Forgot your password?
typodupeerror
Communications Microsoft Security Worms IT

New Email Worm Squirming Through Windows Users' Inboxes 473

Posted by timothy
from the vermicide-delicious dept.
Trailrunner7 writes "There appears to be an actual email worm in circulation right now, using the tried-and-true infection method of sending emails containing malicious executables to all of the names in a user's email address book. The worm arrives via emails with the subject line 'Here You Have' or something similar, and the messages contain a link to a site that will download a malicious file to the victim's PC. The malware then drops itself into the Windows directory with a file name of CSRSS.EXE, which is identical to a legitimate Windows file. From there, it's 2001 all over again, as the worm attempts to mail itself to all of the contacts in the victim's Outlook address book."
This discussion has been archived. No new comments can be posted.

New Email Worm Squirming Through Windows Users' Inboxes

Comments Filter:
  • Apples (Score:4, Funny)

    by sexconker (1179573) on Thursday September 09, 2010 @06:13PM (#33528096)

    I thought worms were found in apples.

  • The entire UW mail system died yesterday morning.

    Maybe this is why ...

    • by causality (777677) on Thursday September 09, 2010 @06:19PM (#33528166)

      The entire UW mail system died yesterday morning.

      Maybe this is why ...

      It's an instance of the reason why. The actual reason is that the users still haven't learned from the last 9 years of experience. The only bad thing is that their stupidity is not self-contained and can affect the networks and computers of others. I say that because this time, it isn't really a technical flaw in Windows since I don't see any reports of the e-mail attachments being automatically executed. This is more like a social engineering attack. It's one that is not remotely new and has provided numerous examples that the even slightly clueful have already learned from.

      • by MichaelSmith (789609) on Thursday September 09, 2010 @06:25PM (#33528256) Homepage Journal

        Devils advocate here: is there any reason why a normal non-technical windows user should be able to run an executable in a directory they are able to write to? Maybe the ipod/ipad approach is better for most people.

        • by causality (777677) on Thursday September 09, 2010 @06:51PM (#33528486)

          Devils advocate here: is there any reason why a normal non-technical windows user should be able to run an executable in a directory they are able to write to? Maybe the ipod/ipad approach is better for most people.

          I have no idea why you were modded "Troll" except that some people have an irrational oversensitivity to any mention of the iPod or iPad. They should get the fuck over it, to be direct about it.

          Back on topic, what you mention is a very good idea. It's also not new to Apple products at all. That's the approach Unix has used for a long, long time now. Installed programs on a Unix system are generally root-owned and sit in directories that are also root-owned. For a normal user, both the executable and the directory in which it is located is read-only.

          The problem with Windows is the vast amount of software that is poorly designed and wants Admin privileges even though it could be designed to carry out its task without them. This has trained the more point-and-drool type of user (the majority who gravitate to this platform) to just click away any dialogs without seriously questioning why a program is requesting extra access. That is, of course, assuming they are running as a non-privileged user in the first place.

          The iPhone (I assume you don't intentionally refer to an mp3 player) approach is more like "you don't need root for anything, let us manage that". The Unix approach is more like "programs don't expect to have root privileges without a very good reason, like your package manager for example". In both cases an e-mail client would be run as a normal user. I'm not so familiar with the inner workings of an iPhone but at least on Unix and Unix-like OSs, the binary executable file would also reside in a root-owned directory not writable to any normal user. Combine that with the generally more clueful user base and it's easy to understand why Unix/Unix-like users just don't have these problems.

        • Devils advocate here: is there any reason why a normal non-technical windows user should be able to run an executable in a directory they are able to write to?

          Normal, non-technical windows users often own their own machines; consequently, yes, they should be able to run an executable in a directory they are able to right to.

          • by causality (777677) on Thursday September 09, 2010 @07:12PM (#33528702)

            Devils advocate here: is there any reason why a normal non-technical windows user should be able to run an executable in a directory they are able to write to?

            Normal, non-technical windows users often own their own machines; consequently, yes, they should be able to run an executable in a directory they are able to right to.

            It's not so much about whether you should be allowed to do with your own property what you wish. Of course you should. It's more like the security model of capabilities. If there is no good reason to allow something to happen then it is better security not to allow it.

            This breaks down in Windows because Windows does not have a centralized package manager that handles both the installation and the uninstallation of all new software. The proprietary nature of most Windows software would preclude such a thing. A Linux user can have the full use of their system without ever having to directly download a binary executable and then run that executable just to install or use a piece of software. Instead, they have package managers and repositories which have all but eliminated the issues of third-party malware.

            By contrast, on Windows it is far more common to directly download an "Installer.exe" file and then run that installer in the directory into which it was downloaded and with the elevated privileges needed to install software. That introduces problems when such executables come from untrustworthy sources. Introducing undetected malware into a Linux repository is much more difficult and thus has occurred far less frequently than the much easier task of conducting a social engineering attack against a user of an e-mail client.

            The way things are done on Windows makes it far more prone to these attacks. The fact that the average Windows user is much less knowledgable than the average *nix user compounds the problem. That's why you have attacks that are about nine years old that are still successful, which is really quite pathetic.

            • by DragonWriter (970822) on Thursday September 09, 2010 @07:26PM (#33528854)

              It's not so much about whether you should be allowed to do with your own property what you wish. Of course you should. It's more like the security model of capabilities. If there is no good reason to allow something to happen then it is better security not to allow it.

              I am aware of the basis of your questions; what I am saying is that fact that normal, non-technical Windows users often don't have someone else to administer their machines means that they have to be able to run executables from directories that they can write to.

              Now, distinct security roles for the same user can mitigate some of this is risk, and it might make sense to not allow a normal Windows user to run code that they have "casual" write access to (e.g., without escalating to an administrative role temporarily), but the problem with that without is finding a way to make the security model simple and comprehensible enough that users don't simply get into the habit of escalating to an administrative role to do things without understanding what they are doing.

              This is not a particular easy problem, because for a general purpose computer, you have to have a fairly fine grained security model to allow software to do what the user wants it to but not other things, and non-technical users aren't going to want to learn the details of a fine-grained security model.

              Instead, they have package managers and repositories which have all but eliminated the issues of third-party malware.

              I don't think that's really all that true; if Linux becomes popular enough with casual users that the kind of malware that is directed at them becomes worth targeting at the platform, third party repositories will be setup and emailed invitations distributed to add them and download screen savers and other seemingly-innocuous software from them. Which will, of course, be malware that the users are being tricked into installing with elevated privileges. (Of course, you can install packages on Linux straight from files -- even files in email -- since, e.g., Ubuntu, IIRC, runs the graphical package manager by default if you click on a .deb; while many Linux systems have security models that are somewhat better than Windows, I don't think they are all that much more secure against social engineering directed at non-technical users with administrative rights on their own boxes.)

            • by Missing.Matter (1845576) on Thursday September 09, 2010 @07:31PM (#33528928)

              A repository wouldn't change anything in this situation. It's incredible, but I guarantee you most people who installed this probably have heard that malware can come in e-mail attachments. My direct family is all aware of this, and how many times have I been called over to fix something because they thought it was "okay?" Another poster here related how his friend downloaded this very worm, despite the fact he thought it was shady.

              So we have a situation where users are happy to install programs not just from an unknown source, but from a very likely unsafe source! Why? Who knows? They need to see that latests celeb sex tape or are waiting for an attachment and didn't pay close attention what they're clicking on.

              So yeah, let's give these users a repo and tell them it's safe and they can only install programs from there. Oh but wait, now they want a piece of software that isn't in the repo, and again we're in a situation where users have to judge for themselves how legitimate a piece of software is; I've already demonstrated how that usually turns out.

              • Re: (Score:3, Insightful)

                by causality (777677)

                So yeah, let's give these users a repo and tell them it's safe and they can only install programs from there. Oh but wait, now they want a piece of software that isn't in the repo, and again we're in a situation where users have to judge for themselves how legitimate a piece of software is; I've already demonstrated how that usually turns out.

                Ah but that's a direct refusal to utilize the software repos as a trusted source. Just because a user refuses to get their software from a trusted source does not co

      • The actual reason is that the users still haven't learned from the last 9 years of experience.

        The other reason is that Windows still doesn't include an easy point-and-click tool to make a jail in which to run an untrusted app. If Windows had this, people wouldn't have to spend 29 EUR on Sandboxie.

      • by Annorax (242484) on Thursday September 09, 2010 @07:04PM (#33528616) Homepage

        No, it's more of the fact that "a sucker is born every minute" or more along the lines of every millisecond.

        The college freshmen of today never experienced the "2001 all over again", so they are ripe for the pickings of email bombs that look "old hat" to old farts like us.

        • Re: (Score:3, Funny)

          by dbIII (701233)

          The college freshmen of today never experienced the "2001 all over again"

          That's right all you college freshmen going ape at parties, don't touch that big black monolith or bad stuff will happen.

      • Re: (Score:3, Insightful)

        by turbidostato (878842)

        "it isn't really a technical flaw in Windows since I don't see any reports of the e-mail attachments being automatically executed. This is more like a social engineering attack."

        In a single word: PEBKAC

  • by TheRealMindChild (743925) on Thursday September 09, 2010 @06:15PM (#33528122) Homepage Journal
    "Tonight We're Gonna Party Like It's 1999"
  • Got mimedefang? (Score:4, Interesting)

    by Shoeler (180797) * on Thursday September 09, 2010 @06:16PM (#33528134)
    People still allow .exe files through filters? Helllloooooo mimedefang...
    • Re: (Score:2, Interesting)

      by Technoodle (1384623)
      I had a client that got a link to a .scr file. They thought it was suspicious but clicked it and ran it anyway. When will Users ever learn?
      • Re:Got mimedefang? (Score:5, Interesting)

        by Jaktar (975138) on Thursday September 09, 2010 @06:37PM (#33528368)

        I was called to a co-workers office today. He told me that he received an email from someone in our company. He didn't remember the name of someone he had spoken with yesterday and assumed it was the person that he had talked to. He clicked the link and then witnessed the awesomeness that is this exact worm. I got to see the email. It had all the usual signs of being junk/scam/phishing/younameit. I then further continued to giggle as the company posted a warning on our main site page having already shutdown the mail server. By the time he had caught the worm in action it had operated for about 30 seconds and managed to get around 800 messages (and counting) in his outbox before he killed the process.

    • Re:Got mimedefang? (Score:5, Informative)

      by gmuslera (3436) on Thursday September 09, 2010 @06:33PM (#33528332) Homepage Journal

      The actual file don't go in the mail, just the link to download it. mimedefang or antivirus at the mail server don't have anything to do with it.

  • The hell? (Score:3, Insightful)

    by goodmanj (234846) on Thursday September 09, 2010 @06:18PM (#33528152)

    Stupid question from a Linux / Mac user:

    Are there really operating systems in use in 2010 that let you write files to a system directory without entering an administrator password?

    • No but there are plenty of users who automatically click "Allow"

    • Re:The hell? (Score:5, Insightful)

      by drcheap (1897540) on Thursday September 09, 2010 @06:27PM (#33528278) Journal

      Stupid question from a Linux / Mac user:

      Are there really operating systems in use in 2010 that let you write files to a system directory without entering an administrator password?

      Yes, because people will give a computer anything it asks for, especially if it asks in an ambiguous manner.

      What's this? A UAC prompt asking for permission to "perform the action I requested"? Wait, what was I just doing? Oh yeah, reading email. Yes I want to do that. ]click[

      Same thing would happen if you gave them a Linux/OSX box that asked for admin password. Granted M$ made it easier by not requiring one to actually type in any actual password to elevate privileges.

      • Re:The hell? (Score:5, Insightful)

        by goodmanj (234846) on Thursday September 09, 2010 @06:49PM (#33528472)

        I know this has been said before, but if your operating system is asking for an admin password often enough that replacing it with a mouseclick significantly improves the user experience, you're solving the wrong problem.

        • Re: (Score:3, Insightful)

          The default UAC behavior in Windows 7 is to notify when installing programs and when programs try to change protected Windows settings on their own. The ONLY time I see a UAC prompt is when I install software. How is this unreasonable?
          • It's not (Score:5, Insightful)

            by Sycraft-fu (314770) on Thursday September 09, 2010 @07:35PM (#33528968)

            The problem is that Mac/Linux users loved to bang on about this as a reason their OSes were more secure. "Oh asking for an admin password protects us." Of course it doesn't, you still have to know what you are doing but there you go. So then Windows got it too. Well now this is a problem, you can't claim it as an advantage anymore. What's more, Windows does it right, it is true privilege separation, and it doesn't cache it like a number of Linuxes do (you sudo in the GUI and it stays that way for 10 minutes). So what to do? Oh, well attack it from asking too often, of course! Never mind it only asks for, you know, things that actually require access. It is still too often!

            Some people just have a mindset that their OS is Superior and Windows is Inferior. Thus they'll come up with whatever justifications it takes to convince themselves of that. It isn't about facts, it is about a belief they are trying to justify.

            Also to the people who think admin gets asked for too much: Please remember that anything that doesn't need admin to do, a virus/spyware can do without that admin. So if a program can be installed without admin (and it can actually, just only to that user's account, not system wide) then a virus can be installed without admin. There is no half way, you can't have something that only a legit program can do that a virus needs admin for. Something either does or does not require admin. Period.

    • Vista/7, by default prompt.

      Thanks to UAC in vista, folks have been well trained to just click "Yes" when prompted. So yes, this will be a threat.

    • Re: (Score:2, Interesting)

      by archmcd (1789532)
      Well, in the case of Windows XP and common corporate practices, it's not unusual for an individual that would require administrative rights to log in with an account in the Administrators group on a regular basis, whether administrative tasks will be performed or not. I've worked for companies where 1 in 3 users have administrative rights on their workstation due to a "business need" which may have been a one-time task, but the escalated privileges remain indefinitely. 1 in 3 is an awful lot of people in a
    • Re:The hell? (Score:4, Informative)

      by Skuld-Chan (302449) on Thursday September 09, 2010 @06:51PM (#33528484)

      You can't write files to \windows\system under vista/windows 7 without elevation to administrator. Under XP/2000 as a regular user - ditto.

      That said - there's probably an alarming amount of people who would enter credentials upon getting the elevation prompt on Mac/Windows/Linux after clicking on an attachment or link in their email client.

    • Three things (Score:5, Insightful)

      by Sycraft-fu (314770) on Thursday September 09, 2010 @06:51PM (#33528488)

      1) Yes, older ones. Unlike Apple, other companies don't force you to stop using an OS after a couple years. MS supports their OSes for a minimum of 10 years, and XP is scheduled to be supported until 2014. On XP most users run as an administrator, and thus need no privilege escalation to do anything. This is not required, they could run as a normal user, however they don't.

      2) Who says you need system access? Most spyware we encounter these days doesn't bother, it just infects the user directory. No admin needed. Also, some detection tools have trouble noticing it when you log in as an admin and run them, since it is inactive at that point.

      3) We are talking about people who will run executables from e-mail, something they've been told not to do about 1,000,000 times. You REALLY think an admin prompt will stop them? Hell no, they'll just grant permission.

      If you think having to escalate privilege protects an OS, you are deluding yourself. Don't get me wrong, I like the feature and in the hands of a technical user it is a useful defense. However it does shit for the clueless users. You cannot protect someone against themselves and still give them control over their own system.

      • Re: (Score:3, Informative)

        by joeyblades (785896)

        Unlike Apple, other companies don't force you to stop using an OS after a couple years.

        Huh? Ummm... I have a G3 Gossamer, purchased in 1997, running OS 9 since 1999, that is still going strong... still running Mac OS 9. Apparently I escaped under Apple's merciless radar because they have not forced me to stop using it. It's still a rock solid machine and I sometimes still use it to run some old PowerPC software and (get this) I can still run some 68000 software in emulation mode.

        And for the record, I know you were really trying to make a statement about OS support, but I couldn't let you g

    • some stuff does not need admin to take over the system even more so when it uses old windows 3.1 or 9x holes that are still in XP, vista and 7.

      The old code is not holes but old printing or other sub systems that are not in use any more but the code base that that old system used is still in the windows code base.

  • by Superdarion (1286310) on Thursday September 09, 2010 @06:19PM (#33528172)

    What do you mean it's 2001 all over again? I never stopped receiving those. Every once in a while I receive a mail "from a friend", from the friend's address or not, telling me stuff like "Hey, here are the pictures of that party!" or "Have you seen this? I can't believe there are pictures of it!". They all contain links to weird-looking pages which, of course, I never open.

    Sometimes I even receive those mails with URLs that actually contain my email address, like www.thisisnovirus.com/picturesfromlastnight/superdarion.

    From what I can tell, they usually come from my friend's MSN/hotmail's address books.

    • by istartedi (132515)

      It's even more interesting to look at packets with a sniffer on Comcast. Something out there is still broadcasting UDP on this subnet. IIRC, there was a Windows service that used to be enabled by default, that allowed you to send simple UDP messages and have them pop up at people. AFAIK It's long since been disabled; but you still see that kind of traffic on the network. Guess what, it's all spammy messages too. How many unpatcheable '98 or even '95 boxes are on the network?

      Also, I defy any Linux user t

      • by afabbro (33948) on Thursday September 09, 2010 @06:34PM (#33528342) Homepage

        Along similar lines, people still use Outlook? What if you need to log in from somebody else's box? I'm not a big fan of "web apps for everything", but email is one of those things where a web app makes much more sense than a desktop app.

        Not to defend Outlook, but MS Exchange does come with Outlook Web Access. It provides a web-based interface that provides a web 2.0 interface to Outlook. Probably 90% of what you want to do in Outlook (read/writeyour mail, setup meetings, contacts, etc.) can be done in OWA. It even degrades nicely for older browsers. It's actually quite a sophisticated webapp...though of course, you're still using Outlook.

        • Re: (Score:3, Insightful)

          by scdeimos (632778)

          [on OWA] It even degrades nicely for older browsers.

          I wish it downgraded nicely for newer browsers, too.

        • Re: (Score:3, Funny)

          by LordLimecat (1103839)

          It even degrades nicely in older browsers...

          ...And in any browser that doesnt state "internet explorer" in its useragent.

        • Re: (Score:3, Funny)

          by dbIII (701233)

          It even degrades nicely

          That's a new feature for MS Exchange. It used to degrade quite nastily in previous versions.

      • it's comcast they can't even get cable right at times and they still have a hard time with people in the call center getting info to the cable guys. Try asking for a cable card or if you want some fun tru2way.

    • by DrSkwid (118965)

      Do you have any pictures of my wife you could send me in a zip file, or perhaps a failed UPS delivery summary ?

  • U R teh winnar! (Score:2, Insightful)

    by drcheap (1897540)

    Sigh. We need licenses to operate computers, that way we can revoke them when people click on the shiny red buttons.

    --
    Click to read more great comments: ILoveSlashdot.exe [slashdot.org]

    • by _Sprocket_ (42527) on Thursday September 09, 2010 @06:45PM (#33528440)

      Now Timmy... can you tell me which of the shiny... candy-like... red buttons has an electric current on it's surface? Ooooh. Sorry. It WAS a trick question. They all do. We're going to need another Timmy.

  • Hit NASA today (Score:2, Interesting)

    by Anonymous Coward

    It started working its way through NASA and contractor mail servers today. Lots of folks send mail to distribution lists and so those were getting lots of backwash from people replying to them, saying they didn't think the message was for them...

  • Probing (Score:2, Insightful)

    So... *if* you were a government or some other organization - wouldn't this be a cool method of probing for vulnerabilities???
    *removes tinfoil hat
  • by kheldan (1460303) on Thursday September 09, 2010 @06:25PM (#33528260) Journal
    For that matter, people are still using Outlook?

    They're still using Outlook for email

    laughingwomen.jpg

  • Windows is super! (Score:2, Informative)

    by CrAlt (3208)

    My MS Exchange email box at work filled up with these right before the server died..

    Subject: Here you are
    --------------
    Hello:

    This is The Document I told you about,you can find it Here.http://www.sharedocuments.com/library/PDF_Document21.025542010.pdf

    Please check it and reply as soon as possible.

    Cheers,

    Domain Name: SHAREDOCUMENTS.COM

    Registrant:
    Worldwide Media, Inc
    Domain Administrator (info@mostwanteddomains.com)
    Po Box 129
    Highlands
    North Carolina,28741
    US
    Tel. +001.8132675600
    Fax. +001.9543370

    • Re: (Score:3, Informative)

      by Anonymous Coward

      The actual underlying link is from http://members.multimania.co.uk/yahoophoto/... sharedocuments.com is a decoy

    • by Anonymous Coward on Thursday September 09, 2010 @06:44PM (#33528420)

      Turn in your low slashdot ID immediately.

    • Re:Windows is super! (Score:5, Interesting)

      by Marauder2 (82448) on Thursday September 09, 2010 @06:44PM (#33528424)

      Before the collective wrath of Slashdot falls upon an innocent* cyber squatter, bear in mind that the URL listed in the text of the email wasn't actually the URL that the href linked to (text claimed to point to one spot, actual href tag pointed some place completely different). It didn't link to a PDF either but an executable with the .scr (Windows Screensaver) extension.

      *Presumed innocent in the context of this malware, not in the grander scheme of effing up the domain registry system for the rest of us...

  • by Maxo-Texas (864189) on Thursday September 09, 2010 @06:29PM (#33528294)

    I was suspicious of any PDF today.

    Might not have clicked on it but I might have. You normally think of PDF's as safe.

  • by ToSeek (529348) on Thursday September 09, 2010 @06:34PM (#33528344)
    Got sent to a maillist that covers just about everyone who works at a NASA center east of the Mississippi. Once you add up the virus-generated emails, the emails warning everyone it's a worm, and the emails complaining "for God's sake don't reply to everybody" (which replied to everybody), there were several score messages sent to thousands of users.
  • by nimbius (983462) on Thursday September 09, 2010 @06:35PM (#33528346) Homepage
    thank goodness I saw this article...i was seconds away from clicking on the attachment in Pine.
  • Lulz @work today (Score:5, Interesting)

    by mrsam (12205) on Thursday September 09, 2010 @06:44PM (#33528426) Homepage

    Initially, got a few batch of these at $work$ today -- one of the remaining 800lb Wall Street gorillas. The mails originated from some senders @NYSE, and were sent to some internal mailing lists.

    It didn't take long before a bunch of our own drooling baboons clicked the link, causing more mails to go out to the internal lists. That went on for a few hours. Then came the inevitable "why are you sending this", "i must've gotten this by mistake", "take me off the list" replies from more internal senders, resent to the same internal lists. Then came the inevitable "this is a virus, do not reply to all" replies to all.

    I told my management that what they have in their inbox, basically, is a list of people to get the axe when the next round of layoffs comes around. Can't create a more accurate list of people who are truly the bottom of the barrel, and do not belong in an organization that's supposedly charged with with billions of investors' and depositors' money.

    P.S. -- I also thought that this was the exploit for the 0-day PDF flaw too, given the .pdf extension. But if this was just an ordinary executable, that you actually had to click through an extra time to execute, then there's even less excuse for anyone with a brain to get infected with this.

  • Trojan, yes.

    Worms don't need human intervention to spread. ( technically, neither do viruses )

  • Not a worm... (Score:4, Informative)

    by TrancePhreak (576593) on Thursday September 09, 2010 @07:18PM (#33528780)
    This is a merely a trojan. A real worm would infect other machines without intervention.
    http://en.wikipedia.org/wiki/Computer_worm
  • "Download"? (Score:3, Insightful)

    by LambdaWolf (1561517) on Thursday September 09, 2010 @07:35PM (#33528966)

    ...the messages contain a link to a site that will download a malicious file to the victim's PC.

    Shouldn't it be that the site uploads a file to the PC, while the PC (or the worm itself) downloads it? I know the distinction is lost on the vast majority of users these days—which is a shame, since the concepts of "sending" and "receiving" are important enough to distinguish—but c'mon, this is Slashdot.

  • by IonOtter (629215) on Thursday September 09, 2010 @07:56PM (#33529162) Homepage

    I got one of these at work.

    The reason it didn't nail my machine is because...

    1. I have HTML disabled on Outlook
    2. I never click ANY links that go outside the company.

    I did a quick search on the URL, and it led me to Slashdot in the Google results. Yay Slashdot!!

    But here's the catch? Someone INSIDE the company *did* get hit, and it spread from their address book to everyone else. That's the usual progression, of course, but the source and headers actually made me look twice.

    ALL of the headers, everything, came from inside the company firewall. I could see where it passed through at least 3 firewall systems to get to me.

    When I spoke to network security, they said they'd been fighting it since noon. The reason why is because people are actually READING THE HEADERS and checking the user, and it's coming up legit!

    The folks on our end are actually doing due diligence, they're just not paranoid enough.

    • Re: (Score:3, Insightful)

      by cbhacking (979169)

      You know, all that due diligence makes perfect sense right up until you get to the fact that the "document" or "picture" you were sent isn't actually a PDF or image, but a .SCR - a PE-format executable binary. Windows will bitch at you about 3 different ways if you try and run one of those off the web, and the simple fact that it didn't just open in Adobe Reader should be more than enough of a tip to click no.

      Personally, I suspect the people at your office are simply lying about checking the headers and all

  • by don_carnage (145494) on Thursday September 09, 2010 @09:09PM (#33529616) Homepage
    We had to deal with this mess today, running around to PCs and flat-out shutting them off. One user that I came across clicked on the link because he "verified that it was from someone in the office." His Outlook outbox had over 34,000 emails ready to send. Quite a mess and we're still cleaning it up. I thought we had learned our lesson with the "I Love You" virus. What's worse is that the spam filter, IPS, Windows firewall, antivirus, and web proxy all failed to stop the attack.

System checkpoint complete.

Working...