Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Bug Microsoft

Microsoft "Swen" Worm Squiggles Into Sight 789

greenhide writes "As forecast in this story, a new Microsoft worm has indeed wriggled to the surface. The W32.Swen's claim to fame is its professional looking email advertisement that pretends to be a fake Microsoft patch. Earlier viruses have made the claim, but none of them looked this good. It appears to have infected over 1.5 million machines. "
This discussion has been archived. No new comments can be posted.

Microsoft "Swen" Worm Squiggles Into Sight

Comments Filter:
  • Wow (Score:5, Funny)

    by HanzoSan ( 251665 ) * on Saturday September 20, 2003 @06:16PM (#7013766) Homepage Journal

    Thats one hell of a virus.

    I suggest all Windows users go to http://www.knoppix.net/ [knoppix.net] and burn the CD.

    • Yeah I was just thinking... "glad I switched from Windows to Mandrake last weekend"
    • Has Linux based Virus scanner that can update itself to scan hard drives for known viruses. That way if Windows goes Wonky, boot to Knoppix and do a virus scan to see if you got infected.

      That way you won't risk running an infected machine on the Internet and infect others.
    • Re:Wow (Score:5, Informative)

      by NanoGator ( 522640 ) on Saturday September 20, 2003 @07:17PM (#7014132) Homepage Journal
      "I suggest all Windows users go to http://www.knoppix.net/ and burn the CD."

      I know this is marked as funny, but Knoppix is pretty damn useful. I've never particularly liked Linux, but I can tell you that my respect for that OS went way up after trying Knoppix out. I burned a couple of copies to keep around the office in case something like a worm lays waste to the network.

      On a side note, it'd be nice if other Linux distros paid more attention to how Knoppix works. It auto-detects everything and doesn't require an install. Just pop in the disc, have it copy a few files over as read-only, and reboot. System corrupt? No prob, just copy the disc over again.
      • Norton Ghost (Score:4, Informative)

        by KalvinB ( 205500 ) on Saturday September 20, 2003 @08:41PM (#7014573) Homepage
        After installing any system it's an excellent idea to use Norton Ghost (free with Soyo and possibly other MBs) to image the system. Then, if anything bad happens or if you just want to move the OS to a new drive, you just blast it over and 30 minutes later or less you're up and running as though nothing changed.

        My 2000 system was on an old 2GB drive that was about to fail and with ghost I was up and running much faster on a 13GB drive in less than an hour. I also have an image of my web-server's OS/app drive in case it ever fails.

        Knoppix and what I do is basically what prebuilt system manufacturers have been doing for years. It's just that HP, et al, add a lot of crap to the image.

  • I hate this virus (Score:3, Interesting)

    by Free Bird ( 160885 ) on Saturday September 20, 2003 @06:16PM (#7013769)
    It's been flooding my mailbox for more than a day now. Grr...
  • by robochan ( 706488 ) on Saturday September 20, 2003 @06:17PM (#7013775) Homepage
    of those machines seem to ahve sent it to me :(
    • by Merk ( 25521 ) on Sunday September 21, 2003 @12:38AM (#7015563) Homepage

      I know how you feel. I was getting them at a rate of 1 or 2 every 10 minutes. Ugh. If you happen to be running SpamAssassin, I've got rules that seem to take care of it. Luckily for you, but unluckily for me, I was hit starting on Thursday, so I've had days to tweak the rules.

      Check them out at my web site [infofiend.com]. Feel free to add comments and tweaks there. Oh, and in case you're using maildrop, you can apparently choose not to deliver the message by using if ($MAIL_IS_SPAM) { exit }

      So now my own server is spam free, but unfortunately even though I use Linux at work, the mail server is an Exchange server so... *sigh*

  • by Afrosheen ( 42464 ) on Saturday September 20, 2003 @06:18PM (#7013780)
    After all these worms and virii are hitting MS boxen from every angle, there still aren't mentions of alternatives from major news sources. The Dallas Morning News, last week, had at least a causal glance by saying in one line "Macintosh users are unaffected".

    Why isn't Linux and Macintosh turning this into a big propaganda opportunity? Both OS's can hold up the 'come to us, we've had our shots, we'll never get worms' flags and pray that the big media mentions it.
    • by Anonymous Coward
      > After all these worms and virii ...


      (Score:-1, Perpetuating Imaginary "Latin")
    • by thermopile ( 571680 ) on Saturday September 20, 2003 @06:24PM (#7013826) Homepage
      I should think it would be exceedingly hard for a marketing community to market its 'immunity' to virii -- even a marketing staff as highly trained as whatever Apple hires -- without setting itself up as the next target.

      Hypothetical advertisement: "Hey, we're Macs, and we don't have viruses."

      I guarantee you that every virus writer and his(/her?) grandmother would flock to OS X and start writing viruses with reckless abandon. Apple, Linux, Amiga, Commodore 64, and whatever other less-used operating system is probably perfectly happy to have its users sitting fat, dumb, and happy and not bragging about it.

      • Seems to me that certain moderators don't have any idea what security means.

        Windows has a lot of viruses because it is so easy to execute a program and infect the operating system.

        The more restrictions you put on that access, the more difficult you make it for a virus to spread.

        Unless you're running a root, 99% of Linux users have nothing to worry about from viruses. The viruses cannot effectively spread themselves. That is why the "Linux viruses" you see are only in the labs of the anti-virus vendors.

        • by pod ( 1103 ) on Saturday September 20, 2003 @07:51PM (#7014322) Homepage
          A well designed worm (or a virus for that matter) can pop up an important looking window saying something bad has happened on the system, please supply the root password to fix it. Haw many casual Linux users (if there are an?) do you think would fall for that? When you're running KDE or Gnome as a regular user, you'll get prompted for the root password when performing many system-type tasks. A smart worm could even wait for you to click on something before popping up, so that it doesn't appear as if it came out of nowhere.

          No system is immune by design. Stupid or careless users are always crafty enough to bypass even the best security.
    • and say what ?
      "Use Mac have no viruses affect you " ?

      The users will sue apple to glory when they do come across Mac worms. Lets face it, worms will exist as long as there are worm writers. Unless ofcourse Mac and Linux blocks all incoming attachments (which is what my outlook express coincidentally did after a patch) you can't guarantee anyone against worms and ignorant people that will open them. Now security flaws in windows - thats an entirely different subject.
    • " Why isn't Linux and Macintosh turning this into a big propaganda opportunity? Both OS's can hold up the 'come to us, we've had our shots, we'll never get worms' flags and pray that the big media mentions it. "

      The cost of switching for that reason alone isn't necessarily worth it on a massive scale. You switch because you're worried if your computer stops working, right? Well if the cost of the switch is that your games and some other apps stop working, then you've traded one failure for another.

      I wo
  • Heh (Score:4, Funny)

    by autopr0n ( 534291 ) on Saturday September 20, 2003 @06:18PM (#7013782) Homepage Journal
    That's kind of funny, although it seems that this virus requires user interaction in order to spread, so we can't really blame M$ for this one :P
    • Re:Heh (Score:5, Funny)

      by ctid ( 449118 ) on Saturday September 20, 2003 @06:23PM (#7013820) Homepage
      That's kind of funny, although it seems that this virus requires user interaction in order to spread, so we can't really blame M$ for this one :P

      Why not? Why make an email system that allows an unskilled user to run an untrusted executable? Seems bizarre to me.

    • > That's kind of funny, although it seems that this virus requires user interaction in order to spread, so we can't really blame M$ for this one :P

      You can blame M$ for designing an e-mail client that executes anonymous attachments at a click.

    • Linux virus (Score:5, Funny)

      by Kazymyr ( 190114 ) on Saturday September 20, 2003 @08:37PM (#7014559) Journal
      The other day I got a Linux email virus. It was this perfectly innocent looking message, with the subject line reading "Important!". So I opened it, and inside I found the following:

      "This is an email virus for Linux users. It works on the honor system. Upon receipt of this message, you should manually forward it to everyone in your address book, then login as root and randomly delete a bunch of files. Thank you!"
  • Oh yeah... (Score:5, Interesting)

    by JoeLinux ( 20366 ) <<moc.liamg> <ta> <xunileoj>> on Saturday September 20, 2003 @06:18PM (#7013784) Homepage
    At work, they have duped over 5 of my collegues...even AFTER the email went out saying that it was going around. Well, Make an OS that any idiot can use, and only idiots will use it, I guess...

    My problem with all these worms is that it doesn't do anything after it propogates, so no one will really care except bandwidth-concious IT people. It should send itself out, then erase all the FAT tables on a hard drive.

    Or deltree the c:\winnt or c:\windows directory (or both).

    That would REALLY piss people off, who would demand that they do something to make sure that not happen again...like...I dunno...Linux or OSX?

    Just a thought...
    • My problem with all these worms is that it doesn't do anything after it propogates, so no one will really care except bandwidth-concious IT people.

      I don't know, the file it came with was pretty large, I bet it filled up many 'normal' people's inboxes and prevented getting further mail.
    • by IncohereD ( 513627 ) <mmacleod@ie e e . o rg> on Saturday September 20, 2003 @06:30PM (#7013870) Homepage
      ....because they're noticed too quickly. If you destroy your host immediately you're not going to propogate too far, now are you?

      Yes, you could make it a little more complex with time-outs or a way to select certain targets as hosts for more sending and others to destroy, but it wouldn't last and last like some of the recent worms, because it's effects would be so noticeable.
    • The problem with virii that harm the system is that the regular Joe will be more likely to notice the virus and get it cleaned ASAP. This implies that they aren't as efficient in spreading. This is why, for example, you don't live in fear of getting e-bola while something like AIDS should give you some pause.
  • Whew! (Score:5, Funny)

    by dupper ( 470576 ) <adamlouis@gmail.com> on Saturday September 20, 2003 @06:18PM (#7013785) Journal
    That's one good looking worm. Great UI and user friendly, too! There goes the whole 'Linux advocates create these worms to embarass MS' arguments.


    • by commodoresloat ( 172735 ) on Saturday September 20, 2003 @07:51PM (#7014321)
      Greetings. You have been infected with GNU/Swen, a worm brought to you by members of the linux community. In order to get this worm to infect your system properly, you will need to use wget to download gnuswen-config-2.4.6 from one of the usual mirrors. Be careful; this version of the worm is not compatible with versions of gnuswen-config prior to 2.4.4. After you have downloaded the config tools and issued the usual incantations (./config, make, make install), you can configure the worm from any directory simply by typing sudo gnuswen-config -ort [your login id] [full path to your email client]. If you have any questions, be sure to RTFM, the docs are installed at /usr/share/info/gnuswen and all your config files are stored at ~/.gnuswen.
      • I think you are being too easy. The virus would come as as a shar file, require you to install kde-libs (and all dependencies), recompile your kernel (don't forget to apply the latest patches from kernel.org!), and reboot. Luckily, FreeBSD users can cvsup their ports and do a sudo make install -f /usr/ports/virii/swen, gentoo users can do emerge virii/swen and debian users can do apt-get swen, whereas the Hurd user (yes, singular) must fire up emacs, type in 1500 lines of code, and compile.
  • Weird (Score:2, Interesting)

    by Tidal Flame ( 658452 )
    All of the big internet 'epidemics' so to speak (I Love You, WBlast, and so forth) have completly missed my system. I've been a Windows user for a long, long time and I don't think I've ever received an email containing a virus. Maybe my ISP just has really good filtering... or maybe the viruses only go after American domains... Weird.
  • by Henry V .009 ( 518000 ) on Saturday September 20, 2003 @06:19PM (#7013789) Journal
    The fake update has made it to Windows Update itself. Here is the name: "Recommended Update for Windows Rights Management client 1.0."

    Do not download, it's only there to own your system.
  • by Telcontar ( 819 ) on Saturday September 20, 2003 @06:19PM (#7013790) Homepage
    The virus needs user interaction to propagate. Hence it is an e-mail virus. Only programs that propagate automatically are worms. One cannot necessarily expect the Washington Post to get such technicalities right. However, it would be nice if at least /. used proper terminology.

    Then again, if it did, it wouldn't be the /. we known anymore, would it...
    • It uses the exploit described in MS01-020 [microsoft.com]. Reading it or viewing in in Outlook's "Preview Pane" will execute it on vulnerable systems. I've had about 20 copies reach my home email address - that's the worst I've ever seen.
  • Worm Load (Score:5, Interesting)

    by m.dillon ( 147925 ) on Saturday September 20, 2003 @06:21PM (#7013797) Homepage
    There were over 4500 attempted deliveries of this 150K+ worm through my mail server overnight, and they are still coming. Easy to filter, but this is by far the worst worm load I've seen to date on my little server.

    On the bright side, deliveries of unrelated spam seem to have fallen due to the worm's load on the internet :-)

  • Sweet! (Score:5, Funny)

    by endeitzslash ( 570374 ) on Saturday September 20, 2003 @06:21PM (#7013800)
    I was happy to get this e-mail from Microsoft so I could apply a cumulative patch. I'm usually so bad about patching my system in time, but this time they took the trouble to remind me personally!

    No more worries for me!
  • Nobody at my work saw a single sobig email. However we dont run our mail server (not that anybody else did either actually). So now I can Imagine yet another 2 weeks of sending and receiving only have of what is actually being transfered...

    In fact just friday I received the tail end of email bounces from a week and a half before.
  • it also mines usenet (Score:5, Informative)

    by poptones ( 653660 ) on Saturday September 20, 2003 @06:23PM (#7013816) Journal
    I have never had a virus sent to my home machine because I jealously protect my email domain (every individual gets an email address and if it leaks they never hear from me again). Most commercial sites even seem to respect this. But I made a "junk" address for groups.google.com and, although I have only posted through there a couple of times many months ago, the virus found this address. Apparently it is also crawling usenet, or at least the groups served by google.

    Five of'em in one day. Of course, the rest will go into the trash automatically, but it was an interesting experience finally catching a taste of the "commoner" internet.

  • by thenextpresident ( 559469 ) on Saturday September 20, 2003 @06:24PM (#7013827) Homepage Journal
    I can't help but feel that people have accepted the fact that Computers in general get Viruses. People complain about Windows, but Windows, to most people, is the only solution. So for them, the concept that Windows gets hit with so many viruses means that users in general get hit. No matter the OS.

    I was explaining the other day to one of my business partners not to install this virus, and to delete it right away if he gets it.

    He asked me if my computer was infected, whereby I had to explain once again that running Linux, I generally don't have to worry about things like this.

    But the point is, for him, computers just get viruses. And because of that, I believe that most people are thinking: "Hrm, my computer got a virus.", not "Windows let another Virus through."

    So the majority of the people that aren't really computer illeterate (the majority), don't really know what to think when people tell them Linux is more secure.

    Because for them, it's still running on their computer, and their 'computer' got a virus. It's just their mentality. Of course, this is simply my opinion.
  • Skynet is here (Score:4, Insightful)

    by JonnyRo88 ( 639703 ) on Saturday September 20, 2003 @06:24PM (#7013828) Homepage Journal
    You know that if the situation in Terminator 3 (virus spreads over majority of systems) were to ever happen, it would happen as a result of having a massively homogenous computing environment. I really think that we should stop teaching kids how to use Word and Excel in middle school, and start teaching them how to install their own linux systems. We could create an army of informed computer users, something that Microsoft fears the most.
  • Finally (Score:3, Funny)

    by CGP314 ( 672613 ) <(ten.remlaPyrogerGniloC) (ta) (PGC)> on Saturday September 20, 2003 @06:25PM (#7013835) Homepage
    I was waiting for a slashdot story to tell my why I found 500 'patch' emails in my inbox over the weekend.
  • html (Score:5, Interesting)

    by BWJones ( 18351 ) on Saturday September 20, 2003 @06:26PM (#7013846) Homepage Journal

    So, I have recieved a number of these (thank goodness I am running OS X) and it appears that the "notification" also contains html. So, examining the html, it appears that it actually references microsoft.com.

    If I were microsoft, it appears there is a simple way to defeat this by inserting html in the referenced source that warns recipients of this sort of thing.

  • Wow. (Score:2, Funny)

    by Nexzus ( 673421 )
    Social Engineering + Professionalism + Virus = One Fun Monday Morning
  • Sobig (Score:2, Interesting)

    by dr ttol ( 674155 )
    This is from the creators of Sobig. They are trying to get as many venues to send spam as possible. Once the login/password + smtp info is gathered, it is sent to them and they now have a massive list of credentials to bombard the rest of the world with.
  • The SPAM Connection (Score:2, Interesting)

    by CedgeS ( 159076 )
    This worm looks like a clever attempt at developing a new spam system.

    It asks for the infected users name and email address. Great information for sending spam to.

    It also asks for the users SMTP server, login name, and password. The spammer who developed this worm is looking for a way to used closed relays.

    This worm is missing only 3 features, currently unreported, to be perfect. First, it should log this information and forward it in some anonymous manner (such as sending it to a few thousand people, on
  • Old idea new spin (Score:4, Informative)

    by Stonent1 ( 594886 ) <stonent@stonent ... t c l a r k.net> on Saturday September 20, 2003 @06:31PM (#7013875) Journal
    This type of trojan has been around for a while. I've been getting fake MS e-mails for almost a year now. Official Microsoft statement that we give people on the phone "Microsoft never sends you files via e-mail unless you are on the phone with support personel and they specifically say they are e-mailing you something" 99.99999999% of the time, if MS e-mails you it will only direct you to their site to READ about the purpose of the patch and then download it. Also all MS security bulletins are digitally signed.
  • 80+ (Score:2, Informative)

    by craig2787 ( 533589 )
    I've gotten this over 80 times now. It has a few typos though, so falling for it would be dumb, to the point where if you did, you deserve it.
  • by Stonent1 ( 594886 ) <stonent@stonent ... t c l a r k.net> on Saturday September 20, 2003 @06:34PM (#7013890) Journal
    Network Assocaites has some screenshots of the installer http://vil.nai.com/vil/content/v_100662.htm [nai.com]
  • by KidSock ( 150684 ) on Saturday September 20, 2003 @06:34PM (#7013891)
    It's a very good idea these days to just reject all executable attachments at "the gates" so to speak. I use postfix 1.1 so I added:

    body_checks = pcre:/etc/postfix/mime_header_checks

    to /etc/main.cf where the file referenced came from here:

    http://www.securitysage.com/files/mime_header_chec ks [securitysage.com]

    but there are many regular expression filters like this one. Note, with 2.x you need to use the 'mime_header_checks' directive rather than 'body_checks'.

    If you want to send someone an executable, send it to them in a zip or tar.gz.
  • by timelady ( 566419 ) <timelady@gmail . c om> on Saturday September 20, 2003 @06:39PM (#7013917) Homepage

    Oh no, this multi talented worm is:

    • Mailing itself to recipients extracted from the victim's machine
    • Copying itself over network shares (mapped drives)
    • Sharing itself over the KaZaa P2P network
    • Sending itself via IRC

    But wait! Theres MORE! It has its own SMTP engine. It attempts to halt anti-virus processes. It alters the registry AND THEN it even disables the ability to edit the registry!

    Quite a nasty beasty really. And even for us nice safe Linux/BSD users there are issues. Clogged mailboxes are at least, a nuisance, at worse, a huge bandwidth cost. Those on dialup or liimited broadband access where you pay for d/ls and uploads will notice it!

    So even those of us cheerfully NOT patching frantically have consequences. The celebrations of yet another MS problem are a bit premature it seems to me. I'd rather see more outrage that such an inherently insecure and easily manipulated OS is costing ALL of us online.

  • by rossz ( 67331 ) <ogre@noSpAm.geekbiker.net> on Saturday September 20, 2003 @06:40PM (#7013923) Homepage Journal
    If you are running Exim 4.x, get the Exiscan patch and configure it to refuse (at the connection) dangerous attachments. Here's what to add to your acl_smtp_data section:
    # First unpack MIME containers and reject serious errors.
    deny message = This message contains a MIME error ($demime_reason)
    demime = *
    condition = ${if >{$demime_errorlevel}{2}{1}{0}}

    # Reject typically wormish file extensions. There is almost no
    # sense in sending such files by email.
    deny message = This message contains an unwanted file extension ($found_extension) that is commonly used to send viruses and worms. If this file is expected and desired by the receipient, you must put it in a zip or other standard archive format.
    demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:exe:hlp\
    :hta :inf:ins:isp:js:jse:lnk:mdb:mde:msc:msi:msp:mst\
    :pcd:pif:reg:scr:sct:shs:shb:url:vb:vbe:vbs:wsc:ws f:wsh
    The advantage to refusing attachments here is you won't generate a bounce message that will almost always end up going to an innocent third party since the viruses/worms usually forge the headers.

    I'm sure there is an equilvent fix for sendmail. If you are running MS Exchange, the best way to fix your server is by taking a knife to its network cable.
  • by Anonymous Coward on Saturday September 20, 2003 @06:43PM (#7013941)
    Some guy tracked the hidden counter inside the virus and posted the numbers: http://smharr4.dnsalias.net/security/index.html [dnsalias.net] Pretty neat.
  • by menscher ( 597856 ) <menscher+slashdot.uiuc@edu> on Saturday September 20, 2003 @06:49PM (#7013977) Homepage Journal
    The story was forecasting a worm that would infect Windoze boxen via a second RPC DCOM vulnerability. Swen is an email virus, and, while nasty, is nothing like the worm that was being forcasted.

    A little reading comprehension would help, guys. There's a big difference between an annoying virus that gives you lots of email and a worm that takes out the internet.

  • by Herkum01 ( 592704 ) on Saturday September 20, 2003 @07:06PM (#7014074)
    But they claim that it is really a virus. So how can you differentiate between the two?
  • by Yaztromo ( 655250 ) on Saturday September 20, 2003 @07:18PM (#7014138) Homepage Journal

    W32.Swen is really aggrevating me over here. In the past few days I've received over 1000 copies. And I'm not terribly happy about it. I'm probably averaging at least 100 per hour during the day, and about 300 at night (when my primary e-mail system is offline).

    The really irritating part? My _entire_ network consists of one OS/2 box (the e-mail client machine), and three Linux boxes. Not a single one can be infected by this virus, and not a single one could propogate it (unless I explicitly wanted to do so, which I don't).

    Now thankfully I'm on a pretty decent cable modem service here (really good speed), bogofilter was quickly trained to detect and toss these messages into a SPAM folder (where they quickly get deleted), and my mail client (PMMail/2) has a remote control feature that allows me to scan message titles on the server and delete the messages without downloading them.

    But still -- imagine if this weren't an immune OS/2 machine, but one of the Windows machines that could be infected. I could very well be propogating these as well. But because of my good choices in OS's, I don't.

    Thus, I think I'm doing a public service by _not_ running Windows and propogating these viruses, but instead act as a sink to prevent them from propogating. My machine is the end-of-the-line for these viruses -- even though getting thousands of e-mail is highly annoying, my machine (in effect) "kills" the ones I receive, causing their propogation lines to end.

    I think Windows users on the Internet owe those of us who run other operating systems, and they owe us big. They can start paying up by PROPERLY PATCHING THEIR SYSTEMS!!! (Stopping sending me $^&*%^&!! hundreds of copies of W32.Swen would be really helpful as well).


  • Swen is NOT A WORM (Score:3, Insightful)

    by JRHelgeson ( 576325 ) on Saturday September 20, 2003 @07:21PM (#7014152) Homepage Journal
    From the article:
    "Classified as a worm because of its ability to copy itself without infecting host files..."

    What a bunch of morons!

    Lets look at what distinguishes a Virus from a Worm:
    A virus requires user interaction to spread. A virus can be a self standing executable (such as Swen) or it can infect other files such as .exe and .doc files so that when they are launched or opened the virus will then spread further.

    A Worm is self propagating and does not require any user interaction to spread. Worms rely on holes that exist in the underlying operating system to inject their code into applications already running in memory. Once they have infected the target machine, the worm will then self propagate to other similarly unpatched machines.

    With this simple definition, where do they get off calling swen a worm, when the swen virus clearly requires some dumb schmoe to click on the executable file that is included as an attachment in an email? Once the genius launches the bogus.exe file, it then searches the newly infected machine to harvest email addresses to send itself to. There is no 'automatic execution' of code here.

  • by wazzzup ( 172351 ) <astromac@fas[ ]il.fm ['tma' in gap]> on Saturday September 20, 2003 @07:35PM (#7014245)
    I'm really hating Microsoft. I've never used Windows and my last and only Intel PC was a 286 runinng some version of MS-DOS 3. I've just always thought there was something better. If the Mac wasn't around, I'd be using Linux.

    Anywho, I've always just shook my head and wondered why people put up with MS shiite but it's never directly affected me (indirectly, yes) until now. I am simply sick of seeing virus infected emails, emails from my ISP saying I had an email with a virus, emails from friends warning me about the latest worm even though I don't use Windows and reading stories of Mac and Linux users losing services at universities because the staff is too busy patching f*ing Windows boxes.

    As most of us do, at work we use Windows. I had a project that needed to go out this week and we were pulling files over the WAN. The bandwidth was nearly zero. IT eventually found out it was a bunch of desktops in a completely unrelated office that were SMSing the remote server I was accessing to death but they didn't have time to fix it because they were too busy fighting virii on the west coast. Project gets delayed.

    I hate them. I want to see Linux kill Microsoft. Their ill-gotten reign must end. The Penguin must draw and quarter Bill & Co. and burn their remains. I am tired of having to be bothered by Windows and their sheep-like user-herds. I want to use my Mac without having it affected by the crap that spews out of Redmond. I want to know why people aren't looking at Macs and Linux more seriously. I want to know why Apple and IBM are siezing the moment and using this time to educate the masses. I want to know why the MCSE monkeys continue to be blind to the failure of thier preferred OS.

    BTW, as you know, I really want Linux to annihilate MS, just don't kill Apple in the process, I like them ;o)
  • Swen (Score:4, Informative)

    by tiny69 ( 34486 ) on Saturday September 20, 2003 @09:31PM (#7014814) Homepage Journal
    I first saw the virus on the evening of the 18th. Running 'strings' on the attachment turned up two URL's.

    GET http://ww2.fce.vutbr.cz/bin/counter.gif/link=bacil lus&width=6&set=cnt006 HTTP/ 1.0

    The first was a counter. At the time I checked it had well over a million hits and was going up FAST. At the time I'd been hit by about 20 copies of the virus. The next morning the counter was taken down and replaced with a warning. At that time I'd been "hit" over 70 times by the virus.

    There seems to be variations to the emails that contain the virus. The main one is a 160K email that contains an attachmentwith a content type of Application/X-MSDOWNLOAD. The second is about 148K is size and the attachment has the content type of Audio/X-WAV. There are some emails that are 16K in size but the attachment is a zero length file. I've also been getting emails claiming to be "bounces" from Yahoo and other ISP's saying I'm trying to send a virus infected email to someone. But the Received lines show the the email is not from Yahoo. So far I've received over 170 of these damn things.

    Then there are all of the real ISP's who are not helping the problem. I keep getting warnings claiming that someone I don't know tried to send me an email with a virus. Thank you, but your anti-virus software just sent out a useless email and just accomplished one of the goals of swen, to clog up email servers. Send an email to the moron who is currently infected and stop sending out thousands of emails telling everyone else about it.

    This may sound harsh, but I'm really hoping the next big Microsoft worm or virus will disable the infected comupters.

  • Huh? (Score:3, Funny)

    by sharkey ( 16670 ) on Saturday September 20, 2003 @11:23PM (#7015278)
    its professional looking email advertisement that pretends to be a fake Microsoft patch

    Actually, I rather thought it pretended to be a REAL Microsoft patch.

  • by serutan ( 259622 ) <(moc.nozakeeg) (ta) (guodpoons)> on Sunday September 21, 2003 @12:51AM (#7015603) Homepage
    Yes the email looks perfect, but even if I believed it Norton comes to the rescue:

    "Norton AntiVirus removed the attachment: Qz.exe.
    The attachment was infected with the Worm.Automat.AHB virus."

    Ho hum.
  • My e-mail server (Score:3, Interesting)

    by Nonillion ( 266505 ) on Sunday September 21, 2003 @01:23AM (#7015753)
    My e-mail server has been getting hit by this thing for the past couple of days now. Last count I had hundreds of these e-mails associated with e-mail rejection errors, all in reference to mail I didn't send. Depending on what time of the day it was they were either are comming .mx .pl .ro .nl ox.com and so on.

    The e-mail is very deceptive and looks like real e-mail sent from Microsoft. Other than being a pain in the ass it's almost as fun as being /.ed

"Hey Ivan, check your six." -- Sidewinder missile jacket patch, showing a Sidewinder driving up the tail of a Russian Su-27