BLaster/Lovesan has a sibling now.
 

By INQUIRER staff: Wednesday 13 August 2003, 16:51
KASPERSKY LABS claimed this afternoon that there's already a new Version of the BLaster/Lovesan worm on the loose.
And it says that's likely to mean a repeat of the outbreak we've seen during this week. The new variety of Lovesan exploits the same vulnerability.
Kaspersky says that the number of infected systems is around the 300,000 mark, and the new variety may double this number.
"In the worst case, the world community can face a global Internet slow down and regional disruption... to the World Wide Web," said Eugene Kaspersky, head of the labs.
The new variety uses the name TEEKIDS.EXE instead of MSBLAST.EXE, different code compression, and different signatures in the body of the worm. µ

Re: BLaster/Lovesan has a sibling now.
 

If you post stuff like this you need to post a link. I am having a hard time finding this, even on kaperskys site.

Re: BLaster/Lovesan has a sibling now.
 

There is also this one:

http://securityresponse.symantec.com...chnicaldetails

Re: BLaster/Lovesan has a sibling now.
 

I can tolerate a lot of things that annoy me, but these stupid kids who create this stupid viruses and worms really irk me! What the heck are they trying to prove anyways? I think they should use their skills for something useful...!

Re: BLaster/Lovesan has a sibling now.
 

<font size="2" face="Verdana, Helvetica, sans-serif">The problem is the perception of the peole doing it is that it's not a big deal, merely a nuisance. They think of it as a challange, or perhaps a way to get noticed and get a job in IT security or something like that. Even if they catch them the penalties are minor, since the damage done to anyone particular person is typically not that serious. But we need to change our view of it as a culture, and nothing does that better then the attacks themselves.

I would support a very light sentance for anyone writing or distributing a virus. Say maybe one hour in jail, for every person affected! http://forum.shrapnelgames.com/images/icons/icon8.gif

The first time one of these pinheads gets convicted of 12 million counts of malicious tampering sentanced to 12 million consecutive one hour prison terms the rest of them might think twice about doing it themselves. http://forum.shrapnelgames.com/images/icons/icon10.gif

Geoschmo

[ August 13, 2003, 20:19: Message edited by: geoschmo ]

Re: BLaster/Lovesan has a sibling now.
 

<font size="2" face="Verdana, Helvetica, sans-serif">http://www.theinquirer.net/

There ya go

Re: BLaster/Lovesan has a sibling now.
 

<font size="2" face="Verdana, Helvetica, sans-serif">The problem is the perception of the peole doing it is that it's not a big deal, merely a nuisance. They think of it as a challange, or perhaps a way to get noticed and get a job in IT security or something like that. Even if they catch them the penalties are minor, since the damage done to anyone particular person is typically not that serious. But we need to change our view of it as a culture, and nothing does that better then the attacks themselves.

I would support a very light sentance for anyone writing or distributing a virus. Say maybe one hour in jail, for every person affected! http://forum.shrapnelgames.com/images/icons/icon8.gif

The first time one of these pinheads gets convicted of 12 million counts of malicious tampering sentanced to 12 million consecutive one hour prison terms the rest of them might think twice about doing it themselves. http://forum.shrapnelgames.com/images/icons/icon10.gif

Geoschmo</font><hr /></blockquote><font size="2" face="Verdana, Helvetica, sans-serif">I think 1 minute would be OK as well....

12,000,000 / 60 = 200,000 Hours
200,000 / 24 = 8333.3333... Days
8333.333 / 365 = 22.83 Years

That seems appropriate... http://forum.shrapnelgames.com/images/icons/icon10.gif

Re: BLaster/Lovesan has a sibling now.
 

"The first time one of these pinheads gets convicted of 12 million counts of malicious tampering sentanced to 12 million consecutive one hour prison terms the rest of them might think twice about doing it themselves."

A life sentance for computer viruses? Harsh.

Re: BLaster/Lovesan has a sibling now.
 

<font size="2" face="Verdana, Helvetica, sans-serif">The problem will not go away unless you make the actions have appropriate repurcussions. This isn't some hacker sneaking into websites without permission. This is a serious crime with serious damage to the victims, there should be a serious penalty to the criminal as well.

Re: BLaster/Lovesan has a sibling now.
 

I spent Tuesday and part of Wednesday dealing with 120 very frustrated Users (and / or their systems). When I think of the productivity loss and high stress due to this BLasted BLaster I have three reactions:
1) Why did our Network people put off installing this patch?
2) I am glad I am not the one who made that call, (to not install the patch)
3) This guy single handedly set back medical research around the world by one full day, (we do cancer research). What other quality of life improvement did he interfere with? What punishment is appropriate for that alone?

Re: BLaster/Lovesan has a sibling now.
 

<font size="2" face="Verdana, Helvetica, sans-serif">Sorry, I disagree with this totally. In what other type of crime are the criminals treated as stars and heros and and the victims critisized for not properly protecting themselves? I don't blame you for feeling that way since you work in the IT business. But until we treat this as a crime and not just another factor of business it's not going to get any better.

Geoschmo

Re: BLaster/Lovesan has a sibling now.
 

True but the real problem is people need to take security serious. This exploit has been out for almost a month.

Re: BLaster/Lovesan has a sibling now.
 

One of the problems is the slashing of IT staff by businesses and government. Here, we are so short of staff that there is no way we can check our outlying offices more than once every other month, and then one network tech might have to hit three offices in three counties that day. Then on top of the network related duties, we have to do pc repairs also, that position was cut. Some of our offices are three hours away, so the better part of the day is spent traveling.

Re: BLaster/Lovesan has a sibling now.
 

I don't consider hackers heros, but just because there are police to stop criminals that doesn't mean that you don't lock your house when you leave.

It's fairly simple, the patch has been out for almost a month, there is no excuse (including the company I work for) for anyone who is responsible for a production system not having them patched by this point.

Re: BLaster/Lovesan has a sibling now.
 

Richard, I don't mean to speak for you of course, but the typical protrayal of these guys is that they are basically harmless, bored, too smart for their own good, or even good intentioned if misguided in their methods. They are treated as heros within their own sub-culture, and some of them acchieve a sort of Jesse James cult standing among the general population who quietly view them as striking a blow against the evil tyranny of Microsoft, or big business in general. Often when they are caught they are given cushy jobs working for the security industry figuring out how to stop the punks that took over after they left. It's a bunch of crap. Instead they should be derided for what they are, malicous, destructive, deviant punks. And when caught they should be locked up for a serious amount of time and when let out not allowed to touch another computer for the rest of their lives.

I lock my door, but if I had to change the lock every week or every month to keep the punks form coming in my house I'd be pretty pissed off about it. I might decide to give up on the lock alltogether and sit inside the door with a gun instead.

Re: BLaster/Lovesan has a sibling now.
 

Yes the patch has been out for several weeks.
Questions:
Hasn't Microsoft issued patches in the past that made things worse or opened other doors? (Maybe I'm wrong here).

How much do you trust Microsoft who said they do not support a system not running Service Pack 3?

How careful should you be when updating hudreds of servers and 15,000 destops running who knows how many different programs?

Regrettably for my group we were tooo careful.

I don't want to be overly dramatic but I feel like a lot of people In General are
"Blaming the Victum"
Edit: changed "here" to "In General"

[ August 15, 2003, 13:55: Message edited by: Gryphin ]

Re: BLaster/Lovesan has a sibling now.
 

What is occurring here is a form of terrorism. Sure its probably bored kids, but they are putting people’s lives at risk. At my work the patch was installed on the test network the first week it came out, then on the servers shortly there after. Desktops were ignored, a) because we don’t have the bodies to address them, b) because Citrix shields them from the outside world. But when the DMV went down, the situation was reevaluated and we began to patch. So far, nothing has been found on any systems. There was a false alarm, but it was a bad power strip.

The main reason that these people can get away with this stuff is the current IP/TCP system we use. NAT makes it hard to trace events back to the source, but without NAT we would have to disconnect most of the world. Also, many of these attacks originate outside of the US, and are not subject to our laws. IPv6 will help the problem a lot, and implementation has been pushed up. The second thing that needs to happen is this: people need to be responsible for the systems they own. On my wan subnet there are about 60 systems, about 25 of them are infected and 4 of them constantly sniff data and test my firewall. If I catch it in my server logs, I know Comcast does. But Comcast refuses to take any action on the problem. People that unknowingly have infected systems need to be disconnected and referred to professional repair sources. People that knowingly hack and probe need to be prosecuted. The law allows for stiff penalties for gaining unauthorized entry into a protected network. But they do not do much to deter the attacks.

We need to develop a package of laws that address the illegal activity on the internet, and then apply minimum sentencing rules to those who break them. They should cover Sniffing, Unauthorized Access of all types, including the insertion of software (viruses and worms along with ad and spy ware) and the unlogged forwarding of email. Then we should remind the world that America gave them the internet and that we can also disconnect them. With that said we should ask them to sign a convention adopting the same rules. The states and nations that refuse (Nigeria, Iran, China come to mind) should then have there connectivity terminated. When I use my satellite, fully 1/3 of the background activity is probing by the Asian Pacific Network. Anyone care to guess who they are? They know about this on the hill, but I guess there is not enough money to be made from the law and order side of this problem.

This particular attack was aimed directly at MS, it looks for a folder that is only present on some MS systems and then goes to work. So the Authors had an axe to grind with MS. And they probably will brag about it sooner or later. I only hope that they are caught and severely punished. And if they are kids, I hope that the injured parties line up and sue their parent’s right out of their homes. If they did it at school, then the school should pay the damages, they are supposed to be supervising what happens on their systems. If the rumor about them hacking a backbone switch to insert the worm is true, then I hope the company that owns the switch has been in compliance as for as logging goes.

Re: BLaster/Lovesan has a sibling now.
 

<font size="2" face="Verdana, Helvetica, sans-serif">OTOH, Microsoft may just be the target of opportunity. Like the time someone asked the infamous bank robber Willie Sutton why he robbed banks - "Because that's where the money is." Why attack Microsoft? They're the OS on 90%+ of the world's computers. Who's going to write a worm to attack OS2/Warp nowadays? http://forum.shrapnelgames.com/images/icons/icon10.gif http://forum.shrapnelgames.com/images/icons/icon12.gif