Another Nasty Outlook Virus Strikes 388
Goldberg's Pants writes: "ZDNet and Wired are both reporting on a new virus that spreads via Outlook. Nothing particularly original there, except this virus is pretty unique both in how it operates, and what it does, such as emailing random documents from your harddrive to people in your address book, and hiding itself in the recycle bin which is rarely checked by virus scanners." I talked by phone with a user whose machine seemed determined to send me many megabytes of this virus 206k at a time; he was surprised to find that his machine was infected, as most people probably would be. The anti-virus makers have patches, if you are running an operating system which needs them.
Re:It's the culture, stupid. (Score:2)
What i mean: Users want the ability to run email attachments indiscriminately. They do not currently have this ability, not safely.
Microsoft could make this safe. Microsoft could (at the LEAST, this could be done within the context of XP; create a user with no priviliges?) throw together something that would run executables attached to email in a sandbox that couldn't touch the hard drive or do anything "evil". Then the users would be happy.
Hm. A secure sandbox that programs in emails or webpages can run inside of. You know what would be a good way to give the users this? Give them the ability to double click and run java applets from their email, then encourage joe cartoon and everyone to distribute their attachments as if for the java vm. Oh, wait, i just remembered-- Microsoft just struck java vm access from outlook for "security" reasons, didn't they? silly me. Well, i guess it's good to know that microsoft is doing something to send a signal that security is more important to them than the things the users frivolously want.
Re:An observation... (Score:2)
Re:solution: don't use outlook (Score:2)
Don't be rediculous here. How can you say that ANY MAILER that renders HTML is vulnerable to an attack? Does that apply to my browser accessing my webmail account?
Though Outlook may have some problems here, it is entirely acceptable to believe that a mailer can render HTML emails in a safe and protected way. And the same for Javascript - Javascript can be annoying, but the security holes it has introduced have not been severe. The security problems here are not inherent to HTML and Javascript, they are caused by poor mail clients. It is important to not confuse the problem.
Re:unfortunately, (Score:2)
--
Re:How long? (Score:2)
Alex Bischoff
Media is now just as slow as about a decade ago (Score:3)
I have received the first email sent by that thing three days ago and reported some brief analysis to bugtraq, got a "rejected, send to incidents" response, sent to incidents [denver.co.us], and apparently there is still nothing in the archives -- I have no idea why, incidents list posts all kinds of "I have seen a big spider hanging over my keyboard, I think he tried to hack me" stuff.
.For everyone interested, messages with virus and extracted infected documents are here [denver.co.us].
Re:These virus writers have no imagination... (Score:5)
You don't want virus writers with imagination. You *really* don't. A truly imaginative virus writer would likely devote all sorts of creative energy toward thinking up nasty things to do to your computer.
I'm still waiting for the trojan that silently installs itself, then once every day looks for spreadsheets on your system and randomly changes three numbers in every fifth file. Or perhaps it finds your Word documents and randomly removes the words "do not" from a few places. Or maybe it flips a few bits in your swap file, or munges your C++ compiler so that your programs randomly destroy the user's partition table one time out of a thousand. Maybe it sends death threats in your name to president@whitehouse.gov, or anonymously tells Microsoft that your company is pirating Windows.
No, I'm quite happy with the current crop of dull, stolid, entirely *un*imaginative virus writers, thank you very much!
Re:MacOS (Score:3)
I'm on MacOS using _eudora_ and all these sorts of files are dead inanimate matter to me.
Almost a megabyte of dead inanimate matter over a 56K modem just since this afternoon alone...
I am _so_ _pissed_ _off_ at this crap. I've taken to spamcopping the victims, using this note to their postmasters (where applicible):
"Please suspend this user's account. They are propagating the SirCam worm, and that must stop directly.
-postmaster@airwindows.com"
I have it as a clipping ready to be dragged into the spamcop personalize box, which is what I do when I am so overloaded with spam that I can't get time to type, but not so overloaded that I just give up- which has been the case until recently and this is what brought me back into the fray. _I_ _hate_ _this_... can't we declare Outlook illegal or something? Classify it as a weapon for denial of service attacks.
Re:But Unix has been able to do this for 30+ years (Score:2)
Re:What does your post have to do with the OS? (Score:4)
So why doesn't Outlook do this automatically? Seriously - Outlook could set up a dummy user account at installation time and whenever an attachment is to be executed it could use the previously created dummy user to execute it. To all the posters who wrote that setting up a dummy user to execute attachments is too hard for most users, too cumbersome, or too inconvenient, what's the problem if this is built into Outlook and transparent to the user?
there's a mushware version, too (Score:2)
hawk
good bloody luck . . . (Score:2)
> be stopped is by making it socially unacceptable (improper netiquette)
> for anyone to send executables through email.
For crying out loud, we can't even get people not to send messages in html . . .
Re:These virus writers have no imagination... (Score:3)
absolutely not. One of the things I learned practicing law is that the reason we're not in serious danger from the criminal element is because *criminals are stupid*. They don't draw the connection between crime and punishment. THeir planning is lousy. I actually had one where five of them stole 70,000 (using my client's mother'ss car as a getaway vehicle), and each took their $5,000 share. It took the police ten minutes to get it through to them that the ringleader ripped them off.
Or the one that had to be rescued by the police after getting toasted, robbing a bar with a toy uzi, and then *going back in*, whereupon it was recognized and he was stabbed nearly to death . . .
If they had what we generally think of as "Average intelligence," we'd be in serious trouble (of course, this would in many cases keep them from criminal behgavior, too).
virus writers are just another kind of criminal . . .
hawk, esq., etc.
Devil's Advocate (Score:5)
That said, the SP2 release of Office/Outlook prevents anything from accessing your address book, and will pop up a confirmation. It doesn't prevent idiots from opening the attachments, but it does create some thought beforehand.
I can appreciate the idealism of using Linux for everything (I'm a Debian developer for god's sake) but for my job, I have to use Outlook, so I do, because I like my job, and I'm not going to quit because of that minor inconvenience.
I suppose this qualifies as a rant, and possibly will be modded to "Flamebait" or "Troll" but let's try and tolerate some dissent on this board for a change.
Re:Devil's Advocate (Score:2)
Re:Devil's Advocate (Score:2)
Yeah, I got a couple this evening (Score:2)
Seems this one is pretty popular. I never got any I LOVE YOU mail or anything of that ilk, but I've had a couple of copies already today, both with attachments named after somebody's Excel spreadsheets.
- jon
Re:Why continue using Outlook? (Score:5)
>>Furthermore, Outlook actually helps out the "idiot" users.
There is a principle in the Toyota Production System that goes something like this: "If a worker makes a mistake once, it may be the workers fault. If a worker makes a mistake twice, it is the supervisors fault. If a worker makes a mistake three times, it is management's fault".
Most human beings on the face of the earth are not technically minded and DO NOT WANT to understand the details of how the tools they use work. If every time Joe Homeowner flipped on a light switch there was a 1% chance of a nuclear power plant melting down, we wouldn't be using much electricity, now would we?
While Microsoft is to blame for creating insecure tools (keeping in mind that larger market share means more attaraction for attackers), responses along the line of "stupid users don't understand how to use e-mail" are not acceptable, either.
sPh
How 'bout several alternatives... (Score:2)
Lotus Notes
GroupWise
These all provide the same general functionality as Exchange/Outlook does.
Of them, Bynari works both on Windows and on Linux.
And, I'd beg to differ about the "hard to beat" since most companies can get the same functionality and most of them don't really use the thing to it's fullest anyhow.
Win2k running idle IIS by default...yeah, but... (Score:2)
Re:Why continue using Outlook? (Score:2)
For my own stuff, I'm a fan of Eudora.
--j
Re:Sheesh... (Score:4)
Seems like folks using a "Trojan" should be safe from getting a "Virus". :-)
--j
Re:What does your post have to do with the OS? (Score:2)
___
Re:solution: don't use outlook (Score:2)
the two I received had the extension .pif but digging around with a hex editor just about convinced me they were a standard executable. I'm not sure how windows handles .pif files though, there are definately some different things going on there.
Chris Cothrun
Curator of Chaos
File extension (Score:3)
Windows also brought up a different right click context menu with the file.
don't ask about accidently double clicking the thing...
Chris Cothrun
Curator of Chaos
Re:unfortunately, (Score:2)
Many people really want all computers to be the same. However, it appears that variety may save us from the "one true exploit". If we didn't all run the same freaking programs, problems like this would have a much milder effect.
The Microsoft Patch (Score:2)
But, technically, you can't *get* this virus on M$ Outlook, if you're reasonably up to date on patches. Outlook "protects" users from viruses by simply disallowing you to look at *.exe attachments. You can't even forward them to yourself through Outlook. Dumbest solution I've ever heard of.
--
#include <malloc.h>
Im sticking with Outlook (Score:3)
First off, the only way to make macro capabilities even worth a damned was to include functionality that could also possibly be used for - *gasp* - viruses! Oh no! Shit man, big deal. Why is it that I can look at the attachments on my emails and plainly see an attachment that ends with
I certainly understand that these viruses are capable of creating better disguised files (such as spreadsheets with autorun macros), but every Office app has an option to NOT autorun macros. IIRC, this is the default option (at least on Office 2000-- havent touched XP). And beyond that, that virus started off at some point as a script file. It took some jackass who wasn't paying attention to get it going.
As well, the only reason this is even an issue is because of the number of people that use Outlook. Say someone wrote a "macro virus" for some Linux GUI mail client which supported scripting of some kind (Python, for arguments sake). It could disguise itself into other files, send random files to random people and generally spread itself just like these Outlook ones do. The only reason we'd never see news about something like that is because there arent the numbers of people using such clients that are using Outlook clients and as such, I imagine there aren't very many virus kiddies out there looking to target the Linux geeks of the world.
Now, don't get me wrong. I'm no GO MICROSOFT! guy or anything, but at the same time I realize that when it comes to them, many people on this site don't even give a second thought before finding them guilty of murder...
These virus writers have no imagination... (Score:4)
I'm sure that someone can come up with even more interesting things than this...
--
Re:These virus writers have no imagination... (Score:2)
Re:It's the culture, stupid. (Score:2)
And if that was all Microsoft did here to cause a problem, you'd probably be right.
But most users do not want the system to lie to them about a file's name, causing them to think it's NOT an executable file when it in fact is.
Most users do NOT want their email to be able to destroy their entire system, and thus would be perfectly happy if said executables ran in a "jail" that couldn't affect the rest of the filesystem without a prompt. "This program is attempting to delete c:\windows\SOMEFILE.EXE, should I allow it to do that? (OK/CANCEL)".
Most users do NOT want their email to be able to run scripts without them even having opened the message, much less clicked on something.
Microsoft themselves have admitted that a number of things have been included because exactly one large customer wanted it, that affect how everything else on the system is designed. This is more than likely one of those things.
-
Be that as it may (Score:2)
Be that as it may (and you certainly know a different breed of GNU/Linux users than I
It is one thing for foolish users to undermine or gut existing security features. It is another to make the features non-existent, then blame the users with "well, it's what they would have done on their own anyway." People aren't generally as stupid as we like to think
Unconscionable (Score:4)
Good Lord.
This reminds me, almost word for word, of statements typically made by rapists and child molesters. While the situation is vastly different (thankfully), the behavior of the guilty party, Microsoft, is appallingly similar: refuse responsibility for one's own actions and blame the victim.
The cause of these (now almost cliched) viruses is, quite simply, the appallingly lax security in the Microsoft Operating System and mail utilities, a lack of which is unequaled anywhere else in the computing world. Whether by design, negligence, or simple incompetence the fact remains: if you run any version of Windows, IIS, or Outlook, you are vulnerable to this sort of thing regardless of how savvy or cautious a user you are, and there is little or nothing you can do to protect yourself. Indeed, by the time you know of the exploit (assuming you are savvy enough to keep up on such things, which IMHO is asking far more of the user than simply learning a few basic commands a la GNU/Linux or DOS, much less a few GUI variations from with Windows paradigm a la Mac, KDE, or Gnome) chances are the malicious crackers have been exploiting it for weeks or even months.
Contrast this with the rest of the computing world, in which exploits are published and fixed as soon as they are found (and usually found by the product developers and/or testers before they are exploited), and in which the basic security paradigms allow one to secure the system in as paranoid a fashion as the situation requires, and the mind truly boggles at Microsoft's inability to at least match the quality of competing products such as Mac OS/X, the various *BSD flavors, and GNU/Linux.
It is bad enough that Microsoft appears incapable of building a secure system. It is even worse that they knowingly market an insecure and unstable system as though it were secure and stable (were there still any kind of "truth in advertising" requirements they would certainly be paying hefty fines for falsly marketing their products). It is unconscionable that they refuse to accept responsibility for their own engineering, choosing instead to blame the victims of its failure: their customers.
Re:It's the culture, stupid. (Score:2)
you just set up your email server to automatically destroy any attachment that is not an accepted attachment.
and if your users whine, tell them to work at another place you arent going to allow it.
Simple, to the point. and Voila... No more problems...
In fact I have my servers set to reject all html email. bouncing the message back to sender stating the fact why it's not allowed.
Works great, and as a gigantor corperation, we can get away with it.
Re:The Microsoft Patch (Score:2)
The actual name of the received file, for example, is [b]resume.doc.pif[/b], but in Windows Explorer, even with "show filename extensions" turned on, it shows up only as [b]resume.doc[/b].
Re:It's the culture, stupid. (Score:2)
No, the problem is with the applications. NT is multiuser (even though everyone logs in as administrator anyway, since NT doesn't have a "su" command and logging out/in whenever you want to install something is too much trouble). Having the apps run scripts as a sandboxed user wouldn't be very hard to do. But Microsoft just doesn't care enough about the problem to actually bother doing it. (And since their apps are closed, no other party can add this feature, so what Microsoft cares about actually matters.)
---
Re:How long? (Score:2)
It is hard to get into the heads of virus writers, so this is mostly just speculation, but...
I suspect the reason we haven't seen any seriously malicious email viruses yet, is because the virus writers don't want the problem to get addressed. They are enjoying seeing their viruses spread. Right now, the industry tolerates the viruses and doesn't mind losing a few million dollars here, a few million dollars there, etc.
If a truly malicious virus appears on the scene, and the loss figures go into the billions of dollars area, then the industry will stop tolerating the viruses and the software that executes them. Outlook/Word/Excell/IE will get fixed or be replaced, and that will be the end of the virus writers' fun.
---
Re:Devil's Advocate (Score:2)
Probably nothing.
It's as if your company's policy is to have a night watchman who invites his friends over at night to go through your desk and try to trash your stuff and see what they can embarrass you with.
Since the PHB's are incapable of seeing that this is a bad idea, you are forced to live with it, by not keeping anything personal in your desk and keeping important files backed up and encrypted.
If Microsoft would publish a protocol for connecting to Exchange servers, this problem and all its waste would _vanish_ as other clients emerge.
POP 3 is a pretty good standard in that it lets users use any mail client that they like to get their mail.
I use Sylpheed [good-day.net] for Linux - I could just as easily use Outlook Express or Netscape or whatever...
All you can do at your company is to be as careful as you can in protecting your files and be ready to explain the alternatives to anyone who is starting to realize that Outlook is a Bad Idea.
In the mean time, well, hang in there.
Cheers,
Jim
MMDC Mobile Media [mmdc.net]
Damn.. (Score:4)
Cheers to mutt
It's the OS, stupid. (Score:4)
$ su /home/fred123 /home/fred123/* /home/fred123/* ./suspicious.exe
/etc/shadow: permission denied
Password:
# useradd fred123
# passwd fred123
Changing password for user fred123
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully
# cp suspicious.exe
# chown fred123.fred123
# chmod 700
# exit
$ su - fred123
Password:
fred123$
suspicious.exe:
Aha!
fred123$ exit
$ su
Password:
# userdel -r fred123
# exit
The problem here isn't even gullible users. It's the fact that under Win9x, you're running as god all the time, and can seriously hurt yourself. Under Linux, I can create a temporary user in about 30 seconds, go crap all over the resulting sandbox, and I *might* release a forkbomb or fill up /home... if I was being lazy. If I was really worried about it, I could ulimit the bejeezus out of the new userid, and whatever little surprises lay in that exe wouldn't get past first base.
And it's not just Linux, or other Unixes... VMS, NOS, NOS/VE, VM/CMS... IS there another OS out there that DOESN'T have proper ACL's and CPU/process limits? BeOS, MAYBE?
Yes, there are a lot of clueless Windows users. There is still no excuse for deliberate insecurity on the part of the OS. As for Microsoft "giving the users what they want"... As Norm Schwartzkopf would say, bovine scatology. See previous comment.
Re:How long? (Score:2)
-sam
Re:It's the OS, stupid. (Score:2)
I support people everyday in using technology, both corporates and home users. A lot of people simply don't know how to do what you do to protect yourself. "Well they should learn", you say. Easy for you. Do you think my mother could learn it? She's flat out turning a computer on let alone creating a user "sandbox" to run attachments on her email.
The glory of Windows (be it good or bad) is that it makes communicating on the Internet really easy for those that can't do what you can. Unfortunately, the age old trade off of ease-of-use for security is still present although becoming less and less.
It's hard to please everyone all the time, and if a software company had to focus on every angle to the Nth degree all the time, then we'd never get software out the door. Sure Linux is well developed from a security standpoint, but it's no where as easy to use as Windows/Mac for the average consumer.
If Windows had of been as security focused as Unix from day one, then I doubt it would be as rich in user interface and ease of use as it is today. Hopefully Windows 2000/XP will pick up some of the slack reputation that the Windows 9x line has earnt Microsoft in being inherently insecure, but only time will tell.
Just remeber it's all very easy from where you stand, and not so easy for others, even the software companies.
Re:Why continue using Outlook? (Score:2)
mozilla.exe -mail
It's basically the old school Netscape Communicator email client with a dash of red lizard hehe.
I don't believe it has the email attachment flaws Outlook is prone to, but anyone who decides to see the attachments included deserve what they get. It should be common sense to not open anything remotely suspicious if you're on a Win32 platform.
Anyways, I like using Mozilla's mail client. Reminds me of the days when Netscape was decent.
----------
Re:How long? (Score:2)
-Restil
News five days old... (Score:2)
That said, I popped in to work this weekend to upgrade my servers AV protections (liveupdate refuses to work on my email servers. grr.) and, sure enough, I've been averaging one infected document every two hours. So it's possible we'll see a whole host of fun come Monday, 9am, when all those folks who got infected emails over the weekend open them up...
Re:These virus writers have no imagination... (Score:2)
Re:Sheesh... (Score:2)
The last point is untrue. Since in order for this to work you need mail software which treats emails as executable code. Something which is rather specific to Windows apps (and Windows itself.)
Re:How long? (Score:2)
Re:documents (Score:2)
You're either incorrect or a lucky recipient. The largest infected e-mail I've received so far had an attachment of 17.5MB.
Oh, I forgot, that's the average size of a Windows-binary.
Re:Sheesh... (Score:2)
Re:Sheesh... (Score:2)
No it would not really. I know of no linux email readers which let you execute an attachment by clicking on it. Also There is no such thing as a "standard address book" in linux so the virus would not be able to spread itself so easily. BTW the same applies for eudora. If doubleclicked on a
The point is that windows and outlook have a myraid of security holes which are very easy to exploit by any body who can hack out a few lines of VB. Other systems don't.
Re:What does your post have to do with the OS? (Score:2)
Not that new (Score:2)
Re:documents (Score:2)
I dunno about this virus, but the Magistr virus only mails out full documents with a certain (low) probability. I.e. most of this virus' mails will just use the title of the document, or small extracts as the mail subject, but every now and then, a full .doc attachment would be sent out. Probability of this happening is very low, but not zero.
The interesting thing about this is that it gives "cover" to disgruntled employees who wish to deliberately leak confidential stuff to suppliers or to competitors: as the virus exists, and its modus operandi is "well known", those people now have an easy excuse ready if they're caught. Quite a cunning move of the virus writer actually!
Re:How long? (Score:2)
Re:How long? (Score:4)
Actually, there is a simple cure to this, and it has even been used by Code Red: operate in two phases:
- A spreading phase, where you don't do anything malicious, except infect other machines. Best if done as low-key as possible: only attempt to infect those people that use Outlook (analize headers of recently received mails), attach yourself to documents that the user sends, rather than making up documents of your own, etc.
- An active phase, where the fun really starts: DOS the withehouse, mail out confidential
.doc files, thrash the BIOS and hard disk, etc.
The difficult part of course is timing. If the active phase starts too early, you may not have enough of an "installed base" to really wreak havoc. And if it starts too late, a cure may already exist by then.Re:How long? (Score:5)
Good idea... but who assigns virus names? It was my understanding that the names under which a virus is known is usually not chosen by the author, but by the anti-virus community once it is "discovered". Thus, it would be rather hard to scan for its name, as it will not be known at the time of writing...
Re:Devil's Advocate (Score:2)
MacOS (Score:2)
-- Pure FTP server [pureftpd.org] - Upgrade your FTP server to something simple and secure.
Re:Sheesh... (Score:2)
------
Re: (Score:2)
Re: (Score:2)
Re:These virus writers have no imagination... (Score:2)
- - - - -
Re:Why continue using Outlook? (Score:2)
It isn't like MS invented this type of security hole, you would just think that after this many years, things would have gotten better, not worse. It used to be that when a problem like this was discovered, the author would do something about it: strip ANSI codes, etc. Instead, MS, dealing with an audience about 100 times less computer literate on average than the people above, insits on using user education, rather than the "right" solution of making a language and sandbox that lets people have dancing babies but not damage their system.
I don't mean to knock user education: I am all for it. But in this case, even if possible, user education can't solve this problem. There is *no* way for a user to determine if a file is safe to open, without actually doing so.
Re:It's the OS, stupid. (Score:2)
$strings suspicious.exe|more
/etc/shadow
Why does this need to access
$cp suspicious.exe
$su - chroot_user
chroot_user@host]$ gdb suspicious.exe
gdb>
Re:File extension (Score:2)
Re:Why continue using Outlook? (Score:2)
Maybe this is the software equivalent of "it's not what you know, it's who you know."
(Btw, you really can't compare Communicator's mail program to Outlook in terms of features and functionality, unless you meant Outlook Express.)
---
Re:Devil's Advocate (Score:2)
True enough. However, it has its own slew of problems:
Re:Why continue using Outlook? (Score:4)
Outlook Express, at least, has a horrible user interface for attachments. First, *any* attachment with *any* extension will trigger the dialog, which means users will ignore the dialog after seeing it several times. Second, it conveys the possible threat from the file type only by displaying the extension, and many users haven't memorized what extensions are safe and which aren't. Third, it only asks that you "be certain that [the] file is from a trustworthy source", which doesn't help much if the "trustworthy source" is infected by the same attachment.
Re:Why continue using Outlook? (Score:3)
This sort of trojan can theoretically be ported to any platform that has an email client and an address book.
Re:Sheesh... (Score:4)
It is exactly the same as if the user downloaded the trojan from an FTP site or through Gnutella, it's strictly an application. It doesn't rely on being received via email, all it needs is for the user to choose to execute it. Now if that application (trojan) happens to be a Linux executable, it's going to run when the user tells it to run. It's going to go ahead and read whatever address book it can find and spam everyone with a copy of itself.
It's naive to think this problem only affects Windows users. It's only a matter of time before someone creates a Mac or Linux port.
Sheesh... (Score:5)
Of course, then the headline would have to be "Idiot Users Still Exist, Nobody Surprised" -- doesn't really have the same aire of panic though, does it?
Joe emails a rogue application to Jane, Jane runs the code which then emails itself (and an arbitrary document) to people in Jane's address book. Sounds like something that could be implemented on any OS, doesn't it? You can't patch user stupidity.
Anyhoo, let the Microsoft bashing begin! Everyone get your pitchforks and flaming torches, but leave your dictionaries at home.
Re:Why continue using Outlook? (Score:3)
Right. They only have to understand how to use them, and that includes understanding possible consequences of using them incorrectly.
Morale: "Messer, Schere, Gabel, Licht, ist für kleine Kinder nicht." Don't give someone who does not know how to use it, a tool that could become hazardous.
Just as an example: Today's internet is swamped by users who want to send e-mail "cuz its c00l" but probably don't know what an attachment is. They don't need to know - as long as their email client does not support attachments.. As soon as they get the possibility to send attachments, they must learn
You don't give a 15-year old a 200mph racing car just because "everyone has one". Similarly, you don't give someone without training a gun. (Yes, I know it's different in the US. Does that make me wrong?)
Use the tool that do the job. And make sure the user is educated. Simple tool: simple education. Powerful, complex tool - detailed education. Simple as that.
(Yes, I know I'm dreaming. Please reply to slashdot at jensbenecke dot de if you are interested in serious discussion. I might miss you here.)
What does your post have to do with the OS? (Score:4)
All you've shown is that you are an extremely paranoid person and not that your OS of choice is some fantastically secure manifestation of operating system design. Most Linux users I know would not go through all that trouble if mailed a perl script or executable (or heck, compiling some obsfucated source from someones
And it's not just Linux, or other Unixes... VMS, NOS, NOS/VE, VM/CMS... IS there another OS out there that DOESN'T have proper ACL's and CPU/process limits?
Windows' ACL support has been more mature than Linux's for a long time. Because you don't know about it doesn't mean it doesn't exist.
--
Re:These virus writers have no imagination... (Score:4)
--
An observation... (Score:5)
One thing I've noticed is that it's always my work address that seems to get the viruses. In the 10+ years that I've had personal email addresses, I think I've only had maybe 2 even delivered to any account. (This includes free Outlook-enabled web accounts).
There's only a couple conclusions I could draw from this:
1) I am a supreme personal system administrator and do not let any common mundane virus issue affect the harmony of my smoothly oiled machine. (you do you oil computers, right?)
2a) All of my personal friends are apparently not as stupid as they look (this one is hard to believe).
2b) All of my work collegues are definately more stupid than they look (ok this one isn't so hard to believe). heh
3) There is some kind of shield made up of impervious virus-fighting smurfs that protect my personal computer 24 hours a day.
4) Karma (no not that kind)
or most probable:
5) Someone has been reading and deleting my personal email for years.
Re:solution: don't use outlook (Score:5)
Unless, of course, it's something like Javascript code, or an unruly image tag. Exploits of this nature have been discussed on BUGTRAQ (more recently as an example of how poor PHP programming can cause security problems [duh!], so don't think I'm picking on Outlook here). Any mailer that displays even plain HTML as soon as you view the message can be attacked, and ones that do Javascript are INSANE.
Sotto la panca, la capra crepa
Re:The Microsoft Patch (Score:3)
--
documents (Score:3)
anyway, one stupid thing is that all the reports call it "privacy" sensitive because it sends out personal documents from your drive... but from all the stuff I received over the weekend, I noticed it's just the name of the document it uses... the actual content is the virus itself; an executable disguised as a document...
of course, since lots of windows users use 50% of the document contents in the name of the file, it could be quite emberassing if it picks the right document
No, the real question is: (Score:3)
GET A DAMN CLUE PEOPLE!!! (Score:5)
It seems just about every damn virus nowadays spreads via Outlook or Outlook Express which is too bad
But has anybody (specially Timothy) actually paid any attention to the damn stories?
Nowhere in these stories is it claimed that Sircam uses Outlook to spread! Maybe Timothy got the idea from reading this [cnn.com] CNN [cnn.com] article.
Geez, people, do you believe everything that CNN says? It's not like I really expect CNN [cnn.com] to get this right, but /. [slashdot.org] readers are supposed to be better than that!
In fact, the Wired news clearly says that the virus serves as it's own SMTP client. A lot about this virus in fact resembles how the Judge Disemboweler virus [symantec.com] operates.
The only thing that can be interpreted as using Outlook to spread itself is the fact that it takes its e-mail addresses from Windows Address Book files; however it will also try to get addresses from some files in the 'Temporary Internet Files' folder. This means it should be able to spread without any need for Outlook (just some e-mail client and a user naive enough to run the attachment) and without Windows Address Files.
All the usual sources of virus information seem to agree about this virus serving as its own SMTP client. Please check for yourselves:
http://www.symantec.com/avcenter/venc/data/w32.sir cam.worm@mm.html [symantec.com]
http://vil.mcafee.com/dispVirus.asp?virus_k=99141& [mcafee.com]
http://www.antivirus.com/vinfo/virusencyclo/defaul t5.asp?VName=TROJ_SIRCAM.A [antivirus.com]
http://www.antivirus.com/vinfo/virusencyclo/defaul t5.asp?VName=TROJ_SIRCAM.A [ca.com]
http://www.sophos.com/virusinfo/analyses/w32sircam a.html [sophos.com]
http://www.europe.f-secure.com/v-descs/sircam.shtm l [f-secure.com]
http://service.pandasoftware.es/servlet/panda.pand aInternet.EntradaDatosInternet?operacion=FichaViru s&idVirusFicha=1911&pestanaFicha=1 [pandasoftware.es]
http://support.centralcommand.com/cgi-bin/command. cfg/php/enduser/std_adp.php?p_refno=010718-000010 [centralcommand.com]
This thing has it's own SMTP server... (Score:5)
---------------
I never wanted to go anywhere. I'm happy here...
um... the answer is simple (Score:4)
also, the number of emails processed increases the probability of infection, spread, etc. for the above class of people, they spend much more time at work on a computer than they do at home.
----
Another Nasty Outlook Virus Strikes (Score:5)
Score: -1 (Redundant =)
-Kef
Re:What does your post have to do with the OS? (Score:3)
Can you do the following in Win2K/XP? (This is only half rhetorical -- I freely admit that I'm less than fully versed on Windows-based security. I suspect that at least some of these are doable in Windows.)
The scripting issue is, I suspect, where it really wins. If a user can start something with 'saferun some_app' instead of just 'some_app', it's much less of a hassle, and it's that much more likely that a user won't do something stupid. It also limits damage to programs that're capable of breaking out of chrooted jails, when running as a user-level process. It's at least theoretically possible, but in the process, we've managed to cut out a lot of potential exploits.
Clear up some misinformation. (Score:3)
My personal firewall blocked their smtp program from sending - but then it attached itself to ie and ran through IE's security area in my firewall. It is set to send thru the smtp server you have setup in your mail program. It sent thru my local email. The only reason I noticed was paranoia and running netstat.
This virus can and does attack more than just outlook. I run Pegasus. If it infects an outlook machine it sends to emails in their address book, in my case it went thru the cache of IE. I had to send apologies to a bunch of tribes players. It doesn't parse emails very well as I got 10-20 obviously broken emails bounced back.
Norton would not remove it and at that time their was no mention on any site or newsgroup so I was forced to remove it myself. Hiding in the recycle bin took me a second time to catch.
If you read your email from a web client you can still get infected and it can still send out depending on your setup.
If you run an email server - you can block this virus very easily as the text comes in two flavors an English and Spanish version. Here is the text:
I send you this file in order to have your advice
Espero me puedas ayudar con el archivo que te mando
Pretty embarrassing, but don't just dismiss this as another love bug virus hitting outlook.
Chet
Re:Why continue using Outlook? (Score:5)
Who would bother writing a virus that will affect 11 people ?
Re:solution: don't use outlook (Score:3)
I don't know enough about it to determine the extent to which it can affect non-Outlook clients. I do know that, according to CNET, it does try other means of spreading as well.
Curiously, the virus resides in the recycle bin... If you don't run Windows, no worries ;)
A little off-topic but:
Now it would be harder to do, but imagine a worm written in C that would spread as source code and then recompile on various client computers, thereby appearing to be different viruses on different platforms...
Sig: Tell all your friends NOT to download the Advanced Ebook Processor:
Writing viruses != computer valdalism (Score:3)
For those unfamiliar with the Bliss Virus, it is/was a research virus written as a proof of concept (complete with all sorts of safety features, like an auto-removing feature) which eventually accidently was released on the net. ig the adminsitrator ran:
bliss --disinfect-files-please
the virus would remove itself from the system (good responsible code design-- it cleans up after itself).
My point is that writing viruses != computer vandalism. They usually coincide but not always. This virus we are following is pretty clearly one covered under computer valdalism (who writes Outlook viruses as proof of concept anymore anyway-- it is too easy and would not do any good). ANY virus with a payload is malicious and probably a criminal offense in most countries. This worm carries a payload, so its intents are clear.
Sig: Tell all your friends NOT to download the Advanced Ebook Processor:
How long? (Score:5)
How long before one of these reformats it's host after reproducing 500 times?
Rhetorical questions - I hope.
--
"I'm not downloaded, I'm just loaded and down"
Re:solution: don't use outlook (Score:3)
Errr, I'm still waiting to see any HTML attack agains my mutt+w3m reader.
Now, be serious. The problem is not HTML nor JavaScript, but the bad programing skills used to create some mail readers.
Or simply plain stupidity, like OutLook running lost of things by itself.
The is that it is impossible (thanks God) to create a computer program that is smarted then a human being (at least, smarter then us
---
Re:Use Pine (Score:3)
---
Re:solution: don't use outlook (Score:4)
Is this how java got so damn popular?
Unthinkable - Thinkable (Score:5)
Re:The Microsoft Patch (Score:3)
Hmm, it would make me suspicious. I'm used to all text files being opened in gvim.
Re:How long? (Score:3)
where the fun really starts: DOS the withehouse [sic]
Actually I think it would be fun to Linux [linux.org] the whitehouse. [whitehouse.gov]
Whoops, too late [netcraft.com]: The site www.whitehouse.gov is running unknown on Linux.
OK, I'll stop now.
solution: don't use outlook (Score:4)
This will not be the last time we see a Slashdot headline of this nature (and I seem to recall that it's not the first either...)
It's the culture, stupid. (Score:4)
The underlying problem here is that people have come to accept executable attachments as the norm. Years of silly Flash greeting cards, "snowball fight" games, and Joe Cartoon crap sent across offices since the mid-1990's have hooked Windows users on native-binary attachments. The only way that this sort of activity can be stopped is by making it socially unacceptable (improper netiquette) for anyone to send executables through email. Think about what would happen if one of your colleagues sent you a random Linux binary through email and claimed it was a greeting card - would you run it? Well, the drooling masses will run any .exe that a "known" source sends to them, and that is the crux of the problem.
Unfortunately, it is in content producers' best monetary interest not to change their distribution strategy to use a format that requires less trust (such as .swf or even .html). That would artificially limit the quality of their goods, and closes the door to including "value-added features" (like spyware) to their attachments. Therefore, the situation shows few signs of changing anytime soon, and users will simple work around any stopgap measures in their email software so that they can continue to play their "frog in the blender games" in perpetuity.
-all dead homiez
Oh Crap! (Score:4)
With all this media attention my Mom's gonna start sending every freaking bogus virus warning on the planet (She scares very easily; The poor dear!).
I'd rather get the virus.
:)
Once again I miss out on everything (Score:5)
I completely missed out on that whole "Anna Kournikova" thing and now I can't even run this one...
It's either buy Outlook or hope Lotus Notes releases a "Microsoft Virus Enabler" patch
*sigh*