FBI is Watching: Magic-Lantern Virus

**Chris Schreiber** · Fri 14 Dec '01, 6:23am

I think this is absolutely horrible... it's ashame that the terrorist attacks have taken away some of our civil liberties.

I was happy about this:

Major anti-virus vendors this week said they would not voluntarily cooperate with the FBI and said their products would continue to be updated to detect and prevent viruses, regardless of their origin, unless there was a legal order otherwise.

**George L** · Fri 14 Dec '01, 6:28am

Re: FBI is Watching: Magic-Lantern Virus

Originally posted by Asendin
The FBI has admitted that rumors about a government-sponsored virus, which infects computers and records all keystrokes made, are true.

"Magic Lantern reportedly would allow the agency to plant a Trojan horse keystroke logger on a target's PC by sending a computer virus over the Internet, rather than require physical access to the computer as is now the case."

http://dailynews.yahoo.com/htx/nm/20...tern_dc_1.html

oh my god!

**orca** · Fri 14 Dec '01, 7:13am

Well, what was this: Big Brother is watching you. I'mhappy that the Anti-Virus Vendors don't cooperate. Ihope the firewall vendors will do the same... It's ridiculous anyway. It won't help against terrorism.

**Skeptical** · Fri 14 Dec '01, 8:36am

No kidding. Next thing you know the script kiddies will have their hands on it abusing it to their heart's content.

**Stallion** · Fri 14 Dec '01, 10:12am

You'll still have to open an email attachment to be infected.

Personally, I don't use anti-virus software and I've NEVER had a single virus problem in over six years -- so this doesn't worry me. Just don't double click executables sent from a .gov email address... ;-)

**Chris Schreiber** · Fri 14 Dec '01, 10:24am

Originally posted by Stallion
You'll still have to open an email attachment to be infected.

But how do you know email will be their distribution method? What's to keep them from making a deal to go softer on Microsoft with the monopoly case in return for adding this virus into the next version of Windows?

**Jordan** · Fri 14 Dec '01, 10:24am

Wonderful.

-Jordan

**IanMFT** · Fri 14 Dec '01, 7:27pm

Originally posted by Chris Schreiber

But how do you know email will be their distribution method? What's to keep them from making a deal to go softer on Microsoft with the monopoly case in return for adding this virus into the next version of Windows?

then linux will become less of a hobby and my new OS of choice.

**Goldfinger** · Fri 14 Dec '01, 7:32pm

Originally posted by Chris Schreiber

But how do you know email will be their distribution method? What's to keep them from making a deal to go softer on Microsoft with the monopoly case in return for adding this virus into the next version of Windows?

if that happens look for Linux, FreeBSD, OpenBSD, Unix, Mac OS X, to all become very popular

.

**Stallion** · Fri 14 Dec '01, 8:09pm

I believe I read that somewhere...Slashdot I believe...but you're right, they could work with Microsoft to implement it at the OS level. Of course, that's why we have open source software... ;-)

Then again, I think the government has better things to do than snooping on my work -- and if not, its not like I'm doing anything worth hiding.

**George L** · Fri 14 Dec '01, 8:13pm

one of my members said we could use PGP ?

**TommyBALL** · Fri 14 Dec '01, 8:43pm

If you guys really want a scare, read this!

The first, and by far the worst, vulnerability involves a flaw in the way IE 6 handles Content-Disposition and Content-Type header fields in an HTML.stream, which determine how a downloaded file is handled. The flaw means if an attacker altered the HTML header information in a certain way, it could be possible to make IE believe that an executable file was a different type of file, such as a text file that could be opened with minimal risk.

The vulnerability, which affects IE 6.0 only and not IE 5.5, means a cracker could create a Web page or HTML mail that, when opened, "would automatically run an executable on the user's system". It was discovered Jouko Pynnonen of Oy Online Solutions.

And there is more...

14/12/2001 - MS releases mother of all IE security patches

MS releases mother of all IE security patches

http://www.theregister.co.uk/content/55/23410.html

Apply 'immediately'

**Stallion** · Fri 14 Dec '01, 8:49pm

That problem's not as bad as its made out to be. You'd have to select "Open from remote location" on a mysterious file dialog which comes up. Granted, it won't say "trojan.exe", but you'd have to wonder why IE is asking you to execute a "README.TXT".

**TommyBALL** · Fri 14 Dec '01, 8:51pm

Originally posted by Stallion
That problem's not as bad as its made out to be. You'd have to select "Open from remote location" on a mysterious file dialog which comes up. Granted, it won't say "trojan.exe", but you'd have to wonder why IE is asking you to execute a "README.TXT".

Wrong. This thing will execute automatically with NO dialog box

.. You are refering to this bug:

Lastly there's a flaw related to the display of the names of downloaded files. It's been discovered that it might be possible for a cracker to misrepresent the name of the file in a dialogue box, which could be used to fool users into accepting unsafe file types. Again the bug affects both IE 5.5 and 6.0.

...which is not the same bug, and somewhat less of a problem for technical geeks like you and me. 99% of the other users out there on the other hand...

FBI is Watching: Magic-Lantern Virus

FBI is Watching: Magic-Lantern Virus

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment