Slashdot Mirror
Latest WinWorm Spreads Via ICQ And Outlook
mgooderum was among the many to write in about yet another snippet of malice making the Windows desktop rounds: "The latest email virus -- 'Goner' -- is apparently running around this morning (AP news story on Iwon here - no login needed). The virus is a typical worm that spreads via attachments and user's address books. It appears as a message with an attachment that starts: 'How are you ? When I saw this screen saver I immediately thought about you...' Goner is apparently non-destructive other than the normal DoS issues with the load from it forwarding itself everywhere. What's moderately unique are two features. One is its ability to replicate via ICQ as well as the usual Outlook and Outlook Express. Two is its small size -- it has a packed form that is only 159 bytes. Symantec has details here; McAfee has details here." Update: 12/04 21:57 GMT by T : That should read 159 kilobytes. And as many posters have pointed out, "destructive" is in the eye of the beholder.
Sheesh people. Someday, the business world will get tired of paying for the privelege of having MS set up their software to fail. Ya think?
During Iloveyou, our whole corporate mail system was down for nearly two days. On this last go-round, it didnt go down, it just got really really ugly as they began scrubbing. Cant wait to see what this one does.
Course.. moderate intelligence could prevent this.. remove the preview pane option from Outlook on the users desktop.. educate your users NOT TO OPEN CRAP LIKE THIS!. (what a concept).
Course, that would take away the jobs of many highly paid professionals who are on retainer just for this sort of outbreak.
*sigh*.. My wife is one of them.. guess I wont see her for a few days again.
Maeryk
Feminine Protection? What is that? A chartreuse flame thrower?
I can't wait for the Gartner Group to comdemn use of Outlook like they did IIS :)
Might get a few Dozers to switch to *nix and use Kmail, Evolution, Mutt, Pine...or at least get them to try Eudora instead.
Of course the Exchange admins will cry that they can't support POP3/SMTP because they need their neato calendar and scheduling functions of groupware.
Windows is reliable. Every generation is more and more secure. Boy, next one's gonna be the winner. No problems here. Sheesh, I wish I could use Linux at work, but Windows is what we've settled on, so I guess that's good enough. I need to play games. Without the latest DirectX Flooznithummer, I'm not going to go to some inferior operating system. Windows is really secure if you're not a total luser! Gosh, at work we've settled on sitting on sharp, dirty spikes every day instead of regular chairs, and dammit, it's necessary for efficiency! Horses, too.
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
I got it but as I run linux it means nothing
you actually have to execute it as aposed to useing built in scripts that outlook runs
so its the users that are spreading this !
people should not be able to recive attachments IMHO
what do they lose by outlawing attachments from outside the organisation ?
nothing
you want to send something to someone convert it to PDF/HTML and stick it on the web server
there are lots of publishing frameworks even OpenSource ones
deny all attachmenst comeing through your gateway
regards
john jones
We're getting hit every day by a virus, although our virus detection software picks it up, I help wondering why microsoft products have so many security flaws.
Wouldn't you think that they would pull their socks up by now? It's not enough to say that microsoft makes bad software because they're microsoft or some large conglomerate. There must be a reason why (besides saying use linux).
I know, I know, other email clients, etc.
However there is one thing I don't understand, why are flaws which convert your office network into a disaster area, somehow acceptable, whereas some esoteric calendar tool is so vitally necessary that people straight-faced claim that Linux isn't ready for the desktop?
It's not just Outlook either - every damn document format that MS produces is an attack waiting to happen. Apart from being susceptible to bit-rott and bloated.
The average user does simply not have the competence to operate a Windows system safely in an office environment. It's not enough to consider training costs when switching to Linux, you also need to consider TCO. That means your downtime, additional maintenance to repair user machines and lost or corrupted data, when using Windows systems.
I know it's supposed to be all that and a bag of something or other, but really. This isn't an anti ms thing, but anyone still running their software deserves everything they're getting.
Really, how fucking dense are you if you're opening this thing up?
No matter how much effort the virus authors expend to dissuade them, people are still acting like total morons.
You're engine's been smoking for two years and bursts into flames every few months. What's that, it's singed your eyebrows? Cry me a river.
there's more than one way to do me.
Mmmkay, let's give this a try shall we?
1. Set up NTFS ACLs properly - this includes giving SYSTEM rights to what needs to have it, along with the Administrators group, etc. Users should only have read access. (Most experienced NT end-users should already have done this a long time ago; if you're on a properly set-up network, it should have been done already!)
2. Open up the MMC, go to users and groups, and add a user. Make it a member of the Users group, which you have already set up as to only have read access (heck, you can set it up to everything BUT delete access... NTFS ACLs are so specific and expansive it beats rwxrwxrwx hands down :-/) and also give it full access to its home directory under "Documents and Settings\user"
3. Log in as that user.
4. Open up a command prompt.
C:\>del /F/Q *.*
C:\New Text Document (2).txt
Access is denied.
C:\New Text Document.txt
Access is denied.
etc...
Oh wait, I didn't ever have to log in! Ever seen 2000's oh-so-cool "Run as different user" option on the property sheets? Guess not.
I think it's about time the zealots pull their heads out of their asses before they go and flame someone on a topic they know nothing about.
1. That doesn't work on Windows 95, 98, or ME. Those systems just don't have security. Period.
2. It doesn't work if you aren't using NTFS. A LOT of NT, 2K, and XP systems don't.
3. You don't have a short, simple description of how to "Set up NTFS ACLs properly". But I don't blame you - a short, simple explanation of that subject is impossible.
Compare that to Linux. The instructions I gave for setting up a throwaway test account are very simple, can be executed in seconds, and will work on any Linux distribution from the last five years at least.
That's impossible on Windows, and your post basically proved the point. Thanks!
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox