Author Topic: SoBig  (Read 757 times)

LocNar

  • Newbie
  • *
  • Posts: 17
  • Kudos: 0
SoBig
« on: 23 August 2003, 20:55 »
I was reading the news and learned that SoBig apparently started as a pr0n image posted to a newsgroup. If the image was downloaded, then the computer was infected. My question is: Which part of WinSuck is broken to allow this to happen? Images aren't executable, right? Presumably, a .jpg would open under InternetExploder, so maybe that's where the problem is.

Anybody have an explanation for this?

Refalm

  • Administrator
  • Member
  • ***
  • Posts: 5,183
  • Kudos: 704
  • Sjembek!
    • RADIOKNOP
SoBig
« Reply #1 on: 23 August 2003, 21:30 »
It's usually something like "hot_girl_coming_omg.jpg.vbs". Windows doesn't display extensions at default, so most Windows users think that it's named "hot_girl_coming_omg.jpg". And most Windows users don't even know what a VBS file is in the first place.

bwid_s_01

  • Member
  • **
  • Posts: 79
  • Kudos: 0
SoBig
« Reply #2 on: 23 August 2003, 21:42 »
Actually, in WinSuck an executable program can hide under almost any extention. There is a good article with an example explaining this autrocity here:
http://www.guninski.com/clsidext.html
and also here
http://www.hyperwrite.com/aspscripts/framer.asp?target=../features/html_applications.htm

slvadcjelli42

  • Member
  • **
  • Posts: 155
  • Kudos: 0
SoBig
« Reply #3 on: 24 August 2003, 00:23 »
VBScript?

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
SoBig
« Reply #4 on: 24 August 2003, 02:29 »
VBScript = visual basic script

Microsoft's answer to the need for a scripting language in Windows... and a security nightmare.
In brightest day, in darkest night, no evil shall escape my sight....

LocNar

  • Newbie
  • *
  • Posts: 17
  • Kudos: 0
SoBig
« Reply #5 on: 24 August 2003, 05:30 »
Thanks for the info!

M51DPS

  • VIP
  • Member
  • ***
  • Posts: 608
  • Kudos: 30
SoBig
« Reply #6 on: 24 August 2003, 06:12 »
I heard of a virus that had a ton of spaces between the name and the real extension. So it would be:

whatever.jpg                                                                  .exe

Faust

  • Member
  • **
  • Posts: 1,223
  • Kudos: 0
SoBig
« Reply #7 on: 24 August 2003, 07:13 »
quote:
VBScript = visual basic script


Speaking of which, in the administrative tools console in Windows (should you be unfortunate enough to be using the thing) go and fine a snap in labelled something like "search the indexing service."  Turn off the indexing service with the "add / remove microsoft programs" tool thing and then try searching through it.  The error that comes up clearly shows that this important part of Windows (the index search) was written in VB script.  

I found this out the other day when I was fixing a friends friends laptop.  (And unfortunately installing Linux wasn't an option - she apparently needed a tutorial on using winamp, and any sudden changes would frighten her  :D  )
Yesterday it worked
Today it is not working
Windows is like that
 -- http://www.gnu.org/fun/jokes/error-haiku.html