History repeating itself, yet again ...

[Wazoo]

While still going nuts on trying to sort out how to recover from a fried CPU, the rebuilding efforts have included a lot of research on trying to figure out how to get a Win-XP system with IE7 coming anywhere close to where I had a Win-98SE system at ... which means wandering all over the world again ... This has led to a lot of re-discovered things, a lot of stuff that is just hard to believe, but ...

anyway, I hit a site that one would think would be on top of things ... surprised by the delay in the reporting/commentary on a particular subject .... for starters, I do have a Sophos feed set up on the Wiki, so had anyone been checking that (assuming that they don't have their own subscription in place) would have seen the announcement when it was made. However, this site took about a week to catch the news ...

At any rate, for those that have yet to see or hear of it ... the age old 'sneaker-net' as we used to call it, the transferring of data via a box or a pocketful of disks has come around again .. just that the specifics have changed a bit, now through the use of the USB memory sticks/hard drives ....

Wiki page - http://forum.spamcop.net/scwik/SophosSecurityNews

Geek.com page - http://www.geek.com/news/geeknews/2007May/...70510005098.htm

Sophos page - http://www.sophos.com/pressoffice/news/art...l?_log_from=rss

Issue: Danger USB! Worm targets removable memory sticks

Sophos, a world leader in IT security and control, has warned companies of a family of worms that spreads by copying itself onto removable drives such as USB memory sticks, and then automatically runs when the device is next connected to a computer.

The W32/SillyFD-AA worm hunts for removable drives such as floppy disks and USB memory sticks, and then creates a hidden file called autorun.inf to ensure a copy of the worm is run the next time it is connected to a Windows PC.

It also changes the title of Internet Explorer windows to append the phrase "Hacked by 1BYTE".

......

"With USB keys becoming so cheap they are increasingly being given away at tradeshows and in direct mailshots. Marketing people are prepared to use them as 'throwaways' with the aim of securing sales leads," said Graham Cluley, senior technology consultant for Sophos. "Computer owners should tread very carefully when plugging an unknown device into their PC, however, as it could have malicious code planted on it. With a significant rise in financially motivated malware it could be an obvious backdoor into a company for criminals bent on targeting a specific business with their malicious code."

......

"In this example, changing the title of the Internet Explorer browser's windows should be a pretty clear sign to most people that something strange is afoot," continued Cluley. "It also indicates that this particular variant of the worm has not been written with completely clandestine intentions. A more savvy internet criminal would have not made it so obvious that the PC has been broken into, but silently steal from the PC without leaving such an obvious clue."

Sophos experts advise that users disable the autorun facility of Windows so removable devices such as USB keys and CD ROMs do not automatically launch when they are attached to a PC. Any storage device which is attached to a computer should be checked for virus and other malware before use. Floppy disks, CD ROMs, USB keys, external hard drives and other devices are all capable of carrying malicious code which could infect the computers of innocent users.

.....

[rconner]

Was it Yogi Berra who said "It's deja vu all over again?"

Back in the latter 1980s, computer viruses had one thing in common with Microsoft Word: You only found them running on Macintosh computers.

Disk-borne viruses were (nearly) unheard of on PCs (or 'IBM clones' as we called them) back then. For one thing, there wasn't much in the way of internet back then (nor e-mail nor trojans, etc.), so transmission by evil disks was pretty much the only way you could get infected. For another, PC floppy drives were not designed to throw an interrupt when a new disk was inserted, so there was nothing to trigger anything like an "autorun" payload.

Macintosh floppy drives, on the other hand, did throw disk-insert interrupts which allowed the disks to be "mounted" and displayed on the desktop as soon as they were inserted (well, OK, sometimes many seconds after they were inserted). Enterprising crackers of the day, armed with scarce and expensive Mac OS development tools, were able to hang code on these disk drive events, code that replicated itself from one floppy to another in addition to playing (largely) harmless pranks, much like the gimmick that Yahoo describes.

As for MS Word, this one prong of Mr. Gates' two-pronged approach to the Mac application software market; the other was a spreadsheet called "Multiplan," a jazzed-up relative of VisiCalc, but it failed to catch on and was replaced with an updated product called "Excel." Both of these were released first for Macs, and only later showed up on Mr. Gates' own operating system (after he developed something called "Windows 3.0").

Here endeth the lesson. Gotta trim my gray beard.

-- rick

[Farelf]

... Macintosh floppy drives, on the other hand, did throw disk-insert interrupts which allowed the disks to be "mounted" and displayed on the desktop as soon as they were inserted (well, OK, sometimes many seconds after they were inserted). Enterprising crackers of the day, armed with scarce and expensive Mac OS development tools, were able to hang code on these disk drive events, code that replicated itself from one floppy to another in addition to playing (largely) harmless pranks, much like the gimmick that Yahoo describes....

One thing that won't be coming back soon is the rarity of PCs in those days (well, we had mainframes, didn't we). Scene - queue of people waiting to use "the" (singular) office Apple, each with a disk (or disc, herabouts and then) clutched to bosom. Each using the thing, removing their disk, dispersing. Inevitable demand from the PC - "insert disk ####" - once some magical memory allocation point was reached. Someone hadn't demounted or whatever the rigmarole was required to (properly) remove a disk. Someone who has the only way to unlock that "rare resource" of a PC. Someone who, in strict accord with the laws of Murphy, was by then at 37,000 feet and half a continent away.

Change itself is the only thing that stays the same. History doesn't really repeat itself - but sometimes you might catch it rhyming.