Maker Pro
Maker Pro

Sobig dupe is our Frank??

M

Mike Dupre

Jan 1, 1970
0
excerpt from news story...

The worm is thought to have been released originally on Usenet, a sort of
Internet bulletin board.

The account was apparently established from a computer in British Columbia,
which experts said belongs to an unwitting home user whose computer appeared
to be infected by a version of the virus.

The virus was disguised on Usenet as a pornographic photograph in an adult
news group, Minor said. People who clicked on the photo had their PC
infected with the virus, which then began to e-mail itself to every address
on the infected computer's e-mail address book.
 
F

Frank Olson

Jan 1, 1970
0
Damn!! They said they wouldn't release names!!!

:)

You apparently *can* get infected from opening a photograph, but you have to
have an executable program (the other "half" of the virus program) on your
system already... Anyone with a properly configured virus scanner isn't
going to have a problem... Any computers we have that "gateway" to the
internet are running Linux. As far as I know "Sobig" only works on XP, 2000
and NT machines...
 
S

Southern

Jan 1, 1970
0
There used to be holes in most anti virus programs that could allow programs
masking as image files to get executed. Those have been remedied to the
best of my knowledge. Your comment about half of it there having to be
there already is new to me.

There are several rumors about the source of SoBig having been found. One
was up at www.fbi.org/new/virus.htm stating that "Lesbian hacker team
identified as source of SoBig Internet worm.but is not yet in custody "
However, like the domain itself, it looks to be a hoax. A more supported
rumor is that it was created to root machines for use during DDOS attacks
and spam runs. Sounds a bit more likely, but you would have thought it
would have been a bit more stealthy. A couple of Russian names have been
associated with that family of rumors.

Using Linux boxes as gateways does not make you immune to the current
viruses though they are a very good thing. . The firewall/router does stop
direct attacks which Windows is also wide open for.
 
F

Frank Olson

Jan 1, 1970
0
Robert L. Bass said:
He's talking through his hat. You don't need an executable to activate the
virus. All you need to do is click on it. I get e-mails all the time from
some moron who hasn't cleaned up his machine since the phony "Microsoft tech
support" thing started. If Norton hadn't already quarantined them one
double-click would wreak havoc.

As usual you don't *read*... I was speaking of a very particular virus that
uses a picture file or photograph to "complete" it's code... Here's a link
you might find interesting:

http://infosecuritymag.techtarget.com/2002/jun/digest17.shtml

Normally speaking a picture file like a *.jpg image can't by itself be
turned "malicious". McAfee's proven that the technology exists however for
it to become so, but your system has to have the executable file on it
first. The executable won't be picked up by your anti-virus software
because it doesn't exhibit a recognizable "footprint" (or code). You won't
know you have it until you open the "infected" picture.

I run firewall software on my machines plus my Linksys router has a
firewall. That just keeos the less determined jerks out. It does nothing
to protect me from opening a virus disguised as something else. A
combination of NAV and a policy of never opening attachments I haven't
specifically requested has kept my machines relatively free of nasties.

Good for you... now if you can only start responding to those emails and
answer your phone...


See above link... While we're once again proving that you're the one
talking through his hat... clean up your meta-tags... I'd offer to help,
but you'd have to sell way more Ademco Compass disks first (to be able to
afford me)...

As long as it's up to date and they use common sense, true.

What does "properly configured" mean to you??

That has nothing to do with immunity from viruses in general.

Seen any Linux coded viruses lately??
 
F

Frank Olson

Jan 1, 1970
0
Robert L. Bass said:
And as usual you got it wrong. The virus doesn't need a separate
executable. If you double-click on an infected file it will activate even
if you don't have an image viewing or editing app. Come to think of it, I
don't know of anyone who doesn't have some sort of image viewer or editor
app.

Geez Robert... You don't read very well, do you???

<<<<<quote

The virus drops an extractor to the hard drive and modifies the registry so
that it will be executed every time a .jpg file is opened. The extractor
will then look for malicious code in the .jpg and execute it if it's found.

end quote>>>>>

What part don't you understand???
Been there before you posted it.

And obviously didn't read or understand it...

That'll be the day.

You're right... I don't speak "normally"... I have a heavy Canadian
accent...

I saw it before you posted it.

But didn't read or understand it...

help,

I don't need or want assistance from you, Franky.

Ahh... but you do need help Robert... If not me I can recommend several
good web designers that know all about search engine requirements...
Remember what I said about the cliff???

That's not what Jake says, but I don't go that way.

I've never met Jake, but if I had a choice between having a beer with him
and having one with you, I'd pick him hands down...

Now you want help?

Yeah... I really need someone to help with this danged parental lock...

Yup... The following are but a few. There are lots more.

I'm real glad you "stepped" up to the plate on this one... You really do
have a lot of time on your hands, don't you??? Sales really that slow???
 
F

Frank Olson

Jan 1, 1970
0
Robert L. Bass said:
The problem is you don't understand what you're reading. Once infected, the
modified registry will call up the virus every time you click on a JPG.

Nope... Only a .jpg that includes malicious code... What does this mean,
Robert?... Quite simple really... It's a "two part" system... It won't
execute anything unless it finds the rest of the code sequence in an
*infected* (I use that term loosely because not even anti-virus software
will default scan this type of file unless you tell it to) .jpg... The
"extractor" is *not* a virus by itself... It's simply a program that looks
for specific code sequences to run (execute). That's why McAfee, Norton,
and the other anti-virus programs out there won't pick up on it and that's
what makes it even more dangerous.
Yes. You skipped out on the USA at draft age although you claim it was when
you were a baby.

Actually missed the draft... I was born in 1956, remember?? That means I
was 19 in 1975 (in case you have a problem with math as well as reading)...
 

Similar threads

Top