Four Kids Confess to Goner Worm

imrdkl writes: "4 kids in Israel have confessed to writing and distributing the Goner worm, according to Fox." Yet another annoying worm comes and goes, wasting countless IT hours, to say nothing of bandwidth. The kids face up to five years -- of course since they aren't in the U.S., they might actually be punished.

Attachment blocking at the server

[bubblegoose]

This virus wasted about 5 minutes of my time. I read an article about what it did, then the next day I deleted about 150 copies of this that got quarantined on our company's Exchange server.

I use a virus scanner on the Exchange server capable of blocking attachments based on extension (Scanmail by TrendMicro works nicely for me). I always block:
ade,adp,asx,bas,bat,chm,cmd,com,cpl,crt,exe,hlp, ht a,inf,ins,isp,js,jse,lnk,mdb,mde,msc,msi,msp,mst,p cd,pif,reg,scr,sct,shs,url,vb,vbe,vbs,wsc,wsf,wsh

Bingo - no e-mail virus problems :)

I figure if my users really need them and the person sending the message is smart enough (and meant to send it) then they can zip it. If the sender wasn't smart enough to zip it, then I can always pull it out of the quarantine folder.

outlook address book

[Publicus]

Why does outlook allow a script/program to access the address book without the user's permission? I think we've seen how costly this bug/feature is, why isn't there more pressure on M$ to fix this problem, or provide the option to turn it off?

These kids are essentially going to go to juvi/jail for swimming in a pool, when the sign clearly says, "no swimming."

No fault to the pool owner for not putting a fence around his pool, right? Ah, justice.

Re:What Language?

[Alioth]

According to Symantec.com, it was Visual Basic.

Why let it go so far?

[rnicey]

We run Sophos antivirus on the mail gateway. Sure it doesn't stop them all, but most anything that is a single click fatality is screened out. It happily killed all 120+ attempts of the Goner-A worm to arrive on one of my customer service rep's desktops.

I really have little sympathy for IT admins who get killed by this stuff, there are a million tools out there to stop this stuff from doing damage way before idiot humans get their hands on it.

I personally would like to see more ISPs use this stuff, after all they're not obliged to carry any traffic they deem high risk to their users. They already block dodgy ports so windows shares aren't wide open, why not a complimentary virus scan on mail?

Re:they didn't do anything wrong.

[Dr.+Awktagon]

That's a bad analogy. It's more like four kids pressed a button on the outside of the WTC at street level, causing the towers to explode due to an engineering flaw. In other words, there is no way for a mail message to directly cause harm to your computer. It must be interpreted by a program which you trust (a traitor, in other words) which is willing to harm your computer at the command of an outside party.

Agreed, there should be absolutely NO REASON why a block of text and/or data sent to your machine should do anything you don't want it to. Since it does, and since these viruses get written over and over again, with no end in sight, the blame is with the software writers.

Now I'm not saying these kids should be let off the hook. They did something that was wrong and costly. But if we don't want to have this happen again, punishing the kids accomplishes nothing. Actually it makes the future virus writers want to learn how to be more stealthy.

The solution is sandboxes or code-checking with proofs. Or better yet, just displaying email messages as TEXT-ONLY, like they're supposed to be.