Slashdot Mirror
Clever New Windows Worm
freakboy303 sent in linkage to a new worm
that will no doubt be cluttering our inboxes soon. Clever bits include running its own SMTP
service to increase chance of success, as well as using a bunch of spaces
to disguise the true extension of the executable. No doubt countless copycats
will soon follow and our inboxes will be cluttered by countless copies
of the thing. Not that there's a problem with windows security.
just like the rep AOL gets, the more users you have the more dumb users you have.
Do you know what that means? It means the system needs to be engineered to handle those users. It does NOT mean we should shout and flame about how stupid those users are. Guess what: Everyone who uses an online service (or the Internet, for that matter) is NOT a Computer Science or Engineering major, and they should NOT be expected to act accordingly. They are there for their own purposes, to accomplish their own ends. The systems should be designed accordingly, with error prevention and correction built in, to catch things that would otherwise hurt users or administrators.
Man is born free; and everywhere he is in chains.
The nice thing about this one is, it's just hitting e-mail. When Nimda and Code Red were wreaking havoc on the internet, they made it impossible for me to play games on my cable modem. I had so many incoming requests on port 80, I couldn't do anything.
How many times does this have to happen before Microsoft starts putting security in front of the user experience? I can't see how having to remove viruses from your machine on a near-daily basis inproves the user experience.
Viruses get sophisticated enough that they look at subject lines in your current "Sent Items" folder and use the same subject and text, just adding the attachment, or if they find an email you previously sent that had an attachment and replace it and re-send the message.
Its only a matter of time. Its amazing how even a dumb virus can fool so many people.
I Heart Sorting Networks
If you wanted an unbiased site, go elsewhere! For god's sake, the MS news has Bill dressed up in a Borg outfit!
Most sensible organisations will already be blocking .pif files in mail - this virus is already known by McAfee as W32/Shoho@MM and they have detailed it as a LOW risk worm.
On another note, I hope Slashdot isn't going to run a story on every new virus that gets released...
-- Pete.
Monochrome - Probably the UK's largest internet BBS
Worms and virii are being written for Windows/Outlook, because:
(A) 98% of all people using PCs to read email are running Windows.
(B) There are a lot of cracker-types full of concentrated angst about Microsoft, Bill Gates, Windows XP, etc.
If that 98% referred to Linux/KDE or MacOS X, you can be _damn_ sure that there would be severe security exploits for those systems as well. All it takes is _one_ small hole to give a virus writer leverage, and in any system with hundreds of thousands of lines of code behind it, there are going to be small holes. Arguably things would be much worse if everyone used Linux, because Linux is more daunting for users to administrate than Windows. So anyone not keeping up with security issues would be vulnerable. Most people fall into that category, even intelligent people.
As for (B) above, what can be said except that it's pretty sad.
Um, just how long have you been reading this heady, informed discussion forum? Where'd you get the 5-digit userid?? It's CmdrTaco's site. He says whatever the heck he wants. He doesn't consider himself an unbiased news editor, and he feels little RESPONSIBILITY to get _news_ to us. Read a bit more often and you'll see the light.
Not a bad one, either, judging by the reaction. But seriously, if this wasn't a troll and you really have these complaints you wouldn't be reading /. anymore, would you?
At least the people who bitched when Taco first used the Bill Gatus of Borg icon they had a legitimate reason.
The enemies of Democracy are
That's the idiot that picked Outlook/Exchange for the corporate messaging system, right? Sorry, I'm not ranting at you, but I hear this a lot at work and want to set the record straight.
I don't think it's fair to blame the user for not knowing that ".txt.pif" is a magic extension that can hurt their computer, or just to tell them "don't open email from someone you don't know". The fact of the matter is that it's wrong for your email client or your web browser to executed code from an unknown source, and the user should have to take positive steps (more than one) to execute such things. Microsoft's email tools are fundamentally broken, even to the point where they betray their supposed ease of use by requiring the user to puzzle over which emails are safe and which aren't.
So no, I don't really blame the marketing guy for not knowing that ".txt" is OK but ".txt.pif" isn't OK - it's not his job to know. It's the job of the tools Mr. Marketing is given to tell the difference for him and not automatically or easily do something dangerous. And it's the job of corporate IT purchasers to make sure that the right tools are being given to Mr. Marketing. More than anything, the repeated Microsoft virus and worm attacks point to a fundamental failure to learn from past IT purchasing mistakes.
Don't get me started on my company's new internal IM system that only works from Windows - thanks for nothing there, guys.
Your right to not believe: Americans United for Separation of Church and
There are several factors to consider. The first is you mail provider. If they are quick to block out the newest viruses at the server, you obviously will not get it.
The other is how much your email address is out there. Some of the viruses would go through the web cache and grab email addresses from there. If your email address is out there a lot, you are going to get more viruses. 99% of the SirCam, Nimda, and so on that I got (probably a couple hundred) came from people I did not know.
- (c) 2018 Hank Zimmerman
Mail Filter == BandAid, nothing more. I'm glad that it protects your small company for now, but you have to realize that the filter is only as good as the filter set, and someday someone will get past it and you'll have another worm outbreak. The only way to be really safe is to fix your users' email programs so that they don't easily execute things that the users are sent. Fix the root of the problem, not the symptom.
Your right to not believe: Americans United for Separation of Church and
I understand that the narrowcasting strategy has changed significantly here to attract Microsoft haters but in all honesty, what could Microsoft do to stop the viruses/worms? Short of completely disabling internet connectivity there just isn't anything to stop them completely on any OS.
Apache has a veto-proof majority of the web servers out there. Where are the Apache worms? Why is IIS, with far less market share, getting them? It's because Apache is secure and IIS is not, period.
Linux and OSX are both based on the Unix security model, a fundamentally sound design refined by two decades of real-world practice (dating back to the RTM worm in the early 1980s). It's not a matter of the virus writers aren't looking... it's a matter of a lack of exploitable holes. Name ONE Unix email client stupid enough to auto-execute code. Just one!
Yes, there are still exploitable holes here and there in Unix/Linux. But they generally require real mastery to find. Windows macro viruses can be written by 14 year old boys. My wife, a technical writer, doesn't know enough programming to write heapsort (do you?), but she knows enough to write a macro virus in VBA.
Get it through your head... the number of viruses and worms today is not a function of popularity or attention. It is a function of poor design and poor implementation, combined with security by obscurity (a technique discredited everywhere but Microsoft).
Really, learn about it. Don't just whine because Microsoft is getting a richly deserved spanking, and you don't want to hear how bad your favorite OS sucks.
Hand me that airplane glue and I'll tell you another story.
Show me a soccor mom that can pick up Linux+StarOffice and use it.
Show me an average person that can learn how to open up attachments with one of your "safe" email programs.
The graph you are now picturing is "User Friendliness" vs. "Security".
The market will show you which one is in higher demand.
Not that I agree with it, just telling you the way it is.
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
It really makes me sick when linux people automatically refer to Win9x. In NT, you need to be an Administrator to do that kinda stuff. Not a User. And, yeah, if you live in a cave, WinNT ACLs are a far more advanced permissions system than *nix ever dreamed.
OK, I come here for news, and for discussion. I read the headlines, generally the blurbs, and I poke around in the discussion until I can't stand it any more.
I don't use this site as a basis for generating opinions regarding what company is bad, what company is good, or what text editor I should use. I have my own methods for said exercise.
Surely, you realize that this site is coded, maintained, and read by geeks. I find it quite unlikely that a reader of this site hasn't formed an opinion one way or another regarding Microsoft. We don't thaw out cavemen, and then teach them to read, using Slashdot (boy, that's be an exercise in futility, with the l33t speak, and the horriffic grammar and spelling.)
Bottom line is this, and I know it's been said many times in the past: This is not a real news site. It's just a weblog, and it happens to have a lot of people who like it. The Slashdot editors are under no obligation to be fair, or unbiased. If you don't like it, create your own site. Buh-bye.
The XP exploit, at least, is an entirely new class of security hole, not seen before, and every last one of the 10M+ XP boxes shipped is vulnerable to total control from the outside.
If that ain't news, what is?
As for the worm... well, it's mildly technically interesting. But if Microsoft worms have become so common that they are no longer news... well, i think that's news, too!
Hand me that airplane glue and I'll tell you another story.
Because to a programmer/architect/sysadmin, the mere existence of these worms is mind-boggling. Imagine the largest-selling American car manufacturer building all of their models with the gas tank right behind the front bumper, or some such idiocy. Now you, as an automotive columnist (with some professional understanding of auto design), are forced to report every time one of these Hindenburgs ends up as a firey wreck.
It'd be bad enough if this happened in one model of car, but to see it happen year after year, when the company should know better, has to be somewhat irritating. I'll let MS slightly off the hook when a "legitimate" bug is found-- that is, one that might not have been directly anticipated when the product was being designed. But each of these worms exist as a result of MS's ongoing, dunderheaded ignorance of basic security issues. Windows scripting on as default? Minimal security in their email software? Preview panes that can automatically execute scripts?
So yes, the Slashdot editors' scorn is thoroughly justified in these cases. If you're looking for more objectivity in your reporting, there are other places to go. If you stuck to the reports I've seen in reputable newspapers, you wouldn't even have to suffer the notion of Microsoft as a responsible party. If you think that's the case, choose your news sources differently. Slashdot is run (and contributed to) by people who take this sort of stuff a little bit personally.
Bullshit. If Slashdot wanted to be a "respected news firm", then that would make sense. However, it's run by some guys who liked Legos, Star Wars and KDE on Debian. They post links to stuff they think is nifty around the web, and a community grew around it. Now most links are submitted by readers and we all chat in the discussion board under each story. But at the heart, it's *still* just a website run by some guys who think legos (now mindstorms) Star Wars (now the pre-trilogy) and... well, CmdrTaco still uses KDE on Debian at any rate.
Think about what influence Slashdot has over a very large proportion of the "geek community" and other technical and scientific gropus.
It's opinion. People have them, and some people make theirs very public. It's part of human nature. I'm sure your office has a guy who goes off about how great some type of coffee is, or some woman who will tell anybody who will listen the plot of last night's TV show that she loves. Well, remember how I said that this is *not* a news site, but a site run by some guys who like geeky stuff? Their opinions are that Microsoft generally sucks (and it's shared by quite a few people). I may not agree (in fact I don't - and I run Linux on server and desktop), but I don't bitch about them stating their opinion on the site they run.
Dear Ghod - do you write in to Art Bell and bitch that he shouldn't have weirdos on his show? Do you write in to Howard Stern and tell him he should be more compassionate? Do you write in to Rush Limbaugh and tell him that he should stop expressing his opinions on political issues? No - they (and two of those three I can't stand listening to), are great radio *because* they are opinionated bastards that put weird, occasionally informative crap up on their show.
--
Evan
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
Never in the main stream release.
Nor is it supposed to be. Just as Linux is not a secure OS in the main stream releases. Linux will never be a secure OS in the main stream release. As it gains more market share it will become less secure (a high percentage of security is the users and administrator -- in the home box that's Joe and he doesn't give a hoot about security and won't buy an OS if he has to).
A secure OS is a special or a tuned release. Always will be.
Egress filtering at the firewall will block the spread of this. Simply don't allow anything but the mail server to make SMTP connections out. Done. Same thing with all of those "home firewall" products.
I want to delete my account but Slashdot doesn't allow it.
The reason that the various *nix OSes are immune to virii/worms of this type is because the vast majority of users use windows and MS products, not because of any superior security on the nix part. I am forced to use MS products at work and I have never been infected by a worm/virus because I know better. The average user doesn't know better. If they were on unix it would probably be an even worse problem because they would have even less of an idea of whats going on. I think Microsoft has made some bad decisions in its time, but I blame the worm/virus proliferation on the vulnerability of the users, not the vulnerability of the operating system.
- WeaselGod
Eagles may soar, but weasels don't get sucked into jet turbines
e) none of the above.
There is more funds allocated for appologist/astro-turffer
There are well-known vulnerabilities in vi. Don't recall details, but there was a problem in a SCO
version that allowed any access to the scratch files. There have also been version that played with macro capabilities in vi to run aribtary code, etc.
To my knowledge, none of these exploits even became very popular.
A better example would be to consider use of Pine, Elm, mailx, kmail, mutt or whatever is your favorite.
If memory serves correctly, There are (or have been) buffer overflow vulnerabilites in Mutt, Pine, MailX at least and I personally would be surprised that Elm, kmail and others have not also been vulnerable. Don't recall buffer overflows in vi.
Go to CERT and do a search for remote root, read the vulnerabilities and then explain to me how Linux/Unix is immune to attacks.
Undoubtedly every online services must respect the less abled user community. However, there's a certain "literacy" level that must be enforced. Services should be intuitive and straight forward. However, if you've hopped on the net and a particular OS you've assumed the responsibility of staying informed and skilled.
We're not talking about VCRs here. We're talking about a device that deals with the most private aspects of our lives - bank accounts, work, and personal conversations. You don't buy a boat you can't steer.
Happy Holidays!
The post office has taken steps towards irradiating mail. Maybe more ISPs need to "irradiate" email.
.exe attachment... it is boring. Show me an actual .txt file that can do some damage and I'm interested!
The consumer-level answer (repeated like a mantra) of course is to use anti-virus software, and I find it interesting (and conspicuous) that MS has stayed out of the anti-virus racket- but I suppose one cannot integrate AV software into the OS.
It still boils down to individual "responsibility"- at home I run no AV software on my windows box, and I've never had a problem. I'm no windows apologist, but the fact remains that most people treat their PCs as if they are leaving their keys in the car, garage door unlocked, etc... I mean, it certainly is more "convenient" to ignore any security precaution in actual life (think airport)- but is it safe? And is it at all convenient to clean up after a security breech?
Windows *has* most of the tools for a reasonable level of security if only people educate themselves and use them. The widespread problems people experience, such as this, boil down to NOT opening unknown attachments- which is email 101. This STILL boils down to an
Those that suggest you "dance like no one is watching" really want to see you make a complete fool of yourself.
- ELF executables would need to be (as per the usual retort of such idiotic comments) first marked as executable and then run by the user as an executable not run either by mistake as the user thought they were a text/image file or simply by the email client running them without any user intervention. I know of no unix client that does this and even the relative lack of HTML email is in itself a good thing in a security sense.
- There tends to be a much wider range of email clients in use on unix machines: pine, kmail, mutt, xfmail to name a few. To make a worm that attacked all of these would be very hard, and only targetting one would greatly limit the impact.
- I can manage millions of shell accounts and it wouldn't matter if I (through some miraculous event) was infected by an email worm as I wouldn't be reading my mail as root normally, and root would be reading mail through a known robust mail client, probably on a remote machine. Impact of a normal user on such a system will also be quite limited as it isn't often that easy to find out all the users on a machine and even if you do the 'worm' is still only on that one system and is easily prevented spreading onwards.
- Homogeneity makes Windows a nicer 'user experience' but it also provides a very fertile ground for viruses and worms. There is far too much variety in the types of Unix, and the distributions of Unix and the number of clients for the sort of world-crushing effects that Windows security flaws produce. There are only 3 systems I can think of that would produce this: sendmail, apache and bind. Apache has a very good track record, bind and sendmail not so good but even though they are highly dominant they don't seem to produce such continual levels of exploitation and more importantly learn from their mistakes.
In fact it is often Unix that reduces the impact of Windows email viruses and worms due to sendmail/procmail filtering rejecting known infected mails.All I hope is that the unix developers out there are looking long and hard at Microsoft's mistakes and learning from them. Unix viri and worms aren't impossible (there have been a handful over the years) but they are certainly a lot less prevalent and mostly a lot less destructive both through intention and as a side benefit of general unix design and unix variety. Variety is good, look at the world about you.
"Don't get mad, get a monkey!"
The idea that "unbiased" journalism is somehow superior is simply wrong. Not because being unbiased is inherently wrong (its not; the opposite is true, being unbiases is always superior), but because there simply is no such thing as "unbiased" journalism.
I don't know about you, but by FAR the reporting that holds value for me is the kind where the bias is KNOWN. Ever see "The Insider"? Wouldn't you like to know if there is bias mucking with your news organization?
You are living in a DREAM world if you think your news organizations are giving you unfiltered, unbiased news.
Time to wake up and do a bit of research son.
Either that or yours was a masterful troll.
To be "popular belief" it would need to be a prevailing opinion. The post you responded to is proof of just one person who knows less about SMTP than they thought they did. Hardly prevailing.
What is really popular right now is the "hate Slashdot" meme. It seems to be trendy to bash Slashdot, people who read Slashdot, people who post to Slashdot, and so on.
Being as popular as it is, Windows security problems (particularly those that result in wasting network bandwidth) are a problem for everyone, including GNU/Linux users. Those who pay for their Internet connections by the byte probably don't appreciate paying money to allow some worm send junk e-mail to a bunch of peoplea worm that works because of a hole Microsoft might have caught had they proactively audited their source code base by hand.
It all boils down to the same thing time and time again. Windows is no more usable than Linux it is only more common. There are an infinite number of ways a UI could have been diesigned. It just so happens that poeple have had Windows crammed down their throats for so long that something different seems hard and un-intuitive.
I'm the big fish in the big pond bitch.