Bugtraq sends a trojan to 27,000 mailing list subscribers.
February 1, 2001 4:04 PM   Subscribe

Bugtraq sends a trojan to 27,000 mailing list subscribers. And they did so after having the program carrying the trojan checked by Network Associates, who said (incorrectly) that it was clean. But the height of beauty of this incident is that the function of the trojan was to mount a distributed denial of service attack against the name servers of... (wait for it) Network Associates; which it did, shutting down access to their web servers for a while. Yes, the guy who did it is a criminal. But you've got to admit that he's got style.
posted by Steven Den Beste (24 comments total)
 
Oh, I see, 27,000 people getting a trojan is funny.

Grow up.
posted by fleener at 4:13 PM on February 1, 2001


Be a little more light-hearted, the irony of the trojan is kinda funny, and the people didn't really suffer from it - Network Associates did.
posted by swank6 at 4:25 PM on February 1, 2001


Oh, I'm sorry. Ha ha. Trojan distributed to lots of people. Ha ha ha! What a riot!
posted by fleener at 4:27 PM on February 1, 2001


fleener:

I thought a sign of maturity was the ability to have complex ethical ideas rather than a simple black & white worldview.

Or in other words REMOVE THE BUG FROM YOUR ARSE

It's nice to see an funny hack once in a while, makes a change from all the script kiddies.
posted by fullerine at 4:42 PM on February 1, 2001


Well said fullerine.
posted by metasak at 5:03 PM on February 1, 2001


Oh, I see, finding humor in the fact that 27,000 people got a trojan from a well-respected security-issues mailing list that affected the company that reviewed the executable and didn't ultimately cause any long-term damage isn't funny.

Lighten up.

posted by daveadams at 5:18 PM on February 1, 2001


<sarcasm> Oh no, It didn't disrupt service to Network Associates! Oh my god! You mean people couldn't access their website for a few hours. That must have caused millions of dollars of damage, maybe even billions. It could have ruined peoples lives. A whole few hours! </sarcasm>

Jeez dude, lighten up!
posted by bytecode at 5:25 PM on February 1, 2001


At least now we have something to point to when we say, "nothing in that Alanis Morissette song is actually ironic. Now, this is ironic."
posted by kindall at 6:44 PM on February 1, 2001


This kinda reminds me of the USA's relations with Iraq.
posted by captaincursor at 8:59 PM on February 1, 2001


How ironic is this .. unbelievable ... Network Associates never even check the code before sending it out .. tsk tsk ..
posted by loong at 4:51 AM on February 2, 2001


Nothing in this course of events is actually ironic.
posted by sudama at 5:05 AM on February 2, 2001


If they had missed the trojan and the trojan had attacked someone else, there would be no irony. The fact that they missed a trojan which attacked them makes it ironic. It becomes a demonstration of the ancient Greek concept of "Hubris leads to Nemesis" (i.e. "pride goeth before the fall"). I read somewhere else that the submission was in ASM source, not in binary, which makes the lapse even more unforgivable. And the fact that the program was submitted through an anonymous remailer should have set off alarm bells both at NA and at the people running BugTraq. On general principles they should invariably discard any anonymous contribution. If in doubt, don't post any executable.

But rather than NA responding "We can't check this because it will take too long" they responded "It's OK", which lead to it being posted and assembled and run by all those people, which lead to NA's own web site being unavailable for 90 minutes. An outage that brief did no lasting harm, but did embarass them mightily when the story behind it came out. It was only later that NA admitted that they hadn't really fully checked the program before approving it.

That does make it ironic.
posted by Steven Den Beste at 7:08 AM on February 2, 2001


Like 10,000 spoons when all you need is a knife ironic, but not Reality Bites ironic?
posted by sudama at 7:31 AM on February 2, 2001


Hmm.

Actually, NAI didn't review the code.

Code posted through an anonymous remailer to a security mailinglist is best taken with a grain of salt, like running it with strace.

The trojan is fairly subtle. Elegant, even. It's likely that a casual review wouldn't have turned it up anyway.

posted by jdc at 8:47 AM on February 2, 2001


AHD usage note on irony. The primary meaning of irony is not coincidence, but dissonance. "And how did you enjoy Florida, Mr. Gore?"
posted by dhartung at 10:25 AM on February 2, 2001


RE defining "irony"

The word is so overused these days that it doesn't really reflect its "true meaning" any longer. I predict that within a few years, New Heritage and everyone else will admit that to most English-speakers, "irony" means "unfortunate and surprising coincidence" as applied to any situation as well as its more subtle, current "meaning."

After all, what does a word really mean outside of how it's used?
posted by daveadams at 11:16 AM on February 2, 2001


In English, they keep telling us that irony (well, dramatic irony) is not really about coincidence but about expectation. It's when something happens that is the opposite of what was expected...

Making Alanis Morissette wrong (we actually happened to talk about that too earlier this week).
posted by swank6 at 3:45 PM on February 2, 2001


I always thought Alanis was wrong because irony is when the literal meaning is the exact opposite of the figurative meaning. In a lot of the lines of her song, the outcome is different from the expected result.

Now I'm really confused.
posted by sudama at 1:50 PM on February 3, 2001


We should have a MetaFilter FAQ:

1. What is irony?
2. What is schadenfreude?
3. Is there really an A-list?
4. What is/was Pyra's business model?
5. Matt, can I have a pony?
6. Is it OK to link to yourself inside a thread?
7. No, but seriously, is there really an A-list?

posted by rodii at 2:29 PM on February 3, 2001


The song was called ironic. In it there were no examples of irony. Therefore the song was ironic.

It's a paradox.
posted by holloway at 8:24 PM on February 5, 2001


this thread is making my brain hurt
posted by tj at 9:43 PM on February 5, 2001


off-topic:
rodii, I'm actually working on an unofficial Mefi FAQ, in really really bad XML format. It uh, isn't quite responding properly to requests, so I'm not going to link it here. I linked to it somewhere deep in a MetaTalk comment, perhaps a top-level MT thread about it would've been better.
posted by cCranium at 6:44 AM on February 6, 2001


I know, cC, I was kidding.
posted by rodii at 7:40 AM on February 6, 2001


I was given this as an example of irony a long time ago:

A man goes to his girlfriend's apartment to tell her that it's over. She cries and begs him not to dump her but he resists her pleas and leaves. She decides she doesn't want to live without this man. She goes to her window and jumps to what she thinks will be her death. She ends up landing on her now ex-boyfriend, killing him instantly. She lives.

Does that actually qualify as irony or not?
posted by crushed at 8:14 AM on February 6, 2001


« Older Warner Bros. Denies Manson Will Play Wonka   |   Press Secretary Gaffe Newer »


This thread has been archived and is closed to new comments