Nachi.B's (political) message
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Nachi.B's (political) message

  1. #1
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429

    Nachi.B's (political) message

    On Thursday, Nachi.B aka Welchia.B hit.
    Nachi.A was the worm that spread through the DCOM RPC, then tried to download and install the patch for it.

    Now, the B-variant tries doing the same. Also, it tries to remove MyDoom.A and MyDoom.B, and even tries to redo some of the damage they do (it overwrites the hosts file with a blank one, for example). On top of that, it tries installing the MS03-043 patch.

    Nice little virus, it seems. Untill it starts spreading and clogging up networks, of course (remember Nachi.A).

    There's another catch to the nasty/friendly little virus, though.


    http://www.eweek.com/article2/0,4149,1526328,00.asp


    At the same time, Nachi.B is making a political and educational point. If the machine has a Microsoft IIS (Internet Information Services) Web server and is configured for the Japanese code page, Nachi.B overwrites certain files with an HTML page containing the following text:

    LET HISTORY TELL FUTURE !

    1931.9.18
    1937.7.7
    1937.12.13 300,000 !

    1941.12.7
    1945.8.6 Little boy
    1945.8.9 Fatso

    1945.8.15
    Let history tell future !

    So what's all this about? The numbers aren't URLs. Rather, they are dates that relate to World War II. Security vendor iDEFENSE Inc. deciphered the page.

    Here's the key:

    September 18, 1931. Japan invaded Manchuria, renames it Manchukuo.
    July 7, 1937. The Japanese army attacked China in the "Marco Polo Bridge Incident."
    December 13, 1937. The Battle of Nanjing ended as the Japanese took the city and commenced three months of atrocities.
    December 7, 1941. The attack on Pearl Harbor.
    August 6, 1945. The United States dropped the "Little boy" atomic bomb on Hiroshima.
    August 9, 1945. The "Fat man" bomb struck Nagasaki.
    August 15, 1945. Victory in Japan (VJ Day) riot in San Francisco while the city was celebrating.
    August 15, 1945. South Korea liberated from Japanese rule.
    Is this the new weapon of hacktivists? Spreading political messages through "friendly" virii?

  2. #2
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    332
    If I may say that is a pretty lame attempt at getting support. I've seen many messages delivered through viruses and worms. I've even heard of defacing a website because someone needed to deliver a political message, or perhaps disagreed with someone.

    This is a bit extreme however. I've heard of straddling the fence but this is preposterous.
    I'm gonna punch you in the face, but it's okay cause I'll go and get the ice for you.

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    hacktivists.. friendly ? I dunno about friendly.. they seem to be holding grudges.

    pretty interesting 'tho..

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    407
    Friendly virii is an interesting point. Theres nothing in the definition of virii that says it has to be malicious.

    virus n.

    [from the obvious analogy with biological viruses, via SF] A cracker program that searches out other programs and `infects' them by embedding a copy of itself in them, so that they become Trojan horses. When these programs are executed, the embedded virus is executed too, thus propagating the `infection'. This normally happens invisibly to the user. Unlike a worm, a virus cannot infect other computers without assistance. It is propagated by vectors such as humans trading programs with their friends (see SEX). The virus may do nothing but propagate itself and then allow the program to run normally. Usually, however, after propagating silently for a while, it starts doing things like writing cute messages on the terminal or playing strange tricks with the display (some viruses include nice display hacks). Many nasty viruses, written by particularly perversely minded crackers, do irreversible damage, like nuking all the user's files.

    In the 1990s, viruses have become a serious problem, especially among IBM PC and Macintosh users; the lack of security on these machines enables viruses to spread easily, even infecting the operating system (Unix machines, by contrast, are immune to such attacks). The production of special anti-virus software has become an industry, and a number of exaggerated media reports have caused outbreaks of near hysteria among users; many lusers tend to blame everything that doesn't work as they had expected on virus attacks. Accordingly, this sense of `virus' has passed not only into techspeak but into also popular usage (where it is often incorrectly used to denote a worm or even a Trojan horse). See phage; compare back door; see also Unix conspiracy.
    Taken right from the AO jargon file. This is kinda one of those cases like the people who hack child porn sites. While their mind is in the right place, they are still breaking the law. However, i think many users are not educated enough to see a difference between 'friendly' viruses and not so friendly ones. To most of the people i know, a virus is a virus, and all viruses do bad things. Question is, are they positive this virus is friendly? I dunno, im kinda getting a vibe here that it might have a little delayed release stuff going on.


    slick
    \"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller

  5. #5
    Banned
    Join Date
    Feb 2004
    Posts
    94
    Thanks for the definition slick. Basically it is a useless piece of **** written by people of the same likening. As usual patch viruses cause huge amounts of traffic and practially DoS the people it is trying to "help." I have a feeling if you look at the code it is bad as well. Leave the patching up to people the people who own the stuff and take your message elsewhere.

    -Cheers-

  6. #6
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    332
    slick8790-

    You bring up a good point. While I never launched any attacks on child porn sites. I did manages to give some racist sites some good old fashioned hell. I will say that I now know I was wrong. There are other ways to voice my opinions, one of them is here.

    I guess most people whom go through this stage eventually grow up. The problem is there will always be a younger generation to take their place, so this vicious circle will always exist.


    l0 t3kz Inside

  7. #7
    Banned
    Join Date
    Feb 2004
    Posts
    94
    I guess most people whom go through this stage eventually grow up. The problem is there will always be a younger generation to take their place, so this vicious circle will always exist.
    I guess we'll have the mob "deal" with them. Lol..

    -Cheers-

  8. #8
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hmmm

    Looks like the Japanese anti-war lobby to me?

    They have just sent /are sending troops to Iraq?

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Not sure you can call a virus "friendly" when It carries out a DoS on your network. Remember MSBlast was 7kb(?) and the patch to fix it is 1.4Mb...... So you use 200,000 times the bandwidth per infected machine in an uncontrolled fashion...... yep, that's friendly....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Nihil,

    I was puzzled about this, too.. the 'message' isn't overtly anti-anything, but does trace some of the low points of Japan's work in the last world war. The 'let history tell the future' is a strange one, but I can propose two things:
    a) you're right, it's people in Japan (or some nation wronged by them) spouting off about Japan's first military deployment since that war.
    or..
    b) someone is going after the fact that Japan still doesn't recognize anything they did in that war as bad. Not in their history books.

    Either way, I wish one of these hacktivists would just spell it out alreay. Stop with the cryptic messages.

    l00p

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides