Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

Virus Piggybacks Microsoft Mail Worm 545

metacell writes "A virus (a version of the Chernobyl virus) infects an email worm executable (the Klez worm), and is spread along with it. " It's a damn good *delete* thing that Microsoft has been *delete* spending the last few weeks doing a *delete* security audit *delete* of all of *delete* ah never mind. My wrist hurts from deleting over a meg of mail worm viruses a day.
This discussion has been archived. No new comments can be posted.

Virus Piggybacks Microsoft Mail Worm

Comments Filter:
  • Solution (Score:5, Interesting)

    by Chardish ( 529780 ) <.chardish. .at. .gmail.com.> on Tuesday May 07, 2002 @08:24AM (#3476576) Homepage
    Hmm, maybe Microsoft could just disable scripts in their email software? That sounds like a good option.

    No one uses Outlook macros anyway, except worm writers. It's common sense that I don't want any software, not just viruses, automatically sending email without my consent or confirmation (or even knowledge!)

    • Re:Solution (Score:2, Funny)

      by bsoftware ( 552663 )
      But thi is not "for the consumer's best interest"! consumer's best interest [slashdot.org]
    • There are LOTS of places that use Outlook automation/workflow apps. I've worked at two. Just FYI.
      • I would say there are LOTS more who do not. If we include all the home users then I would say MOST do not. So why is it active be default? Why not activate it when/if you need this feature?


        I have not seen one company who uses this feature intetionally but they all have it activated and I have helped hundreds of them clean up after a virus. It does not matter if I turn it off because I do not maintain their networks and they will just reactivate it the next time they reinstall their system. On top of that they are not willing to pay someone to setup their network securely.


        If you are talking to managers they see absolutely no need to spend good money on security/AV. They bought norton so all is well. Norton will save them.


        It's a bird ...It's a plane .... no it's Norton


        Oh! Why do I need to keep it up to date????

        • For the record I would agree more don't use it. I agree the defaults should be more secure in Outlook. What I was responding to was the suggestion that NO ONE used Outlook/VBA scripting. I can assure you, that is not the case.
    • Re:Solution (Score:3, Interesting)

      by Hemi Rodner ( 570284 )
      You can do it yourself.
      Options > Security > click on "Restricted sites zone". After that, click on "internet options" in the control panel, select "security" > Restricted sites, click on "custom level" and disable everything.
    • Actually, the company i work for has a product that uses Outlook to automatically notify users of events generated outside Outlook, and I'm sure there are any number of other products that do something similar. Just because YOU don't want it doesn't mean it's not useful. Also, by default outlook lets you know if something is trying to automatically send an email on your behalf, and lets you cancel the action.
      • Require PKC! (Score:5, Interesting)

        by eddy ( 18759 ) on Tuesday May 07, 2002 @09:06AM (#3476880) Homepage Journal
        Just because YOU don't want it doesn't mean it's not useful.

        You don't have to remove the functionality; just make it REQUIRE the script to be CRYPTOGRAPHICALLY SIGNED by a known entity, like the sysadmin.

        Fucking simple solution, unless you wanna argue that clients should execute code from UNKNOWN and UNTRUSTED sources for some reason?

    • Re:Solution (Score:2, Informative)

      by JThaddeus ( 531998 )
      Unfortunately, my sources tell me the Outlook and Office team at Microsoft insisted on putting it in--over the objections of the Visual Basic team who knew it was a bad idea from the start. The Office logic was "We make more revenue, we want it, you have to do it." Now if only MS would get stuck with some major suits over it the would clean up their act.
    • Re:Solution (Score:4, Insightful)

      by killmenow ( 184444 ) on Tuesday May 07, 2002 @09:17AM (#3476960)
      Then again, maybe Mail/System Admins could install some AV software with daily updates and the Outlook Security Patch [google.com] along with a backend server (Exchange or OpenMail [now Samsung Contact]) that can implement server-side policies to prevent users from overriding and running executables anyway.

      With this done, viruses and worms have little effect.

      And the constant reminders to your user-base of proper e-mailing habits does eventually sink in.

      Outlook is insecure...yada yada yada...people should take responsibility for their systems and stop blaming Microsoft for everything...after all, they're only responsible for maybe half of the world's problems.
      • Re:Solution (Score:3, Insightful)

        Then again, maybe Mail/System Admins could install some AV software with daily updates and the Outlook Security Patch [google.com] along with a backend server (Exchange or OpenMail [now Samsung Contact]) that can implement server-side policies to prevent users from overriding and running executables anyway.

        With this done, viruses and worms have little effect.

        And the constant reminders to your user-base of proper e-mailing habits does eventually sink in.


        And if there's a street near your house with lots of potholes and cracks, you can get larger tires, better shocks for your car, and instruct your passengers to hold on tight when you turn onto that street.

        Or you can just take another street :)

        Getting the city to fix the potholes isn't a bad idea either.
  • If Microsoft had done their past few weeks of security audits properly then there is no way that this vulnerability would remain unpatched.

    It is still unpatched, right? Otherwise your submission just looks like stupid MS bashing.

    • Yeah. You wouldn't want to go off on a rant without checking the basic facts, right? I mean that would be really stupid [microsoft.com]. (For the clue-impaired, check the date)
    • If Microsoft had done their past few weeks of security audits properly then there is no way that this vulnerability would remain unpatched.

      More importantly, if Microsoft had done their job properly in the first place, Outlook would have never been released with so many gaping security holes.

      Seriously, there is no excuse for releasing a product that auto-executes code/macros in email upon retrieval, EVER.
  • Antiviral? (Score:4, Interesting)

    by Ioldanach ( 88584 ) on Tuesday May 07, 2002 @08:26AM (#3476592)
    Now that someone's thought of infecting a virus with another virus, when will a white hat think of infecting Klez with some sort of antivirus. Let Klez think its doing its work, but don't actually delete the files its trying to delete. Then, a few weeks later, have code that just shuts down the Klez virus altogether.
    • This makes no sense for email worms. They do their damage by overloading servers when they replicate. An "antivirus" would do the exact same thing.
    • Just make a virus that installs Linux and Evolution. Problem solved.

    • Re:Antiviral? (Score:3, Insightful)

      by GregWebb ( 26123 )
      No.

      The first worms out there (as I recall) were autonomously helping computers - fixing problems, tuning them and so on. All beautiful, the computers fixed themselves.

      Until someone came in one morning and found the machines jammed on 100% CPU and playing up. The worm had a bug in it. At which point, research stopped quickly because it was shown just how destructive this sort of thing could be.

      Please, nobody try and piggyback helpful code onto an e-mail virus. How sure are you that there isn't a single bug on any possible client platform?
    • by mindstrm ( 20013 ) on Tuesday May 07, 2002 @09:32AM (#3477053)
      I say this because it isn't the first time 2 viruses have bonded together. I recall many moons ago when a couple other viruses got together.
      Viruses usually employ a mechanism to detect if a file is already infected, so they don't keep adding to the size of the file. One used a marker at the beginning of the file to decide if it was infected, one at the end. So the first virus infected the file, the second came along (modifying the beginning as per normal virus behavior, and adding it's marker to the end), then the first came along again and saw the file was not infected so infected it again. THen things stayed the same.

      So it would show up as containing virus A, but you could not disinfect it properly, because it would just re-infect as soon as it was run. B wouldn't show up because B was actually a layer down.

      On a side note.. the #1 thing that has reduced the number of viruses coming out of my office has been to ban the use of outlook/outlook express.
  • by 11thangel ( 103409 ) on Tuesday May 07, 2002 @08:26AM (#3476593) Homepage
    Since Outlook is propogating virii, it is responsible for electronic havoc. According to the new legislation, that classifies Outlook as an electronic terrorism program. Ok, so I'm dreaming, but wouldn't you love to see SWAT teams breaking down doors to sieze copies of Outlook?
    • hmm... according to your logic Boeing are liable for their planes crashing into the WTC?

      I think not.

      • Well, that hasn't gone to court yet. More probable is that the airlines will be held liable for lax securiy.
      • ...but then, Boeing jets don't have intrinsic flaws that make them likely to fly into tall buildings.

        (BTW... Is there a version of Godwin's law for gratuitous references to terrorism or the WTC yet?)

      • Um, troll, no.

        When Boeing originally sells a plane, it works perfectly. When MS sells Outlook, it should work perfectly, but doesn't. As time goes on, the plane ages and stops working perfectly. As time goes on, Outlook does not age, and should continue to work perfectly (theoretically), but still continues to not work perfectly. As time goes on, if flaws are found in a Boeing plane that result in a plane crash (not due to aging), Boeing is responsible. As time goes on, if flaws are found in Outlook and causes electronic havoc, MS is responsible. If someone chooses to take a Boeing plane and intentionally crash it into a building, Boeing is not at fault. If someone takes Outlook and intentionally uses it to spread a virus, or commit other malicious behavior, MS is not at fault.

        Capiche? Or is that too complicated for you?

        Now, if Boeing designed the navigation systems of its planes with a bug that caused them to direct towards and crash into any nearby buildings by default, then Boeing is at fault.
    • by Black Parrot ( 19622 ) on Tuesday May 07, 2002 @09:58AM (#3477203)


      > but wouldn't you love to see SWAT teams breaking down doors to sieze copies of Outlook?

      They already do that, except that it's federal marshals [linuxtoday.com] instead of SWAT teams, and it's done for agregated petty theft instead of mass murder.

      Oh, well... our society almost has it right.

  • by rehabdoll ( 221029 ) on Tuesday May 07, 2002 @08:27AM (#3476596) Homepage
    Just deleted this klez mail:

    Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
    Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
    We developed this free immunity tool to defeat the malicious virus.
    You only need to run this tool once,and then Klez will never come into your PC.
    NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
    If so,Ignore the warning,and select 'continue'.
    If you have any question,please mail to me.


    Ofcourse, an infected file was attached with the mail..
  • by justanyone ( 308934 ) on Tuesday May 07, 2002 @08:27AM (#3476598) Homepage Journal
    Why isn't there a version of Evolution for windows? It's great software - I'd pay for it if it wasn't free. And, NO VIRUSES!!!

  • by swb ( 14022 ) on Tuesday May 07, 2002 @08:27AM (#3476604)
    Klez seems worse than other mail-based worms. We've been getting a pretty steady, intense barrage of Klez infected mail for a couple of weeks now. Previous outbreaks peaked for less than a week and then tapered off.

    It's also been a PITA because of the way it sends itself out as someone in the infected person's address book. This impersonation has caused all the lusers to keep asking "Who is someluser@somedomain.com and why does he say I'm infected?!?!??!??!"

    ...not to mention some of the cryptic message subjects that come through.
  • Options? (Score:5, Interesting)

    by InnereNacht ( 529021 ) <paulp@lappensecurity.com> on Tuesday May 07, 2002 @08:28AM (#3476605)
    Alright. I've been in the field for some time but have never really pursued this: What other options for email clients do we HAVE besides Outlook/Outlook express in a windows environment?

    I'm pretty sure that Eudora is still around, but what is out there for windows-based, user friendly software? It'd almost be worth the switch just to avoid all these damn Outlook-friendly virii.
    • Re:Options? (Score:2, Informative)

      by cheebie ( 459397 )
      Forte Agent is what I use for email and newsreading. I'm pretty happy
      with it so far and have gotten 0 virii/worms. It doesn't render HTML, but I
      consider that a feature. I use it on an individual basis, so I can't intelligently talk about its use by a larger group. You can even download it for 30 days free
      to check it out.

      See Agent Product Page [forteinc.com] for more information.

      (disclaimer: I don't work for Forte, I'm just a satisfied customer.)
    • I know you by "windows-based, user friendly" probably mean some form of the standard windows GUI, but I personally find Pine [washington.edu] easier to use than anything else. Probably because that's what I'm used to, but then again that's why people like the windows GUI too.
    • Re:Options? (Score:4, Informative)

      by Izeickl ( 529058 ) on Tuesday May 07, 2002 @08:49AM (#3476769) Homepage
      The Bat [ritlabs.com] ofcourse, seriously, check this mail client out, it has all the features you could want...Includes PGP encryption as standard too. I use The Bat all the time.
    • Re:Options? (Score:5, Informative)

      by Will_TA ( 549461 ) <will__mann@hotmail.com> on Tuesday May 07, 2002 @09:03AM (#3476858) Homepage
      Options away from Outlook? In Windows My university uses Pegasus, my favorite is Balsa (Linux/X Windows), Pine ('nix/Cmd Line)or Eudora (Winblows)
    • Re:Options? (Score:5, Informative)

      by RazzleFrog ( 537054 ) on Tuesday May 07, 2002 @09:18AM (#3476966)
      How about you just educate yourself and your coworkers instead? Email viruses are not just about the program used - they are also about ignornace. Here is a hint to get you started:

      1) Apply all security patches from Microsoft.

      I was just interupted as I was typing this by a coworker asking me about a virus (talk about synchronicity). We don't use Outlook and she wasn't infected but she printed out the email and showed it to me. Sure enough - whatever.scr. I told her to delete it immediately.

      Why did she ask me first and not print it? Because we have a policy here - which brings me to point 2:

      2) Don't open anything that isn't work related.
      3) All computers show all extensions on files.
      4) Only open files that you expected with .xls or .doc extensions only (no .doc.js, etc.).
      5) If you get anything else - then ask me or somebody else informed about the latest viruses.
      6) When in doubt, call the sender and ask if they intended to send the email.

      With all of these in place, when a virus is sent to one of our employees it does not propogate.

      I leave you with this thought. A few weeks ago somebody in another department received an email warning about a virus go around. The email said to email this warning to EVERYBODY IN YOUR ADDRESS BOOK. One of my coworkers received the email and asked me about it. Of course it was a hoax and I wrote an email back to the original sender telling her that she basically just sent out a manual email. If everybody sent out that email to everybody in their address book it would be a disaster. The moral of the story - ignorance is the worst virus.
      • Re:Options? (Score:4, Funny)

        by gosand ( 234100 ) on Tuesday May 07, 2002 @10:43AM (#3477506)
        Pardon my frankness, but what are you smoking? Which do you think is easier for a company to do - mandate that everyone use a specific email program, or educate them about not being stupid and opening attachments?

        The general public not only doesn't understand why they shouldn't open attachments (obviously), they don't understand why anyone would write a virus. When I once told someone to not open attachments that might contain a virus, their reply was "why would they want to infect MY computer". The whooshing sound going over their head was so loud it almost broke the sound barrier.

        Honestly, people are stupid and gullible. If you don't believe me, look up gullible on dictionary.com. They updated the definition recently, and it actually says "A very large percentage, nearly 80%, of the human population is extremely gullible." It also cites some documented studies, and indicates that they are actually considering removing gullible from the English dictionary. I would have included a link to the actual page, but my internet access is down at the moment.

        Companies cannot afford to give their employees the benefit of the doubt. They have to force things on them. Instead of changing email clients, they should just be outlawing executable attachments. The ones who need educating are the admins, because they see over all the users. You can't believe that it is feasable to educate all the users. Maybe in small companies, but not in large ones.

        • Re:Options? (Score:3, Funny)

          by epukinsk ( 120536 )
          The whooshing sound going over their head was so loud it almost broke the sound barrier.

          You mean the sound almost reached the speed of sound? Wow, he/she really was stupid.

          -Erik
    • We use Lotus Notes, it's great. It has all the groupware functions your users will demand, such as calendar, appointments, to-do list, disscusion threads, etc. It has pretty good security, and is very reliable. I was mortified when our parent company told us we had to switch to Outlook. Fortunately we were able to convince them to allow us to keep Lotus Notes.
    • Re:Options? (Score:2, Informative)

      The thing to be aware of is that the latest versions of Eudora, by default, use IE to read e-mail that contains HTML. It is the same control that outlook uses to view mail. If you don't turn it off Eudora will also automatically execute attachments if they exploit a vulnerability in IE.

      On the bright side, you can switch it off and use Eudora's built in viewer.

      http://www.iss.net/security_center/static/8609.p hp

    • that Eudora is not user friendly or windows based?

      We switched the whole company to Eudora for this very reason. It's good, yet somewhat obscure now and virus writers don't target it.

      It's also much better at dealing with attachments, and doesn't corrupt mailboxes as often. It's easy to store years worth of mail in eudora.

      Eudora.

      Netscape communicator's mail client seems popular as well.

    • Generally, Outlook is targetted because it's so widely used. So if you use an email client other than Outlook, and which doesn't use some of the same libraries (and thus the same bugs) that Outlook does (eg. using MSIE to display html email), then you'll be safer.

      If some other email client becomes popular, then this same argument would apply to that. Although, often a program is popular for a reason, so personal preferences may make this argument moot.

    • GroupWise 6. A nice little package, reasonably similar to Outlook, and it uses the standard MAPI that comes with Windows, as opposed to the bastardized version Microsoft implants with Office installs.

      Plus, no macros.

      Plus, the GroupWise AntiViral Agent (GWAVA) has served us well by blocking infected email at the gateway.

      And if you're running a Novell network, the management tools integrate right in. No more juggling accounts! Yay.
      GMFTatsujin
  • CmdrTaco is RIGHT! (Score:4, Insightful)

    by sheriff_p ( 138609 ) on Tuesday May 07, 2002 @08:28AM (#3476607)
    Because, there hasn't been an Outlook patch kicking around for some time now. And because no open-source software has bugs. Ever.

    So, in short, there's two lines of Microsoft bashing there, accompanying a really dull story about a virus that no AV software has any trouble detecting?

    Must be the slow season I guess.
  • by sheean.nl ( 565364 ) <sheean@[ ]ean.nl ['she' in gap]> on Tuesday May 07, 2002 @08:29AM (#3476616) Homepage
    no mather how good a patch is, some people will always remain unpatched/unupgraded. And some of those people also gets viruses and everybody gets irritated by that, I mean, everytime I check at someone's else's PC it ain't patched.
  • I use outlook
    I have done for many years
    I like the interface, its easy to use, and I'm used to it

    However, in the past few months I have been recieving more and more viruses and it has seriously made me reconsider my position... Last week alone my virus scanner blocked atleast 50 virus infected emails

    I never open attachments, I have the preview pane turned off, I have outlook set to use the restricted zone for emails, I have norton scanning every email I get - but just yesturday I got an email informing me that I'd sent an infected mail out...

    I will almost certainly be moving away from outlook within the next week just to get away from it all
  • by hansendc ( 95162 ) on Tuesday May 07, 2002 @08:31AM (#3476638) Homepage
    My wrist hurts from deleting over a meg of mail worm viruses a day.
    How many times do we have to hear Taco complain about deleting email worms? You can script up a huge database-backed website, but you can't write a freakin' procmail script?
  • its not that hard

    allspam folder grows and the sensible people who dont send you worms + virus because they use a decent mailer dont get abused

    simple why are you haveing such a hard time ?

    ah you must run outlook or be unable of adding filter rules OR even asking you local sysadmin to do it for you all of which mean your a moron

    regards

    john jones

  • Suggestion (Score:5, Funny)

    by szcx ( 81006 ) on Tuesday May 07, 2002 @08:32AM (#3476649)
    My wrist hurts from deleting over a meg of mail worm viruses a day.
    Fire your administrator. What kind of idiot runs mailservers without AV software installed?
    • Hmm, yeah, I have yet to get any virus e-mails actually in a long time. Last ones I got were about 2 years ago. I also deal with a large number of people, so my address isn't exactly private.
    • I'm not a server admin by trade, so I don't get involved with mail server administration duties all too often. Can someone suggest some links to mail-server based AV software for Sendmail, Qmail, others?

      I often end up providing "tech support" to those who know I'm a "computer guy". None of their hosts use server-based AV software, but I'd like to send them some links.
  • Outlook (Score:2, Insightful)

    by mikethegeek ( 257172 )
    The BEST virus spreader evern invented... The sad thing is, it doesn't MATTER IF MS fixes it, there are so many millions of the "take me in the ass, script kiddie" versions of Outlook and/or IIS running on 2000/NT and 9x workstations owned by users with no clue as to how to patch their systems that this will be a problem for YEARS...

    I'm telling you, software makers NEED liability. It's the only way we will ever have responsible programs released. Right now, software makers can get away with selling products that have defects in them on the order of ones that if they were in cars, would send Ford or GM into receivership.

    These e-mail worms would never be able to spread in this way if it were not for defects in Microsoft products.

    Until software houses are FORCED by liability that can't be EULA'ed away, there will never be wuality control.
    • Re:Outlook (Score:3, Insightful)

      by Fizzlewhiff ( 256410 )
      I'm telling you, software makers NEED liability. It's the only way we will ever have responsible programs released. Right now, software makers can get away with selling products that have defects in them on the order of ones that if they were in cars, would send Ford or GM into receivership.

      Before you go asking for something like this think about how it will impact the open source and free software community. All software has bugs. Bugs for the most part are not intentional. Would a free software project have the resources to fight off litigation caused by exploit? Punish the script kiddies if you want to punish someone but don't go after the industry because of a few bad apples. This is very similar to copy protecting CD's because a few people might pirate the contents.

  • by Anonymous Coward
    While it seems a little draconian, holding individual users liable for viruses that spread via their machines makes sense to me. I'd liken it to automobile collisions--if your failure to properly control your car on the road leads to someone else's property being damaged, you get sued. After all, the owner/operator of a computer, even a home PC, does have the ability to prevent their machine from becoming a vector--if not by picking secure software, then simply by disconnecting the machine from the Internet.

    If the incentive existed, individual users would tend to take more responsibility for what moves through their computers.

    And sure, most people with PCs and email today don't have a clue about virus transmission, but why should that be an excuse to let their irresponsible behavior cause damage to everyone else? Either get a clue, or leave the net to people who have one.
    • holding individual users liable for viruses that spread via their machines makes sense to me. I'd liken it to automobile collisions--if your failure to properly control your car on the road leads to someone else's property being damaged, you get sued.

      Great, now I'll have to get liability insurance on my computers too.
  • My wrist hurts from deleting over a meg of mail worm viruses a day.

    Procmail [procmail.org] is your friend. As soon as I get more than 4 or 5 copies of a spam / worm / virus, it gets a procmail rule to autodelete it. Simple, really...

  • So let's see. We have a worm. It's infected with a virus. Double your damage, double your fun... reminds me a little of flesh-eating streptococcus. Regular strep, you get a sore throat and a week or so of penicillin. Give that strep a virus, suddenly your arm starts melting.

    Now what I want to know: is this train wreck a coincidence or has someone been cross-breeding?

    /Brian
    • ....has someone been cross-breeding?

      From the article:

      "As far as (Chernobyl) is concerned, the Klez worm is just another file to infect," Weafer said. "It's quite common to see piggybacking effects when you have worms that have been propagating for a long time in the world."

      Pure fluke by the looks of things - Chernobyl has been around for ages (4 years) and happened to infect Klez as it would any other file. When you think about it, people who're still catching 4 year old virii are more likely to be propagating the newer stuff too.

  • by kpetruse ( 572247 )
    Now I dislike MS as much as the next man, but let's not blame them for all virus emails.

    Most (but not all) email virus/worms are Javascript, Visual Basic or .EXE files that are sent by email. Clueless users double click on these because they are...well...clueless, and think that they are games/pictures/nudey photos of Kournikova, whatever. This activates them, and allows the worm to read the address book and either use Outlook or its own SMTP routine to send itself to all the people in the address book.

    MS put the "double click" functionality in to make people's lives easier, and on the whole, they have. Outlook is very easy to use and this is one of the reasons it's so widespread (another being that it's very powerful, but that's going off topic). Combine this ease of use with how common MS Outlook is, and you'll see why virus writers write viruses for it. If some new Mail client became as popular, don't think for a minute that it wouldn't have similar viruses.

    All that it takes to stop viruses like Klez is for the mail administrator to block attachments with .exe, .js and .vbs extensions (plus some other little tricks) and this kills 99.9% of viruses stone dead. Either that, or get your user base educated enough to not blithely double click on everything they see.

    I'm not talking here about some of the rather more ominous security holes in Outlook - those that allow code to run by previewing the message - because anyone who hasn't patched that yet is a moron. And there are a couple of holes which MS should be hauled over hot coals for, but they aren't exactly the only software firm to produce insecure software.

  • Never mind the the Klez virus, those elaborate virus hoaxes are far more annoying because you need to educate the person that emailed you about it that it is in fact a hoax. One only has to look at the latest hoax that tricks user into thinking jdbgmgr.exe, the Microsoft Debugger Registrar for Java is a virus. [f-secure.com]
  • by AmiNTT ( 539586 ) on Tuesday May 07, 2002 @08:46AM (#3476750) Homepage
    I'm a half-owner of a small web development company in Ottawa, Ontario (Canada). When we discuss email with our clients (new and old) we *strongly* warn them about the dangers of using MS Outlook (well, MS anything, really). Many are dumbfounded to find out that all the viruses, worms and macros are targeted at MS software. We urge them to change to something else. We should all be doing this. The more users we can get away from MS Outlook, will directly translate into less trouble for ourselves because who do they call? Certainly not Ghostbusters. ;-) Even if it means setting up just a few systems that don't use outlook, the next time around something clever and nasty is released, those systems won't get infected. Then we bring that to the attention of the PHB's (Pointy Headed Boss, for you non-Dilbert readers). Explain that because those systems weren't infected, it saved x hours. Just about everyone that we have infuence with has stopped using outlook (with the exception of uncle Bob, but hey, thats his problem). Its saved us time and energy. In a way, its our duty, as people in the know, to move them away from MS software. Why use software that is going to cause problems? Is Outlook so amazing that it is worth the hours of problems caused by virus outbreaks? I would say no. I like the kind of software that you install, it works and doesn't cause any troubles. Besides, migrating users to something else (Opera, Mozilla.. anything!) takes licencing bucks away from MS. ;-) And thats always a good thing.
  • by Qwerpafw ( 315600 ) on Tuesday May 07, 2002 @08:47AM (#3476762) Homepage
    It's ridiculously funny how email apps (outlook in particular) spread virii.

    Think back on a bunch of the copyright issues. Basically, one of the problems is that you are in trouble if your work can be used in illegal ways with great ease. Thats why napster got busted--the courts found that their system was often used for illegaly violating copyright laws, and that they didn't do enough about it (saying "Don't steal music != enough).

    well, I am seeing potential lawsuits against microsoft here. Clearly their software is commonly used for spreading virii, and clearly they, too, aren't doing enough about it.

    Suuuuuure. They say that security is a "focus," but nothing has really changed. So they obviously are condoning, even promoting, virus writing! Microsoft must be sued to stop them from spreading email virii. It's for the good of the country that this evil corporation must be kept from promoting the internet terrorism which costs taxpayers millions every year.

    Just a thought to keep you smiling. :)
  • by bmooney28 ( 537716 ) on Tuesday May 07, 2002 @08:50AM (#3476774) Homepage
    Frankly i've been facinated with the Klez virus for two reasons...

    First of all, I did some calculations, and found that there are over 1600 different subject line possibilities alone with this virus! This takes into consideration the number of variable words within the subject lines, and doesn't even account for the number of different message bodies. All things considered, there are probably over 10,000 possibilities!

    The second thing about Klez that I find interesting is the payload... You often get totally random files from people's computers (if they survive virus removal)... For example, one of my coworkers got the 2001 operating budget of her church, and was able to see how much everyone was paid, how much they blew on projects, etc... Opening your inbox is like opening presents on christmas morning... most of the stuff is pretty boring, but every once in awhile you open something interesting!


    • No I'm not trolling, but sometimes I wonder if the writers of Klez / Sircam et.al, were infact white-hats trying to show the average MS user to take security seriously and patch there machine!
      Yeah, every office worker knows something about this "security thing" and how the boss said they shouldn't write there passwords down. But only when they start getting mailed other peoples confidential info will they sit up, take notice and patch, or so you would think! Maybe it backfired a bit.

      Incidently, try setting your gnutella client to look for .doc .xls and other MS extentions. The number of idiots who have misconfigured there clients (installed on work machines) to share there entire hard drive is worrying. Wake Up!

  • by Nomad7674 ( 453223 ) on Tuesday May 07, 2002 @08:51AM (#3476785) Homepage Journal
    Okay, as a long-time Mac user and a reader of Linux sites like this, I know that Windows carries a massively larger burden of virii than other Operating Systems out there. Time and time again, I have heard it said that this is due to their market share - hackers want to be seen and thus make their virii attackers of the software that most people have. But this really rings hollow for me - the MacOS has always been relatively free of virii, as has Linux, as has BSD, as has AmigaOS, as has BeOS etc. This seems to imply that maybe aside from marketshare, Microsoft engineers (or marketting staff) are doing something wrong.

    Let's take a constructive approach to this topic. With so many SysAdmins out there, what are the TOP TEN things that Microsoft (or any OS maker) can do to prevent virii? I am just a humble Business Analyst, but here are a few ideas that come to mind for me (I hope the coders will forgive my ignorance on some of the finer points):

    10. Disable scripting in certain programs (e-mail) by default.
    9. Automatically download security pactches to PCs if they are of a sufficient severity level (but put measures in place to make sure the same mechanism is not used to transmit virii/worms)
    8. Auto-detect large numbers of e-mails being sent at once and alert users before sending
    7. Make the default install for all systems the most secure install
    6. Create a system to auto-report virus/worm infections to a central (independent) agency for monitoring (user-selectable kill switch for this functionality should be available tho)
    5. Allow purchase of "health insurance" for PCs by Microsoft to reimburse for lost productivity/hardware due to infection - monetary incentive for MS to push quality and security
    4. Create a module of the OS to track virus reports/alerts and display them in the taskbar - produces one trusted source for alerts and to decrease the effectiveness of e-mail hoaxes
    3. Integrate virus alert into mail program for incoming e-mails - advise users when a known large-scale e-mail virus/worm is out there to decrease openning of infected mail.
    2. Give sysadmins the ability to change e-mail setting for all users when a large-scale outbreak is going, to specifically turn off scripting, html reading, java, etc.
    1. Provide a method for a daily audit of all processes running on a machine to identify all those not initiated by the user, and flag those taking part in suspicious activity.

    Not sure if those are insightful or lame. But feel free to improve upon this list, ad infinitum.
    • First of all... AmigaOS free of virii? Huh? I encountered a lot of boot sector viruses back in those days. Oh, and my favorite was the arguments about the virus that supposedly embedded itself in A500 memory expansion clock.

      Now as far as what Microsoft can do, let's look at your list and what they have done.

      10. Done. New versions of Outlook by default disable scripting.
      9. Windows XP automatically downloads security patches. This functionality should be extended to universally cover Office and other products as well.
      8. Done. New versions of Outlook by default will warn a user if an external app is trying to use it to send email, and further warn if it's being used rapidly.
      7. Pretty much done with WinXP. There are a few settings relating to domain authentication that can be strengthened by default. I think they are not because it would cause connectivity issues with older NT domains.
      6. That would be virus protection and step on third parties like Norton and McAfee.
      5. That's not Microsoft's responsibility.
      4. Again virus protection.
      3. Again virus protection.
      2. Done. This is part of the Active Directory integration.
      1. Process auditing has been part of NT since the very beginning. What you want is reporting on that, and I don't think you fully appreciate just how big of a task this would be. This functionality is really only useful in more secure DoD installations because of the scope.

  • by muerte24 ( 178621 ) on Tuesday May 07, 2002 @08:59AM (#3476839)
    I have psuedo-responsibility for our tiny network of about 15 computers. So some jackass has to use Outlook to sync his email with his expensive handheld, and he gets nailed by Klez.

    So Klez works even by simply previewing the message and launches itself. It has its own mail sending engine, and forges the From: field to look like it's real. It also copies past Subject: fields to fool the recipient.

    But this time, our little friend Klez has brought his little friend Elkern32 [mcafee.com]. This nasty little guy infects executables on the infected computer, and is also network aware and infects files across the network. So even people who didn't use Outlook were infected. Some people had hundreds of infected programs on their computer.

    And a cool thing about Elkern is that it can randomly overwrite a files bytes with all zeroes, while maintaining the file length. It can be nasty.

    All this because no one updates their virus definitions.

    Muerte

  • Why doesn't Microsoft, by default, disable scripting and in Outlook? This is where Outlook is weak at and where the root of all it's problems come from.

    Otherwise, more viruses will just keep coming and coming.
  • My wrist hurts from deleting over a meg of mail worm viruses a day.

    Your wrist hurts? As in... you're using a mouse to delete mail? You use a GRAPHICAL email program???!!!

    Oh. Oh Commander Taco. We thought you were so elite... (weep)

    In a related note, a _meg_ a day? Who are all these losers that have CmdrTaco's email address stored in their outlook address book? When I sent email to slashdot, I telnet to the SMTP server directly and type it out, just so I can mock all the lusers who have to use pine.

  • My wrist hurts from deleting over a meg of mail worm viruses a day

    Yes, Taco, it is from handling your mouse that has caused your wrist trouble..

    Yeah, sure.

  • A patch to fix all of Outlook Security problems can be downloaded here [eudora.com]
  • That likely only applies to NEW shipping software - all that old vulnerable stuff out there will need to be 'updated' at something like $85 a pop or more - can you say "80 Billion in the bank" ?

    It's always worked before....

  • by oldmacdonald ( 80995 ) <johnasmolinNO@SPAMaim.com> on Tuesday May 07, 2002 @10:00AM (#3477212)
    This is really cool. From the article:

    "As far as (Chernobyl) is concerned, the Klez worm is just another file to infect," Weafer said. "It's quite common to see piggybacking effects when you have worms that have been propagating for a long time in the world."

    So it is likely not that someone was trying to make Klez worse, it just happened on its own.
  • My wrist hurts from deleting over a meg of mail worm viruses a day.


    That wasn't from deleting e-mails, it was from your viewing too much pr0n.
  • viruses (Score:4, Insightful)

    by kz45 ( 175825 ) <kz45@blob.com> on Tuesday May 07, 2002 @11:33AM (#3477865)
    metacell writes "A virus (a version of the Chernobyl virus) infects an email worm executable (the Klez worm), and is spread along with it. " It's a damn good *delete* thing that Microsoft has been *delete* spending the last few weeks doing a *delete* security audit *delete* of all of *delete* ah never mind. My wrist hurts from deleting over a meg of mail worm viruses a day.

    Maybe you should tell the people on your contact list to stop opening attachments (or at least get the latest patches). Microsoft is all but Moron proof.

    linux machines get hacked into every day. Is it a linux flaw? no...it's a user flaw. So why should Microsoft be nay different? Maybe because they're against open source?

Men occasionally stumble over the truth, but most of them pick themselves up and hurry off as if nothing had happened. -- Winston Churchill

Working...