Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Worms Security

Britney is #1 Virus Celebrity 275

Posted by CmdrTaco from the a-dubious-honor dept.
No France writes "The two ways for an email virus to spread is to use an exploit, or entice the user to click the link/executable. Of course the latter is the easiest, and is the most effective when used in conjunction with a celebrity's name. Despite the recent Jackson suicide emails, Britney Spears is the one to recently edge out Bill Gates as the top virus celebrity. The top 10 (in descending order): Britney Spears, Bill Gates, Jennifer Lopez, Shakira, Osama Bin Laden, Michael Jackson, Bill Clinton, Anna Kournikova, Paris Hilton, and Pamela Anderson."
This discussion has been archived. No new comments can be posted.

Britney is #1 Virus Celebrity More

Britney is #1 Virus Celebrity

Comments Filter:

  • CowboyNeal! (Score:2, Funny)

    by Anonymous Coward
    'nuff said.

  • A little ironic... (Score:5, Funny)

    by ChrisF79 ( 829953 ) on Wednesday June 15, 2005 @08:00AM (#12822406) Homepage
    Isn't it ironic that to trick a user into clicking a fake email, they use the fakest of all celebrities?

  • Link, please? (Score:5, Funny)

    by cuzality ( 696718 ) on Wednesday June 15, 2005 @08:02AM (#12822419) Journal

    Please post a link where we can read these emails.
    • I want the link too. My ISP's spam and antivirus are screwing things up for me. I don't get these emails. (Sigh)...

  • sad (Score:2, Insightful)

    by calvincopter ( 873822 )
    I don't understand how anyone can get e-mail viruses easily. i never get any e-mail viruses, but when I do, it's either too obvious and I delete them. how do you guys get e-mail viruses then?
    • I don't understand how anyone can get e-mail viruses easily. i never get any e-mail viruses, but when I do, it's either too obvious and I delete them. how do you guys get e-mail viruses then?

      It's easy. Most people aren't paranoid skeptical cynics that have to de-worm and cleanse these machines after they have become infected like we are. Most are more along the lines of "OMG this is so COOL!" or "OMG Free Pr0N!".
    • Most viruses are spread by stupid people that open the "Britney Spears Nude" attachment and then it goes through their address book and sends a copy of itself to everyone in it. If you're not receiving such emails, it either means that you have no friends that have added you to their address book or that your friends aren't falling for virused emails.

      Me? I have a lot of stupid friends.

    • Because the email is addressed to them they have to open it...like having to answer the phone when it's ringing even if your caller ID says the calling number is unpublished.

      We're all driven by our compulsions...learn to compulse less and you'll be a lot happier.

    • Re:sad (Score:2, Insightful)

      by daikokatana ( 845609 )
      Easy. Because people out there actually *want* to be fooled.

      I bet you 100$ that I can go out on a sunny day, offer people a deal where they have to pay for air (or something similar), and they fork over the dough after a while of creative talking.

      As long as people think that there must be at least a few mails that deliver what they promise, they'll keep on clickin'.

    • Re:sad (Score:4, Funny)

      by Filip22012005 ( 852281 ) on Wednesday June 15, 2005 @08:49AM (#12822771)
      i never get any e-mail viruses, but when I do [...]

      erm...

    • Re:sad (Score:2, Insightful)

      by RCanine ( 847446 )

      You've obviously not worked with non-computer-types before. I use the word computer-types because computer-savvy does not accurately describe the phenomenon, an Individual who:

      • may be (but often is not) very good with computers
      • may (but often does not) use a computer every day
      • may (but often does not) invest a lot of money into their own personal computer.

      Yet

      • Does not read warning dialogues, merely clicks "Ok" through each
      • Cannot user or locate preferences, configuration or options
      • Forgets about the sec
      • These people are the reason why I only recommend Macs--because their system offers a lot more built-in protection between the keyboard and chair

        My guess is that if and when malware starts showing up for the Mac, the computer-types are going screw up OSX just as easily as they screw up Windows. Telling them to buy Macs is not a solution, just a temporary fix.
    • Sneakiest one I ever saw tried to infect my computer by searching through the currently infected computer's sent messages in outlook express looking for ones with attachments. It took the subject line of the original, changed it to "Re: [original subject line]", and set the body of the message to be something along the lines of:

      I hope you didn't open that last attachment I sent you. Turns out it was actually infected with a virus. I've attached a cleanup tool that ought to remove the virus for you. I'm
    • Yeah, Windoze users have all the fun. I haven't seen a virus in years and even way back then, they would not run.

  • No big surprise (Score:5, Funny)

    by moz25 ( 262020 ) on Wednesday June 15, 2005 @08:03AM (#12822430) Homepage
    Well, if I have to choose between "see Britney Spears naked" and "see Bill Gates" naked, I'll pick the first worm any day!

  • More intelligent software or users? (Score:4, Insightful)

    by Crimson Dragon ( 809806 ) * on Wednesday June 15, 2005 @08:03AM (#12822431) Homepage
    These kinds of stories, while making the majority among us cringe at the stupidity of the user that falls for this, underlies an important point.

    THIS IS WHAT YOUR IT DEPARTMENT HAS TO DEAL WITH!

    Millions of man hours and hundreds of millions of dollars go down the tubes to user ignorance. As these costs spiral, the IT sector diminishes. At some point, we will have to stop the patchwork of protecting the users from themselves and engage in the proactive education from these people so they don't hurt themselves and cost their companies, ISPs, and our economy in lost man hours and dollars. How to do this merits exploration, as for every new procedure we establish to protect the user, the user seems to find a way to break it somehow.
    • These kinds of stories, while making the majority among us cringe at the stupidity of the user that falls for this, underlies an important point.

      THIS IS WHAT YOUR IT DEPARTMENT HAS TO DEAL WITH!

      ... at some point, we will have to stop the patchwork of protecting the users from themselves and engage in the proactive education from these people so they don't hurt themselves and cost their companies, ISPs, and our economy in lost man hours and dollars.

      You're talking about educating human nature out of people. Good luck with that.

      The lesson of stories like this one are not that we need to somehow engineer smarter users -- it's that modern information systems are not designed around users to begin with. They're designed around lists of features and ship-by dates.

      A system should behave in a way that one would expect it to. Certain operations -- deleting things, say -- are obviously risky, and I've never met any user who didn't get that. But who would expect opening an e-mail to be a risky proposition? The fact that it undeniably is (in some environments) doesn't mean that people are stupid for not knowing which e-mails to leave closed, it means that e-mail is broken for many millions of users. The fact that e-mail as a medium can be exploited like that is a weakness of the medium, not the user.

      You can lament human nature all you want, but it is what it is. A well-designed system should be able to deal with that. Having to train users to do alien things should be taken as a sign that your system may not be so well-designed, not as a sign that we need to get cracking on Human Being 2.0.

      • What is obvious about having an accelerator be the right most pedal in a car? What is obvious about the right brake slows a bike and the left brake stops a bike?

        The difference between a bike or car and a computer is that serious injury will not result if you screw up a computer. Squeeze the wrong brake and you will flip over your handle bars and land on your face. Press the wrong key on your computer and you might suffer some financial setback but likely no physical harm (unless your sys admin beats you
      • Certain operations - deleting things, say - are obviously risky, and I've never met any user who didn't get that.
        I've met a few. "You mean if I deleted it, it's gone? That's stupid!" is a direct quote.
      • Your points are well taken, but I do take issue with a few of them, and feel it important to respond as follows.

        "You're talking about educating human nature out of people."
        - If this was the implication derived, I spoke too strongly. I am not implying an absolute solution here, but I am implying we spend far more effort making bullet-proof software then slowing the sale of as many of the armor-piercing bullets as possible.

        "The lesson of stories like this one are not that we need to somehow engineer smarte

        • Good points... a few thoughts:

          Antivirus software, malware removers, spam-reducing solutions.... these are not designed around users?

          Nope. No, they're not. They're palliatives to problems that we have inflicted upon users, not systems designed with users in mind. How many users understand what "malware" is -- even those that run Spybot? Is a malware remover something that a user would choose to run, if they weren't forced to by imminent threat from exploitation of broken systems by malicious parties?

          (None of which is to belittle the heroic work that people have done on products like Spybot to help patch these holes. It's hugely important. But can we depend forever on heroes?)

          A person who has any idea that a computer is a general purpose machine... Why should anyone be surprised when it does something new or malicious?

          See, this is the problem. The average user does not see their computer as a general purpose Turing device -- they see it through the prism of whatever application they happen to be using at that moment. If they're reading e-mail, the computer is an e-mail terminal. If they're browsing the Web, it's a Web terminal. If they're in Word, it's a word processor.

          You and I know that the computer is a general purpose machine, infinitely reprogrammable, but the average person does not think that way. They approach the computer through a series of metaphors ("desktop", "mail", "pages"), and the vast majority expect it to follow those metaphors as closely as possible. When it doesn't -- when the abstractions start leaking [joelonsoftware.com] -- it creates opportunites for malicious parties to exploit the user's resulting confusion.

          Which is exactly what has happened with e-mail -- in certain cases it can behave in a very un-mail-like way. This behavior is being exploited to confuse users into doing the wrong thing. You can try to educate people into not doing the wrong thing, but as long as the underlying metaphor is "mail" it will be very hard to make significant progress.

          Why must the responsibility be placed solely on the software developer... ruling out one possible angle that you can't disprove and blaming a group of people who, by and large, strive to produce workable solutions is an insult to the good work many among us have done.

          Don't look at it as placing blame (my apologies, I didn't mean to come across as blaming you for the problem) -- look at it as opportunity. Apple's recent success in taming UNIX, and Firefox's success in taming Mozilla, should be a lesson to developers everywhere that you can really make it big by reducing complexity, locking down unnecessary options, and streamlining the user experience.

          • I concede the first point you addressed. Upon further consideration, Joe Schmo didn't break the email: the email was broken to harm Joe Schmo. Duh and duh.

            The average user not seeing the computer as a general machine is a problem that should have never happened. There are plenty of users that run more than one type of application. How, then, does one reach the prismatic perception you describe of the end user? Plenty of non-technical end-users do not suffer from this predeliction. If a game, word pro
          • Which is exactly what has happened with e-mail -- in certain cases it can behave in a very un-mail-like way. This behavior is being exploited to confuse users into doing the wrong thing. You can try to educate people into not doing the wrong thing, but as long as the underlying metaphor is "mail" it will be very hard to make significant progress.

            Actually, I'd argue that email works in a very mail like way, even when it's being used against the recipient.

            Say someone sends you a letter. You open it, read t
      • Well, damn, if "The IT Fepartment (TM)" was doing its job properly, then the viruses, trojans and spam would not reach the users in the first place. There are enough toys out there that can stop the shit.
      • So you mean that HTML email, Outlook and Outlook Express should be banned, and only plain text emails should be allowed? Any attachments must be GPG/PGP or S/MIME signed?

        Good idea. Now enforce _that_ in the American workplace.
    • If it's that bad, why not plan a sort of preemptive strike? Send all the users in your organization some Britney Spears e-mails and suspend the accounts of those who open any attachments?
    • Yeah, but I had some users who would purposely click on everything just to cause their work system to get a virus. Since it was not their home system, they didn't care and thought it was funny. What needs to be done is to have some sort of consequence for their action if it can be proven that they were not being ignorant, but just stupid. They thought it was humerous until I told them I had to take their system off line for hours until I could get to it and they can go explain why they can't get any work
    • There is a simple solution when dealing with this.

      Don't try to educate the users, for that is futile and will fail.

      Instead, all the users to educate themselves, by presenting them with the bill for the costs of thier stupidity.

      They will learn very quickly...
  • As long as there is 'celebrity' mania, we will have issues like this. Off late, there has been a upsurge in 'celebrity' endorsed marketing, promotions, etc.
    As long as people buy these gimmicks, we will continue to see issues like this.
    • This is a more complex problem. Viruses are much more of a problem now than they were fifteen years ago. The reason is simple: profit. As long as people can earn money by creating zombie computers, asking for ransom for your files or what have you, malicious hackers will find a way.

      Think about phising attacks: all you need is a relatively uninformed victim and you have access to their bank account. Celebrity emails just target a different segment of potential victims. The real question to ask is, to what
  • Hot_britney_sex_video.exe for free?? And all I have to do is click yes? Awesome!
    • The link you posted to Hot_britney_sex_video.exe must be /.'ed, any mirrors?

  • Biggest, most effective spam celebrity of them all (Score:5, Insightful)

    by ScentCone ( 795499 ) on Wednesday June 15, 2005 @08:17AM (#12822528)
    Is, of course, ourselves. My experience with phishing and other social-hacks-by-email suggest that the ones that seem to really trip people up are the ones that recipients think are about themselves. I have seen the enemy and he is us.

  • Virus Drills (Score:5, Interesting)

    by bigtallmofo ( 695287 ) on Wednesday June 15, 2005 @08:19AM (#12822545)
    I've said this many times before, but my idea is to stage virus drills. Every week or so, the IT department should send fake viruses to a random population of the corporate environment. It will have an attachment that will only report to the IT department who opened it. Once a user opens the fake virus attachment, they must watch a 2-hour video on their own time on the subject of "safe email habits".

    Pretty soon, they'll be too paranoid to open any attachment.

    • Re:Virus Drills (Score:3, Insightful)

      by Linker3000 ( 626634 )
      Pretty soon they won't check their email at all and the organisation grinds to a halt!
    • I did this once. I sent out an exe that would reboot the machine when ran, and renamed it "virus - do not run.exe". I sent it out to everyone in the company with the subject of "Do NOT run this exe". Needless to say, I got a few phone calls from annoyed (idiotic) users that had lost work. I've no sympathy at all. None. Zilch. Nada. Geen.
    • Once a user opens the fake virus attachment, they must watch a 2-hour video on their own time

      Which, depending on the exact wording of their contract, may well be unenforcable.

    • I applaud your creativity, but that's bad training.

      • Some users may never see the virus-laden email, since the junk email controls you have implemented (haven't you?) will catch your message.
      • Users will bypass it. Word will quickly spread about the test, probably by an email "hoax warning" from that tech wannabe in the office. Users will have a heightened resistance to your mail, or on the other extreme may open it since they know it's from you.
      • It sets up the IT department as the villain, perpetuatin
      • For the most part you can remove the problem. Block *all* executable attachments and scripts at the mailserver. If they want to send an executable, then need to zip it. In my experience users have no trouble understanding that.

        This works extremely well (kept a couple of places I was at virus free for years without any other effort) but lately viruses have started hiding themselves in zip files.

        Since things like Norton and McAfee are often behind the curve with their virus definitions there's still a sm
    • This is done several times a year in the Air force. After it is done, they report the results (how many people clicked on the malicious link, etc.) People may privately feel silly, and then life goes on. In short, it doesn't seem to do the trick.

  • not so innocent . exe (Score:3, Informative)

    by Speare ( 84249 ) on Wednesday June 15, 2005 @08:23AM (#12822571) Homepage Journal
    Reminds me of a page I wrote a few years ago, for newcomers to Linux. I included an explanation of "file type determined by contents" versus "file type determined by extension."

    http://halley.cc/ed/linux/newcomer/filename.html [halley.cc] includes a simple graphic to accompany the text.

  • Isn't this obvious? (Score:5, Funny)

    by J Barnes ( 838165 ) on Wednesday June 15, 2005 @08:41AM (#12822703) Homepage
    There's some sense of satisfaction I get in knowing that every time a person ogles, clicks, downloads or otherwise interfaces with that pizza-faced mess known as Brittany Spears, there's a good chance their computer will catch the clap.

  • No Surpirise Here (Score:3, Insightful)

    by rudy_wayne ( 414635 ) on Wednesday June 15, 2005 @08:44AM (#12822724)
    "entice the user to click the link/executable. Of course the latter is the easiest, and is the most effective when used in conjunction with a celebrity's name. "

    Proving once again that the number one security problem is not Windows, or flaws in Windows -- it is user stupidity.

    • Well, the executable bit helps. A clueless Linux user wouldn't chmod +x britney.jpg.pl just because an email told them to would they? And they wouldn't be able to damage the system because it would be running with user permissions.
    • This is not really a protection. It is certainly easy to imagine a "user friendly" email program that turns the executable bit on for you when saving an executable file. If the program is capable of figuring out what to do when you double-click the file, it can do this too.

      Then again, if there was a simple "open xyz" program that could be exec'd, then implementing double-click would be trivial, and thus the programmer may avoid the complexity of turning on the executable bit. Such a program is missing from

  • Say what? (Score:3, Funny)

    by catdevnull ( 531283 ) on Wednesday June 15, 2005 @09:03AM (#12822908)
    Osama bin Laden is a celebrity? ...I guess he is on Al Jazeera

  • I find it rather disturbing... (Score:3, Funny)

    by EphemeralPhart ( 107572 ) on Wednesday June 15, 2005 @09:09AM (#12822966)
    in that I recognize every one of those individuals. I can even put a face to most of them !

    What gamut of innate garbage must my brain contain beyond that...

    I'm disgusted by the cesspool that is my mind and, for once, very conscious of the torrents of crap being sluised into it every moment.

    And here I am reading slashdot.

  • At the CIA (Score:3, Funny)

    by jdepons ( 644113 ) on Wednesday June 15, 2005 @09:18AM (#12823048) Homepage
    Agent: "Cheif, we interceped another email from Osama Bin Laden"

    Chief: "We got him this time. Open it asap"

    Agent: "I don't understand, all it did was change my home page to xxxarabia.com"

    Chief: "Damn you Bin Laden!"

  • I'm surprised I haven't seen anyone comment on the fact that Britney is also one of the top music viruses! Hasn't anyone noticed that CD's are being sold with her picture on it claiming to have music on it?

  • Anybody else surprised? I would have thought Paris Hilton had the most viruses.
  • I can imagine how such an email reads:

    Dear friend, my name is Ali Ben Ogampa. I'm confiding in you because I am in need of a trustworthy associate. I'm a relative of Osama Bin Laden, whose assets have recently been frozen by the US government. However, I would be able to extract assets worth 20 mio $US with the help of a US national, who would offer to receive the sum split into small sums in his bank account and forward it to me, minus a handling bonus of 5% of the entire 20 mio ...

Slashdot Top Deals

To be awake is to be alive. -- Henry David Thoreau, in "Walden"

Close