Slashdot Mirror

← Back to Stories (view on slashdot.org)

Latest WinWorm Spreads Via ICQ And Outlook

Posted by timothy on from the how-vastly-creative dept.

mgooderum was among the many to write in about yet another snippet of malice making the Windows desktop rounds: "The latest email virus -- 'Goner' -- is apparently running around this morning (AP news story on Iwon here - no login needed). The virus is a typical worm that spreads via attachments and user's address books. It appears as a message with an attachment that starts: 'How are you ? When I saw this screen saver I immediately thought about you...' Goner is apparently non-destructive other than the normal DoS issues with the load from it forwarding itself everywhere. What's moderately unique are two features. One is its ability to replicate via ICQ as well as the usual Outlook and Outlook Express. Two is its small size -- it has a packed form that is only 159 bytes. Symantec has details here; McAfee has details here." Update: 12/04 21:57 GMT by T : That should read 159 kilobytes. And as many posters have pointed out, "destructive" is in the eye of the beholder.

25 of 598 comments (clear)

  1. Maybe @Home's demise is okay... by javaaddikt · · Score: 2, Funny

    considering I've received 20 virus-laden emails through my @home account in a matter of days.

  2. The CEO of my technology company by v4sudeva · · Score: 5, Funny

    has already sent every one of my fellow employees all over the globe 27 copies of this thing.

    It's been going on for over two hours now. I can't help but wonder if he's still over there trying to run that damn .scr.

    Thanks, boss.

    --
    Personal me, collaborative you
    1. Re:The CEO of my technology company by sharkey · · Score: 5, Funny

      I'll send you the bill...

      Shouldn't that be, "I send you this bill to ask your repair"?

      --

      --
      "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
    2. Re:The CEO of my technology company by PugMajere · · Score: 2, Funny

      I read that as "ruining".

  3. What? Still? by Anonymous Coward · · Score: 5, Funny

    Didn't everyone get the memo that opening attachments is a really dumb idea? I'm attaching the original message:

    &ltAttachment: Don't_Open_Attachments.eml.vbs&gt

  4. Pure Wisdom by Phartx2 · · Score: 5, Funny

    I just got the warning message from my school's network goons. In a move of administrative widsom at its finest, it mentioned:

    "The Bearcat Online email system is now blocking all messages with "Hi" as the subject."

    1. Re:Pure Wisdom by Ratbert42 · · Score: 2, Funny

      "The Bearcat Online email system is now blocking all messages with "Hi" as the subject."

      Will someone please write a virus that uses the subject lines "Timesheets" or "Status"?

  5. Linux isn't ready for the desktop... by sterno · · Score: 1, Funny

    Until Linux can spread worms as well as Outlook, Linux will never be accepted as a true desktop replacement!

    --
    This sig has been temporarily disconnected or is no longer in service
  6. Finding the culprit by rkent · · Score: 5, Funny

    Well, since McAfee and Symantec are reporting it, I guess this is not a first draft of magic lantern... unless they issue another press release in 45 minutes saying "um... nevermind, there is no 'Goner' worm."

  7. Sorry about the double-post... by tswinzig · · Score: 3, Funny

    ...I was in a harry.

    --

    "And like that ... he's gone."
  8. Re:OT: "moderately unique"?? by heliocentric · · Score: 3, Funny

    WTF does "moderately unique" mean?

    I consider myself moderately unique in that my shirt size is an extra medium. I don't know many other people who take an extra medium, but if the shirt companies make 'em then I can't be fully unique.

    Either something is unique or it's not, by crikey! Soon we'll have things described as "marginally special"

    Well, at the local food store the manager often has things that are getting old on special... oh, you were talking about marginally...

    or "slightly dead."

    Ever see the Princess Bride? Wesley was not all dead when they took him to Miracle Max's....

    --
    Wheeeee
  9. Yes, non-destructive by Mdog · · Score: 2, Funny

    I'd still consider it non-destructive. It is only trying to keep itself alive, not destroy "unrealted" parts of your system.

    --
    Slashdot 's editors are dickheads
  10. a real "Trojan horse" by mblase · · Score: 3, Funny

    Great -- someone's finally figured out that they can create a Trojan horse that not only digs a back door into your system, but silently kills off the guards at the front as well.

    Next thing we know they'll be rewriting Microsoft's system auto-updater to download even more viral code into your system. Won't that be nice?

  11. Re:159 Bytes? Not! by Anonymous Coward · · Score: 1, Funny

    I'll bet! Steve Gibson! Could write one in 100% PURE ASSEMBLY! and have it smaller than that!

  12. Re:Gartner Group by moof1138 · · Score: 2, Funny

    I would like to see Gartner condemn the use of ICQ and ScreenSavers, recommending IRC and turning off displays instead.

    --

    Hyperbole is the worst thing ever.
  13. No support here! by Goner · · Score: 5, Funny

    I am ashamed that anyone would intentionally use my Slashdot account name to bolster the popularity and reputation of their sick virus. I'm sure the hackers who created this monstrosity were well versed in such hacker tools as Bonzi Buddy and Lunix. If they think I would come out and support such a destructive screen saver they are very, very wrong. If God wanted toasters to fly, he would have given them wings.

    So, you hackers, where ever you are, Goner (of Slashdot lore) does not approve!

  14. Re:*LOL*.. virus.. outlook.. *yawn* by CoolVibe · · Score: 4, Funny
    I can vouch that we have tried at my office ... REPEATEDLY .... to do just that. Some users just don't learn. After many attempts and incidents, they continue to open and execute every darn thing they are sent. These are usually the same people who send out all the "cute little utilities" that will run supposedly humorous animations and whatever. Sure, the next step would be some sort of administrative control/intervention, but as expected .. management (non-IT dept) is more interested in keeping people happy than in properly run systems. Our hands our tied.

    That's why the LART was invented. If you can't get sense into 'em, beat it into 'em.

    Yes, I actually kicked a user off the network one time because he already gotten _three_ warnings from me. And yet he still opened untrusted attachements.

    *clicketyclick* no more DHCP lease, blocked by MAC address. His e-mail was directed to a temporary mailbox (so he couldn't get it from someone else's machine)

    He never did it again. Good luser. After a few days I couldn't stand his whimpering and copied his mail back and reactivated his lease. Now he listened and behaved. Actually, it had a more positive effect: that story went around the office, and they now think twice before opening something they get from someone they don't know. Heck, some even switched from OutLook to something else (I've seen copies of Eudora and filled up Netscape Mail folders appearing on the workstations all of a sudden).

    Sometimes you have to make it smart a little before they listen.

  15. the Silent One speaks by Anonymous Coward · · Score: 1, Funny

    I share an office with two other developers. One of the two is almost always silent. So I knew something was up when I hear: "Hmmm. Hmmmmm? Uh, guys." For him, this was a novel's worth of communication. I glanced over at his display, which showed an open Outlook *filled* with messages that read "Hi!" for the subject. (Very) shortly afterwards, company-wide email (an exchange server) was completely trashed.

  16. Apropos Icon by sharkey · · Score: 2, Funny

    The silouhette of Darth Vader in the icon is a nice touch, to my way of thinking.

    --

    --
    "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
  17. Re:Pure Wisdom (better) by gosand · · Score: 3, Funny
    I got an email (as did everyone else) from someone in the company who gave detailed instructions on how to use the "Rule Wizard" (first clue) to delete these emails permanently upon receiving them.

    The problem? The steps outlined how to check the subject line for the word "hi" and permanently delete it and the message flag.

    I tested this out, and Outlook isn't case sensitive, nor does it recognize if the target word is embedded. So any email with the word 'hi' anywhere in the subject would get deleted. (e.g. this, Chicago, chickenpoop, etc) It was also suggested that the exception be if your name was in the To or CC, but we use so many distribution lists, that wouldn't matter too much.

    *sigh*

    --

    My beliefs do not require that you agree with them.

  18. Ah, the brilliance of mainstream news... by Rob.Mathers · · Score: 2, Funny

    While watching my local news, i heard the following quote: "The goner virus can also strike through ICQ programs like MSN Messenger." I'm beginning to dread any newscasts on tech related issues.

    --

    My other sig is funny!
  19. unique by sheetsda · · Score: 3, Funny

    "Always remember you're unique, just like everyone else." I wish I knew who said it.

  20. Re:That's Why We Get Paid... by Anonymous Coward · · Score: 1, Funny

    No wonder most Slashdotters have few friends...

  21. Re:Why do we put up with this... by FFFish · · Score: 3, Funny

    You've made an interesting point. Other manufacturers are held liable for end-user incompetence: why isn't Microsoft?

    Ever wonder why your hair-dryer has a warning that you shouldn't use it in the shower? It's very likely because some evolutionary dead-end once actually did use it in the shower, and a lawsuit came of it.

    Hell, it even happens in Canada: some dumbshit teenager pulled a Coke machine onto himself, and his parents are trying to sue Coke for his abuse of the property!

    Obviously, it's quite acceptable to find companies liable for the carelessness, incompetence, stupidity, or maliciousness of their products' users.

    I fail to see why Microsoft isn't held accountable.

    --

    --
    Don't like it? Respond with words, not karma.
  22. Re:NTFS (programmers perspective) by Malcontent · · Score: 3, Funny

    And they say linux is hard to use. You have to fire up a C compiler just to delete a file. Sheesh..

    --

    War is necrophilia.