Join 3,564 readers in helping fund MetaFilter (Hide)


You sleep around, you get diseases.
February 27, 2001 6:57 AM   Subscribe

You sleep around, you get diseases. A "proof of concept" virus based on Gnutella appeared last weekend; it's benign but the next ones won't be. Why do people do this?
posted by Steven Den Beste (19 comments total)

 
" Why do people do this?"

Because they can.


posted by bondcliff at 7:16 AM on February 27, 2001


Damn, beat me to it.
posted by darukaru at 7:19 AM on February 27, 2001


I made a Gnutella worm once, but never spread it. I was pretty proud of it, it could operate both as a batch file and as a VBS script, and would take the names of files in the 'shared' directory. It was fun.
posted by sonofsamiam at 7:31 AM on February 27, 2001


Actually I'm waiting for the SPA/RIAA/MPAA/IDSA co-written Gnutella virus, which makes all search results come back as 'PIRACY IS A CRIME'. If only they were smart enough to do a thing like that, all their troubles would be over. ;)
posted by darukaru at 7:36 AM on February 27, 2001


Or one that corrupts all the mp3s on your computer.

I'm still waiting for beneficial viruses to come around, ones that apply patches to broken M$ software and fix your HOSTS file to block ads :)
posted by sonofsamiam at 7:57 AM on February 27, 2001


Better yet you'd get a pop up displaying all your personal information gathered from your pc and telling that it was sent to the FBI via e-mail?

ha! beneficial viruses!
posted by tiaka at 8:04 AM on February 27, 2001


If RIAA did something so stupid, the resulting stink would force Congress to change the laws to the detriment of RIAA. I almost hope they do so, but I don't think they would.
posted by Steven Den Beste at 8:48 AM on February 27, 2001


This virus isn't much more sophisticated than putting an 8K executable file on your Web site and tricking people into running it. Since most people are using Gnutella to exchange non-executable files, I don't think this virus had any chance of being spread. At least it got some media attention.
posted by rcade at 9:43 AM on February 27, 2001


Errr... as far as I am concerned, a "proof of concept virus" is a beneficial virus: it shows the potential vulnerability and the viability of the 'species' in the wild --as opposed to a lab virus. Imagine, if the first Napster or Gnutella worm was a malicious one: the harm would be much greater than the one inflicted by the first malicious worm now --which is undoubtedly days away.

It's the old security-through-obscurity debate all over again.
posted by costas at 9:47 AM on February 27, 2001


A detailed overview of the ethics and mechanisms of beneficial viruses.
posted by dhartung at 9:53 AM on February 27, 2001


Doesn't work very well... I spotted it a while ago, but couldn't get a connection to any of the hosts that had it. So maybe if Gnutella actually *worked* . . . :-P
posted by whatnotever at 10:17 AM on February 27, 2001


This article is so superficial as to be nearly worthless. The question is, as always, what is the hook? How does the binary get executed? From the information given in this article, it sounds like this is only dangerous if you are in the habit of downloading random Windows binary files and running them. That's a weakness of any system that lets you transfer files and has nothing to do with Gnutella.

If there is some effect by which downloading a file causes its automatic execution, that would be a problem with the specific implementation of the gnutella client.

-Mars
posted by Mars Saxman at 12:02 PM on February 27, 2001


VBS files run as soon as they are downloaded, if you have WSH. That's where the problem comes in.
posted by sonofsamiam at 12:23 PM on February 27, 2001


Why? It's an intellectual exercise for some. When I had fully digested the notion of code and data being interchangeable and that you could write code that operates on code, I was enthralled. I wrote programs that loaded and in the process of loading patched a few key OS features, then expunged themselves from the disk. I've written lots of code that writes more code or looks for targets within other code to install itself into the flow with minimal invasiveness.

I remember being in a lecture in a CS class in which the professor expounded on how John Von Neumann routinely wrote self-modifying code. This was said with an air of reverence, whereas my internal voice said, "So?" because by this time I had done it for years and thought of it as a tool that is judiciously used in resource-poor environments. I find it highly stimulating to wring out a clever solution to a tricky problem given tight constraints.

Writing a virus is very similar.
posted by plinth at 12:57 PM on February 27, 2001


Just an FYI to save some heartache. Change your file associations for .VBS files to open in notepad. Then add an item in your SendTo folder for WScript or CScript. This prevents them from auto running and allows you to still run the vbs files if you explicitly decide to.
Also saves you in case someone less techno-saavy in your household doubleclicks a file named something.jpg.vbs.
posted by internook at 1:42 PM on February 27, 2001


Change your file associations for .VBS files to open in notepad. Then add an item in your SendTo folder for WScript or CScript

Do people really run script files from Explorer? I'm a dedicated command-line guy, I guess, but I hate running scripts from the shell.

Nevertheless, internook's advice is still a good tip. Go do it right now!! But now what happens when someone in your household doubleclicks on something.jpg.exe?
posted by daveadams at 2:24 PM on February 27, 2001


VBS files run as soon as they are downloaded, if you have WSH. That's where the problem comes in.

Ahh, interesting. So, that leads to the next two questions:

1) What are VBS files?
2) What is WSH?

This is beginning to sound like yet another stupid-Microsoft-scripting security hole.

-Mars
posted by Mars Saxman at 3:34 PM on February 27, 2001


Well, that's exactly what it is :)

VBS--Visual Basic Script. At first glance, it's a totally useless scripting language. At second glance, it's used as a macro language for almost all MS products, meaning: whatever they can do, it can do.

WSH--Windows Scripting Host. This is a weird thing that lets you run different scripting languages as a sort of shell scripts (the advantage over using a regular old interpreter, I dunno) One of it's features is running scripts as soon as they download.
Lots of computers have WSH installed. I don't know exactly why.
posted by sonofsamiam at 3:43 PM on February 27, 2001


Get a mac. 90% of all viruses are PC based for PC's. Tired of the whole virus issue? One option is to get a mac.
posted by macuser at 5:38 AM on February 28, 2001


« Older When the muse has struck/knowledge and form are en...  |  London's Millennium Dome... Newer »


This thread has been archived and is closed to new comments