws, and yet I’ve never gotten hit – knock on wood If I ever did get seriously nailed, I’d seriously be considering a Mac next time around. 2003-07-26 4:19 am > If you are one who can find flaws in windows,> do the right thing, tell MS, and maybe anti virus companies.Releasing the exploit does, infact, inform MS and anti-virus companies along with yourself and others who have puchased the operating system. This give you the ability to see just how obvious (or arcane) the exploit is.Armed with this information, you might be less apt to purchase it again in the future. 2003-07-26 4:26 am “Releasing the exploit does, infact, inform MS and anti-virus companies along with yourself and others who have puchased the operating system. This give you the ability to see just how obvious (or arcane) the exploit is.Armed with this information, you might be less apt to purchase it again in the future. ”Of course MS catches wind of this to, but they are the ones who need to know. I really don’t need to know, there is nothing one can do, accept cause un-needed panic. Why does one need to see such things. All OS’s have flaws like this. Change OS will not change anything. And nothing is going to cause people to patch more then they do now. This will not cause anyone to switch to anything else. Like has been said again and again. The must viruses will strick the most common OS’s and with one OS covering 90+ percent of the market you can be sure it will be about the only one to get hit. I’m sure there are many people eyeing up linux to attack it, and of course it has had virus’s to. OSX will sure to be a target. OS9 didn’t need virus, it barely ran on it’s own. If apple does get to 5% someone will probably port a virus to it. Beos never had any virus issue, but that wasn’t because it was virus proof.This does nothing to consumer mindset, but it does put them at more risk. Also virus are hardly something that comes into play when buying a computer aside from it coming with bundled anti virus software. 2003-07-26 4:43 am 1. Why is MS adding a “feature” that is remotely exploitable? No one made them do it. The answer is that MS has not cared about security, at least not until recently.2. The effect on users’ computers is unfortunate, but that is not the real problem — the real problem is the effect on servers. SQL Slammer took down ATM networks at Bank of America.3. Patching Windows servers is hard work. The server has to be taken down — sometimes it doesn’t go back up after the patch is installed. With SQL Slammer, even companies that put in the security patch found that a subsequent MS update reversed the patch.And one need not compare Windows only to Linux. There are plenty of Sun, HP, IBM, etc. Unix servers out there. And the BSDs.Suppose 25% of your salary were deducted from your pay check every time your network (not user workstations, the whole thing) was brought down by a virus or a worm — which OS would you want to use? If you say Windows – I think you’re . . . independently wealthy. 2003-07-26 4:59 am Jeff Jones, senior director for Microsoft’s Trustworthy Computing initiative says this: “… the release of exploits are protected in the United States under the First Amendment …” 2003-07-26 5:16 am I dub ye post “Conjecture in motion.” Here’s your award. **hands Brad a bronzed foot*** Enjoy! 2003-07-26 6:41 am What, a security in windows….When did this happen. 2003-07-26 7:40 am didn’ you guys read the previous article? Windows isn’t Hell.Enough of this crap that Windows get’s hacked more because it’s more popular. There are more apache webservers than there are IIS and IIS get’s hacked more.Windows and unix are different. Remember when grades in school meant something before it was wrong to hurt someone’s self esteem? Windows gets a D for Security Unix gets a B. Sometimes not only are they different, but one is BETTER. Yes one is better.Unix has built in firewalls (ipfwadm, ipchains, iptables) and has had them for a while. Windows has added it recently.Unix does not allow executables to run by default, guess what Windows does?The Unix Java VM was built to have a sandbox to prevent Java exploits; Microsoft’s was not.Yes, Unix and linux have exploits. It’s much easier to exploit Windows, and that’s the Bottom line.p.s Windows isn’t Hell, Bill Gates isn’t Satan, but he’ll be looking at purgatory. 2003-07-26 7:48 am You dork, don’t blame Bush. That doesn’t make ANY sense. BTW, the Whitehouse’s website runs on Solaris (used to run on Linux when I checked earlier this month) as does rushlimbaugh.com. Check netcraft. Unfortunately, gop.org is running win2k However, foxnews is on Linux and Solaris. 2003-07-26 10:16 am Most webservers run apache on linux or freebsdso why isn’t apache getting hacked every 2 weeks ?In universities, places with, let’s say a higher-than-average concentration of people actually capable to code a virus, linux is quite popular.The reason obviously is that in order to get into a linux machine you need 4 independant security bugs.You need to-> get in, execute code on the server (flaw in some network server, somewhat common).-> you need to exec() a shell (well, you don’t absolutely need a shell, but every one who isn’t fluent in assembly needs one) so you need a flaw in the server’s configuration (depends on whose computer it is)-> you need to send more stuff there (which should trigger a firewall alarm)-> you need to become root, which requires a kernel bug (VERY rare, and on a decently configured system you need a development environment to use the very few ones that are found) 2003-07-26 10:35 am This can actually hurt Open Source. I bet most non-technical people thinks that with all these security problems, it safer to rely on a commercial company 🙁 2003-07-26 10:40 am This can actually hurt Open Source. I bet most non-technical people thinks that with all these security problems, it safer to rely on a commercial company 🙁I don’t see the correlation. Isn’t this flaw supposed to affect Windows? Isn’t MS a commercial company? How is this supposed to affect Linux or Open Source in general? 2003-07-26 12:24 pm I don’t see the correlation. Isn’t this flaw supposed to affect Windows? Isn’t MS a commercial company? How is this supposed to affect Linux or Open Source in general?Non-technical people don’t know much about OSS, other than it’s “free” and that most development is done by volunteers.When they read about all those crackers that looks for ways to hurt/infect their machines, they will probably trust Microsoft more than OSS alternatives.I believe that bad publicity hurts Microsoft, but it also hurts the rest of the IT-industry, because people may think that other products are equally exposed to these problems. 2003-07-26 1:24 pm Let me see, I need to check my firewall rules, make sure my anti-virus program has the latest definitions, …Oh, that’s right, I don’t run Windows 🙂 2003-07-26 1:35 pm “It takes years of experience to be good at creating secure software. One year doesn’t cut it.”Oh? How many years of experience does it take to create a good operating system?That’s the real problem here. No, sorry, motivation at MS is the problem. Lack thereof.As for MS claiming to focus on security… They’re like this one guy I knew who was trying to spread his band’s demo tapes: He’d ask you what kind of music you like. No matter what type of music you’d say in response, he’d say “Oh we do some of that! Buy a tape!”MS: What? Security is big talk these days? We do that, too! 2003-07-26 3:35 pm Jace: He wanted to sell his demo tapes? Here and I thought you wanted to give away demo tapes, so everyone can hear. 2003-07-26 5:52 pm THAT’s ALL FINE BUT WHERE THE HELL DO I DOWNLOAD THE FIX! I HAVE BEEN LOOKING ALL MORNING. the article just states that some dude was hosting off his personal website. 2003-07-26 8:34 pm Google is your friend:http://www.google.com/search?hl=en&ie=ISO-8859-1&q=DCOM+RPC&btnI=I~…The fix is also available through Windows Update. 2003-07-26 10:58 pm *Trying to download the fix…*Whoops, I’m in Linux 2003-07-26 11:24 pm Why is this being reported only now, I’ve had the patchinstalled since the 17th?To people who think Linux virii will become a problemif Linux is on 90% of the computer, well most likely youwill be wrong.The biggest reason why Windows virii are so easy to writeis because all the extra crap MS puts in them, IE, Outlook, Messanger, DirectX and so on. Yes, you can turn them off, but as we have seen, even that doesn’t always help. They will always be there, ready to be exploited.With Linux you have first of all the huge amount ofpossible configurations, with no absolute needed partsand of course you have the / problem as well.And there is other factors as well. 2003-07-26 11:41 pm Why is this being reported only now, I’ve had the patch installed since the 17th?Had you bothered to read the article, you would notice that they are reporting on the availability of exploits for the bug. Previous proof-of-concept exploits were only for Win2k SP3/SP4, while the new ones work with any version of Win2K or XP. 2003-07-27 1:02 am Looks like I’ll be getting some nice dreams tonight while OpenBSD protects my LAN and Linux powers my other machines and out there somewhere will be a little Windows worm ripping through unprotected machines around the net like there’s no tomorrow. There truly is justice in this world I wonder if Redhat or Suse could pick up the new marketing style and start offering Windows-to-Linux migration plans for those who don’t want to get hit by such worms in the future. I bet there’s great money in this business especially right after this one.Here’s a nice take on things though: look at the global internet as a community of organisms. They are different from eachother because they run different operating systems with different patches and so on. If Microsoft Windows or any other OS were to achieve full dominance, any single worm could wipe out the entire net. However, if the diversity is big enough, if people run different operating systems and different software, no one worm can ever take everything down. Opensource is different because there are many flavours of it. There are thousands of ways you can compile an opensource kernel. You can apply security patches, harden the OS against various attacks and so on. Opensource is the key to the survival of the internet infrastructure. There is only one flavour of a closed source operating system, which makes any efficient attack against one of these fatal against every member of it’s species.Use different operating systems, use a secure firewall (OpenBSD is the only one I trust) and patch often, patch quickly. 2003-07-27 1:17 am “Why did they release code that would help attack windows computers, because it is known that people don’t update windows like they should, now all hell is going to break lose. Assholes.”Maybe it will force people to stop using Windows and wasting the consumer and public’s money on crap. Just like the only way to get homeland security to do anything is announce the security flaws in public. People who use Windows are eaither very lazy or not that bright. 2003-07-27 1:24 am “This does nothing to consumer mindset, but it does put them at more risk. Also virus are hardly something that comes into play when buying a computer aside from it coming with bundled anti virus software.”Almost everyone I know that has Windows has had a virus infection more because they had such a low IQ to begin with as expemplified in their use of Windows. 2003-07-27 1:28 am “OS9 didn’t need virus, it barely ran on it’s own. ”Windows is a virus. It destroys or steals data and spreads itself across other computers. The only way it is not like a virus is that it is not compact or cross platform. 2003-07-27 1:34 am How do we know this was not something Microsoft intentionally put in Windows to give them a back door to your system? Maybe now they have simply been caught.Call me a conspiracist but this theory fits really well with the way the Microsoft Corporation behaves.Be smart and put something besides Windows between your Windows desktops, Windows “Servers” and the rest of the world.Anyone know Microsoft’s full range of IP address blocks? I wonder if setting your firewall to reject and log all requests from those addresses would turn up anything interesting.I have a well locked down, heavily firewalled Windows “Server”. While watching network packets with a sniffer, I notice it sending them to an IP address of IANA. The replies are blocked by the firewall, of course. The machine is not running anything like IIS, telnet services, etc. it’s not part of any domain, it doesn’t even have Internet Explorer and Outlook Express anymore. It’s only a terminal server, why is it trying to announce it’s presence to the internet? 2003-07-28 2:37 am BTW, the Whitehouse’s website runs on SolarisUh, no.http://uptime.netcraft.com/up/graph/?host=www.whitehouse.gov 2003-07-28 2:46 am When looking out for the White House’s web site, I happened to check http://www.whitehouse.com (which I believe is a porn site, though it doesn’t seem available right now) and http://www.whitehouse.net (some really lame parody site). The funny thing is that, according to netcraft, the site http://www.whitehouse.com is running Microsoft-IIS/5.0 on Linux! 🙂http://uptime.netcraft.com/up/graph?site=www.whitehouse.com 2003-07-28 5:50 am “When looking out for the White House’s web site, I happened to check http://www.whitehouse.com (which I believe is a porn site, though it doesn’t seem available right now) and http://www.whitehouse.net (some really lame parody site). The funny thing is that, according to netcraft, the site http://www.whitehouse.com is running Microsoft-IIS/5.0 on Linux! 🙂 ”How did they do that!?!? It’s amazing!Can anybody provide the “How-to”? 2003-07-28 2:10 pm “Microsoft-IIS/5.0 on Linux”If you put an IIS server behind a Linux firewall this is the configuration Netcraft often reports. 2003-07-28 3:41 pm Interesting…so a lot of “Apache on Net/Free/OpenBSD” might actually be Apache on Linux behind a Net/Free/OpenBSD Firewall?