Microsoft Virus Spam: SoBig.F 557
If you're being barraged with Microsoft virus spam emails today, this story notes that it's a flare-up of an older Microsoft virus in a new, improved form. Yay for trustworthy computing.
This discussion has been archived.
No new comments can be posted.
Microsoft Virus Spam: SoBig.F
Related Links Top of the: day, week, month.
Things are not as simple as they seems at first. - Edward Thorp
Thank you Spamassassin (Score:5, Informative)
Re:Thank you Spamassassin (Score:5, Interesting)
So how did I get 5000 new messages? I know I'm not in the address books of that many people who got infected, so this one must be doing dictionary addressing as well as address book addressing. Since my email address is of the format [first initial][lastname]@[a large company].com, and my last name is very common, I got pummelled. Maybe I should switch to a more obscure address.
Re:Thank you Spamassassin (Score:5, Funny)
Advocating security through obscurity? On SLASHDOT? tsk tsk. :p
Re:Thank you Spamassassin (Score:3, Insightful)
I do agree that security through obscurity ALONE is nearly worthless.
Re:Thank you Spamassassin (Score:3, Funny)
As you can see, Mr. Anderson - we've had our eye on you for.. some time now.
Re:Thank you Spamassassin (Score:4, Funny)
Re:Run Junk Mail Controls on Folder (Score:3, Informative)
To filter this thing out have Mozilla look for a header value of:
X-MailScanner: Found to be clean
It's in the header info on each and every one of these mails. You'll need to configure a custom header of "X-MailScanner" then look for a value of "Found to be clean" in order to get this to work.
Seems this virus is trying to fake out AV checking at the server.
Re:Thank you Spamassassin (Score:5, Informative)
Don't need spamassassin for this. If you are using qmail-scanner just set your quarantine-attachments.txt in /var/spool/qmailscan/ like so:
Make sure whitespace between the columns is a tab and not spaces. Then rerun your qmailscanner db update and you're good to go.
Spamassassin is WAY to intelligent to be feeding it filename extensions. This is a lot faster too.
Are there any other extensions that would be good to block?
Re:Thank you Spamassassin (Score:4, Funny)
Re:Thank you Spamassassin (Score:5, Informative)
*.com, *.exe, *.bat, *.vbs, *.vbe, *.js, *.jse, *.hta, *.wsf, *.wsh, *.shs, *.scr, *.pif, *.lnk, *.chm
All are potential vectors.
http://antivirus.about.com has a bigger list of suspicious attachment types. Some are document types, but others are just special executable types in Windows, such as
It isn't these *have been* exploited by virus writers (though many have), but rather that they *could be*, because of their nature. I would never filter all of them, but I've gotta admit after scanning the list, most of these would be surprising to me to find in an email.
ADE Microsoft Access Project Extension
ADP Microsoft Access Project
BAS Visual Basic Class Module
BAT Batch File
CHM Compiled HTML Help File
CMD Windows NT Command Script
COM MS-DOS Application
CPL Control Panel Extension
CRT Security Certificate
DLL Dynamic Link Library
DO* Word Documents and Templates
EXE Application
HLP Windows Help File
HTA HTML Applications
INF Setup Information File
INS Internet Communication Settings
ISP Internet Communication Settings
JS JScript File
JSE JScript Encoded Script File
LNK Shortcut
MDB Microsoft Access Application
MDE Microsoft Access MDE Database
MSC Microsoft Common Console Document
MSI Windows Installer Package
MSP Windows Installer Patch
MST Visual Test Source File
OCX ActiveX Objects
PCD Photo CD Image
PIF Shortcut to MS-DOS Program
POT PowerPoint Templates
PPT PowerPoint Files
REG Registration Entries
SCR Screen Saver
SCT Windows Script Component
SHB Document Shortcut File
SHS Shell Scrap Object
SYS System Config/Driver
URL Internet Shortcut (Uniform Resource Locator)
VB VBScript File
VBE VBScript Encoded Script File
VBS VBScript Script File
WSC Windows Script Component
WSF Windows Script File
WSH Windows Scripting Host Settings File
XL* Excel Files and Templates
Re:Thank you Spamassassin (Score:3, Insightful)
- most of these would be surprising to me to find in an email.
- DO* Word Documents and Templates
- URL Internet Shortcut (Uniform Resource Locator)
- POT PowerPoint Templates
- PPT PowerPoint Files
- XL* Excel Files and Templates
Yeah, who'd ever expect to receive one of those as an attachment?Re:Thank you Spamassassin (Score:3, Informative)
What sucks is that almost all the Sobig.F's I got today were bounces from mail servers whose admins doesn't know (or care) that the sender of virus attachments is a fake, and just another name from the contact list of the sender.
To mail server administrators: Do *NOT* bounce mail known to contain viruses -- all you accomplish is to propagate it to someone else instead of
Re:Thank you Spamassassin (Score:4, Informative)
Even easier: reject it at the SMTP level [qmail.org]
Let's hear it for Pine! (Score:5, Funny)
Re:Let's hear it for Pine! (Score:2)
irony. (Score:5, Insightful)
Re:irony. (Score:3, Interesting)
The people actually causing the pollution are those that blindly open attachments without understanding what they are.
Had you not used the words "Microsoft pollution" and used say, "the problems that Microsoft caused in trying to make PC's easy to use" then you'd have come across less like a raging anti-MS zealot and I'd have given you a mod point.
However, Slashdot is full of people who blindly mod up anti-MS posts however incorrect, so you can count on them for y
heh (Score:5, Informative)
Small norway with largest outbreak (Score:5, Interesting)
This virus is just a little variation of an older virus, but it differed enough from the older iterations so that anti virus software didn't detect it.
The virus provider Norman reckons that a big organization in Norway has been hit early and that this caused the big numbers here: Norway stands for 36% of the outbreaks of this virus in the world, which is exceptional when you know that only 4 million people live here.
Re:Small norway with largest outbreak (Score:2, Informative)
Interesting Thing about Sobig... (Score:5, Funny)
Sobig.B appeared on 2003 May 19 and was programmed to deactivate on May 31.
Sobig.C appeared on 2003 June 01 and was programmed to deactivate on June 08.
Sobig.D appeared on 2003 June 18 and was programmed to deactivate on July 02.
Sobig.E appeared on 2003 June 09 and was programmed to deactivate on July 14.
Sobig.F appeared on 2003 Aug 19 and was programmed to deactivate on Sept 10.
It seems like the Sobig release schedule is more consistent and on-time than ... well ... the software release schedules of a major company we love to hate ;-)
Re:Interesting Thing about Sobig... (Score:3, Funny)
And I was thinking they were almost as frequent as KDE releases.
Re:Interesting Thing about Sobig... (Score:5, Interesting)
Built in obsolescence? Maybe the writer always wants you to have the latest version or something. This also reminds me of the recent musings of a software company we love to hate ;-)
Re:Small norway with largest outbreak (Score:3, Informative)
I've gotten more than a halfdozen today. I'm in Sweden, although only one of my addresses is a .se. Considering I have 5 addresses I use regularly, and one guy is claiming 5000 copies of it this morning, I guess I got off lucky. For the moment.
My mac is obviously immune to the thing, and so is my windows box, seeing that it has IE and Outlook completely removed (yes, every last stupid .dll killed and a couple programs patched to work without it) so it wouldn't get any traction there, even if I used it for
Re:Small norway with largest outbreak (Score:3, Interesting)
I would, but I don't own them. Good news is the guy that does gives them away for free. He'll give you extra goodies if you pay.
Bad news is, MS has been laying more and more effort into making his work impossible, so his release schedule definately hasn't kept pace with theirs. So if you're running XP, or 2000 with current SPs applied, you'll have to pay even for a beta. The older version works great with 98, ME, or 2k if you are careful not to apply the wrong SP. Since ME sucks my one remaining Windows b
Re:Small norway with largest outbreak (Score:3, Insightful)
I've only received 2 bounce messages from it, which is a first. I usually get several coming in. I have family who works in the internet based customer support business, they woke to 12,000 viruses waiting and several thousand bounces. I'm in Portland, too, and apparently it decided to pass me over for the most part.
In typical webizen fashion, I warned everyone about it via blog, and told them not to use Outl
Re:Small norway with largest outbreak (Score:3, Interesting)
Surely there is something to what you say, but I would take it with a grain of salt.
So far I've gotten I think 15 copies of the virus, 2 messages letting me know it spoofed me and the attachment was refused.
On the other hand I get a lot of spam. A lot. Very likely because several of my addresses are relatively old. It's gotten to the point where I only bother to report the ones that slip through my filter, and I still send around 10 reports a day.
I have no moral compunction about killing spammers. Tor
Re:Small norway with largest outbreak (Score:4, Interesting)
Norton Write-up on Latest Sobig Variant (Score:3, Informative)
Goodtimes Virus Alert! (Score:5, Funny)
There's a new virus that will re-write your hard drive. Not only that, but it will scramble any disks that are even close to your computer. It will recalibrate your refrigerator's coolness setting so all your ice cream goes melty. It will demagnetize the strips on all your credit cards, screw up the tracking on your television and use subspace field harmonics to scratch any CD's you try to play.
It will give your ex-girl or boyfriend your new phone number. It will mix Kool-aid into your fishtank. It will drink all your wine and leave its socks out on the coffee table when there's company coming over. It will put a dead squirrel in the back pocket of your good pants and hide your car keys when you are late for work.
Goodtimes will make you fall in love with a penguin. It will give you nightmares about circus midgets. It will pour sugar in your gas tank and shave off both your eyebrows while dating your girl or boyfriend behind your back and billing the dinner and hotel room to your Discover card.
It will seduce your grandmother. It does not matter if she is dead; such is the power of Goodtimes. It reaches out beyond the grave to sully those things we hold most dear.
It moves your car randomly around parking lots so you can't find it. It will kick your dog. It will leave libidinous messages on your boss's voice mail in your voice! It is insidious and subtle. It is dangerous and terrifying to behold. It is also a rather interesting shade of mauve.
Goodtimes will give you Dutch Elm disease. It will leave the toilet seat up. It will make a batch of Methamphetamine in your bathtub and then leave bacon cooking on the stove while it goes out to chase gradeschoolers with your new snowblower.
Goodtimes will prompt your mother to call on Friday and Saturday nights for two months after you make a new girlfriend/boyfriend. It will place your wallet and keys on an obscure shelf in the basement. It will emulate your face and stare into the neighbor's bathroom window.
Goodtimes has been linked to cancer in laboratory mice. 9 out of 10 dentists recommend Goodtimes.
Goodtimes will make your bloomers shrink two sizes, and it will make you gain 15 pounds. If this results in a wedgie, then Goodtimes will leave a nasty skid mark.
Snowcrash? (Score:5, Funny)
Re:Snowcrash? (Score:5, Insightful)
Won't work. Dumb people are incapable of a realistic self-evaluation. Here's [apa.org] why.
Re:Snowcrash? (Score:3, Funny)
Ah. So Ensign Chekov had a Latin accent then. That clears up a lot, thanks.
Funny..... (Score:5, Funny)
It's like advertizing space on a blue screen.
God Bless mutt (Score:2)
I'm averaging over 500 every hour (Score:2, Funny)
This software will help if you got the virus (Score:5, Informative)
ftp://ftp.f-secure.com/anti-virus/tools/f-sobig.e
Got hammered... (Score:5, Interesting)
Re:Got hammered... (Score:2)
Re:Got hammered... (Score:5, Funny)
Re:Got hammered... (Score:3, Funny)
12 in the last half a hour or so (Score:2)
At least now I know why I'm am getting so many, and why there seemed to be some new variety to the messages (and the attachment file names).
Editors need to be more honest. (Score:4, Interesting)
But what the fudge does this have to do with trustworthy computing? It's just another email worm, and it relies heavily on user stupidity, much moreso than the msblaster worm.
Let's be honest: Microsoft is an evil company, that forces an evil product on people, and some of us are going to cheer when Microsoft gets hurt and people get nudged towards other operating systems -- whether it's Microsoft's fault, or not.
Could you just have written "Hey, anything that discourages Windows use!" after the story? I mean, christ, that's exactly what probably a good 90% of people here are thinking when they read these stories.
Re:Editors need to be more honest. (Score:5, Insightful)
Everything. Aside from the concerns that trustworthy computing is doublespeak for restricted computing, even if you assume that MS is talking about the *right* kind of trustworthy computing, this virus is the latest in a well-populated freakin' pantheon of examples of their failure to be able to provide anything of the sort.
In other words, this is one more chance to ask yourself: why should you trust microsoft?
Side note: I've had several acquaintances attempt to commiserate with me in the last week about various windows viruses. But I don't feel the pain. I'm using Win XP, but a good firewall helps with most of the problems, and you know, Thunderbird is a good email client and a nice way to avoid the Outlook viruses that people erroneously call email viruses.
Re:Editors need to be more honest. (Score:5, Insightful)
Your firewall helps with this? What, by blocking the mail port? Or does your firewall parse SMTP and block viruses (hint: if it did, it might be called a mail filter or something)?
Thunderbird is a good email client and a nice way to avoid the Outlook viruses that people erroneously call email viruses.
This one has nothing to do with an Outlook vulnerability. It's an e-mail trojan horse. Unless your mail client is unabled to receive files with certain extensions, virus checks them, or executes them under a different permission level (unlikely under Windows), then it's vulnerable.
You represent the most dangerous class of computer users - confident and uninformed.
Re:Editors need to be more honest. (Score:3, Insightful)
UNIX Worms (Score:3, Insightful)
Basically, the last time that a major non-Windows worm threatened the stability of internet was back when the majority of computers on the Internet weren't running Windows. There have been numerous [www.avp.ch] worms [sans.org] since [sans.org] then [sans.org] for UNIX & Linux, but their market penetration has been low enough not to seriously hurt the whole internet. This is not as good of a thing as you indicate.
for more Information... (Score:2, Informative)
also: I remember a worm (maybe a year and a half ago) which ran directly through outlook (by simply activating an email-without opening the file). Does anyone remember this? if so, please refresh my memory. Thanks.
Non-Windows Problems (Score:2, Insightful)
I used to laugh when all the M$ weenies had problems... but now it's a real problem when I get users here going bonkers about 50 e-mails from 20 people... and me having to go around blocking mail servers...
Here are some other articles around about it:
C-Net [cnet.com]
BBC [bbc.co.uk]
Okay, I'm done ranting. Thanks
This one will probably spread real fast (Score:5, Interesting)
And seeing how Hotmail proudly proclaims on every message:
"Notice: Attachments are automatically scanned for viruses using McAfee Security"
we'll be getting a lot of hotmail users opening it to take a peak
Re:This one will probably spread real fast (Score:3, Funny)
It's a worm - blame the users! (Score:3, Interesting)
Let's not forget that this is a worm. It requires that a user launches the executable so it can infect the system. Let's also not forget that many users are using non NOS's such as Windows Me (I'll admit that was a big mistake, however). Users that receive this worm must actually execute it and, since there is not concept of "administrator" on many flavors of Windows (or perhaps the users are the only user of, say, WinXP and are in the Administrators group) so the worm can do whatever it wants - the user did, after all, execute it as an administrator.
The point is - it's the user's fault! Not Microsoft's. Something like this could just as easily happen on a *nix box if the user has sufficient privileges.
Several of the users at work on the network I manage have gotten such worms before, but because they didn't have sufficient privileges, the worms were ineffective. In most of those cases, the virus scanner picked it up anyway.
So, if the user doesn't have sufficient privileges, some worms don't work. Sure, this one would because it runs in userland, but the user still executed it! Besides, they should have a virus scanner anyway. Again - it's their fault.
When it comes down to it, a worm such as a this (trojan horse) requires a stupid user to execute it - so blame the user for once.
Re:It's a worm - blame the users! (Score:3, Insightful)
--
Re:It's a worm - blame the users! (Score:5, Insightful)
this like others uses other extension from
showing the mimetypes/what the email reader is going to _do_ with it would be much more useful than just displaying the name of the file and telling the user to click on it.
they're educated usually alright, mis-educated.
Re:It's a worm - blame the users! (Score:5, Informative)
A worm is a program that propagates itself over a network, reproducing itself as it goes [catb.org]. While this worm may require user intervention, there exist plenty of worms that do not (the most infamous being the Morris Worm [snowplow.org].) A malicious program that masquerades as a legitimate application is a Trojan horse [catb.org].
SoBig.F appears to be a Trojan with some worm-like qualities. Of course, in the world of Microsoft mail exploits, the lines are blurred, but a worm is generally not a user-launched process.
Pedantic, I know, but worms are a special interest of mine, and they generally take a fair bit more skill to create than your average Trojan horse.
Re:Elitism (Score:3, Insightful)
Virus notifications are worse (Score:5, Interesting)
However, the large number of "Your message to xyz@zyx.com contained a virus" is filling my mail spool faster than any spammer. Seems one of my email addresses is a popular one to spoof.
CALL TO ADMINS: Please turn off viral notifications to outside addresses. These days most of the envelope addresses are spoofed, you're not doing any good leaving the notification in place.
And I thought joe-jobbing was bad.
Re:Virus notifications are worse (Score:4, Insightful)
Those notifications are just a way for a company to save themselves a lot of work, at the expense of others. So, we take the risk so we don't have to pollute the 'net with (almost always) useless notifications. So I would say the call to admins should be tweak your filters and educate your users, and then turn off the notifications. Becasue you know the first important message to an officer of the corp that gets deleted without any notification is going to get someone fired, and they're not going to take that risk.
I feel your pain - I'm getting swamped myself. But at least I'm getting an idea of how many viruses are going out in my name.
As far as I'm concerned, you can blame all of this on the spammers. Look at the schedule of these SoBig releases and deactivations. I believe this is a response to more and more open relays getting shut down. These viruses are the new open relays, and the only way to stop them is to stop Spam itself - by beating the living crap out of anyone you know who buys anything from a spammer
this one's quick... (Score:4, Interesting)
huge outbreak here (Score:5, Interesting)
When will you people learn.... (Score:5, Insightful)
All it takes is one user to click the attachment who has an LDAP-enabled address book of the entire company, and poof! you're screwed.
The only sensible way to kill these worms is to block them at the mail server. If you block them at the mail server, you don't have to try to train people or keep hundreds of anti-virus clients up-to-date. Do yourself a favor and set up XWall [dataenter.co.at] if you have Exchange (this is about the coolest spam-blocker/email filter program I have ever used, BTW) or SpamAssassin [spamassassin.org]/MailScanner [soton.ac.uk] if you have Linux/UNIX. This will save you a ton of headaches in the future, and won't require you to worry about hundreds of clients being up-to-date as much as focusing on whether a few email servers are up-to-date. (Block the standard Microsoft "bad executable" list [microsoft.com] and you should be fine.)
Seriously, in the year 2003, there's no excuse for "But my 400 clients weren't up-to-date!" Block these things at the server, which is something you as the network administrator should have complete control over, and which is where the worms should have been blocked to begin with.
University getting hit hard (Score:2, Insightful)
Feh. (Score:5, Interesting)
Fortunately, I use Mail.app, so I can still check my mail with impunity.
There's a spam/address verificiation message I saw that other day that was pretty clever, though. Some spammers sent a reasonably official-looking letter with Citibank headers, layout, and images telling people to click a link to view and accept a new ToS, or their checking account would be suspended. The link looked something like this:
http://www.citibank.com:A78F...(random hex crap)...A812@127.0.0.1/cgi-bin/c.pl?user=youraddre ss@yourserver.com
So they were logging you in as user www.citibank.com to server 127.0.0.1 (changed, obviously) and sending your email address to a verification script. Damn clever.
Re:Feh. (Score:3, Informative)
Because the default in my email client (and hopefully yours) is not to fetch anything referred to in an html document, like images, popup javascript etc - bacause that's the oldest trick in the book to verify email addresses without the users intervention. Links, however are still displayed in case they are useful and without malice.
So you still have the course of social engineerng to get the user to click the lin
hmm (Score:5, Informative)
Their computing IS trustworthy. (Score:2)
I've been collecting them... (Score:2)
Thunderbird works perfectly for me (Score:3, Interesting)
I tried SpamBayes a few days ago. I had to wait to build up a database of good and junk mail, and then it made a false-positive with a university email even though I'd trained it with several uni emails.
Conclusion: Thunderbird is absolutely amazing. I'm going to recommend it to friends.
Plus, having Firebird and Thunderbird icons in quick launch lo
Bug? (Score:5, Interesting)
OTOH, we could replace the Bill-as-Stephen-Hawking with the bug icon, and no-one would care ;-)
Block Attachments on Exchange? (Score:3)
Is there any free software that will filter attachments in Exchange 5.5 and let me block emails with attachments such as *.vbs, *.pif and so on? I have not had much luck finding out how to do this without buying Norton or some other such thing and I can't afford to do that right now.
I know I could set up a relay / filtering box in front of it, but I don't have the time or resources to do that today and this latest virus outbreak is driving me nuts.
My company requires me to run an Exchange server, mainly because our execs love Outlook and the calendering features. I have to run Exchange. I can't change it. I would love to run something else but I can't. Please don't suggest I do.
Thanks for any helpful answers you have.
Re:Block Attachments on Exchange? (Score:5, Informative)
Starting with Office XP you'll see that Outlook automatically blocks attachments ending in PIF, BAT, EXE, etc. This is an absolute that can only be modified through admin policies out in an Exchange folder.
If you are looking for this type of deal I *think* Outlook 2000 has a service pack that installs the attachment blocking.
Hope this helps!
How are stupid users MS's fault? (Score:5, Insightful)
Re: How are stupid users MS's fault? (Score:3, Informative)
> This same thing could happen on Linux, there is nothing stopping a Linux user from running a file attachment. This isn't a MS problem, it is a user education problem.
The difference being that Linux applications don't go out of their way to make it easy for idiots to do what idiots do best.
The general public is never going to be computer savvy, any more than 100 years of experience and probably a few million lost lives has made them automobile savvy. Designing general-use software that requires a hi
How about Trustworthy System Administration? (Score:4, Interesting)
Seriously, there are competant NT admins in the world.
This should be a no-brainer, but if you run MS systems and you often have problems with worms or virii:
1. Keep your virus definitions current. This goes double for any laptop users with broadband at home.
2. More often then not, MS has already released a patch for a security hole before a worm or virus hits. Keep your systems up to date! Again, this goes double for laptop users with broadband.
3. If you're behind a firewall, and you really should be, Only allow outgoing SMTP from your mail server(this keeps the worm from spreading FROM your organization).
4. If you think you don't have time to do these things, make time. You'll waste a lot more time putting out fires than you will doing some fireproofing.
1 every 10 seconds? (Score:4, Informative)
The nature of these Sobig virii/viruses are that they repeatedly hit the same addresses. Take a few seconds, look at the header, get the IP, look up the DNS, get the contact name, call and explain and you'll save yourself (and countless others) a lot of unnecessary hell.
-Ab
ps. that also explains why some of my posts this morning were a little bit
Re:1 every 10 seconds? (Score:3, Interesting)
Spoofs From: addresses too. (Score:4, Informative)
I don't use windows, so it's not coming from any of my boxes.
Here's the header and body text:
-----
Received: from HP ([141.154.241.155]) by mta02.mail.mel.aone.net.au
with ESMTP
id [20030819180952.SWCW5855.mta02.mail.mel.aone.net.
for [removed for
From: [removed for
To: [likewise removed]
Subject: Re: That movie
Date: Tue, 19 Aug 2003 14:10:02 --0400
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_00FA8C46"
Message-Id:
This is a multipart message in MIME format
--_NextPart_000_00FA8C46
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Please see the attached file for details.
--_NextPart_000_00FA8C46
Content-Type: application/octet-stream;
name="your_document.pif"
Content-Transfer-Encodi
Content-Disposition: attachment;
filename="your_document.pif"
-----
The your_document.pif was a binary of about 100k.
Ever get one of these... (Score:5, Insightful)
"No I don't."
Because of course they're running anti-virus software. And of course the definitions have never ever been updated.
These same people decide when their PC is two years old that it's just "too screwed up" and go buy and brand-spanking-new one with the same flaws which they will proceed to bugger up in a month in a half.
I wouldn't last a week in tech support.
Re:Ever get one of these... (Score:3, Interesting)
These same people decide when their PC is two years old that it's just "too screwed up" and go buy and brand-spanking-new one with the same flaws which they will proceed to bugger up in a month in a half.
Don't complain. Buy their old computers for twenty bucks each, then sell them to other such people as "reconditioned" systems for a couple of hundred (plus the old system as a trade-in.)
I mean, if these people are going to throw their money away, they may as well send some of it your way.
As an asid
Not the viruses, it's the autoreplies... (Score:3, Insightful)
Despite the fact that I didn't actually send a virus-infected email from mta3.someserver.pl to a nonexistent address, I still get the helpful autoreply that tells me that the user at that nonexistent address does indeed not exist.
Why am I dignifying this with a response? (Score:5, Funny)
And in other news... Microsoft announced today that, thanks to a Bill Gates Declaration From On High (tm), every line of code in every Microsoft product, dating back to the company's foundation, has magically, spontaneously, and retroactively fixed itself. This has rendered all of Microsoft's code absolutely secure and error-free. And thanks to the mystical nature of these fixes, end users and sysadmins don't have to patch their systems!
Grow up, Michael.
Outlook is actually the answer (Score:4, Interesting)
Think about how long it's been since there has been a large Outlook attack. It's been at least a couple of years. This tells me that the people spreading Sobig not only have no antivirus protection, they're using ancient and unpatched software.
320 and counting (Score:4, Funny)
OK, I'm getting tired of this "joke" (Score:4, Informative)
MS jokes aren't innovative, but can still be fun, but not as fun if they aren't trying to relate to the truth very much. Read up about trustworthy computing [microsoft.com] and learn how it is a process that has barely taken off today, but is an effort that will show up more in Longhorn, etc. DRM and NGSCB are two technologies that have a lot to do with trustworthy computing that aren't even implemented in today's versions of Windows.
At 2002, MS said:
"It may take us ten to 15 years to get there, both as an industry and as a society."
Trustworthy computing is in many ways only at the concept stage this far.
Sure, one might wonder what's making them think it will take a time period as long as an outrageous 15 years to get these things straight and one might think DRM is Bill Gates' worst idea ever, but then one should comment about this instead. This may seem that I'm defending Microsoft, although I'm in this case just being annoyed by a joke I've seen numerous times before, and that must have been made up by some uninformed person.
How is this microsoft's fault? (Score:5, Insightful)
Re:How is this microsoft's fault? (Score:5, Insightful)
No application scripting language should be able to perform in an "untrusted" mode. There is no reason for it but due to functional designs someone at MS came up it has to be there. Someone demanded that Office documents integrate into Outlook seemlessly and this is what you get.
No one in any Unix environment will believe this message:
Attached is a perl script with my message in it. Please extract and run it to read it.
However MS has made a buisness of making people believe using a computer is as easy and as safe as using a toaster. So you get hackers who can apply a little social engineering to cause a disaster chain of events. Users are more than happy to click click click away when instructed.
Re:How is this microsoft's fault? (Score:3, Insightful)
True, but most of the Outlook users I can speak for have a pretty simple philosophy about network security. It goes like this:
None of them want to miss out on a joke, and rather than refrain from opening ex
Re: How is this microsoft's fault? (Score:3, Insightful)
> Its an executable that requires someone to run it. People need to learn to stop clicking on every damn executable they get in their email. Hell Outlook even displays a warning that attachments can contain virii or have malicous intent, but people still click on them.
That's exactly why we think it's Microsoft's fault: their pursuit of their shallowly conceived "ease of use" philosophy has led them to design software that incorporates "ease of use" features that very obviously are malapropos for the p
Re:You miss the point. (Score:3, Interesting)
Procmail Rule (Score:4, Informative)
:0
* > 100000
* < 120000
* ^Content-Type:.*multipart/mixed;
{
* ^Please see the attached zip file for details.
* ^Content-Disposition: attachment;
* ^Content-Transfer-Encoding: base64
* 9876543210^1 ^Content-(Type|Disposition):.*$.*name *= *"?(your_details|application|document|screensaver
* 9876543210^1 ^Content-(Type|Disposition):.*name *= *"?(your_details|application|document|document_Fa
| formail -A "X-Content-Security: [$HOST] NOTIFY"
-A "X-Content-Security: [$HOST] QUARANTINE"
-A "X-Content-Security: [$HOST] REPORT: Trapped SoBig worm - http://securityresponse.symantec.com/avcenter/ven
}
old (Score:5, Funny)
Wow, this must be an old virus if it is written in Fortran.
barrage of Declude Virus software notices (Score:4, Insightful)
That would be me! (Score:2, Funny)
Re:Oh great - more good news (Score:2, Insightful)
they should be pushing the updates out to your machines overnight using SUS [http://www.susserver.com/]
Re:Unix History (Score:4, Funny)
Re:Unix History (Score:5, Funny)
Re:Unix History (Score:5, Informative)
Re:Unix History (Score:4, Interesting)
1) BSD predates any 32-bit version of Windows; how do you think BSD code wound up in the first version of Windows NT?
2) Microsoft had a UNIX license and sold its own proprietary version (Xenix) way before it embarked on any Windows project. Yes, before any Windows project, including the original Windows which ran on XT and AT-class PCs and was followed by Windows 286 and Windows 386.
3) At that time, people who had never seen a line of Unix source were nevertheless writing code that was at least as secure as Unix and possibly moreso, for a variety of platforms. Seeing Unix code is not a prerequisite to writing good code. The security problems that plague Windows mostly result from architectural decisions made by Microsoft, combined with (in some cases) poor coding practices and the inevitable slips that tend to happen in a code base that is both huge and not peer-reviewed.
How does a virus with the name "SoBig" spread??? (Score:3, Funny)
Maybe I have a dirty mind, but I gotta think that most Spam filters would catch that one.
Re:Mail server getting pounded here (Score:2)