Slashdot Mirror

← Back to Stories (view on slashdot.org)

Latest WinWorm Spreads Via ICQ And Outlook

Posted by timothy on from the how-vastly-creative dept.

mgooderum was among the many to write in about yet another snippet of malice making the Windows desktop rounds: "The latest email virus -- 'Goner' -- is apparently running around this morning (AP news story on Iwon here - no login needed). The virus is a typical worm that spreads via attachments and user's address books. It appears as a message with an attachment that starts: 'How are you ? When I saw this screen saver I immediately thought about you...' Goner is apparently non-destructive other than the normal DoS issues with the load from it forwarding itself everywhere. What's moderately unique are two features. One is its ability to replicate via ICQ as well as the usual Outlook and Outlook Express. Two is its small size -- it has a packed form that is only 159 bytes. Symantec has details here; McAfee has details here." Update: 12/04 21:57 GMT by T : That should read 159 kilobytes. And as many posters have pointed out, "destructive" is in the eye of the beholder.

1 of 598 comments (clear)

  1. Re:In defense of Microsoft...... by cscx · · Score: 4, Troll
    Or maybe the Microsoft apologists could write a little explanation of how to set up a safe testing account on Windows? Oh, that's right you can't, too bad about that

    Mmmkay, let's give this a try shall we?

    1. Set up NTFS ACLs properly - this includes giving SYSTEM rights to what needs to have it, along with the Administrators group, etc. Users should only have read access. (Most experienced NT end-users should already have done this a long time ago; if you're on a properly set-up network, it should have been done already!)

    2. Open up the MMC, go to users and groups, and add a user. Make it a member of the Users group, which you have already set up as to only have read access (heck, you can set it up to everything BUT delete access... NTFS ACLs are so specific and expansive it beats rwxrwxrwx hands down :-/) and also give it full access to its home directory under "Documents and Settings\user"

    3. Log in as that user.

    4. Open up a command prompt.

    C:\>del /F/Q *.*
    C:\New Text Document (2).txt
    Access is denied.
    C:\New Text Document.txt
    Access is denied.
    etc...

    Oh wait, I didn't ever have to log in! Ever seen 2000's oh-so-cool "Run as different user" option on the property sheets? Guess not.

    I think it's about time the zealots pull their heads out of their asses before they go and flame someone on a topic they know nothing about.