Slashdot Mirror

← Back to Stories (view on slashdot.org)

Latest WinWorm Spreads Via ICQ And Outlook

Posted by timothy on from the how-vastly-creative dept.

mgooderum was among the many to write in about yet another snippet of malice making the Windows desktop rounds: "The latest email virus -- 'Goner' -- is apparently running around this morning (AP news story on Iwon here - no login needed). The virus is a typical worm that spreads via attachments and user's address books. It appears as a message with an attachment that starts: 'How are you ? When I saw this screen saver I immediately thought about you...' Goner is apparently non-destructive other than the normal DoS issues with the load from it forwarding itself everywhere. What's moderately unique are two features. One is its ability to replicate via ICQ as well as the usual Outlook and Outlook Express. Two is its small size -- it has a packed form that is only 159 bytes. Symantec has details here; McAfee has details here." Update: 12/04 21:57 GMT by T : That should read 159 kilobytes. And as many posters have pointed out, "destructive" is in the eye of the beholder.

4 of 598 comments (clear)

  1. This is a sad statement on security by JMZero · · Score: 5, Insightful

    Our office blocks .scr attachments at the server, because we're not completely incompetent. There's no reason to send a .scr or a .vbs or anything like unto it - whatever you have to say could be said in a text file.

    It strikes me as extremely sad that a virus like this can still work. How many times does it take?

    What can we do to save the unknowing?

    --
    Let's not stir that bag of worms...
  2. This is nothing. Wait a few days by ellem · · Score: 4, Insightful

    This virus has two real goals:

    1 -- Proagate
    2 -- Disable Anti Virus

    This worm is a setup. So in a few days the 31337 h4x0rs will release the REAL virus that does the REAL damage to the people whose defenses have been compromised.

    I love being a Win Sys Admin

    Anyone need a an OSX admin?

    --
    This .sig is fake but accurate.
  3. Watched this happen by Matts · · Score: 5, Insightful
    I work for a managed security provider and we stopped this using heuristics for all our customers. It's growth rate has been phenomenal, considering it doesn't even use any hacks - it's just a stupid social engineering virus! It was very funny listening to our anti-virus guy on the phone to reporters saying "We've stopped 4000 in the last two hours. No wait, 5000. ... oh, and now 6000".

    The problem is there's *nothing* Microsoft can do to stop this sort of virus, as long as they allow execution of files direct from their email client, and honestly I can't see that stopping (and neither can the people where I work, which they're quite happy about :-)

    I do worry for apps like this on Linux though, as email clients become able to execute attachments. But the benefit is that Linux doesn't assume things based on file suffix, but on their actual mime type. However, that still leaves a possible vulnerability to mime type spoofing, perhaps.

    --

    Matt. Want XML + Apache + Stylesheets? Get AxKit.
  4. We haven't even touched the surface.. by defile · · Score: 4, Insightful

    Thank god the people that write this kind of code are completely incapable of writing evil IDE command sequences that can fry hard drive firmware.

    Imagine the destruction you could cause if after every infection and replication to everyone in your address book, it wrecked your hard drive and required it to be sent back to the manufacturer for repair?

    Hmm, interesting sales pitch you could offer to Maxtor, Seagate, etc if you want to make a quick buck at the expense of the global economy. (unless the 90-day warranty covers "act of hacker").