Clever New Windows Worm 621
freakboy303 sent in linkage to a new worm
that will no doubt be cluttering our inboxes soon. Clever bits include running its own SMTP
service to increase chance of success, as well as using a bunch of spaces
to disguise the true extension of the executable. No doubt countless copycats
will soon follow and our inboxes will be cluttered by countless copies
of the thing. Not that there's a problem with windows security.
So (Score:2)
Re:So (Score:3, Funny)
see, people have either used a local smtp server OR used spaces. This is obviously the work of a professional. No script kiddie could be THAT good. This guy probably has an AMD [dal.net]
Pat
(link is to a funny article)
Re:So (Score:4, Funny)
Method and Apparatus for delivery of a self-replicating bytestream through use of a square port number and excessive white space.
Couldn't find it on the patent search site, though
More Slashdot demagoguery? (Score:3, Interesting)
Why do the editors of Slashdot ALWAYS put their unproductive, derogatory, flaming, two cents at the end of _every_ story regarding something "AWFUL" Microsoft has done? Either they are really insecure about "their Linux," and can't get fullfillment from any other means than bashing the competition, or they really don't believe in what they advocate so much. I'm sick and tired of hearing it! Come ON Slashdot! There are countless posts in previous stories that sound just like this one - all in reponse to the crap you guys put in the Microsoft stories. Get the picture: no one wants your bias. Bias makes for unreliable, untruthful, and slanted news.
With that being said, of course there are problems with Windows security. There are security problems in EVERY OS. Stop pointing the relentless finger at Microsoft every chance you get.
The difference is... (Score:2)
Ancient Troll (Score:3, Insightful)
At least the people who bitched when Taco first used the Bill Gatus of Borg icon they had a legitimate reason.
Re:More Slashdot demagoguery? (Score:2)
Really!?! Show me the Email client that launches an executable simply by double-clicking on it.
What? You can't find one. Perhaps Microsoft will write one so that Linux can be unsecure as well.
Yes, there are security problems in every OS, but Microsoft goes out of its way to create security problems. Regular users can delete, update, or change system files in the default setting What the heck sort of security is that? Microsoft has even blurred the line between data and executables by creating documents that can launch macros with hooks into the entire operating system. What was Microsoft thinking? At the very least Microsoft should have created a sanbox for these VBA macros.
The fact of the matter is that Linux + StarOffice is an order of magnitude safer than Windows + Office and would be even if Linux had the greater market share.
Re:More Slashdot demagoguery? (Score:3, Insightful)
Show me an average person that can learn how to open up attachments with one of your "safe" email programs.
The graph you are now picturing is "User Friendliness" vs. "Security".
The market will show you which one is in higher demand.
Not that I agree with it, just telling you the way it is.
Re:More Slashdot demagoguery? (Score:2)
no problemo.
Re:More Slashdot demagoguery? (Score:2)
Good points. Of course, my response had nothing to do with ease of use. The original poster intimated that Linux had these same sorts of problems, and I pointed out that it doesn't.
Personally I think that if the question were spelled out as bluntly as you have said it that many organizations would opt for Linux's slightly lower user-friendliness, and much higher security.
Then again, I think that we are very likely to see StarOffice become popular due to its much lower price. In my opinion Windows, StarOffice, a decent email client that doesn't allow you to launch executables by double clicking, and a good virus scanner hits the sweet spot between usability and security.
Most users would still be able to do all of the stuff they currently do (including run all of their Windows software and open most of their Office documents), and yet they would be infinitely safer from viruses, trojans, and other malware.
Until it comes pre-installed Linux isn't likely to be a good fit for most folks.
Re:More Slashdot demagoguery? (Score:3, Insightful)
It all boils down to the same thing time and time again. Windows is no more usable than Linux it is only more common. There are an infinite number of ways a UI could have been diesigned. It just so happens that poeple have had Windows crammed down their throats for so long that something different seems hard and un-intuitive.
Re:More Slashdot demagoguery? (Score:4, Offtopic)
The key word is in the above paragraph is "mature". Its like I always say about elitests and linux. They like being able to put other OSs (in this case) down, that is why you find people bashing Linux newbies instead of helping them out. Cause if everyone used Linux, they wouldn't be "special" and be able to insult the "average man".
Remember, the men behind
Re:More Slashdot demagoguery? (Score:3, Interesting)
I, and I would think others, don't mind reading about Windows vulnerabilities here. I just see through the bias statements. One thing's for damn sure, I'm not about to start reading some Windows site for good details on the hole-of-the-week.
If you don't want to read about Microsoft here, just turn it off in your preferences.
no, knowledge to help. (Score:4, Interesting)
Let's see, I'm 35 and work for a US national sized company. They have not fired me yet, so I must have some tact.
I'm interested in all the windows worms and I'm glad that Slashdot documents them. Here disasters that cost companies that trust M$ millions of $ are treated rather cooly, exept by folks like me. You see, here I get to scream my head off about how stupid, irresponsible and incompetent the exchange group is. You don't think I'd actually tell anythig to the moron "standardized" on Exchange then got clobbered by all this? I mean, they tried very hard. They spent all the company money on all the band-aid virus checkers, comercial mail filters and what not. Heck, they are still trying very hard to recover all the contacts, email, calender events, daily journals and what not that contained the characters "hi" in them? Nah, they might get their feelings hurt if they learned how badly the company they trusted let us all down. Here I can scream it all out loud, share laments with others who suffer and more important, learn exactly why such things happen and why they will always happen when you do things the M$ way. Slashdot is teaching me with good and bad expamples of how to do things. Shame on M$ for the way they do things. Here I can gloat and bitchslap trolls like you in a way that would get me shitcanned at work. When I'm finished learning good conceptes and taking out my frustration on loosers like you, I can gently suggest things to my co-workers that might improve the place I work. I don't have to gloat about new viruses, the NAV packs and viruses themselves do that for me.
Re:More Slashdot demagoguery? (Score:2)
Is it me, or are the comments under the stories actually getting less anti-microsoft? Seems to me like a year or two ago very few people would be willing to defend MS (or decry anti-MS sentiment), but nowadays people are a little more level-headed about it it seems (at least in the comments section; the
Re:More Slashdot demagoguery? (Score:2)
go somewhere else if you don't like it.
Inviting flames, I guess (Score:3, Insightful)
Because to a programmer/architect/sysadmin, the mere existence of these worms is mind-boggling. Imagine the largest-selling American car manufacturer building all of their models with the gas tank right behind the front bumper, or some such idiocy. Now you, as an automotive columnist (with some professional understanding of auto design), are forced to report every time one of these Hindenburgs ends up as a firey wreck.
It'd be bad enough if this happened in one model of car, but to see it happen year after year, when the company should know better, has to be somewhat irritating. I'll let MS slightly off the hook when a "legitimate" bug is found-- that is, one that might not have been directly anticipated when the product was being designed. But each of these worms exist as a result of MS's ongoing, dunderheaded ignorance of basic security issues. Windows scripting on as default? Minimal security in their email software? Preview panes that can automatically execute scripts?
So yes, the Slashdot editors' scorn is thoroughly justified in these cases. If you're looking for more objectivity in your reporting, there are other places to go. If you stuck to the reports I've seen in reputable newspapers, you wouldn't even have to suffer the notion of Microsoft as a responsible party. If you think that's the case, choose your news sources differently. Slashdot is run (and contributed to) by people who take this sort of stuff a little bit personally.
Re:More Slashdot demagoguery? (Score:2, Troll)
How many inexperienced people will read that snippet (and other snippets) and forever think of Microsoft as an EVIL EVIL SCUM with no mind for security at all? Think about what influence Slashdot has over a very large proportion of the "geek community" and other technical and scientific gropus.
All I am saying is that Slashdot should put aside their pride, zeal, or whatever it might be that drives them to attach unproductive garbage to the ends of stories. They should recognize this on their own, but, apparantly they do not. It's unfortuante, as Slashdot is one of the best places on the Internet to go for news, and heady, informed discussion.
Re:More Slashdot demagoguery? (Score:2, Troll)
See, the facts are that Microsoft actually is "EVIL EVIL SCUM".
So cut the
Re:More Slashdot demagoguery? (Score:5, Insightful)
OK, I come here for news, and for discussion. I read the headlines, generally the blurbs, and I poke around in the discussion until I can't stand it any more.
I don't use this site as a basis for generating opinions regarding what company is bad, what company is good, or what text editor I should use. I have my own methods for said exercise.
Surely, you realize that this site is coded, maintained, and read by geeks. I find it quite unlikely that a reader of this site hasn't formed an opinion one way or another regarding Microsoft. We don't thaw out cavemen, and then teach them to read, using Slashdot (boy, that's be an exercise in futility, with the l33t speak, and the horriffic grammar and spelling.)
Bottom line is this, and I know it's been said many times in the past: This is not a real news site. It's just a weblog, and it happens to have a lot of people who like it. The Slashdot editors are under no obligation to be fair, or unbiased. If you don't like it, create your own site. Buh-bye.
Re:More Slashdot demagoguery? (Score:2)
I don't think you get it.
Slashdot is a site from the (tech)people for the (tech)people, that's why it gets a hell of a lot of typos, comments, double-posts, discussions, flamewars and bias.
I am really happy that there are still sites not controlled by huge corps.
Of course this is a hard concept for some people.
If you love to look at sites with no typos, no comments, no double-posts, no discussions, no flamewars and a more subtile form of bias, why don't you go here [wininformant.com] or here [win2000mag.com]
On those sites there is no need to tell people to shut up, because people don't get to speak at all.
Re:More Slashdot demagoguery? (Score:5, Insightful)
Bullshit. If Slashdot wanted to be a "respected news firm", then that would make sense. However, it's run by some guys who liked Legos, Star Wars and KDE on Debian. They post links to stuff they think is nifty around the web, and a community grew around it. Now most links are submitted by readers and we all chat in the discussion board under each story. But at the heart, it's *still* just a website run by some guys who think legos (now mindstorms) Star Wars (now the pre-trilogy) and... well, CmdrTaco still uses KDE on Debian at any rate.
Think about what influence Slashdot has over a very large proportion of the "geek community" and other technical and scientific gropus.
It's opinion. People have them, and some people make theirs very public. It's part of human nature. I'm sure your office has a guy who goes off about how great some type of coffee is, or some woman who will tell anybody who will listen the plot of last night's TV show that she loves. Well, remember how I said that this is *not* a news site, but a site run by some guys who like geeky stuff? Their opinions are that Microsoft generally sucks (and it's shared by quite a few people). I may not agree (in fact I don't - and I run Linux on server and desktop), but I don't bitch about them stating their opinion on the site they run.
Dear Ghod - do you write in to Art Bell and bitch that he shouldn't have weirdos on his show? Do you write in to Howard Stern and tell him he should be more compassionate? Do you write in to Rush Limbaugh and tell him that he should stop expressing his opinions on political issues? No - they (and two of those three I can't stand listening to), are great radio *because* they are opinionated bastards that put weird, occasionally informative crap up on their show.
--
Evan
Bias and Journalism (Score:3, Insightful)
I don't know about you, but by FAR the reporting that holds value for me is the kind where the bias is KNOWN. Ever see "The Insider"? Wouldn't you like to know if there is bias mucking with your news organization?
You are living in a DREAM world if you think your news organizations are giving you unfiltered, unbiased news.
Time to wake up and do a bit of research son.
Either that or yours was a masterful troll.
Re:More Slashdot demagoguery? (Score:2)
Bad news for windows == Post the story.
Bad news for *nix == Dump the story
It's called reporting, that's why you can't base all your news on one source. News organizations of all kinds only publish what they consider newsworthy. If they don't want the public to know something, they don't publish it.
Re:More Slashdot demagoguery? (Score:2)
Of course, one could see that as a "See, Linux and *BSD are just as secure as those multi-zillion dollar *nixes" type of bias. But hey, if you have a soapbox, you get to decide which side you stand on, and what you want to say.
Re:More Slashdot demagoguery? (Score:4, Offtopic)
I could be wrong, but I thought that most of the users of Slashdot were above bias. I may have been wrong. Please excuse me if I was.
Slashdot demagoguery, or troll snacks? (Score:4, Funny)
and i simply assume most people have a sense of humour, but we don't all get what we want, do we?
sure, i know that windows isn't complete crap - hell, i can admit it's gotten pretty useful in the last couple revisions. i've even been known to use it to play the occasional game. but i don't come to /. for flat, ZDNET style reporting. i come to it for useful links and snide comments.
i also come here to do this once in a while:
So Yet Another MSTD (Score:2, Interesting)
Now for the usual run of blame: hackers for writing it, MS for releasing Outlook, users for not patching. For the real solution, see my sig.
Re: (Score:2, Interesting)
Re:You know.... (Score:2)
Re:Wrong again! (Score:3, Informative)
Root access is required to bind to a low-numbered port, but not to connect to a remote service, which is all you need in order to send email.
Geez, don't people know at least the rudiments here?
uber-uber time? (Score:2)
Re:uber-uber time? (Score:2)
VMS--WNT
-sam
Where is the useful information? (Score:2)
Where is the link to all the detailed meaningful info about this worm?
Re:Where is the useful information? (Score:2, Informative)
The reason the thing is treated as an executable is because the the
[agreed that useful info about the worm would be good too]
Re:Where is the useful information? (Score:2)
Already done, but the issue isn't the name, it's the code. We don't run OutLook, but if this thing was renamed before being sent, it could still potentially be damaging...Especially since the writeup at the link is so...sparse.
Re:Where is the useful information? (Score:2)
Am I the only one...? (Score:2, Interesting)
- A.P.
Re:Am I the only one...? (Score:2)
Re:Am I the only one...? (Score:5, Funny)
At the risk of stroking the collective /. ego, yeah, they are.
Canonical example - someone who got Sircammed at work, came to me and said they were having trouble opening up this attachment someone had sent them, and they wondered why someone sent it to them in the first place.
I did my best "All your base!" voice and said "I send you this file to have your advice!"
Cow orker said "Yeah, hey, how did you know that? Are you reading my mail?"
Another admin and I spent the next hour disinfecting 0wn3d box3n from other cow orkers who had done the same thing.
Re:Am I the only one...? (Score:2)
Depends on how much you are out there... (Score:3, Insightful)
The other is how much your email address is out there. Some of the viruses would go through the web cache and grab email addresses from there. If your email address is out there a lot, you are going to get more viruses. 99% of the SirCam, Nimda, and so on that I got (probably a couple hundred) came from people I did not know.
Re:Am I the only one...? (Score:2)
Still - these things certainly exist and they're a pain for some. I do infosec consulting and see it all the time with my clients and in conversations with friends and peers in the industry.
As a side note - it never ceases to amaze me how some businesses manage to continue functioning with all the crap dumped on to, and floating around, their insecure networks. Especially smaller businesses who's resources are usually a lot tighter than their larger counterparts.
I'm just glad I can escape it all to the (relative) safety of my own little home network once in awhile. :)
Re:Am I the only one...? (Score:5, Insightful)
That's the idiot that picked Outlook/Exchange for the corporate messaging system, right? Sorry, I'm not ranting at you, but I hear this a lot at work and want to set the record straight.
I don't think it's fair to blame the user for not knowing that ".txt.pif" is a magic extension that can hurt their computer, or just to tell them "don't open email from someone you don't know". The fact of the matter is that it's wrong for your email client or your web browser to executed code from an unknown source, and the user should have to take positive steps (more than one) to execute such things. Microsoft's email tools are fundamentally broken, even to the point where they betray their supposed ease of use by requiring the user to puzzle over which emails are safe and which aren't.
So no, I don't really blame the marketing guy for not knowing that ".txt" is OK but ".txt.pif" isn't OK - it's not his job to know. It's the job of the tools Mr. Marketing is given to tell the difference for him and not automatically or easily do something dangerous. And it's the job of corporate IT purchasers to make sure that the right tools are being given to Mr. Marketing. More than anything, the repeated Microsoft virus and worm attacks point to a fundamental failure to learn from past IT purchasing mistakes.
Don't get me started on my company's new internal IM system that only works from Windows - thanks for nothing there, guys.
That wasn't his point at all. (Score:3)
There is no perfect email system, and there never will be, but the way Microsoft does things is fundamentally wrong. The default "trust all attachments" behavior of Lookout and Lookout Express, coupled with the default behavior of hiding extensions for known filetypes, mated with most users' general inexperience in all things computer-related equates to one huge fucking train-wreck of a problem, wouldn't you agree?
This whole mess could easily be avoided (or at least toned way, way down) if Microsoft would wise up and start shipping their mail clients (and their web browsers) with much more locked-down defaults.
Yes, I'm picking on Microsoft. They're a huge company and a lot of people who simply don't know any better use their products. Their products ought to know better; don't leave security up to the end-user, and don't make the IT guy's job more tedious than it already is.
- A.P.
Re:Am I the only one...? (Score:3)
All it takes is one idiot, though, to bring down an entire company.
One desktop machine should never be able to bring down an entire company, even if the hacker has full access to it.
Without Outlook? (Score:5, Funny)
Not even a virus can depend on Outlook anymore...
There's a few differences (Score:5, Informative)
We were all talking about this a week or two ago, but I'm too busy trying to get this pinball machine on eBay, so no time to search through old articles.
woof.
Re:This would be worse in Linux (Score:5, Informative)
Contrary to popular belief - and it's really, really prevalent on Slashdot nowadays, of all places - you don't need an SMTP server to send an email. You just need a client.
All you need to do is open a connection to port 25 on an existing SMTP server to send an email to an address it assumes is its own, and send off a bunch of commands: HELO, MAIL FROM, RCPT TO, DATA, and QUIT.
Try it sometime. Telnet to a mail server on port 25, and type the following commands, without using the backspace key:
HELO heaven.gov
MAIL FROM: god@heaven.gov
RCPT TO: <actual email address>
DATA
I've been watching you. Your fly is down.
.
QUIT
Make sure the email address domain is one that the mail server will answer for, otherwise you'll get an error saying it won't relay for you. (Usually.) And make sure the user is a valid user on that domain. If those two requirements are met, you've sent an email - without needing an SMTP server, I might add.
So if you don't need a server, you don't need to bind a port, and a worm like this could spread through Linux systems the way it spreads through Windows systems.
Re:This would be worse in Linux (Score:3, Insightful)
To be "popular belief" it would need to be a prevailing opinion. The post you responded to is proof of just one person who knows less about SMTP than they thought they did. Hardly prevailing.
What is really popular right now is the "hate Slashdot" meme. It seems to be trendy to bash Slashdot, people who read Slashdot, people who post to Slashdot, and so on.
Windows == spammer? (Score:2, Interesting)
Gag, I hope I didn't understand that correctly...
Get a Mail FIlter Already!!! (Score:5, Informative)
Since then, we got hit with evey major email worm, but got infected by none - 1,000's of messages per incident blocked at the server - none made it to the internal Exchange box... they all get blocked at the "mailman" (block EXE, VBS, PIF, whetever)
The sender gets a "kindly" message saying "Sorry, we don't accept this extention type - try again".
It'll even scan for uncertified macros in Office Docs, filter spam (i.e. GREP searches), autorespond, basically a nice
It's amazing how a small company like us can spend the $1,500 to protect our mail system, while larger ones (i.e. employers of my roommates) would rather lose 4 hours of mail to one of these buggers.
It makes no sense NOT to use a simple filter - when will people learn. Until then, I'll just laugh.
Re:Get a Mail FIlter Already!!! (Score:2, Insightful)
Mail Filter == BandAid, nothing more. I'm glad that it protects your small company for now, but you have to realize that the filter is only as good as the filter set, and someday someone will get past it and you'll have another worm outbreak. The only way to be really safe is to fix your users' email programs so that they don't easily execute things that the users are sent. Fix the root of the problem, not the symptom.
Re:Get a Mail FIlter Already!!! (Score:2, Informative)
I'd rather filter for a couple weeks until I installed a mail client that wasn't susceptible to this kind of stuff, and then quit worrying about the filter. But I suppose you could also use the filter for other somewhat useful things, like limiting attachment size, scanning for dirty words, etc. And if the bounce message informs the worm-ridden sender that they have a problem, then that's all for the better I guess.
Re:Get a Mail FIlter Already!!! (Score:3, Funny)
Unless, of course, you have a Mac, which asks me very nicely what I would like to open happy99.exe with: Photoshop, or TeachText.
Re:Get a Mail FIlter Already!!! (Score:5, Informative)
#LOGFILE=/var/log/procmail
#VERBOSE
VIRUSDUMP='/var/spool/virus'
GOTCHA=`formail -xTo:`
:0
*^Content-type: (multipart/mixed|application/octet-stream)
{
*^Content-Disposition: attachment;
*filename=".*\.(vbs|wsf|vbe|wsh|hta|scr|pif|com|e
{
| (formail -r -I"Precedence: junk" ; echo -e "Our mail server refuses e-mail messages with suspect attachments, like: \n\n vbs, wsf, vbe, wsh, hta, scr, pif, com, exe ou js.\n\nYour e-mail was not delivered.\n\nPlease contact webmaster@host if you have any questions.") | $SENDMAIL -t
${VIRUSDUMP}
}
}
At least it won't kill my ping (Score:2, Insightful)
The nice thing about this one is, it's just hitting e-mail. When Nimda and Code Red were wreaking havoc on the internet, they made it impossible for me to play games on my cable modem. I had so many incoming requests on port 80, I couldn't do anything.
How many times does this have to happen before Microsoft starts putting security in front of the user experience? I can't see how having to remove viruses from your machine on a near-daily basis inproves the user experience.
I wonder how long it will be before... (Score:5, Insightful)
Its only a matter of time. Its amazing how even a dumb virus can fool so many people.
I'm bracing for the big one. (Score:2, Interesting)
As a simpler step, these viruses should be hiding themselves within attached
Not a bad virus... (Score:5, Insightful)
Most sensible organisations will already be blocking .pif files in mail - this virus is already known by McAfee as W32/Shoho@MM [mcafee.com] and they have detailed it as a LOW risk worm.
On another note, I hope Slashdot isn't going to run a story on every new virus that gets released...
-- Pete.
Not sure why this would only have a LOW risk.... (Score:3, Informative)
Files being Deleted on an example (win9x) system:
- c:\WINDOWS\1STBOOT.BMP
- c:\WINDOWS\ASD.EXE
- c:\WINDOWS\CLEANMGR.EXE
- c:\WINDOWS\CLSPACK.EXE
- c:\WINDOWS\CONTROL.EXE
- c:\WINDOWS\CVTAPLOG.EXE
- c:\WINDOWS\DEFRAG.EXE
- c:\WINDOWS\DOSREP.EXE
- c:\WINDOWS\DRWATSON.EXE
- c:\WINDOWS\DRWATSON
- c:\WINDOWS\DRWATSON\FRAME.HTM
- c:\WINDOWS\EMM386.EXE
- c:\WINDOWS\HIMEM.SYS
- c:\WINDOWS\HWINFO.EXE
- c:\WINDOWS\JAUTOEXP.DAT
- c:\WINDOWS\Kacheln.bmp
- c:\WINDOWS\Kreise.bmp
- c:\WINDOWS\LICENSE.TXT
- c:\WINDOWS\LOGOS.SYS
- c:\WINDOWS\LOGOW.SYS
- c:\WINDOWS\MORICONS.DLL
- c:\WINDOWS\NDDEAPI.DLL
- c:\WINDOWS\NDDENB.DLL
- c:\WINDOWS\NETDET.INI
- c:\WINDOWS\RAMDRIVE.SYS
- c:\WINDOWS\RUNHELP.CAB
- c:\WINDOWS\SCRIPT.DOC
- c:\WINDOWS\Setup.bmp
- c:\WINDOWS\SMARTDRV.EXE
- c:\WINDOWS\Streifen.bmp
- c:\WINDOWS\SUBACK.BIN
- c:\WINDOWS\SUPPORT.TXT
- c:\WINDOWS\TELEPHON.INI
- c:\WINDOWS\W98SETUP.BIN
- c:\WINDOWS\Wellen.bmp
- c:\WINDOWS\WIN.COM
- c:\WINDOWS\WIN.INI
- c:\WINDOWS\WINSOCK.DLL
That would seem to be pretty destructive to me... Also strange that we can only get a beta DAT file and there is no mention on McAfee's virus alert pages that this thing is out there... tisk tisk how many people will think this is a hoax and run it fscking up their systems...
Regexps and procmail recipes anyone (Score:2)
Anybody got some good regexps I can put in the header check MailMan does for me?
And/or a procmail recipe I can use to filter out this junk?
Is this slashdot or a Windows bug tracker? (Score:2, Flamebait)
I see two stories concerning an Outlook virus and an XP exploit within two hours or so of each other, with one new story in between.
Can we move along to some real news for nerds, some real stuff that matters? Or at least add an option to ignore the damn Outlook virus updates and other nonsense.
J
Re:Is this slashdot or a Windows bug tracker? (Score:5, Insightful)
If that ain't news, what is?
As for the worm... well, it's mildly technically interesting. But if Microsoft worms have become so common that they are no longer news... well, i think that's news, too!
Oh, stop with the Windows security remarks already (Score:3, Insightful)
(A) 98% of all people using PCs to read email are running Windows.
(B) There are a lot of cracker-types full of concentrated angst about Microsoft, Bill Gates, Windows XP, etc.
If that 98% referred to Linux/KDE or MacOS X, you can be _damn_ sure that there would be severe security exploits for those systems as well. All it takes is _one_ small hole to give a virus writer leverage, and in any system with hundreds of thousands of lines of code behind it, there are going to be small holes. Arguably things would be much worse if everyone used Linux, because Linux is more daunting for users to administrate than Windows. So anyone not keeping up with security issues would be vulnerable. Most people fall into that category, even intelligent people.
As for (B) above, what can be said except that it's pretty sad.
Re:Oh, stop with the Windows security remarks alre (Score:2)
I agree to some extent, but there's a little more intrinsic security in *nix ... stuff like permission checking; anybody can do anything on a Windows box but only root can do the really nasty stuff on a *nix box.
You have to be a measure more clever to find a root exploit before applying your trojan payload ... in fact maybe it's a good thing that Windows has low security; most crackers probably take the path of least resistance and leave *nix alone ...
Re:Oh, stop with the Windows security remarks alre (Score:2, Insightful)
It really makes me sick when linux people automatically refer to Win9x. In NT, you need to be an Administrator to do that kinda stuff. Not a User. And, yeah, if you live in a cave, WinNT ACLs are a far more advanced permissions system than *nix ever dreamed.
You don't get it (Score:5, Insightful)
Linux and OSX are both based on the Unix security model, a fundamentally sound design refined by two decades of real-world practice (dating back to the RTM worm in the early 1980s). It's not a matter of the virus writers aren't looking... it's a matter of a lack of exploitable holes. Name ONE Unix email client stupid enough to auto-execute code. Just one!
Yes, there are still exploitable holes here and there in Unix/Linux. But they generally require real mastery to find. Windows macro viruses can be written by 14 year old boys. My wife, a technical writer, doesn't know enough programming to write heapsort (do you?), but she knows enough to write a macro virus in VBA.
Get it through your head... the number of viruses and worms today is not a function of popularity or attention. It is a function of poor design and poor implementation, combined with security by obscurity (a technique discredited everywhere but Microsoft).
Really, learn about it. Don't just whine because Microsoft is getting a richly deserved spanking, and you don't want to hear how bad your favorite OS sucks.
Re:You don't get it (Score:2, Interesting)
It just ships in a default configuration that is about as tight as a gay man's asshole.
IIS is an excellent piece of software. I've used it before, and I'll use it again. Remember Code Red, et cetera? Guess what? I didn't have to patch my servers because they were IMMUNE. IIS "flaws" are NOT part of IIS itself, but part of different addon modules that should be easily removed by any knowledgeable sysadmin. Anyone knows that running script modules for everything in the world that you're not using is asking for trouble. IIS just ships that way for ease of use for the consumer. I can easily make IIS just as secure as Apache --- it takes about the same knowledge required to set up apache.
So quit the FUD.
Re:You don't get it (Score:5, Insightful)
Unix was built by developers for developers. In many cases the system administrators were also the system programmers. System administration problems tended to be solved by code. For example, in the early 80's Unix did not limit the number of processes per user. At Bell Labs, whenever the Intro. to Unix Programming class got around to the 'fork()' system call, machines started crashing. This was soon fixed by a kernal change. Linux has continued (and expanded) on this tradition.
In contrast, Microsoft has focused on ease of use for the average user. This focus has been rewarded with market share. Security has been an after thought. Prior to mass adoption of the Internet - this was not an unreasonable approach. Now, of course, it's a disaster.
Anyone know what SARC is calling this one? (Score:2)
Neither is Winl0g0n.exe
Looks like a hoax (Score:5, Funny)
When will we see the real worms? (Score:5, Interesting)
The "optimal" worm is one in which all it needs is a thread of execution and access to basic OS APIs like sockets and elementary file access. You're not going to stop a worm from calling the most basic APIs, so the key to stopping worms (once all the fundamental holes are patched in Windows, if ever) seems to be not letting them have that thread of execution in the first place. Of course, there will always be lots of users willing to run unknown executables, but the less automatic, the better. Patching buffer overflows in IIS, etc., will only go so far because there will always be users ready and willing to execute email attachments. Until focus comes to bear on ways to keep unsophisticated users from doing this sort of thing, there will always be a cornucopia of devastating worms.
Duplicate (Score:2, Troll)
Hey, CmdrTaco, what's with having another duplicate story today? You just reported about the new windows vulnerability two hours ago.
Oh, wait. . .
Windows security problem? (Score:2, Insightful)
How long a list do you want? (Score:2)
2. Stop designing operating systems where the default user account has write access to system binaries. Make it easy enough to do basic administration without formal administrator access that users don't run with administrator access by default (NT, W2K, XP desktop use).
3. Build bounds checking into Visual C++, at least as an option. Require programs under development to be tested with bounds checking on in order to detect buffer overflows.
I could go on, but you get the picture. No, you can't stop all security problems completely. However, you can make a very good dent in them. Just because a burglar can break your door down or pick the locks doesn't mean you shouldn't lock the doors to keep out the less skilled or ambitious.
This is funny. (Score:4, Interesting)
Funny that SOMEONE at Microsoft is finally, publicly, admitting that there's a pattern to Microsoft vulnerabilites.
Can anyone find more info? (Score:2)
secure email client (Score:2)
$
That is, until someone finds a vulnerability in vi.
Visual Basic? (Score:2, Funny)
Training wheels for small children's bicycle for sale. Buy now and get a free shotgun.
Re:Visual Basic? (Score:3, Interesting)
Earlier we used to be suspicious only of very small executable attachments. Often that would be a virus. If someone mailed you a large executable attachment it would probably be a legitimate file. However after all the legitimate funny files that are sent to friends (you know, those cartoon like programs, or sheep floating on your desktop) nobody is surprised anymore about a rather large attachment.
There have been so many 'harmless' funnyfiles that people don't believe you anymore when you say "never open executable files!". Not to mention the fact that it's allways "safe, because a friend sent it to me". Oh well...
Quite a large list of offending extensions (Score:5, Interesting)
Okay... so we can't fix the software or the users. (Score:5, Interesting)
Why are companies letting people thrash the mail system inadvertantly and go on like nothing happened? This is a social problem, albeit one that has been made more prevalent by bad technology. So what if Outlook took out the double-click-run-and-destroy feature for attachments? Trojan's would get mailed along w/ instructions on how to safe to your disk and run the program. And some idiot would do it too.
I'd much rather see corporations making their employees responsible for breaking things on the network. If the admin fscks up the entire system he'd be up to his knees in shit -- but the "users" are allowed to do it because they can claim ignorance? No thanks. Draw up some strick hard-line rules for your employees and get this crap taken care of. My personal suggestions would be:
Sure, it's a bit drastic. But is productivity really benefiting from wreckless use/abuse of insecure software? Must your employees use Outlook so they get that warm fuzzy feeling of being able to fiddle with all sorts of buttons on their screen? Why can't the computer be viewed like another other tool? If you don't know how to use it why in the world are you using it at work? I wouldn't dream of putting joe-schmoe on a fork life w/out some training, why put people w/ no training on a computer? If joe-schmoe runs the fork-lift into a wall you bet he'll get some heat for it. Run a virus though? Nah, everybody does that.. let it slide, let IT clean it up.
Re:Okay... so we can't fix the software or the use (Score:5, Interesting)
If a manager (Or a sales guy, or an accountant, whatever) is used to using IE at home and sending e-mails with pretty fonts and pictures attached, they'll demand that they can do it at work. They'll want to be able to read Word attachments from outside sources, and share files with their co-workers. If you say no, they'll just keep complaining louder to your manager and your manager's managers until someone forces you to cave in to their demands. Most of your changes will get shot down, and you'll put up with a lot of grief in the process.
Most users don't give a rats ass about security, they just want to be able to do their jobs as quickly and easily as possible. If you try to get in their way, they'll fight you on every change until you get frustrated and give up.
That's why it's important to make SMALL security improvements, and make them slowly. Start by blocking certain attachments on the server side, and continously remind people not to click on unknown files. Make sure that your virus software runs automatic scans, and updates itself automatically. The users aren't going to do it for themselves, or at least not until they are already infected. Warn constantly, but never try to FORCE anything on your users unless it's absolutely necessary. The nastier you get, the more that they'll start ignoring you.
Re:Okay... so we can't fix the software or the use (Score:4, Interesting)
If any of these employees wore a bathrobe to the office, and sat all day watching television, I'd fire their ass in no time flat. Yet they do this at home all the time.
I don't mean to come off as a flame, as I agree for the most part with your post, but employees are paid to do a job, and to do as *I* the employer says with *my* equipment. A huge problem with email viruses is that because they're computer related, we somehow feel we shouldn't be able to hold employees accountable for their actions. If an employee doesn't want to lock his house door, fine. If he leaves my office door unlocked after hours, he's gone. When I tell an employee "DO NOT open email attachments" and they do, I'm sorry, but the employee is at fault.
Proper Egress Filtering (Score:5, Insightful)
The reason this doesn't affect *nix (Score:3, Insightful)
Irradiate the mail (Score:4, Insightful)
The consumer-level answer (repeated like a mantra) of course is to use anti-virus software, and I find it interesting (and conspicuous) that MS has stayed out of the anti-virus racket- but I suppose one cannot integrate AV software into the OS.
It still boils down to individual "responsibility"- at home I run no AV software on my windows box, and I've never had a problem. I'm no windows apologist, but the fact remains that most people treat their PCs as if they are leaving their keys in the car, garage door unlocked, etc... I mean, it certainly is more "convenient" to ignore any security precaution in actual life (think airport)- but is it safe? And is it at all convenient to clean up after a security breech?
Windows *has* most of the tools for a reasonable level of security if only people educate themselves and use them. The widespread problems people experience, such as this, boil down to NOT opening unknown attachments- which is email 101. This STILL boils down to an
Credit Card Processing (Score:4, Interesting)
Slashcode another victim? (Score:3, Interesting)
You mean the same way some trolls are now hiding Goatsex links by putting a popular site in the front of the url (like Yahoo), having it show [yahoo.com] on Slashdot, then redirecting the user to Goatsex?
Windows isn't the only one with flaws...
Still waiting for the LEGAL virus. (Score:4, Funny)
You get an email with an executable attachment.
The attachment executes automatically, because we WANT it to do that.
Upon execution, a EULA pops up, with a "licence agreement" that states the following:
- The program being executed will automatically forward itself to a significant number of people using a variety of means
- Some type of modification will take place to your file system.
- By clicking OK you AUTHORIZE this to happen, and claim full responsibility for any damage that
is caused as a result.
And most importantly, if the cancel button is pressed, the program won't execute.
Chances are good that 90% of the people who would be affected by an illegal virus will just as happily click OK without reading anything. The fact of the matter is, the virus will cause the same amount of damage, but the author could probably plaster his name all over it and not fear any legal repercussions.
Of course, there's always the issue of intent. Bottom line, authorized or not, the INTENT of the program was to cause havok of the same nature as a virus. But in the end, it would sure make an idiot out of anyone who spread it.
And maybe, just maybe, it MIGHT result in people actually READING the EULA's. Yeah.. I know.. I'm dreaming.
-Restil
The great Outlook patch that nobody uses (Score:5, Informative)
Have a read of this article [wired.com] at Wired entitled "The Great MS Patch Nobody Uses". (brief extract below).
A free, downloadable update that transforms Microsoft's Outlook into a significantly more secure e-mail application has languished virtually ignored on Microsoft's website for more than a year.
Although the majority of recent viral attacks have come compliments of worms that don't rely only on e-mail to spread, the Outlook E-mail Security Update (OESU) can stop or greatly lessen the impact of most malicious code, such as BadTrans and SirCam, if only people would download and install it.
OESU blocks the receipt and transmission of most of the e-mail attachments that typically can contain virus or worm code. The update also stops malicious code from spreading by blocking unauthorized access to Outlook and its address book. Many viruses and worms spread by surreptitiously e-mailing themselves to e-mail addresses culled from an infected computer's system files.
Funny how if the other 99% of people had this patch then virus spreading would drop drastically.
Re:Intresting (Score:2, Funny)
Re:problem with the users (Score:5, Insightful)
Do you know what that means? It means the system needs to be engineered to handle those users. It does NOT mean we should shout and flame about how stupid those users are. Guess what: Everyone who uses an online service (or the Internet, for that matter) is NOT a Computer Science or Engineering major, and they should NOT be expected to act accordingly. They are there for their own purposes, to accomplish their own ends. The systems should be designed accordingly, with error prevention and correction built in, to catch things that would otherwise hurt users or administrators.
Re:problem with the users (Score:5, Funny)
"What? Circuit breakers? What sort of moron would overload a circuit? Who needs circuit breakers? Stupid users."
Re:This isn't a windows problem.. (Score:3, Informative)
This isn't a problem if you use netscape or other non-ie code to view your mail. Pine works great, just not point and click.
Re:This isn't a windows problem.. (Score:2)
Is a 6ft-deep pothole in front of your car "news?" (Score:5, Funny)
"Net access: $20/mo. -- Electricity for computer: $20/mo. -- Reaching the 50 Karma cap: Priceless"
I'm at the karma cap, and I've been oscillating between 47 and 50 for some time. Does anyone else in that situation agree with my Modest Karma Proposal [slashdot.org]?
Re:hmm (Score:2)
Or, at least, occasionally having to land back on solid ground to pick the bugs from between their teeth. Maybe applying one of those teeth-whitening patches.
Re:the long filename hoax! (Score:2)
Since there is no proper convention of attributing things such as title, content, author, etc. on the file (only type, in the extension), these are conviniently put in the file name.
The problem here is not spaces in file names, but the weakness of a string hierarchy.
File systems are dated technology (EROS [eros-os.org] Tunes [tunes.org]...)