Stop Microsoft

All Things Microsoft => Microsoft as a Company => Topic started by: LocNar on 23 August 2003, 20:55

Title: SoBig
Post by: LocNar on 23 August 2003, 20:55

I was reading the news and learned that SoBig apparently started as a pr0n image posted to a newsgroup. If the image was downloaded, then the computer was infected. My question is: Which part of WinSuck is broken to allow this to happen? Images aren't executable, right? Presumably, a .jpg would open under InternetExploder, so maybe that's where the problem is.

Anybody have an explanation for this?

Title: SoBig
Post by: Refalm on 23 August 2003, 21:30

It's usually something like "hot_girl_coming_omg.jpg.vbs". Windows doesn't display extensions at default, so most Windows users think that it's named "hot_girl_coming_omg.jpg". And most Windows users don't even know what a VBS file is in the first place.

Title: SoBig
Post by: bwid_s_01 on 23 August 2003, 21:42

Actually, in WinSuck an executable program can hide under almost any extention. There is a good article with an example explaining this autrocity here:
http://www.guninski.com/clsidext.html (http://www.guninski.com/clsidext.html)
and also here
http://www.hyperwrite.com/aspscripts/framer.asp?target=../features/html_applications.htm (http://www.hyperwrite.com/aspscripts/framer.asp?target=../features/html_applications.htm)

Title: SoBig
Post by: slvadcjelli42 on 24 August 2003, 00:23

VBScript?

Title: SoBig
Post by: mobrien_12 on 24 August 2003, 02:29

VBScript = visual basic script

Microsoft's answer to the need for a scripting language in Windows... and a security nightmare.

Title: SoBig
Post by: LocNar on 24 August 2003, 05:30

Thanks for the info!

Title: SoBig
Post by: M51DPS on 24 August 2003, 06:12

I heard of a virus that had a ton of spaces between the name and the real extension. So it would be:

whatever.jpg                                                                  .exe

Title: SoBig
Post by: Faust on 24 August 2003, 07:13

quote:

---

VBScript = visual basic script

---

Speaking of which, in the administrative tools console in Windows (should you be unfortunate enough to be using the thing) go and fine a snap in labelled something like "search the indexing service."  Turn off the indexing service with the "add / remove microsoft programs" tool thing and then try searching through it.  The error that comes up clearly shows that this important part of Windows (the index search) was written in VB script.  (http://smile.gif)

I found this out the other day when I was fixing a friends friends laptop.  (And unfortunately installing Linux wasn't an option - she apparently needed a tutorial on using winamp, and any sudden changes would frighten her  :D  )