After 7 Years, MyDoom Worm Is Still Spreading 133
An anonymous reader writes "Researchers at Sophos have revealed that the MyDoom worm, which spread via email and launched denial-of-service attacks against websites belonging to SCO and Microsoft, is still spreading on the internet after more than seven years in existence. The firm suggests, tongue-in-cheek, that it would be nice if computer users updated their anti-virus software at least once every 5 years to combat the malware threat."
7 years ago? (Score:2, Funny)
Hello dear christian friend,
In the year of 2004 it is with great pleasure that I leave to you the sum ...
Windows is nothing if not backward-compatible (Score:2)
Re: (Score:2)
Stuff the MUA, the MTA should be stripping executables - and it should be doing so using the file signature, not the extension.
Re:Windows is nothing if not backward-compatible (Score:5, Interesting)
Yes, because there's never a legitimate reason to send/receive executables. My university does this stripping crap and it's annoying as hell. They even yank out archive files. I eventually had to switch to Gmail from the university system, because I would send a colleague a zip file and they would email me back that I forgot to send an attachment (or vice-versa).
A better option than blindly modifying emails is to look for virus signatures in the files. At least that way, you're only eliminating the things that are known to be harmful.
Re: (Score:3)
One shot windows executables are pretty much a standard espionage tool these days. Used only once a virus checker will never recognise them.
Re: (Score:2)
If only there were a dozen or so other ways to transfer potentially harmful data that coincidentally require user intervention.
E-mail is fine for passive data, but it's too easy for executables. Users should have to jump through some hoops when handling executables, just like chemists have to take extra precautions when handling unknown or potentially hazardous substances. Handling protocol requires you to slow down and treat the material differently. Sounds good to me.
If your users can't handle FTP, or
Re: (Score:2)
Users should have to jump through some hoops when handling executables
Such as not running as root/Administrator? However, I know plenty of professional SAs who could take that advice; it's just easier to run that way and they (in theory) know how to deal with permissions.
Also, not all attachments are executable, yet most blanket exclude them all, so it eliminates one of the best ways to casually transport files. Worse, those that only go after attachments that appear to be executable miss some and create a false sense of security when dealing with them.
I don't really know
Re: (Score:3)
Like the infamous UAC messages of Windows Vista, which popped up whenever any application tried to do anything, and did nothing but annoyed people and conditioned
Re: (Score:2, Insightful)
Btrfs snapshots. Fedora already has support for automatic snapshotting with yum so that you can yum install or yum remove something and, hey, unintended change? Rollback.
Google for cgroups and isolation... there's a more specific term that will get y
Re: (Score:1)
Run it in a VM that allows rollbacks. Parallels supports this - I bet VMWare does too...
Re: (Score:2)
Modern computers don't have any security. Yes, this includes Linux, which isolates users from each other (to some extent) but doesn't give a single user any way of isolating his processes from each other and data.
Wrong about *nix, I'm not in a position to comment on Microsoft. But feel free to weasel your way out of incorrect sweeping statements. If I have to point you at the solutions it's because you've gone to considerable trouble to ignore them.
It's difficult to figure out what's happening in your system,
for you maybe - the rest of us have no problems. Be fucking hard to debug if we couldn't.
and it's impossible to roll back any changes, besides reformatting and restoring from a backup.
More bullshit. Squashfs, unionfs, and others. Are you trying to say Restore Points© are the solution? (hint - them's backups). If you need to reformat to restore from backup it's
Re: (Score:2)
I'm sorry, did I hit a nerve?
for you maybe - the rest of us have no problems. Be fucking hard to debug if we couldn't.
For most people.
Re: (Score:2)
For most people.
You try and change what you claimed. You are consistently wrong. You deny the truth.
I do not think it means what you think it means.
Thinking is a cerebral activity. If your statements involved your brain - then your brain is damaged. Weaselly - "Devious; misleading; sneaky." - that's you all right.
Re: (Score:2)
Modern computers don't have any security. Yes, this includes Linux, which isolates users from each other (to some extent) but doesn't give a single user any way of isolating his processes from each other and data.
Almost forgot - SELinux and AppArmor can do what you asked for - separate processes from filesystem objects..
grsecurity - even finer grained control.
Re:Windows is nothing if not backward-compatible (Score:4, Interesting)
And your university is broadly doing the right thing. (Though it's wholly unnecessary to yank archives unless they contain executables, any self-respecting mail scanner will be able to read more-or-less any archival format).
Scanning for "known-bad" things stopped being a good idea years ago. Frankly, unless you take a very hard line to block everything even remotely risky you are more-or-less guaranteeing a lot of clean-up work dealing with exploits. Every time something gets through, your staff can look forward to several hours of clearing up the resulting mess - and that's with a relatively small organisation.
Google have the resources to effectively crowdsource much of this, and they don't have to deal with the fallout of anything that slips the net.
What you should be doing is working with the system rather than against it - and the system should be set up to make it easy for you to do this. Services like yousendit.com are a rather more satisfactory solution for most endusers than an FTP server; I daresay a university should be able to put something similar together inhouse.
Re: (Score:2)
>Services like yousendit.com
Please don't encourage those assholes. The spread of services that make their name include their TDL and come up with the rest of their name by describing what they do is one of the most irritating computer-related trends to come along in recent year. It might not be quite as bad if users didn't fall for it - "gotomypc.com? They can do that now? I'll try it, sounds useful!"
Re: (Score:3)
Absolutely. By blocking anything potentially dangerous, you end up with a safe organisation that isn't able to function well.
Obviously, the I.T. guys see their own pain. But, the pain that excess security causes is widely distributed across space and time, and no one counts it all.
So, in this case, yeah, a virus is bad news. But, the question is, is a virus more lost productivity than 1000 people who are unable to send zip files?
Re: (Score:3)
Re: (Score:3)
Re: (Score:3)
Yes, because there's never a legitimate reason to send/receive executables. My university does this stripping crap and it's annoying as hell. They even yank out archive files. I eventually had to switch to Gmail from the university system, because I would send a colleague a zip file and they would email me back that I forgot to send an attachment (or vice-versa).
A better option than blindly modifying emails is to look for virus signatures in the files. At least that way, you're only eliminating the things that are known to be harmful.
Yes we do know that is a a problem but "think of the children" :)
.exe or .zip or .whatever and send the binary as a simple file or even enclose the binaries in an compressed archive and take off the extension so you can send it. The problem is the person who is going to receive the binary must know how to put it into a format that is usable and it is amazing the number of people who have no idea how to do this even when you explicitly tell them in th
On a more serious note. The best way is to take off the
Re: (Score:1)
Because any security gateway worth its subscription fees will be scanning for file signatures and blocking anything that is 'malformed'. An encrypted zip file with no extensions will certainly attract attention on anything I've setup, just because of the risk that a user is trying to bypass something.
Re: (Score:1)
any modern software
Is outlook 2000 modern software?
Re: (Score:1)
I hear from users and fanboys that Win7 is much more hardened than say WinXP
So my question is does this old virus still run on Win7?
If you actively run it and give it permission, yes. Since you mention fanboys, the Mac variety always claim malware doesn't count if users have to do that. Compared to XP it helps that Win7 have UAC, but the best defense against PEBKAC malware like this is running antimalware software like Security Essentials, which you also can do on XP.
If you really were interested, there is a lot of information out there about the security differences between XP and Windows 7, they are quite extensive (ASLR, DEP, UAC, i
Re: (Score:2)
About the users :)
Re: (Score:2)
Any malware that gets executed by the user and granted privileges runs on any system that the executable format it is in can run on. That's true for Windows 95, Windows 7, MacOS of any version and Linux of any flavor.
No system can defend against the stupidity of its owner. Unless the system is actually "protected" from its owner. For further reading, look up DRM and TCPA.
Re: (Score:2)
Re:Maybe people should have to register their PC (Score:4, Insightful)
I'll support that.
Right after we require a license to have children.
That would fix alot more stupid thanjust a computer worm problem.
Re: (Score:2)
Re: (Score:2)
Maybe people should have to register their PC before they connect it to the Internet?? Maybe people should have to get a license to use a PC on the Internet? It might reduce the carnage on our roads ^H^H^H^H^H^H^ Internet....
Excuse me while I press my brown uniform and shine my jackboots, the DRM people are making me work overtime again :)
Re: (Score:2)
I'm not really happy with the idea of handing the government even MORE say of what I may do with my computer and what I may not, it's not like they already take more than enough liberties (pun intended) in this matter.
But how about a radical idea: Make people responsible for what their computers do. Make them legally liable if their machines spew out spam and participate in DDoSs, at least if a reasonable amount of precaution has been taken. I'm aware that you cannot easily defend against all threats out th
Re: (Score:2)
How about we actually hunt down and prosecute the people who release these viruses and use them to spam and DDOS
It is EXTREMELY dangerous to start attaching criminal responsibility to people who had no criminal intent and took no criminal action due to their victimization by (harder to catch) criminals. Eventually, the police would just stop trying to get the actual criminals (too hard) and would focus exclusively on the easy to catch victims.
If someone buys a computer with "anti virus" software on it that
Re: (Score:2)
Because the internet is an international world where national borders mean jack, while that's not the case with law enforcement. The people writing and operating malware rarely sit in the US or France. They usually hail from a country the name of which ends in -stan, where law enforcement gets a good chuckle out of it if you ask them to prosecute someone spamming or phishing in your country. They have real crimes to prosecute, and they don't give a rat's behind about your problems. I mean, do you care about
Re: (Score:2)
If the U.S. can start extradition for a college kid in the U.K. over a few LINKS to allegedly pirated material, we can find a way to get at massive crime syndicates in other countries attacking millions of citizens here. If some other country won't curb their criminals (at least to the point of keeping their crimes within their own borders), cut them off (or filter them heavily) until they change their minds.
The Senate can't seem to keep their machines secured, more than one police department has failed as
Re: (Score:2)
Well, if there was some kind of interest, then maybe. Sadly, there is no RIAA behind the anti-spam movement.
And you're right, taking full blame for the fallout isn't necessary, a fine in the vicinity of 100-500 bucks will keep people keenly interested enough to enable some brain cells before clicking every dancing monkey.
Re: (Score:2)
If there is no real interest, the only thing a law could do is permit the police and crooks( politicians if you prefer) to "do something" about the problem by persecuting the innocent and spending less resources than ever on the actual problem. Meanwhile, a zillion PCs all around the world will make sure the spam doesn't abate even slightly.
If there is adequate interest, they should go after the criminal organizations behind the bot armies.
Re: (Score:2)
Re: (Score:1)
Dear friend,
stupidity cannot be made illegal unless prisons can be made the size of countries and countries the size of prisons.
As per your example: if you leave your car or your home open and you are robbed, you don't have any criminal or civil responsibility. Unless you are prepared to visit your mother in prison, don't say such stupid nonsense.
Re: (Score:2)
Talk for your country. In mine, leaving your car keys in your unlocked car means trouble. Usually handled by a fine. Unless the car actually gets stolen and used in a crime, then you're actually liable for facilitation
Re: (Score:2)
Unfortunately, unlike with hookers, you don't know if the one spamming is the one who wants to sell. Under your law, if I want to put you out of business, all I had to do is to send out spam advertising your product.
Re: (Score:2)
So, do you have a license to sell hair tonic to bald eagles in Omaha Nebraska?
XP Mode? (Score:1)
Sure it's not XP mode?
I don't run antivirus software in the VM because the VM almost is never up, but I wonder about people using it for significant amounts of time on a non-firewalled system. XP versions before SP1 would get root'd by simply having internet access.
Re: (Score:3, Insightful)
Re:XP Mode? (Score:4, Informative)
Stated in those terms, do you see now why it is perfectly feasible that there are computers out there with absolutely no virus checking on them that haven't been updated for nigh-on a decade.
You wouldn't believe how many systems I have worked on that have anti-virus installed that came with the system but hasn't been updated since the free trial expired. I really wish manufacturers would stop shipping systems with anti-virus software that is only good for 60 days. Almost nobody ever pays for the subscription after the trial expires.
Re: (Score:3)
Computers should be safe to operate without expensive add on software.
Re: (Score:3)
Computers should be safe to operate without expensive add on software.
That's an interesting thought. How about "cars should be safe to operate without expensive add on software / hardware". Guess what? They are! It is the idiot drivers that crash the cars by going too fast in poor conditions, tailgating, and other poor decisions and unsafe usage. This is the same thing as with computers. All major operating systems ship now with security features in place that help to keep users safe. Firewalls (on by default), ASLR, DEP, etc. have become pretty standard. The thing that hasn'
Elevation in codec installers (Score:1)
the computer user runs untrusted code that was sent to them by strangers
Then how should code become trusted?
Often times they "have to install this special video codec to watch [insert celebrity name here] boobs". Not only do they install this "codec", they give it admin rights.
As I understand it, codec installers require the user to elevate because operating systems' multimedia frameworks offer no easy way to install a codec to a single user's account. Instead, codecs must be installed to the system for all users.
Re: (Score:2)
Re: (Score:1)
the vast majority of users have no idea what a codec is. They simply recognize it as some nerd term and take it as fact that they need it if they want to watch the video.
Then how is a legitimate codec, such as Xiph's Ogg codec pack, supposed to distinguish itself from fake codecs like the ones the scammers push?
Re: (Score:2)
Buffer overflows in browsers, Flash, PDF readers, media players and more have all become pretty standard too. Merely browsing to a particular web site should not cause a computer to become overrun with malware, but sometimes it can.
Re: (Score:3)
Not necessarily. In a car, driving too fast, running a light, tailgating, etc are never appropriate.
Clicking OK is quite often the correct answer with a computer. You can't install software without it. The computer shouldn't make opening a data file and running an executable look and feel exactly the same.
Re: (Score:3)
No problem. We'll lock the computer down to the point where you may only install approved applications from an approved source. Sure, there'll be some exploits, but they'll be closed and you'll be forced to update (you automatically get them pushed onto your machine next time you connect to the internet, before any other connections are allowed). If a problem is detected your machine is shut down to prevent it from damaging other machines, the only connection possible is to the approved source and it will s
Re: (Score:2)
No problem. We'll lock the computer down to the point where you may only install approved applications from an approved source. Sure, there'll be some exploits, but they'll be closed and you'll be forced to update (you automatically get them pushed onto your machine next time you connect to the internet, before any other connections are allowed). If a problem is detected your machine is shut down to prevent it from damaging other machines, the only connection possible is to the approved source and it will stay that way until a fix has been pushed that ensures your machine is safe again.
Your ideas intrigue me and I would like to subscribe to your newsletter, please sign me up.
Steve
Sent from my iPhone
Re: (Score:2)
Please don't sue for stealing your idea!
Re: (Score:1)
We'll lock the computer down to the point where you may only install approved applications from an approved source.
Are you referring to video game consoles, where only established companies are approved sources? Or are you referring to iOS, where any Mac owner with $100 a year is an approved source?
Re: (Score:2)
Pick your poison. Either is nothing I'd want in my home. I prefer to own what I buy.
Re: (Score:1)
Re: (Score:2)
Seems to work for DHS... and it has worked for the aviation industry for more than 50 years.... Do you have any idea how many regulations exist today in aviation specifically because somebody tried doing it differently, and people died as a result?
Re: (Score:3)
Re: (Score:2)
You wouldn't believe how many systems I have worked on that have anti-virus installed that came with the system but hasn't been updated since the free trial expired. I really wish manufacturers would stop shipping systems with anti-virus software that is only good for 60 days. Almost nobody ever pays for the subscription after the trial expires.
Yes I would believe since the PC's I have brought came with the wonderful 60 day virus scanner trial. My latest laptop (HP dv7 i7) came with Windows 7 however I just blew it away and installed Fedora 14 (now 15) and I use this machine for home and corporate use.
Before people say that using a private machine in a corporate environment can aid in espionage I would answer yes it can, but unless the firm you work for provides a corporate machine you have no choice but to use your own. Anyway there are so many
Re: (Score:3)
I'm not sure if it's true, but i have heard that a lot of the spam is a result of the spammers themselves being scammed. They find some less bright guy running some sort of shady small business and convince him that spam is a legitimate form of marketing. He buys into it and pays to send some spam. Whether or not it works at all, the spammers still make money. Which means that spam will keep going as long as there are no consequences for the spammers and there are stupid people running shady businesses.
Re: (Score:2)
These people don't care, the 3 applications they use (internet, mail, some word processor) are working and they're happy with that. Chances are they don't even notice how much of their CPU time is already clogged with trojan work since the tasks they want to run would require at best 10% of the CPU's capacity. Whether the trojan eats 50% or not, i.e. whether the idle task runs at 90% or 40%, they don't know, care or notice.
Flash CPU use (Score:1)
the 3 applications they use (internet, mail, some word processor) [...] require at best 10% of the CPU's capacity.
If by "internet" you mean the web, then I've seen sites using Adobe Flash or HTML5 new features use far more than 10% of a core.
Re: (Score:2)
You're looking at someone like my dad in such a scenario. They have their set of pages they keep visiting, they have their set of people they communicate with and that's pretty much what they do with computers. If a flash app doesn't run, it does not bother them. They might even blame their "old" computer that it's not running right, but since it's nothing they're interested in, they just patiently wait for it to go away or search for the "skip" button. They're used to slow computers, chances are their mach
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
There are some scenarios where it could be possible to go unpatched for that long and then suddenly get infected:
Bubba picks up "one o' dem dare computer thingies" from a garage sale. "ain't nebber been on der inter-tubes, momma!" "Plug 'er in, bubba! The tubes man was here and said it's all hooked up!"
The computer HAS been on the internet for 7 years and has gon
Re:XP Mode? (Score:4, Insightful)
XP versions before SP1 would get root'd by simply having internet access.
If I run a VM (XP or something else), that VM must have a different ip-address than the host, and to have internet access, there must be some kind of router or routing system. To reach the VM from the internet, port forwarding must be configured. Maybe the host IP is directly accessible from the outside, but the VM is not. Even if no firewalls are active, there is no way that the VM can be infected simply by starting it up and giving it internet access. So for an infection to occur, you need to start a browser to visit a website that infects the OS of the VM. (And of course the host could be infected, and then spread the virus to the local network, but that's something else.)
So can you explain how this VM will be infected after it started up without doing anything else on the machine?
Oh, I see! (Score:4, Insightful)
Re:Oh, I see! (Score:4, Interesting)
Responsible for about 90 to 95% of all new infections.
I'm not kidding here, when you look at the current threats, you'll notice that most do not target exploits. Why should they? There is a very good reason not to target exploits but target the big layer-8 exploit sitting in front of the machine.
1. Exploits get fixed. Users don't.
2. Exploits are sometimes hard to craft. It's way easier to create a "click here to see the pig dance" executable.
3. It's easy to adapt social engineering to a new "exploit" (e.g. when a new catastrophe hits, "click here for gory details") rather than adapting an exploit to circumvent AV tools and patches.
If you're trying to break into a machine, use the biggest security hole that no software maker can ever patch: The user. Since most blanket attempts at phishing don't care whether they hit Joe Random over there or you, it wouldn't even matter if 90% of the users were smart enough not to click, it still wouldn't warrant the additional expense of writing code to exploit a security hole in the system.
The Definition of Ignorace. (Score:4, Insightful)
Is this really any surprise to anyone? People still believe that Bill Gates is going to pay you for forwarding email. Most attacks (malware, trojans, viruses, etc.) feed on the ignorance of the average person. It's sad really, but I don't expect anything different 27 years later, much less 7.
Re: (Score:2)
People still believe that Bill Gates is going to pay you for forwarding email.
Well, there goes that lucrative 2nd income. I hope Santa doesn't skimp this year, I could really use some money.
Virus checker bloat (Score:3)
Or alternatively, not have a virus checker at all as it slows down PCs, and misdiagnoses all the time (I don't need it deleting files which I know are NOT a problem).
Just be careful what sites you visit, do backups (using SyncBack of course) and a system restore will usually solve minor problems.
Re:Virus checker bloat (Score:5, Insightful)
And if you drive carefully, what do you need safety belts and airbags for?
Re: (Score:2)
Safety belts don't choke you to death though, and airbags aren't made of lead.
Re: (Score:2)
Ok, but I'm a safe and careful driver, so according to your theory I don't need either.
Re: (Score:1)
That may be true, but you're a careless analogy-maker. Vehicle restraint systems and anitvirus software are utterly dissimilar.
But let's play your game: How many human lives have been saved as a direct result of antivirus software?
Re: (Score:2)
Human lives? Contemporize, man, the question is now the damage to the GDP.
Re: (Score:2)
You're bitter about capitalism, therefore any and all hairbrained analogies are valid. Truly, you have a dizzying intellect.
Re: (Score:1)
Re: (Score:2)
And not every webpage you frequent is well secured.
Like in my analogy, your security does not only depend on how well you can handle your machine. You're dependent on others who you interact with. Avoiding shady, dubious pages is no longer a safeguard against infections, pages can be hijacked and they are, I've seen anything from hotel booking pages to phone registers hosting exploits. And since you do not control that page and have no control over its security, and since you won't find out whether it actua
Re: (Score:2)
Re: (Score:2)
You mean like the webpage you visit regularly and that you trusted which was hijacked and seeded with an exploit?
Build cleaners into free entertainment software (Score:4, Interesting)
If you really want to get people to run virus scanners (without making the scanner a virus itself) you'll have to make it beneficial to the individual. Create some really fun game and buried in the EULA mention that the program does a virus sweep each time it launches.
Either that or fight fire with fire.
Re: (Score:2)
Make it like the Linux administration Doom port. Instead of showing running processes as enemies in Doom, make the malware appear as enemy combatants. You and the malware battle it out with either modern or futuristic weapons. Everytime you kill an enemy, that piece of malware gets destroyed. Everytime you lose a battle, the game deletes a random file on your filesystem...
civil war between different factions of the Linux? (Score:2)
Now this is a ridiculous description: "infected computers as part of a civil war between different factions of the Linux community."
Why give a fsck if Microsoft or SCO are attacked? (Score:1)
Why should the average Joe care if a virus creates a DoS attack on Microsoft or SCO? all that he cares about (and he is right to do) is if his computer does the job he wants. If it is too slow, he can always service it or buy a new one.
Instead of blaming the people actually responsible for the mess (i.e. the developers of the virus or of the operating system that let this happen), it is the users that are blamed? WTF?
Is that the best you got? (Score:3)
Re: (Score:2)
My IDS is still showing probes from the Blaster Worm, that was 2003.
Not bad, but I'm waiting for somebody to chime in that they just got the "I love you!" email.
clone my doom to make a warning and boot them off (Score:2)
I think some ppl should make a mimic my doom virus that simple informs the ppl
they need to patch and until then their tcp/ip files have been removed.
Gets them off the network and educates them.
Re: (Score:2)
I think some ppl should make a mimic my doom virus that simple informs the ppl they need to patch and until then their tcp/ip files have been removed.
Gets them off the network and educates them.
I think most users would find it hard to patch their system if they no longer have network access to do it.
Alright then (Score:2)
Update once every 5 years. Got it. Cheers.
Incredible. Truly, truly incredible (Score:2)
Solution: mod MyDoom (Score:1)
Just create a modified MyDoom to format the machines after one month of being infected, you will find less machines getting infected after that.
Re: (Score:3)
Actually, if you're a multi million dollar company you might not be able to upgrade from IE6. I know of such a company. Their main application that the whole company hangs on is written for IE6, with IE7+ unable to render it sensibly.
And yes, we're talking about a friggin' HUGE company here. Think Sony. Just big.
Re: (Score:3)
Just because you're a giant, doesn't mean your brain disease isn't serious.
But the thing about software, is that it costs the same to fix no matter how many people use it. The surgeon still costs the same.
Re: (Score:2)
True, but "it's working, isn't it? Then why change it?"
That was, in a nutshell, the answer I got. And that's also the reason why changes are unlikely to happen any time soon. It's working. Changing it costs at least 6, more likely 7 digits. No chance that you could get that kind of money to change something that "is working".