Slashdot Mirror

In the mean time, I'll show you some other security experts. For instance, there are the largest antivirus companies, McAfee (NAI) and Symantec (Norton).

To provide some quotes from these pages:

If the user runs the attachment the worm runs using the Windows Scripting Host program.

Payload trigger: On execution of email attachment

Seems like they're on my side. The CERT advisory doesn't explicitly say either way how the virus is executed, but it does tell users to exercise caution opening attachments, which implicitly says that opening an attachment is required.

The worm utilizes a known Microsoft Outlook Express security hole, Scriptlet.Typelib, so that a viral file is created on the system without having to run any attachment. Simply reading the received email message will cause the virus to be placed on the system. --from http://www.symantec.c om/avcenter/venc/data/wscript.kakworm.html.

Granted, this is the kak virus, and granted MS issued a patch, how long is it before someone ports the ILUVU virus to exploit this hole where the user DOES NOT NEED TO OPEN THE ATTACHMENT, just view it. Outlook and OE have horrible security. Tying the scripting language into the system was their way to make MSN as easy (sorta) to set up as AOL. Ever tried to set up MSN? Uses pervasive scripting which does not always ask for a prompt before runnning. This is not a buffer overflow error, but one (perhaps of many) exploits where windows scripting does not ask for permission to run.

For any of you protecting your Exchange 5.5 server with Norton Antivirus (Symantec), there are signatures here. They aren't tested or approved, AFAIK, but they're working at my location. It won't repair the file but will quarantine bad attachments. You might want to keep the server off your network while you do this. Stop your store while you're copying the signature file to your server, then pull your ethernet cable when you want to start it again to run NAV.

That url is ftp://ftp.symantec.com/public/english_us_canada/an tivirus_definitions/norton_antivirus/spe cdef

I sent the following to Symantec via online feedback forms. We'll see what happens.

Product Feedback
URLabs support(They're the subsidiary apparently responsible for IGear)

/*begin letter*/
This is something that should more properly be sent to public relations, but no such email address was provided. Please forward it to the appropriate people.

I have recently been made aware of your company's harrassment of the Peacefire.org group concerning their decryption of I-Gear's blocking list. http://peacefire.org/censorware/I-Gear/igdecode/sy mantec-to-media3.3-1-2000.txt

As a customer and longtime user of Symantec Products, I thought you should know that your company's action in this matter has cost you my business. The sort of reverse engineering done by Bennett Haselton is essential to keep companies honest(as the reaction of your company in this situation amply demonstrates). Your attempts to prevent this sort of activity will hurt you in the marketplace, as many, many IT professionals care passionately about issues of privacy, censorship, and the freedom of information.
In the future, I will be buying from your competition, until such time as your company reverses its position on this matter.

Thank you very much,

Brent R Eubanks

I sent the following to Symantec via online feedback forms. We'll see what happens.

Product Feedback
URLabs support(They're the subsidiary apparently responsible for IGear)

/*begin letter*/
This is something that should more properly be sent to public relations, but no such email address was provided. Please forward it to the appropriate people.

I have recently been made aware of your company's harrassment of the Peacefire.org group concerning their decryption of I-Gear's blocking list. http://peacefire.org/censorware/I-Gear/igdecode/sy mantec-to-media3.3-1-2000.txt

As a customer and longtime user of Symantec Products, I thought you should know that your company's action in this matter has cost you my business. The sort of reverse engineering done by Bennett Haselton is essential to keep companies honest(as the reaction of your company in this situation amply demonstrates). Your attempts to prevent this sort of activity will hurt you in the marketplace, as many, many IT professionals care passionately about issues of privacy, censorship, and the freedom of information.
In the future, I will be buying from your competition, until such time as your company reverses its position on this matter.

Thank you very much,

Brent R Eubanks

Oops, I hit "submit" instead of "preview". (perhaps this will add a % point or two to my /. purity test?)

http:// service1.symantec.com/DISCUSS/SUPPORT/feedback2.ns f/product+feedback

Now, I'll hit the "preview button"... ;)

Here's the closest I could come. No email, however. It's just a comment submission form. Perhaps a /. reader that works there will give us something? http://service1.symantec.com/DISCUSS/SUPPORT/feedb ack2.nsf/internet+services+feedback

To stop this stuff, and also save on bandwidth, I use AtGuard. It filters cookies on a per-site basis, and also blocks access to URLs containing certain sub-strings (which can also be configured on a per-site basis). Overall a really cool and useful program which deserves to be far better known.

Unfortunately I've just discovered that WRQ (the creators of AtGuard) have sold the rights to Symantec, and its now part of Norton Internet Security 2000 for almost twice the price of just AtGuard. But you get a virus scanner as well. Ho hum.

Paul.

I am a resident of Eugene, and I would like to inform you that Symantec is certainly not the only option. For example, Eugene is also home to game maker Dynamix, embedded hardware manufacturer Versalogic, a large Hyundai DRAM fab plant, and lots of small software development companies.

Many smaller companies choose to locate here, because we have clean water, hydroelectric and wind power, abundant local pruduce, clean air, multiple DSL providers, and now cable internet access, too. We also have low crime, good schools, and clean streets. Eugene is, in fact, one of the fastest growing tech centers in the Northwest.

Eugene is also home to the University of Oregon which you may have seen mentioned in a recent article on new research into quantum computing. They also have LAN connections in all the dorm rooms.

Sure, if your concept of a good job is working for MS or some other large corporate slave driver that will keep you in a small cubicle and feed you the scraps, then Symantec might be your only option here. But there are also a lot of good employment opportunities available here, also.

It's a hoax. I got it too. Symantec has a write-up on it.

Symantec posted this advisory of the VBS.BubbleBoy here
http://www.symantec.c om/avcenter/venc/data/vbs.bubbleboy.html.
It contains details of what the virus does, where it goes into the registry and how to protect yourself.

If you already do not have that security patch from Windows Update, you can download the patch from
http://www.microsoft.com/s ecurity/Bulletins/ms99-032.asp.

This is kinda scary... as we have always taught people that you cannot get a virus by reading mail, only opening attachments. I hope this doesn't become a growing trend.

Microsoft does have a product that allows remote admin of a windows machine. It can hide itself so that there is no visible sign of it running from the console. I believe that is it called SMS. The cDc used this as a rebuttal to anti virus vendors putting bo2k in their databases. I would get you an URL but www.cultdeadcow.com seems to be suffering from the /. effect right now.

You could also consider VNC or Norton's PC Anywhere to be hacking tools because they allow remote access to a computer. Since VNC is GPLed anyone can remove the icon that appears on the system tray to make it effetivley invisible to the user.

The company was offering a bounty to employees for a new hire, and I stumbled across somebody's resume on the web. I contacted them, and had to apologetically explain that they had to FAX their resume, as the HR director could not figure out how to read or print their resume on the web. The applicant thought we were idiots and never sent it.

___________________________________
Forwarded Message
Subj.: Virus Warning!
From: HOONOZE
To: All@msn.com
To: Jake5551212@aol.com
To: President@whitehouse.gov
To: Pope@vatican.va
To: 007@MI5.com
To: Flounder@fish.net
To: Etal@etc.com

************************************************** ****************
WARNING, CAUTION, DANGER, AND BEWARE!
Gullibility Virus Spreading over the Internet!
************************************************** ****************

WASHINGTON, D.C.--The Institute for the Investigation of Irregular Internet Phenomena announced today that many Internet users are becoming infected by a new virus that causes them to believe without question every groundless story, legend, and dire warning that shows up in their inbox or on their browser. The Gullibility Virus, as it is called, apparently makes people believe and forward copies of silly hoaxes relating to cookie recipes, email viruses, taxes on modems, and get-rich-quick schemes.

"These are not just readers of tabloids or people who buy lottery tickets based on fortune cookie numbers," a spokesman said. "Most are otherwise normal people, who would laugh at the same stories if told to them by a stranger on a street corner." However, once these same people become infected with the Gullibility Virus, they believe anything they read on the Internet.

"My immunity to tall tales and bizarre claims is all gone," reported one weeping victim. "I believe every warning message and sick child story my friends forward to me, even though most of the messages are anonymous."

Another victim, now in remission, added, "When I first heard about Good Times, I just accepted it without question. After all, there were dozens of other recipients on the mail header, so I thought the virus must be true." It was a long time, the victim said, before she could stand up at a Hoaxees Anonymous meeting and state, "My name is Jane, and I've been hoaxed." Now, however, she is spreading the word. "Challenge and check whatever you read," she says.

Internet users are urged to examine themselves for symptoms of the virus, which include the following:

• the willingness to believe improbable stories without thinking
• the urge to forward multiple copies of such stories to others
• a lack of desire to take three minutes to check to see if a story is true

T. C. is an example of someone recently infected. He told one reporter, "I read on the Net that the major ingredient in almost all shampoos makes your hair fall out, so I've stopped using shampoo." When told about the Gullibility Virus, T. C. said he would stop reading email, so that he would not become infected.

Anyone with symptoms like these is urged to seek help immediately. Experts recommend that at the first feelings of gullibility, Internet users rush to their favorite search engine and look up the item tempting them to thoughtless credence. Most hoaxes, legends, and tall tales have been widely discussed and exposed by the Internet community.

Courses in critical thinking are also widely available, and there is online help from many sources, including

• Department of Energy Computer Incident Advisory Capability at http://ciac.llnl.gov/ciac/CIACHoaxes.html
• Computer Virus Myths page at http://www.kumite.com/myths
• IBM's Hype Alert web site at http://www.av.ibm.com/BreakingNews/HypeAlert
• Symantec Anti Virus Research Center Hoax Page at http://www.symantec.com/avcenter/hoax.html
• Network Associates Virus Hoax Listing at http://www.nai.com/services/support/hoax/hoax.asp
• Dr. Solomons Hoax Page at http://www.drsolomon.com/vircen/vanalyse/va005.htm l
• The Urban Legends Web Site at http://www.urbanlegends.com
• Urban Legends Reference Pages at http://www.snopes.com
• Mining Company Urban Legends Page at http://urbanlegends.miningco.com
• Datafellows Hoax Warnings at http://www.Europe.Datafellows.com/news/hoax.htm

Those people who are still symptom free can help inoculate themselves against the Gullibility Virus by reading some good material on evaluating sources, such as

• Evaluating Internet Research Sources at http://www.sccu.edu/faculty/R_Harris/evalu8it.htm
• Evaluation of Information Sources at http://www.vuw.ac.nz/~agsmith/evaln/evaln.htm
• Bibliography on Evaluating Internet Resources at http://refserver.lib.vt.edu/libinst/critTHINK.HTM

Lastly, as a public service, Internet users can help stamp out the Gullibility Virus by sending copies of this message to anyone who forwards them a hoax.

************************************************** ****************
This message is so important, we're sending it anonymously! Forward it to all your friends right away! Don't think about it! This is not a chain letter! This story is true! Don't check it out! This story is so timely, there is no date on it! This story is so important, we're using lots of exclamation points! For every message you forward to some unsuspecting person, the Home for the Hopelessly Gullible will donate ten cents to itself. (If you wonder how the Home will know you are forwarding these messages all over creation, you're obviously thinking too much.)
************************************************** ****************

ACT NOW! DON'T DELAY! LIMITED TIME! NOT SOLD IN ANY STORE!

Home Page of Robert Harris | SCC Home Page
Robert Harris is Professor of English at Southern California College. RHarris@sccu.edu


I keep it around for just this purpose
Mark

Come on, give me a break NT whomps on Linux so bad it's not even funny I remember running Linux way back in 96 and it was crap I have a hard time believing it's improved much since then besides, that test was run with the Linux boxes not running X, so of course that helped speed up performance DUH!

This is actually funny. In a sick, sad sorta way. You "remember Linux "way back" in 96" eh? Hmm, you don't think that with 3 years and...oh a couple hundred thousand hours of coding and debuggin it's gotten BETTER?

Unlike NT (Never Trustworthy), Linux has been CONSTANTLY under revision. There isn't a day that goes by that new code is added to the Linux legacy.

Unlike you, many of us don't REQUIRE a fulltime dummified P&C interface. And if turning it off helps improve performance of the machine while I'm not working on it, or even if I am, I'm ALL FOR IT. Pointing it out as a "cheat" is idiotic. It's a feature of the OS. The GUI is merely an app run on the system, not the system itself. Inevitably this IS going to mean more speed for the CLI. You're just peeved because you cannot turn off your butt-ugly NT interface.

Face the facts, Unix is a dead and dying OS it'll never be anything worth looking at besides, the world uses NT so until Linux gets some good apps that will be compatable with NT's...forget it

Unixen have been getting proclaimed "dead and dying" for YEARS. MS declared it so at one time. Now they're hustling to get NT certified as Unix. I'll believe Unix/Linux dead when I see it. Not because some kid who has trouble understanding what to do at a DOS prompt says so.

The world uses NT? Even "I" am not THAT widely travelled that I can make that claim! Do a check of how many of the webservers on the internet are using some form of Apache or CERN or NCSA or other unixen-based webservers. The number FAR exceeds the pitiful market share that NT holds.

I seem to also recall that NT handles threads better and also multitasks better than Linux plus NT security is way beyond Linux's how many NT exploits are there? no where near as many as Linux

You SEEM to recall? Or you DO recall? Just because some mental defective's mind barfs out pseudofacts doesn't mean it's so. Do some RESEARCH and find out. Also, threading, while a nice addition, isn't necessary to achieve peak performance in Linux. You saw it for yourself in an article posted on a site owned by MS itself. Linux as a server runs at LEAST 200% better than an equivallent (what a misnomer) NT machine. Also, Linux can wring every last ounce of performance out of a machine that would otherwise choke on NT.

Nowhere near as many NT exploits? MAYBE. Last time I checked the Symantec Antivirus Research Site there were several tens of THOUSANDS of bugs, exploits, and virii available to foul an already foul operating system.

In addition how many of the exploits in NT are fixed within 24-48 HOURS of notice. DAMN FEW (read ALMOST NONE). How many are fixed within a week? A month? A year?

How many of them are just hushed up in hopes that nobody finds them? Try MOST.

Now let's see. How is NT superior to Unixen?

• It costs more. (NT=$x100 plus licenses, Linux=free).
• It has to pay a mulitgazillion dollar marketing department. Linux is advertised mainly by word of mouth.
• NT takes up 2x as much space on your HD.
• NT has a higher number of days of downtime on average.
• NT "security" is very good. So good in fact that it doesn't even let the system administrator configure the system properly.
• NT sucks more system resources to maintain a barely functional state.

You know? You're right. NT MUST be superior.

.....Yeah, and Bill Gates might fly if we chucked him off the highest building we could find near Redmond.

geez, next you'll be arguing MacOS is gonna steal back it's share of the market

We're talking facts here. Not fantasies.


Chas - The one, the only.
THANK GOD!!!