Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Worms Security

MyDoom Strikes Again 254

Renegade334 writes "Months after the last attack of MyDoom, MyDoom.AI returns. Like usual it was spread by e-mails with claims to have attachments that contain passwords for adult websites."
This discussion has been archived. No new comments can be posted.

MyDoom Strikes Again

Comments Filter:
  • Nice (Score:5, Funny)

    by MPHellwig ( 847067 ) * <mhellwig@xs4all.nl> on Tuesday January 18, 2005 @11:33AM (#11396416) Homepage
    The clients that are affected will not dare to tell me.
  • by sebFlyte ( 844277 ) on Tuesday January 18, 2005 @11:34AM (#11396433) Homepage Journal

    It's being reported [zdnet.co.uk] that thanks to pro-active action from the porn site in question, the problem is under control...

  • by Tibor the Hun ( 143056 ) on Tuesday January 18, 2005 @11:35AM (#11396450)
    Where? Which ones? How do we get them?
  • Yay (Score:5, Interesting)

    by Anonymous Coward on Tuesday January 18, 2005 @11:35AM (#11396454)

    The virus companies write variants and release them to enforce the upgrades. I worked at a popular AV company doing front end work, not the actual engine, and when we got together for drinks the engine writers would talk about upgrade paths from what they were working on. Ever wonder why most viruses don't destroy your system? Because there's no money in an erased system. There is a lot of money in AV upgrades.
    • Re:Yay (Score:4, Insightful)

      by Anonymous Coward on Tuesday January 18, 2005 @11:45AM (#11396601)
      I saw that movie too!

      A = Corruption probability
      B = Number of hosts on the network
      C = Cost of patch
      X = Cost of reinstall

      If A + B + C is less than X, then they don't do a download!
      • Re:Yay (Score:3, Informative)

        by endoboy ( 560088 )
        Not to accept your premise, but you may want to work on your math skills...

        that should be:
        If A*B*CX then....

        multiply the probability times the cost... don't add it
      • OK, who are the morons who moderated this insightful? I suggest both of them and the parent go work on their math skills, or at least get some common sense. Does he actually think you can add up a probability and a dollar?

        That should read (corruption probability)*(number of affected clients)*(value of each client) + (cost of patch) - min((cost of reinstall), (cost of cleanup)). If that is less then zero, they lose money by getting the patch. There are also other factors, like bad marketing or protectin
    • Re:Yay (Score:2, Interesting)

      by Damhna ( 56361 )
      True-ish.

      The reasons why we are seeing a move away from the destructive payloads of yesteryear is that there is a lot more money to be made in compromising systems.

      Whether the intention is to harvest a shedload of zombie remailers for spam markering or for some of the recently seen rogues capable of using a 'distributed computing' model for decrytpting databases there is lots of money in malware.

      True , there is indeed a lot of money made by the AV companies for upgraded and improved software,stragey and
      • Re:Yay (Score:3, Informative)

        by Twanfox ( 185252 )
        Don't like it? Support free AV programs like AVG. They just released a "new" free version just this January, their 7.0 (paid version is 8.0, I believe). Get all the updates np, doesn't cost you a dime unless you're a business.
        • Re:Yay (Score:4, Informative)

          by BVis ( 267028 ) on Tuesday January 18, 2005 @01:15PM (#11397764)
          I'd like to put a plug in for avast! antivirus as well. Updated often, unobtrusive, scans peer to peer and AIM traffic (if you're so inclined), just works. Finds stuff Norton doesn't even look for. http://www.avast.com/ .
          • by chrish ( 4714 )
            Another cheer for avast! here; I've got it installed on two machines, and I've installed it for a couple of other people, and it works like a charm.
        • That is only for broken operating systems which are vulnerable.

          I recommend Linux/FreeBSD on the desktop for x86, or OS X for those on PPC.

          Take your pick, much safer not to use Windows. And if you really have to use Windows, don't hook those boxen to the publicly connected network. Put them behind application level gateways, with really limited internet access (if any) Having a separate box for surfing and checking email helps.
    • Re:Yay (Score:3, Insightful)

      by crimoid ( 27373 )
      If you could prove this you'd be a rich man. Hire a lawyer, file a class-action lawsuit, change the world.
    • Re:Yay (Score:2, Insightful)

      by accad ( 517141 )
      I'm sorry, but I for one don't believe that AV companies write viruses just to make money.

      I mean think about it, 1st off, if they do that, they won't have the virus writers in the same setting as the other company employees, it's too risky.

      2nd, with the number of AV companies out there, why hasn't one of them figured this out by now and gone public.

      3rd, what is the propability of these employees staying silent all those years? No one has yet come forward AFAIK.

      Correct me if I am wrong, but we already ha
      • just my 2 (canadian) c.

        ...worth a lot more than US cents these days...
        • http://www.xe.com/ucc/ [xe.com]

          xe.com Universal Currency Converter ® Results

          Live mid-market rates as of 2005.01.18 18:23:38 GMT.

          0.02 CAD = 0.0163793 USD

          1 CAD = 0.818966 USD
          1 USD = 1.22105 CAD

    • Re:Yay (Score:4, Insightful)

      by Tim C ( 15259 ) on Tuesday January 18, 2005 @12:38PM (#11397240)
      Extraordinary claims require extraordinary proof: so prove it.
    • Yes, sometimes capitalism makes me sick (though I cannot offer a better alternative for the world). An industry arises for a particular problem and they perpetuate (become part of the) problem. This happens all the time in medicine/health industry, law, and of course computer.
  • Yay! (Score:2, Funny)

    by Gathers ( 78832 )
    Passwords for adult websites? Yay!!
    Oh, if only I knew how to open email attachments!
  • by DaveAtFraud ( 460127 ) on Tuesday January 18, 2005 @11:37AM (#11396477) Homepage Journal
    Like usual it was spread by e-mails with claims to have attachments that contain passwords for adult websites.
    I'm surprised it wasn't a /. reader who discovered it!

  • Last time.. (Score:5, Interesting)

    by wpiman ( 739077 ) on Tuesday January 18, 2005 @11:37AM (#11396481)
    Last time our company got taken down by this thing-- the IT department got it fixed after two days.. In that week's company newsletter- there was a report about how quick our IT department worked to fix the problem. Guess who authored it- head of the IT department.

    What they failed to mention was that they never did the critical updates that would have prevented this. Way to go guys. I guess it is all about how you report it.

    • Re:Last time.. (Score:3, Insightful)

      by grub ( 11606 )

      If your IT head doesn't have system updates somewhat automated with AV and spyware software he should be fired on the spot. That report he sent out was nothing more than a PR move to cover his ass.
  • by SteelV ( 839704 ) on Tuesday January 18, 2005 @11:37AM (#11396482)
    I already got 6 of these in my gmail account, from people I don't know. Thankfully, they all ended up in the spam folder. Nice!
  • Too bad we don't have virus scanners that check for user stupidity / ignorance.
  • Like usual it was spread by e-mails with claims to have attachments that contain passwords for adult websites.

    And, like usual, it hasn't affected most of us because even the Windows users among us understand basic tenets of email security.
  • Eat that (Score:5, Funny)

    by Mr2cents ( 323101 ) on Tuesday January 18, 2005 @11:39AM (#11396513)
    Eat that, Duke Nukem Forever!!

    Where can I download this new MyDoom thingy?
  • by RattRigg ( 4253 ) on Tuesday January 18, 2005 @11:43AM (#11396571)

    Do the passwords work?
  • by RafeDawg ( 138303 ) on Tuesday January 18, 2005 @11:44AM (#11396591)
    remember how God used to smite masturbators?
  • by swb ( 14022 ) on Tuesday January 18, 2005 @11:53AM (#11396707)
    I'm continually amazed by how quickly people turn their brains off when "free pussy" is in the air..
  • by Anonymous Coward on Tuesday January 18, 2005 @11:54AM (#11396728)
    will probably have links to provocative pictures of Bill Gates posing with computers.

    The virus will fail miserably.
    1. Don't open attachments from unknown sources
    2. Virus scan all attachments before opening
    3. Don't open attachments from unknown sources
    4. Don't use mail programs that ignore the MIME information (read: Outlook and Outlook Express)
    5. Don't open attachments from unknown sources
    6. There is no number 6, unless you're in The Village
    7. Don't open attachments from unknown sources
  • Yeah right (Score:4, Insightful)

    by pcgamez ( 40751 ) on Tuesday January 18, 2005 @12:22PM (#11397042)
    "Like usual it was spread by e-mails"

    No, it was spread by stupid users.
  • At this point it's clear that Windows doesn't do enough to prevent these types of problems. Microsoft is the only company with complete access to Outlook AND the OS itself.

    Now if a regular companies product is misused... the company still ends up with lawsuits (Toro, being the most famous). The product is defective... tons of lawsuits.

    Yet Microsoft, despite it's weak software costing companies billions in lost revenue, and even having crippled a Naval ship, shut down governmental departments, etc....

    Wh
    • If you're preaching ethics, consider removing your sig that advertises a pyramid scheme.
    • Outlook has a setting that says 'warn me when other applications try to send e-mail as me', which is on in by default on SP2 and stops scripts like MyDoom. If the user is running as Limited User, the script is prevented from changing system settings or installing itself on the machine. Maybe the IT department should be liable and not Microsoft?

      Just to note, one could easily write a MyDoom for linux. Search for .thunderbird/, .evolution/, etc... in the user's home directory, parse the address book, then p
      • Also, one problem with the Limited User idea. Imagine the same people, who clicked on this attachment getting a dialog box roughly like:
        For free HOT SEX type your administrator password here:
        (Standard text box)
        (OK button)

        Ok, so they wouldn't be able to infest their work PC's, but we would still have a million infested home machines. Social engineering is a social problem, the likelyhood of a technological fix is really slim. Sure, there are applications which are more secure by default, but an unin
  • The old adage holds true that all things, including virii, prey on society's pitiful. Unfortunately, counter to Darwinism, the weak are not eliminated from the Internet.

    Sigh...

  • Porn (Score:4, Insightful)

    by jeffy210 ( 214759 ) on Tuesday January 18, 2005 @01:08PM (#11397650)
    Ah, never underestimate the stupidity of horny people.
  • shame on you. Fool me twice, shame on you. Fool me again, OK, I should take the blame this time.

    This really shakes what little confidence (none) I had in the general level of intelligence out there. Are they just a bunch of Homer Simpsons that keep opening the fucking attachments?

    This is depressing. They're all morons. And they stay up all night calling Dell tech support just to see if they're really there (even on Kwanza).

"Everything should be made as simple as possible, but not simpler." -- Albert Einstein

Working...