Latest WinWorm Spreads Via ICQ And Outlook 598
mgooderum was among the many to write in about yet another snippet of malice making the Windows desktop rounds: "The latest email virus -- 'Goner' -- is apparently running around this morning (AP news story on Iwon here - no login needed). The virus is a typical worm that spreads via attachments and user's address books. It appears as a message with an attachment that starts: 'How are you ? When I saw this screen saver I immediately thought about you...' Goner is apparently non-destructive other than the normal DoS issues with the load from it forwarding itself everywhere. What's moderately unique are two features. One is its ability to replicate via ICQ as well as the usual Outlook and Outlook Express. Two is its small size -- it has a packed form that is only 159 bytes. Symantec has details here; McAfee has details here." Update: 12/04 21:57 GMT by T : That should read 159 kilobytes. And as many posters have pointed out, "destructive" is in the eye of the beholder.
Just got goner here (Score:3, Interesting)
nope, sorry. (Score:5, Interesting)
Actually the attachment is 38KB, and the virus itself is 159 KILObytes, not 159 bytes, UNPACKED.
The unique thing about it is it disables some anti-virus software, and things like ZoneAlarm.
As soon as virus writers learn how to spell correctly and learn proper grammar, I think we're going to be in some serious trouble.
Social Engineering (Score:4, Interesting)
What about Badtrans? (Score:2, Interesting)
Badtrans is hitting my mailbox multiple times harder than Sircam, MTX and CodeRainbow combined. And it's only around since 24th November. Quite "every" Outlook user I know of got infected with it.
But then maybe this virus is hitting only Europe, so US-citizens haven't noticed it, yet.
Needless to say, I'm happy to read my e-mail on a *nix box. :-)
ms
We got it via ICQ. (Score:1, Interesting)
Aint life GRAND!
Re:*LOL*.. virus.. outlook.. *yawn* (Score:4, Interesting)
pretty crafty (Score:2, Interesting)
As one user put it here, these guys are pretty dumb, they need to learn to be more creative. When they come out with one that says free beer click here then I'll be scared.
In defense of Microsoft...... (Score:3, Interesting)
#!/bin/sh
rm -rf
and say "Hey, run this!". Thing is, most Linux users are geekier than the average windows user, and will think twice before doing so! See, the problem here is not Outlook itself, but the incompetence of the people using it. Yay MS for disabling exes by default... just reminds me of all those Flash animations that make the e-mail rounds that could be virus laden.....
Re:who uses scripting in outlook? (Score:3, Interesting)
Those ARE all Microsoft competitors, are they not?
Microsoft DOES have an inferior product bundled with XP that they wish to prevail against this technically superior (and two-way: no spyware-friendliness like with MS's version) competition, do they not?
Let me say that I don't know whether Microsoft has spread this worm themselves to take out their competitors, because I don't know where it came from in the first place and I won't have to deal with it except shoveling it out of my Mac/Eudora Light inbox. But you have to ask, 'who benefits?'. And you can't seriously expect Microsoft to get rid of their scripting, when they can use it in so many ways to damage their competitors- and their competitors are not only 'any other software company' but the fundamental technologies of the Internet itself, which they don't own. They _want_ this to happen.
Re:Not an outlook worm, an outlook express worm (Score:2, Interesting)
Nope. With Outlook 2002 (XP), Outlook 2000 with SP2, or Outlook 98 or 2000 with the Email Security Update, you can't even save the attachment elsewhere, or open it or forward it to someone else. See http://www.slipstick.com/outlook/esecup.htm#attsec [slipstick.com] .
NTFS (programmers perspective) (Score:5, Interesting)
MoveFileEx("C:\\WINNT\\System32\\Gone.scr", NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
The combination of MOVEFILE_DELAY_UNTIL_REBOOT and a NULL lpNewFileName creates a special condition where Windows deletes the file at startup. This is commonly used by installers, for example, when a file is in use and DeleteFile fails. For anyone going through the trouble of putting this into an executable, you might want to grab the Windows system directory from Windows itself.. this can be done using GetSystemDirectory (prototyped as--
UINT GetSystemDirectory(
LPTSTR lpBuffer,
UINT uSize
);
) or you could be clever and use ExpandEnvironmentStrings, prototyped as--
DWORD ExpandEnvironmentStrings(
LPCTSTR lpSrc,
LPTSTR lpDst,
DWORD nSize
);
Shrug. =) Just thought this might help, for those unable to figure out how to delete a file in NTFS (but that do have a C/C++ or other compatible compiler).
Re:Won't work (Score:2, Interesting)
Disclaimer of liability for loss of profit (Score:3, Interesting)
Have somebody heard of anyone that have tried to sue Microsoft for loss of profit (or whatever) due to faulty products? Do Microsoft have some kind of protection from this?
The EULA distributed with Office 2000 specifically disclaims liability for "loss of profit":
Under the USA's Uniform Commercial Code, there is by default an implied warranty that any product sold is "merchantable", meaning fit for the customary use that the product is put to. Unless the terms of sale change that implied warranty, a buyer could sue over dysfunctional software.
Software licenses generally disclaim those implied warranties, an innovation that began with VisiCalc's "as is" license. If you read the fine print of Microsoft EULAs, you will find a capitalized sentence like "TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND ITS SUPPLIERS DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, WITH REGARD TO THE SOFTWARE PRODUCT, AND THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT SERVICES."
Whether the EULA has any legal weight is questionable. Software licenses are rarely presented at the time of sale. Installation programs try to impose them after the fact by demanding your agreement before installing the program on your computer.
Like many click-wrap agreements, Microsoft's EULAs are very one-sided, offering you nothing in return for restricting you from installing the software more than one computer, from making more than one backup copy, from lending the software to anyone else, from reverse-engineering the software, and sometimes even from reselling the software or from criticizing the product. Such "agreements" may not constitute valid contracts, and even if they were, may be invalid as "contracts of adhesion".
So, Microsoft and other software corporations lobby for UCITA [4cite.org] (Uniform Computer Information Transactions Act) laws giving software the special ability to impose terms and restrictions after purchase. UCITA has already passed in Maryland and Virginia and has been introduced in the legislatures of many other states.
Re:In defense of Microsoft...... (Score:2, Interesting)
In the shell, for me this is:
cacls "Documents and Settings"
Geez that was tough. I don't think you'll find anyone defending Win9x, but you don't often see people attacking it anymore (unless they are desperate to make a point). Don't take offense to that, but NTFS does work if you ask it to.
Anyway, there is no such thing as a short, simple explanation of security best practices, framework, etc. It is a mindset. Secure it until it doesn't work, open it until it does, standardize on it, and be fluid enough to rip it all out and start over if necessary. OS specifics are detailed out in the man pages/.hlp/.chm/whatever.
Re:In defense of Microsoft...... (Score:2, Interesting)