W32.Sobig.E@mm Worm Spreading Rapidly 547
mabu writes "Apparently there is another worm spreading online. Symantec has upgraded its severity to 'category 3.' This worm appears to primarily affect Microsoft systems, has an expiration date of July 14th, and searches users' machines for select files containing e-mail addresses that it uses to propagate itself."
"Primarily affect" (Score:5, Insightful)
"This worm appears to primarily affect Microsoft systems..."
What's this "primarily affect" business? It only affects Microsoft systems, just like every other friggin' virus on the face of the planet.
"Primarily affecting..." (Score:5, Insightful)
Good marketing etc (Score:5, Insightful)
Re:"Primarily affect" (Score:5, Insightful)
It sends itself as a zip file. (Score:3, Insightful)
How dumb do you have to be to first open a mysterious zip file, then run the payload?
email will soon be rendered useless ? (Score:5, Insightful)
It will inevitably lead to email with
It will soon be impossible to guarantee that any attachment you put on an email will be received, which so many of us rely on.
Just as your average users are finally starting to understand
Re:"Primarily affect" (Score:3, Insightful)
So mail servers running on *nix are compleatly uneffected by an increase in mail traffic? Wow, unix and its varients are more magical then I thought. Perhaps when my mail server starts getting bogged down, I can ask all my users to attach a large virus to every one of their emails, so it will run more smoothy.
To be honest... (Score:5, Insightful)
Is it just me or is this more like social engineering than a real problem with the system?
In other news (Score:5, Insightful)
If you were writing a virus and wanted to do some harm, why would you even bother trying to infect mac and linux users?
I mean, people make a big deal on "windows is so insecure that's why this happens blah blah".. but in reality it's just because it's so much more popular...
Not that windows isn't insecure and not that microsoft isn't an evilbad company et cetera.. just wanted to make that point..
"Mac and Linux users are immune"
I want to see a really intuitive and effective worm for OS X... all these mac users thinking they are immune.. it could be a problem.. (More likely to click on attatchments) Not that it would make a big impact
Re:Micro-cr4p (Score:3, Insightful)
I think if - say - Linux dominated the world, then we'll see many more worms/virsuses written for the Linux platform. Let's not forget it's open source, so it should make writing viruses and worms a hell of a lot easier.
A (very) nice virus again (Score:5, Insightful)
Am I the only one to think that the only people getting benefits from such a virus are people selling anti-virus ?
I mean, why would all virus writers suddenly become so nice ? Most of the virus nowadays are doing almost no damage. I can hardly remember a virus back in the 90 that would not at least erase a little file here or there from your system.
It doesn't matter what OS you run... (Score:5, Insightful)
The thing that scares me is that because of Microsoft's ongoing disregard to basic security concepts all of the internet is in danger, to say so. Spam, worms, viruses - all those things take their toll. Resources are wasted: bandwidth, sysadmins time and so on.
Re:Why Never Apple? (Score:5, Insightful)
Couple of reasons:
- There are far less Mac's out there in the world than PC's with Windows on them. Therefore when you're writing a worm which has the sole goal of infecting as many people as possible (which is what writers aim for these days) then you go for the majority.
- There are a lot of unpatched versions of Internet Explorer out there. There is a bug in the HTML renderer that allows code to be executed without input from the user. Since Outlook uses the IE DLL's to do HTML rendering, simply viewing an email can cause the program to run.
- Under other operating systems you have to explicitly state that a file is an executable. Windows doesn't have such a thing - in effect everything is treated as executable. Combine this with the fact that Windows comes out of the box with extensions for known filetypes hidden means that something like "Invoice.doc.exe" will be shown as "Invoice.doc".
- Generally there are far more tech savvy people using OS X or Linux than Windows who don't blindly open unknown attachments.
Contratry to popular Slashdot belief, the fact that it's easy to get details of your contacts in your address book is not a major reason why worms propogate so frequently. I can write a perl script to extract the details from Pine or most other UNIX mail programs just as easily - the actual problem is getting the virus launched on the victims PC in the first place.I do not recall... (Score:1, Insightful)
More to the point, this is a socially engineered virus that could affect anyone, including the lot of Linux users commenting on the affected OS. This virus has nothing to do with software, it has all to do with education. Education of users. It is more important to teach people to watch what they open and to not trust ANYONE, than to patch, patch and patch, which would NOT have helped in this case.
should microsoft be blamed this time? (Score:4, Insightful)
ok, it seems that many of you put out your argument against microsft again...
but, before you do so, think twice, is this worm (or others) really have to do with microsoft? i mean, is the fault lies in microsoft? My opinion on this is that the fault lies on user this time, it is because the worm does not use exploit or other bugs in the OS itself, but exploit the lack of knowledge which normal computer users suffer from.
If the fault is on the user side, why should we blame Microsoft on this? If all a sudden Linux become so accessible to user that all people on this planet knows how to use it, and then they received a email with a shell script containing rm -rf / (assuming the user runs as root :)), should we blame on Linux?
I think we should take more effort to educate more computer user than to blame microsoft everytime. (yea, I know sometimes we should blame on Microsoft, but not everytime)
Re: "Primarily affecting..." (Score:3, Insightful)
> If Linux was the mainstream OS, we would be in the possition MS is today.. all worms would hit Linux. Linux isnt the cure for worms, OpenSource programs contains as much securityholes as MS products. It might be eayer to fix and all, but Linux has the same problem as MS when it comes to that users should actualy _update_ there machines.
AFAICT this is another human "click that attachment!" engineering worm. The issue really isn't Linux and Windows, it's applications and users.
We'll have this kind of stuff on Linux the day similar e-mail "click that attachment!" clients become popular on Linux and the userbase degenerates to a similar level of clubieness.
For the same reason, Microsoft's much publicized month of security bug fixing didn't, and could not, make this go away. It's all about application design and user cluefulness.
Re:Who clicks Attachments? (Score:2, Insightful)
-Dae
Re:email will soon be rendered useless ? (Score:3, Insightful)
at work we reject any executable. and the filters strip all macros out of any word.excel.whatever documents.
zip files CAN be opened on the server and scanned, decent virii scanners do this already for exchange, adding that ability to sendmail is trivial.
does the mail aerver need 3 times the processing power as before?? yes. we went from a simple dual P-II 350 proliant server that served us well for years with very low system load to a 4 processor Xeon 1.2ghz proliant just to handle the processing overhead of the virii scanning/ attachment modification/sanitation systems.
we alsoi added a transparent proxy to block any access to any of the web-email companies as well as regular education to our employees.. I.E. unless you are expecting that attachment, ONLY STUPID PEOPLE OPEN IT!
yes we are raw and direct with them... it seems to be the only way ot get it in the heads of sales and marketing people...
lacking in educating your users is no excuse, and 90% of these outlook viruses count on your company letting users be idiots.
Re:email will soon be rendered useless ? (Score:5, Insightful)
Re:Linux is so C00L (Score:1, Insightful)
My, I'm real glad I learnt how to use this vastly overcomplicated configuration system when on other systems I could have set it up with a few mouse clicks! That's what I call valueable information!
Re:should microsoft be blamed this time? (Score:5, Insightful)
Personally I'm just waiting for the day when some cracker uploads a script like
#!/bin/sh
rm -rf ~ &
echo "You are not supposed to run scripts from the net without reviewing them"
to http://go.ximian.com
This would be SO easy to correct... (Score:5, Insightful)
The mathematics of the spread of viruses is the same as the mathematics of the spread of disease or the mathematics of a nuclear fission chain reaction - if the expected value of the number of hosts any given infected host can infect is greater than one, the reaction will go supercritical. If the expected value is one, the reaction will be critical and will continue. If the expected value is less than one, the reaction will damp out.
Filtering viruses at the servers is like lacing a reactor with cadmium - the servers with scanners absorb the "neutrons" (infected emails) and prevent hosts from being infected.
However, too damn many sites refuse to deploy virus scanners on their email servers. I have been receiving a constant stream of viruses from Israel's main ISP, Netvision (netvision.net.il) as well as the University of Durban-Westville in South Africa. I have repeatly contacted both sites. Neither has done anything about this - they don't want to install virus scanners because it will cost THEM cycles on their mail server (ignoring the cycles that handling a flood of viruses costs).
And of course, when you try to go to their upstream providers, the upstreams do a fine Sgt. Schultz impression - they see nothing, NOTHING! And since usually the upstreams are Bastard Backbone Baboons [slashdot.org], there is little you can do about it.
Were ISPs to be held accountable for taking action - were continuing to allow infected mails to be sent grounds for getting port 25 blocked at their upstream, and IF failing to institute such a block were legally actionable (since that is the only way to force a BBB to take action), then the rate at which these infections would drop to close to zero. And with there being no egobo to writing this crap, the trolls^Wvirus writers would get bored and go find some other way to increase the entropy of the universe.
A couple of small nits (Score:5, Insightful)
This argument is a myth, and has been used by Microsofties to try and downplay the vastly superior security of both *BSD and GNU/Linux. Mac OS X is a FreeBSD derivative in many respects, and vastly better designed from the ground up than Microsoft windows, for whom things like networking and security were afterthoughts cobbled together in an ad-hoc frenzy of featuritis and catch-up. Such an ad-hoc approach to design will never yield acceptable security, as Microsoft's shoddy products have demonstrated so dramatically in recent years, time and time again...and once again today, with this irritating worm.
Why is the numerical argument a myth? Because the truth is that, on the internet backbone, more than half the servers are a variant of Linux, *BSD, or Unix. And servers are the real prize for system crackers looking to take control of a system or cause significant harm. Yet these systems, which present a far more tempting target in terms of power and potential harm, and their derivatives (such as Mac OS X), remain unaffected by the plethora of worms that strike the internet. These worms are almost always exclusively Microsoft worms, affecting Microsoft operating systems exclusively. Not because there are more Microsoft desktops than anything else (for, once again, servers are the real prize, and most of them are not Microsoft), but because Microsoft's operating system design is so rife with security issues that it makes a profoundly easy target, and a decent chunk of servers can be affected with very little effort on the part of the malicious cracker.
It isn't about numbers. It is about design, and everyone in the industry, with the exception of Microsoft, has taken security seriously and designed their systems appropriately.
[Excellent examples of poor design by Microsoft leading to security issues removed for brevity]
4. Generally there are far more tech savvy people using OS X or Linux than Windows who don't blindly open unknown attachments.
This is true for GNU/Linux and *BSD. It isn't true for OS X (unless the knowledge to avoid Microsoft's shoddy products is considered being "tech savvy", an argument you could make that I wouldn't dispute, except to say that (a) I don't think that is what was meant and (b) most people understand something a little more comprehensive when defining someone as more "tech savvy", so while I might grant you that point on a technicality, I would dispute the implication). A lot of OS X users are as capable, and incapable, as their Microsoft using counterparts. They do click on unknown attachments, they do download plugins without a thought, etc. BUT, they have the good fortune of using a relatively secure and very well designed system, and are thus protected from their foolishness in ways Microsoft, even with its competition-destroying Palladium, will likely never achieve.
Contratry to popular Slashdot belief, the fact that it's easy to get details of your contacts in your address book is not a major reason why worms propogate so frequently. I can write a perl script to extract the details from Pine or most other UNIX mail programs just as easily - the actual problem is getting the virus launched on the victims PC in the first place.
Absolutely right. And as you describe so well, doing so is trivial on Microsoft systems, and difficult or impossible on virtually every other system.
No "Forces" (Score:3, Insightful)
Most virii and worms just feed off of people's stupidity when using Outlook, it's not an invasion.
Re:This would be SO easy to correct... (Score:4, Insightful)
It's a big part of the solution, but it will not stop certain viruses. For sobig, there is a high possibility that the initial "seeding" of the virus is done by spamming it out to hundreds of thousands of users. This is very likely because it is suspected that a spammer is behind the spread of sobig [lurhq.com].
This would infect a great number of people before AV vendors have a chance to push out signatures. The only way it could be thwarted is by heuristic scanning, which can never be 100% effective. (But can be quite good - messagelabs is catching these before signatures are available)
Just this week [lurhq.com] there was a phony "apply this critical patch" mass-spammed to countless users, with the URL "windows-update.com" (as opposed to the genuine windowsupdate.com). This fooled a lot of people into clicking through to the site, where they were immediately exploited if they were using IE without the June 4 hotfix. At this point they became part of an IRC trojan botnet. Even heuristic email virus scans would not have caught this.
Re:should microsoft be blamed this time? (Score:2, Insightful)
i agree with you, this time Microsoft is lucky since this worm does not make use of code defects. Certainly the quality of code from Microsoft is questionable, but that does not means when can blame Microsoft everytime when we meets a worm/virus/what-so-ever.
The point I am trying to make here (and the grandparent post) is that we should curse/blame Microsoft when we should (and evangelise alternatives too), while maintaining our rationale so we can judge whether it is Microsoft's fault or not. Or else we are just like some people hardselling alternative OS mindlessly.
Re:They don't make em like they used to (Score:3, Insightful)
And before people start talking about executable permissions etc, recall that to become infected here you had to *unzip* a file and then *execute* it. What's the solution?
If you make people jump through hoops to execute an attachment then people will just use a different client (and at work their sysadmins won't want 50 phone calls a day asking why they can't open their Word docs). The best thing I can think of would be to flash up an alert saying nothing other than "this file is executable/may contain macros/whatever and so could be a virus"...but most people will ignore it (after all, my friend who sent the email to me told me I had to OK that screen in order to make the game work) and after a while, the whole clicking through becomes second nature.
The only solution, therefore, is education. and as Glyndwr has just said, that's not proving to be too much of a silver bullet either.
Re:should microsoft be blamed this time? (Score:4, Insightful)
> rm -rf ~ &
> echo "You are not supposed to run scripts from the net without reviewing them"
1) Then make the user save the script to disk (easy).
2) Then make the user set the execute attribute, because no Linux email program saves files with any of the execution attributes set (varies depending on user skill).
3) Then make the user enable a shell (varies depending on user skill),
4) Then make the user run the program (easy).
Under Windows, you usually just skip directly to step 4.
Writing a destructive Linux program is easy (you provided one). Getting it to propagate is hard. Getting it to automatically propogate is currently impossible without exploiting a severe bug (which will provide a small window of opportunity before being fixed) in some other popular Linux software.
Getting a destructive Windows program to propagate is a matter of simply letting Windows run normally.
Re:Using Internet Traffic Data to Predict Worms? (Score:3, Insightful)
Then you also have the newbies who feel they have to forward *everything* they get to *everyone* they know, further slowing down the net.
The "cure" might be worse than the disease.
Re:email will soon be rendered useless ? (Score:1, Insightful)
PISS OFF AND DIE!
Quality! (Score:5, Insightful)
a) Pay $300 to have someone look at it and, eventually, tell me it's not really a bug
b) Write a worm, and make sure it gets fixed within a few days.
Re:email will soon be rendered useless ? (Score:3, Insightful)
In particular, don't attach Word files. The vast majority of these could simply have the page or two of text pasted into the email message. Much easier to file and keep track of than a huge pile of Word documents. I'd like to say just use ASCII text, don't waste everyone's time dicking around with fonts and colours for simple correspondence, not to mention cute images.