Microsoft "Swen" Worm Squiggles Into Sight 789
greenhide writes "As forecast in this story, a new Microsoft worm has indeed wriggled to the surface. The W32.Swen's claim to fame is its professional looking email advertisement that pretends to be a fake Microsoft patch. Earlier viruses have made the claim, but none of them looked this good. It appears to have infected over 1.5 million machines. "
Fascinating isn't it? (Score:5, Insightful)
Why isn't Linux and Macintosh turning this into a big propaganda opportunity? Both OS's can hold up the 'come to us, we've had our shots, we'll never get worms' flags and pray that the big media mentions it.
It's not a worm, it's a virus (Score:4, Insightful)
Then again, if it did, it wouldn't be the
...Not a Good Idea (R) (Score:5, Insightful)
Hypothetical advertisement: "Hey, we're Macs, and we don't have viruses."
I guarantee you that every virus writer and his(/her?) grandmother would flock to OS X and start writing viruses with reckless abandon. Apple, Linux, Amiga, Commodore 64, and whatever other less-used operating system is probably perfectly happy to have its users sitting fat, dumb, and happy and not bragging about it.
Accepted as the norm now? (Score:5, Insightful)
I was explaining the other day to one of my business partners not to install this virus, and to delete it right away if he gets it.
He asked me if my computer was infected, whereby I had to explain once again that running Linux, I generally don't have to worry about things like this.
But the point is, for him, computers just get viruses. And because of that, I believe that most people are thinking: "Hrm, my computer got a virus.", not "Windows let another Virus through."
So the majority of the people that aren't really computer illeterate (the majority), don't really know what to think when people tell them Linux is more secure.
Because for them, it's still running on their computer, and their 'computer' got a virus. It's just their mentality. Of course, this is simply my opinion.
Skynet is here (Score:4, Insightful)
Re:Huh? (Score:2, Insightful)
I feel pretty damn safe under Linux, how do you feel worrying about when the next worm will take over your entire machine?
Gee, since I've never been infected by a virus or worm, and I've been using Windows since forever (both client and server side), I don't feel I have that much to worry about. Since I'm pretty confident I know how to use a computer and all its associated software properly, I don't think that Linux is that "magic snake oil" that will solve all my problems.
BTW, I don't use Zone Alarm.
Re:Wow (Score:5, Insightful)
it's also good enough to keep you on 'net while you're trying to figure out wtf went wrong.
unless you got an as good a windows running livecd system?
Re:Huh? (Score:3, Insightful)
Zone Alarm is not the be all and end all of worm prevention
Its not just an email worm! (Score:3, Insightful)
Oh no, this multi talented worm is:
But wait! Theres MORE! It has its own SMTP engine. It attempts to halt anti-virus processes. It alters the registry AND THEN it even disables the ability to edit the registry!
Quite a nasty beasty really. And even for us nice safe Linux/BSD users there are issues. Clogged mailboxes are at least, a nuisance, at worse, a huge bandwidth cost. Those on dialup or liimited broadband access where you pay for d/ls and uploads will notice it!
So even those of us cheerfully NOT patching frantically have consequences. The celebrations of yet another MS problem are a bit premature it seems to me. I'd rather see more outrage that such an inherently insecure and easily manipulated OS is costing ALL of us online.
Learn First, Post Second (Score:3, Insightful)
There are several reasons what you said was just plain wrong. There were a lot of ways to avoid the RPC (MSBlast) worm. First, you could have patched when the patch was first released. It pre-dated the worm by several weeks. Second, you could have been running the built-in XP firewall. Third, you could have been running a 3rd party software firewall such as ZoneAlarm. Fourth, you could have been behind a firewall on another box or behind a hardware firewall. Fith, you could be behind a NAT box that is set not to pass incoming connect attempts to LAN side (which is the default setting for the 3 home routers I have owned). Doing any one of these would have dropped the likelyhood of getting the RPC worm to zero or near to it (e.g. it's perfect until and infected machine is hooked up behind the firewall). How are people who took one or several of these steps lucky? I have 3 Win boxen among the computers on my home network, none got infected. Though my router was catching about 5-8 infection attempts a second.
Lucky? (Score:5, Insightful)
Lucky? Zone Alarm?? Well, at least you were able to show that you really don't know much about Windows (or at least not as much as you think you do).
What do you mean professional? (Score:2, Insightful)
The Viruses Will Follow (Score:1, Insightful)
Same damned thing.
You can't patch the vulnerability that sits between the keyboard and the chair.
Although Microsoft has tried. Anyone running a version of Outlook released in the past 2 years can't open the binary attachment that this worm sends. If that was attempted elsewhere people would be crying bloody murder.
Re:Huh? (Score:2, Insightful)
The article said just viewing the email infects you.
Knowing Microsoft and their bugs in their mail client, the best way to secure your machine is to stop using Microsoft products. I dont use IE, I dont use anything Microsoft but their Windows OS itself. I remove as much of their junk as I can and I run my own stuff like Mozilla.
In Linux everything is open source so at least I can look at the code and know what software not to run, dont run poorly written software and dont run servers.
Comment removed (Score:2, Insightful)
Re:The Viruses Will Follow (Score:3, Insightful)
Windows users owe the alternative OS "sinks" big. (Score:4, Insightful)
W32.Swen is really aggrevating me over here. In the past few days I've received over 1000 copies. And I'm not terribly happy about it. I'm probably averaging at least 100 per hour during the day, and about 300 at night (when my primary e-mail system is offline).
The really irritating part? My _entire_ network consists of one OS/2 box (the e-mail client machine), and three Linux boxes. Not a single one can be infected by this virus, and not a single one could propogate it (unless I explicitly wanted to do so, which I don't).
Now thankfully I'm on a pretty decent cable modem service here (really good speed), bogofilter was quickly trained to detect and toss these messages into a SPAM folder (where they quickly get deleted), and my mail client (PMMail/2) has a remote control feature that allows me to scan message titles on the server and delete the messages without downloading them.
But still -- imagine if this weren't an immune OS/2 machine, but one of the Windows machines that could be infected. I could very well be propogating these as well. But because of my good choices in OS's, I don't.
Thus, I think I'm doing a public service by _not_ running Windows and propogating these viruses, but instead act as a sink to prevent them from propogating. My machine is the end-of-the-line for these viruses -- even though getting thousands of e-mail is highly annoying, my machine (in effect) "kills" the ones I receive, causing their propogation lines to end.
I think Windows users on the Internet owe those of us who run other operating systems, and they owe us big. They can start paying up by PROPERLY PATCHING THEIR SYSTEMS!!! (Stopping sending me $^&*%^&!! hundreds of copies of W32.Swen would be really helpful as well).
Yaz.
Swen is NOT A WORM (Score:3, Insightful)
"Classified as a worm because of its ability to copy itself without infecting host files..."
What a bunch of morons!
Lets look at what distinguishes a Virus from a Worm: .exe and .doc files so that when they are launched or opened the virus will then spread further.
A virus requires user interaction to spread. A virus can be a self standing executable (such as Swen) or it can infect other files such as
A Worm is self propagating and does not require any user interaction to spread. Worms rely on holes that exist in the underlying operating system to inject their code into applications already running in memory. Once they have infected the target machine, the worm will then self propagate to other similarly unpatched machines.
With this simple definition, where do they get off calling swen a worm, when the swen virus clearly requires some dumb schmoe to click on the executable file that is included as an attachment in an email? Once the genius launches the bogus.exe file, it then searches the newly infected machine to harvest email addresses to send itself to. There is no 'automatic execution' of code here.
Re:Fascinating isn't it? (Score:2, Insightful)
If people mailed clueless Linux users and said "this is from Linus, run it" I'm sure people would be dumb enough to run it.
So here're a few hints for you:
1. Bugs that depend on the idiocy of the user don't have anything to do with your OS wars. People chose to use Microsoft because, umm, everyone runs a MS OS. Nobody (comparatively) runs Linux.
2. If you're going to make an OS issue, at least wait for a MS RPC bug or something. Then I can point to the litany of Mandrake/Debian/Redhat bugs for the week.
It's not the news media's job (Score:2, Insightful)
It's not up to the news media to mention alternatives, they're supposed to report the facts. Likewise, when they report the recall of, say, Ford Explorers, they don't report Cheverolets and Hondas as alternative cars. They can mention alternatives in editorials, and last I looked, they do.
Re:Fascinating isn't it? (Score:3, Insightful)
The cost of switching for that reason alone isn't necessarily worth it on a massive scale. You switch because you're worried if your computer stops working, right? Well if the cost of the switch is that your games and some other apps stop working, then you've traded one failure for another.
I wouldn't call that a great marketing opportunity. It's one thing to draw attention to those OS's being 'virus free', it's another to urge people to switch over it. Besides, if somebody does cause that kind of havoc on either of those machines, then you'd have a lot of unhappy peeps.
It may not be worth drawing attention to that aspect of those machines. All you need is for an inexplicably popular app to have an exploit in it, and millions of people using it. (Kazaa, ICQ, Winamp, you name it.) There's not a bean that Linux or Mac can do to stop that.
(Note: Please don't read that as "Kazaa, ICQ, and Winamp have exploits." I just meant that they're really popular.)
Re:Skynet is here (Score:2, Insightful)
Re:Huh? (Score:5, Insightful)
Re:Fascinating isn't it? (Score:5, Insightful)
The fact that Windows is so exploitable is the reason it's exploited, not the fact that it's the most widespread.
Free/OpenBSD and linux/unix have been around for quite awhile, and both are getting more usage daily. Both are on the net all over the place. Yet they're still not a target or at the very least, an unsuccessful target. Why? Security and built-in holes are kept to a minimum and usually patched in a timely manner. Some people get rooted once in awhile but it's usually their own fault or the fault of the admin that forgot to apt-get a new fixed daemon or library.
Just face it, Windows was never designed with security in mind, and all the patching in the world may never make it more secure. Once again let me reiterate: Windows is a target because it's too easy.
Re:Huh? (Score:3, Insightful)
Uninterested? (Score:5, Insightful)
No troll, I'm dead serious.
I wish people took more interest in the things that they use every day and take for granted. Everything is so completely fascinating. I think that there is no better pursuit in life than to learn the hell out of everything. The way people learn one thing and then get all arrogant about it is, in my opinion, the worst behavior of all.
There are tons of things that I don't know, I don't look down on people for not knowing things. It does bother me when they refuse to learn, though.
People do awful things to their computers and people do awful things to their cars (and their plumbing!). If people took a little more time to appreciate the things that they take for granted, many of our problems would be gone.
I didn't mean for this to end up all preachy, but I don't remember where I was going. If I hadn't already typed so damn much, I'd just quit now, but hell...
That's absurd. (Score:5, Insightful)
Re:How did that get mod'ed "insightful"? (Score:2, Insightful)
I've heard that argument before, but it's still wrong. A program running as you has the ability to delete your email and data files and the ability to send out email to propagate itself. Who cares if it can mangle /bin/ls? I care much more that it can mangle /home/patrick/important_document.tex. Being root has nothing to do with anything.
That is why the "Linux viruses" you see are only in the labs of the anti-virus vendors.
No, that's because most virus writers and most victims are running Windows. Why write viruses for a desktop that only 1% of end users (and the 1% most likely to keep their systems patched) are running?
A well designed operating system security model will prevent the infection.
Your statement is true. Your implication that Linux's security model is well designed is not. Your email program can, if hijacked, execute programs, open network sockets to arbitrary hosts, and delete files. It doesn't need any of those privileges, but Linux has no mechanism to protect you on that level. All Linux can do is keep your email client from mangling /bin/ls -- so what?
Linux isn't prone to floppy-borne, executable-modifying viruses. But it certainly could be prone to email viruses if anyone finds a buffer overflow in pine, mutt, or Evolution.
Re:How did that get mod'ed "insightful"? (Score:4, Insightful)
No system is immune by design. Stupid or careless users are always crafty enough to bypass even the best security.
Re:Fascinating isn't it? (Score:3, Insightful)
It's a lot easier to get an elitist attitude than it is to be patient with others, but understand this: while a person may look like an idiot to you for not knowing this isn't a legit update, that same person might think you are an idiot in is world of expertise, and you very well might be.
Ralph Waldo Emerson once said, "In my walks, every man I meet is my superior in some way, and in that I learn from him."
If this was true for him, isn't it a thousand times more true for the rest of us?
Re:Huh? (Score:3, Insightful)
2.) Using *any* software firewall. Even WinXP's own firewall. ZoneAlarm is trash in my opinion.
But it isn't your only protection.
3.) Using a hardware firewall which blocks the RPC port anyway
4.) disable dcom with start -> run -> dcomcnfg
Re:Huh? (Score:2, Insightful)
That is always the worst thing that can happen. If a virus wipes out my System32 directory, big deal, I reinstall Windows. It's a pain but I haven't lost anything. If it wipes out my home directory, that has all of my financial data, electronic reciepts, business invoices, contacts, etc.
Don't get me wrong, your email client shouldn't have admin privilages, but I consider my machine hosed when my home directory is hosed. Linux is no more secure in this regard.
Re:How did that get mod'ed "insightful"? (Score:5, Insightful)
That's true of any environment. If a windows computer uses IMAP and doesn't store the password locally it can't delete your mail either.
Who said you had to use the SMTP host on the network? Any old program that knows how can speak SMTP and mail itself out to the next victim. In fact from what the article says this virus knows how to speak SMTP. For an external MTA it's pretty hard for it to only accept SMTP sesions that use TLS as TLS is poorly supported across the internet. I know all my machines running an MTA don't have secure SMTP setup (I really don't like paying the $100 a year blood money to the damn certificate authorities).
I will agree that unix machines tend to be better administered, and are more likely to be patched better simply because the OS is less tied together and inter-dependant like windows is (and thus the huge service packs MS puts out). Take the latest openSSH patch for example. The changes were all back-ported to the version of OpenSSH running on a distribution+version. We also know exactly what changed (2 or 3 lines of code), and they're fairly simple changes. Vigourous testing of the patches isn't as pertinent as it is in the case of MS products, so patches will be applied more often.
Re:Huh? (Score:5, Insightful)
That is the *biggest* crock of shit ever, but I hear it time and time again on Slashdot.
Why on earth would would you care if your applications got borked? It's the data that's important.
Re:Swen IS TOO a worm (Score:3, Insightful)
Swen runs as a program, a malicious program. That is what makes it a virus.
Swen does not rely on a vulnerability to spread. It does not require Microsoft Outlook to spread, (although outlook certainly helps), as it spreads just as well if you're using Outlook, Eudora, Netscape, Hotmail, Yahoo, WHATEVER!
All you must be doing is running an MS operating system.
There is no patch for stupidity.
Swen is a virus that relies on user stupidity to spread. The fact that this virus spreads to network shares is typical virus activity. If it copies itself to a startup folder, or modifies a registry string to launch the virus when a computer reboots, it is launching as an APPLICATION, a malicious application - which means virus to the slo folk and reporters that are reading this.
If Swen were to make a direct connection to a persons IP on port whatever, performs a buffer overflow which injects code into a running application thereby opening up a backdoor by which the worm can then infect the machine - THEN it would be a worm.
Comment removed (Score:3, Insightful)
Comment removed (Score:2, Insightful)
Re:Huh? (Score:2, Insightful)
Re:Big Deal. Norton Handles It Fine (Score:3, Insightful)
Ho hum.
Senior Programmer Analyst? (Score:3, Insightful)
Your opinion quite frankly is not very worthwhile. First, losing a home directory under any OS is a _Very_ bad thing. You can't reinstall your home directory from a CD.
Second, every user does not run as Administrator out of the box in 'MS Windows Security'.
In XP this isn't true, in Server 2003 this isn't true, in Windows 2000 this isn't truee, in Windows NT this isn't true.
In MS-Dos this is true, in Windows 95 this is true. In windows 98 this is true, and in Windows ME this is true.
See a distinction? Ok, so lets consider you meant "in Windows ME". Fine, yes users run with full permission in ME. And those same users, if they were in Linux would not be using Linux. Because they couldn't figure out how to install it. If they did manage to get Linux on their box, and setup their mail client, I doubt they'd be much more secure. Why? Because _they_ are still the risk. They will execute the ".sh" file attached to the mail message. The script will alias some worthwhile commands and wait for the user to give it the root password. Or, it may just ask them, after all, the users ARE the WEAK link. So why not just pop up an important looking window (or console prompt) and say something like "fsck detected faulty partition data on ext2/blah/bah/bah at offest 00345678 code word DELTA. Please enter root password so that kernel.bot may correct this problem".
Get my point? It _IS_ the "dumb" user. Switching them to a different operating system won't protect them (unless of course you _Don't_ give them root access or password, and then that would be a trusted environment and they wouldn't be running Windows ME, they'dbe running win2k or XP or 2003 or Linux or BSD or some other securable operating system).
hope that helps,
-malakai
Re:Huh? (Score:4, Insightful)
Btw, 'run-as' is little more than a half-assed ripoff of 'su'. Try to install a program sometime using 'run-as'. Whose permissions does the installer use? Where do the registry settings go? Why doesn't anything work?
I, and many others, are tired of fighting with half-completed MS 'features' that don't live up to the hype. Maybe, one day, Windows will have finally managed to implement all of the useful features that were designed into the UNIX and Mac OSes. Then I might consider using it. At MS' current rate of ignoring basic functionality in lieu of marketing buzzwords, though, that day will never come.
Re:Wow (Score:3, Insightful)