Slashdot Mirror
Clever New Windows Worm
freakboy303 sent in linkage to a new worm
that will no doubt be cluttering our inboxes soon. Clever bits include running its own SMTP
service to increase chance of success, as well as using a bunch of spaces
to disguise the true extension of the executable. No doubt countless copycats
will soon follow and our inboxes will be cluttered by countless copies
of the thing. Not that there's a problem with windows security.
Not that there's a problem with windows security.
Why do the editors of Slashdot ALWAYS put their unproductive, derogatory, flaming, two cents at the end of _every_ story regarding something "AWFUL" Microsoft has done? Either they are really insecure about "their Linux," and can't get fullfillment from any other means than bashing the competition, or they really don't believe in what they advocate so much. I'm sick and tired of hearing it! Come ON Slashdot! There are countless posts in previous stories that sound just like this one - all in reponse to the crap you guys put in the Microsoft stories. Get the picture: no one wants your bias. Bias makes for unreliable, untruthful, and slanted news.
With that being said, of course there are problems with Windows security. There are security problems in EVERY OS. Stop pointing the relentless finger at Microsoft every chance you get.
Man is born free; and everywhere he is in chains.
"The worm utilises it's own SMTP engine so it does not depend on Outlook for e-mail sending."
:-P
Not even a virus can depend on Outlook anymore...
We were all talking about this a week or two ago, but I'm too busy trying to get this pinball machine on eBay, so no time to search through old articles.
woof.
Mail worms/virii/sausage - whatever - can be unbelievably contained with a simple attachment checking process - after Melissa, I implemented Mail Essentials (www.gfi.com) at my company - one server - 200k+ messages a day capacity - extention filtering ON.
.procmail GUI. Works with any SMTP server.
Since then, we got hit with evey major email worm, but got infected by none - 1,000's of messages per incident blocked at the server - none made it to the internal Exchange box... they all get blocked at the "mailman" (block EXE, VBS, PIF, whetever)
The sender gets a "kindly" message saying "Sorry, we don't accept this extention type - try again".
It'll even scan for uncertified macros in Office Docs, filter spam (i.e. GREP searches), autorespond, basically a nice
It's amazing how a small company like us can spend the $1,500 to protect our mail system, while larger ones (i.e. employers of my roommates) would rather lose 4 hours of mail to one of these buggers.
It makes no sense NOT to use a simple filter - when will people learn. Until then, I'll just laugh.
no no no,
see, people have either used a local smtp server OR used spaces. This is obviously the work of a professional. No script kiddie could be THAT good. This guy probably has an AMD
Pat
(link is to a funny article)
Humans are slow, innaccurate, and brilliant; computers are fast, acurrate, and dumb; together they are unbeatable
just like the rep AOL gets, the more users you have the more dumb users you have.
Do you know what that means? It means the system needs to be engineered to handle those users. It does NOT mean we should shout and flame about how stupid those users are. Guess what: Everyone who uses an online service (or the Internet, for that matter) is NOT a Computer Science or Engineering major, and they should NOT be expected to act accordingly. They are there for their own purposes, to accomplish their own ends. The systems should be designed accordingly, with error prevention and correction built in, to catch things that would otherwise hurt users or administrators.
Man is born free; and everywhere he is in chains.
Viruses get sophisticated enough that they look at subject lines in your current "Sent Items" folder and use the same subject and text, just adding the attachment, or if they find an email you previously sent that had an attachment and replace it and re-send the message.
Its only a matter of time. Its amazing how even a dumb virus can fool so many people.
I Heart Sorting Networks
Actually this is not an outlook problem at all. It doesn't even depend on outlook as it has it's own smtp engine. If you have an exploitable version of IE, then IE can be made to execute the content. Or it tries to trick the user into executing the text file included ( which is really a .pif file )
This isn't a problem if you use netscape or other non-ie code to view your mail. Pine works great, just not point and click.
Most sensible organisations will already be blocking .pif files in mail - this virus is already known by McAfee as W32/Shoho@MM and they have detailed it as a LOW risk worm.
On another note, I hope Slashdot isn't going to run a story on every new virus that gets released...
-- Pete.
Monochrome - Probably the UK's largest internet BBS
Worms and virii are being written for Windows/Outlook, because:
(A) 98% of all people using PCs to read email are running Windows.
(B) There are a lot of cracker-types full of concentrated angst about Microsoft, Bill Gates, Windows XP, etc.
If that 98% referred to Linux/KDE or MacOS X, you can be _damn_ sure that there would be severe security exploits for those systems as well. All it takes is _one_ small hole to give a virus writer leverage, and in any system with hundreds of thousands of lines of code behind it, there are going to be small holes. Arguably things would be much worse if everyone used Linux, because Linux is more daunting for users to administrate than Windows. So anyone not keeping up with security issues would be vulnerable. Most people fall into that category, even intelligent people.
As for (B) above, what can be said except that it's pretty sad.
At the risk of stroking the collective /. ego, yeah, they are.
Canonical example - someone who got Sircammed at work, came to me and said they were having trouble opening up this attachment someone had sent them, and they wondered why someone sent it to them in the first place.
I did my best "All your base!" voice and said "I send you this file to have your advice!"
Cow orker said "Yeah, hey, how did you know that? Are you reading my mail?"
Another admin and I spent the next hour disinfecting 0wn3d box3n from other cow orkers who had done the same thing.
Not a bad one, either, judging by the reaction. But seriously, if this wasn't a troll and you really have these complaints you wouldn't be reading /. anymore, would you?
At least the people who bitched when Taco first used the Bill Gatus of Borg icon they had a legitimate reason.
The enemies of Democracy are
I didn't see any misspelled words in the sample email at that link...this is an obvious hoax.
That's the idiot that picked Outlook/Exchange for the corporate messaging system, right? Sorry, I'm not ranting at you, but I hear this a lot at work and want to set the record straight.
I don't think it's fair to blame the user for not knowing that ".txt.pif" is a magic extension that can hurt their computer, or just to tell them "don't open email from someone you don't know". The fact of the matter is that it's wrong for your email client or your web browser to executed code from an unknown source, and the user should have to take positive steps (more than one) to execute such things. Microsoft's email tools are fundamentally broken, even to the point where they betray their supposed ease of use by requiring the user to puzzle over which emails are safe and which aren't.
So no, I don't really blame the marketing guy for not knowing that ".txt" is OK but ".txt.pif" isn't OK - it's not his job to know. It's the job of the tools Mr. Marketing is given to tell the difference for him and not automatically or easily do something dangerous. And it's the job of corporate IT purchasers to make sure that the right tools are being given to Mr. Marketing. More than anything, the repeated Microsoft virus and worm attacks point to a fundamental failure to learn from past IT purchasing mistakes.
Don't get me started on my company's new internal IM system that only works from Windows - thanks for nothing there, guys.
Your right to not believe: Americans United for Separation of Church and
There are several factors to consider. The first is you mail provider. If they are quick to block out the newest viruses at the server, you obviously will not get it.
The other is how much your email address is out there. Some of the viruses would go through the web cache and grab email addresses from there. If your email address is out there a lot, you are going to get more viruses. 99% of the SirCam, Nimda, and so on that I got (probably a couple hundred) came from people I did not know.
- (c) 2018 Hank Zimmerman
For us Windows users, reports of new security issues seem to come as often as potholes on an Arkansas highway. Like the potholes, looking for the next one isn't all that interesting or entertaining, but we still have to try to avoid them or at least minimize their impact.
"Net access: $20/mo. -- Electricity for computer: $20/mo. -- Reaching the 50 Karma cap: Priceless"
I'm at the karma cap, and I've been oscillating between 47 and 50 for some time. Does anyone else in that situation agree with my Modest Karma Proposal?
Windows is so easy to write worms for that we see a constant influx of simple stuff. Simple VB scripts, etc., can do a great deal of damage, and worm authors don't seem motivated to try a harder because they don't have to. This new worm seems like a step in a scary direction, towards real sophistication. Depending on system services to propagate will not be easy forever, and I expect to see more worms with their own protocols (like SMTP) built-in.
The "optimal" worm is one in which all it needs is a thread of execution and access to basic OS APIs like sockets and elementary file access. You're not going to stop a worm from calling the most basic APIs, so the key to stopping worms (once all the fundamental holes are patched in Windows, if ever) seems to be not letting them have that thread of execution in the first place. Of course, there will always be lots of users willing to run unknown executables, but the less automatic, the better. Patching buffer overflows in IIS, etc., will only go so far because there will always be users ready and willing to execute email attachments. Until focus comes to bear on ways to keep unsophisticated users from doing this sort of thing, there will always be a cornucopia of devastating worms.
Apache has a veto-proof majority of the web servers out there. Where are the Apache worms? Why is IIS, with far less market share, getting them? It's because Apache is secure and IIS is not, period.
Linux and OSX are both based on the Unix security model, a fundamentally sound design refined by two decades of real-world practice (dating back to the RTM worm in the early 1980s). It's not a matter of the virus writers aren't looking... it's a matter of a lack of exploitable holes. Name ONE Unix email client stupid enough to auto-execute code. Just one!
Yes, there are still exploitable holes here and there in Unix/Linux. But they generally require real mastery to find. Windows macro viruses can be written by 14 year old boys. My wife, a technical writer, doesn't know enough programming to write heapsort (do you?), but she knows enough to write a macro virus in VBA.
Get it through your head... the number of viruses and worms today is not a function of popularity or attention. It is a function of poor design and poor implementation, combined with security by obscurity (a technique discredited everywhere but Microsoft).
Really, learn about it. Don't just whine because Microsoft is getting a richly deserved spanking, and you don't want to hear how bad your favorite OS sucks.
Hand me that airplane glue and I'll tell you another story.
Funny that SOMEONE at Microsoft is finally, publicly, admitting that there's a pattern to Microsoft vulnerabilites.
Go Lakers!
The XP exploit, at least, is an entirely new class of security hole, not seen before, and every last one of the 10M+ XP boxes shipped is vulnerable to total control from the outside.
If that ain't news, what is?
As for the worm... well, it's mildly technically interesting. But if Microsoft worms have become so common that they are no longer news... well, i think that's news, too!
Hand me that airplane glue and I'll tell you another story.
and i simply assume most people have a sense of humour, but we don't all get what we want, do we?
sure, i know that windows isn't complete crap - hell, i can admit it's gotten pretty useful in the last couple revisions. i've even been known to use it to play the occasional game. but i don't come to /. for flat, ZDNET style reporting. i come to it for useful links and snide comments.
i also come here to do this once in a while:
This is the voice of World Control. I bring you Peace.
I wonder if, say, construction workers, when building a shopping mall, say stuff like, "Man, we have to put railings up? Come on, what kind of idiot would just walk off the edge and plummet to the floor below? Stupid users."
"What? Circuit breakers? What sort of moron would overload a circuit? Who needs circuit breakers? Stupid users."
--
Mod up a post Rob doesn't like and you'll never mod again
Hmmm, I thought there was already a patent for that. Something like:
;)
Method and Apparatus for delivery of a self-replicating bytestream through use of a square port number and excessive white space.
Couldn't find it on the patent search site, though
"It's tough to be bilingual when you get hit in the head."
Because to a programmer/architect/sysadmin, the mere existence of these worms is mind-boggling. Imagine the largest-selling American car manufacturer building all of their models with the gas tank right behind the front bumper, or some such idiocy. Now you, as an automotive columnist (with some professional understanding of auto design), are forced to report every time one of these Hindenburgs ends up as a firey wreck.
It'd be bad enough if this happened in one model of car, but to see it happen year after year, when the company should know better, has to be somewhat irritating. I'll let MS slightly off the hook when a "legitimate" bug is found-- that is, one that might not have been directly anticipated when the product was being designed. But each of these worms exist as a result of MS's ongoing, dunderheaded ignorance of basic security issues. Windows scripting on as default? Minimal security in their email software? Preview panes that can automatically execute scripts?
So yes, the Slashdot editors' scorn is thoroughly justified in these cases. If you're looking for more objectivity in your reporting, there are other places to go. If you stuck to the reports I've seen in reputable newspapers, you wouldn't even have to suffer the notion of Microsoft as a responsible party. If you think that's the case, choose your news sources differently. Slashdot is run (and contributed to) by people who take this sort of stuff a little bit personally.
See here for a discussion on the experiments of a particular fellow on finding a list of offending Windows extensions that are not unhidden even if "Show all extensions" is used.
Actually, ELF executables running under a normal user account CANNOT do the most interesting part, namely run their own SMTP server. Root access is required to open a low-numbered port.
Root access is required to bind to a low-numbered port, but not to connect to a remote service, which is all you need in order to send email.
Geez, don't people know at least the rudiments here?
Tarsnap: Online backups for the truly paranoid
All it takes is one idiot, though, to bring down an entire company.
One desktop machine should never be able to bring down an entire company, even if the hacker has full access to it.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
Why are companies letting people thrash the mail system inadvertantly and go on like nothing happened? This is a social problem, albeit one that has been made more prevalent by bad technology. So what if Outlook took out the double-click-run-and-destroy feature for attachments? Trojan's would get mailed along w/ instructions on how to safe to your disk and run the program. And some idiot would do it too.
I'd much rather see corporations making their employees responsible for breaking things on the network. If the admin fscks up the entire system he'd be up to his knees in shit -- but the "users" are allowed to do it because they can claim ignorance? No thanks. Draw up some strick hard-line rules for your employees and get this crap taken care of. My personal suggestions would be:
Sure, it's a bit drastic. But is productivity really benefiting from wreckless use/abuse of insecure software? Must your employees use Outlook so they get that warm fuzzy feeling of being able to fiddle with all sorts of buttons on their screen? Why can't the computer be viewed like another other tool? If you don't know how to use it why in the world are you using it at work? I wouldn't dream of putting joe-schmoe on a fork life w/out some training, why put people w/ no training on a computer? If joe-schmoe runs the fork-lift into a wall you bet he'll get some heat for it. Run a virus though? Nah, everybody does that.. let it slide, let IT clean it up.
Egress filtering at the firewall will block the spread of this. Simply don't allow anything but the mail server to make SMTP connections out. Done. Same thing with all of those "home firewall" products.
I want to delete my account but Slashdot doesn't allow it.
The reason that the various *nix OSes are immune to virii/worms of this type is because the vast majority of users use windows and MS products, not because of any superior security on the nix part. I am forced to use MS products at work and I have never been infected by a worm/virus because I know better. The average user doesn't know better. If they were on unix it would probably be an even worse problem because they would have even less of an idea of whats going on. I think Microsoft has made some bad decisions in its time, but I blame the worm/virus proliferation on the vulnerability of the users, not the vulnerability of the operating system.
- WeaselGod
Eagles may soar, but weasels don't get sucked into jet turbines
It's funny allright. However there is an explanation that 5 years ago this was less feasible.
Earlier we used to be suspicious only of very small executable attachments. Often that would be a virus. If someone mailed you a large executable attachment it would probably be a legitimate file. However after all the legitimate funny files that are sent to friends (you know, those cartoon like programs, or sheep floating on your desktop) nobody is surprised anymore about a rather large attachment.
There have been so many 'harmless' funnyfiles that people don't believe you anymore when you say "never open executable files!". Not to mention the fact that it's allways "safe, because a friend sent it to me". Oh well...
karma capped
The post office has taken steps towards irradiating mail. Maybe more ISPs need to "irradiate" email.
.exe attachment... it is boring. Show me an actual .txt file that can do some damage and I'm interested!
The consumer-level answer (repeated like a mantra) of course is to use anti-virus software, and I find it interesting (and conspicuous) that MS has stayed out of the anti-virus racket- but I suppose one cannot integrate AV software into the OS.
It still boils down to individual "responsibility"- at home I run no AV software on my windows box, and I've never had a problem. I'm no windows apologist, but the fact remains that most people treat their PCs as if they are leaving their keys in the car, garage door unlocked, etc... I mean, it certainly is more "convenient" to ignore any security precaution in actual life (think airport)- but is it safe? And is it at all convenient to clean up after a security breech?
Windows *has* most of the tools for a reasonable level of security if only people educate themselves and use them. The widespread problems people experience, such as this, boil down to NOT opening unknown attachments- which is email 101. This STILL boils down to an
Those that suggest you "dance like no one is watching" really want to see you make a complete fool of yourself.
A Credit Card Processor, CCBill has been hacked and credit cards were stolen. No mention of it on Slashdot. Is it because the site runs Apache/PHP?
Please read what he said again.
There is no perfect email system, and there never will be, but the way Microsoft does things is fundamentally wrong. The default "trust all attachments" behavior of Lookout and Lookout Express, coupled with the default behavior of hiding extensions for known filetypes, mated with most users' general inexperience in all things computer-related equates to one huge fucking train-wreck of a problem, wouldn't you agree?
This whole mess could easily be avoided (or at least toned way, way down) if Microsoft would wise up and start shipping their mail clients (and their web browsers) with much more locked-down defaults.
Yes, I'm picking on Microsoft. They're a huge company and a lot of people who simply don't know any better use their products. Their products ought to know better; don't leave security up to the end-user, and don't make the IT guy's job more tedious than it already is.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
warning from McAfee, as look at the file listing that is attempted to be deleted (according to McAfee):
Files being Deleted on an example (win9x) system:
- c:\WINDOWS\1STBOOT.BMP
- c:\WINDOWS\ASD.EXE
- c:\WINDOWS\CLEANMGR.EXE
- c:\WINDOWS\CLSPACK.EXE
- c:\WINDOWS\CONTROL.EXE
- c:\WINDOWS\CVTAPLOG.EXE
- c:\WINDOWS\DEFRAG.EXE
- c:\WINDOWS\DOSREP.EXE
- c:\WINDOWS\DRWATSON.EXE
- c:\WINDOWS\DRWATSON
- c:\WINDOWS\DRWATSON\FRAME.HTM
- c:\WINDOWS\EMM386.EXE
- c:\WINDOWS\HIMEM.SYS
- c:\WINDOWS\HWINFO.EXE
- c:\WINDOWS\JAUTOEXP.DAT
- c:\WINDOWS\Kacheln.bmp
- c:\WINDOWS\Kreise.bmp
- c:\WINDOWS\LICENSE.TXT
- c:\WINDOWS\LOGOS.SYS
- c:\WINDOWS\LOGOW.SYS
- c:\WINDOWS\MORICONS.DLL
- c:\WINDOWS\NDDEAPI.DLL
- c:\WINDOWS\NDDENB.DLL
- c:\WINDOWS\NETDET.INI
- c:\WINDOWS\RAMDRIVE.SYS
- c:\WINDOWS\RUNHELP.CAB
- c:\WINDOWS\SCRIPT.DOC
- c:\WINDOWS\Setup.bmp
- c:\WINDOWS\SMARTDRV.EXE
- c:\WINDOWS\Streifen.bmp
- c:\WINDOWS\SUBACK.BIN
- c:\WINDOWS\SUPPORT.TXT
- c:\WINDOWS\TELEPHON.INI
- c:\WINDOWS\W98SETUP.BIN
- c:\WINDOWS\Wellen.bmp
- c:\WINDOWS\WIN.COM
- c:\WINDOWS\WIN.INI
- c:\WINDOWS\WINSOCK.DLL
That would seem to be pretty destructive to me... Also strange that we can only get a beta DAT file and there is no mention on McAfee's virus alert pages that this thing is out there... tisk tisk how many people will think this is a hoax and run it fscking up their systems...
You've never done corporate IT support, have you? Even if you could convince the pointy-haired bosses to accept these draconian security restrictions, the employees would attempt lynch you for it. Business people don't like being told what they CAN'T do! They aren't like apthetic college students, who usually care less about the rules (unless it affects their precious beer supply).
If a manager (Or a sales guy, or an accountant, whatever) is used to using IE at home and sending e-mails with pretty fonts and pictures attached, they'll demand that they can do it at work. They'll want to be able to read Word attachments from outside sources, and share files with their co-workers. If you say no, they'll just keep complaining louder to your manager and your manager's managers until someone forces you to cave in to their demands. Most of your changes will get shot down, and you'll put up with a lot of grief in the process.
Most users don't give a rats ass about security, they just want to be able to do their jobs as quickly and easily as possible. If you try to get in their way, they'll fight you on every change until you get frustrated and give up.
That's why it's important to make SMALL security improvements, and make them slowly. Start by blocking certain attachments on the server side, and continously remind people not to click on unknown files. Make sure that your virus software runs automatic scans, and updates itself automatically. The users aren't going to do it for themselves, or at least not until they are already infected. Warn constantly, but never try to FORCE anything on your users unless it's absolutely necessary. The nastier you get, the more that they'll start ignoring you.
Umm no only root can bind to low numbered ports (of which port 25 is a member)
Contrary to popular belief - and it's really, really prevalent on Slashdot nowadays, of all places - you don't need an SMTP server to send an email. You just need a client.
All you need to do is open a connection to port 25 on an existing SMTP server to send an email to an address it assumes is its own, and send off a bunch of commands: HELO, MAIL FROM, RCPT TO, DATA, and QUIT.
Try it sometime. Telnet to a mail server on port 25, and type the following commands, without using the backspace key:
HELO heaven.gov
MAIL FROM: god@heaven.gov
RCPT TO: <actual email address>
DATA
I've been watching you. Your fly is down.
.
QUIT
Make sure the email address domain is one that the mail server will answer for, otherwise you'll get an error saying it won't relay for you. (Usually.) And make sure the user is a valid user on that domain. If those two requirements are met, you've sent an email - without needing an SMTP server, I might add.
So if you don't need a server, you don't need to bind a port, and a worm like this could spread through Linux systems the way it spreads through Windows systems.
I got my Linux laptop at System76.
The idea that "unbiased" journalism is somehow superior is simply wrong. Not because being unbiased is inherently wrong (its not; the opposite is true, being unbiases is always superior), but because there simply is no such thing as "unbiased" journalism.
I don't know about you, but by FAR the reporting that holds value for me is the kind where the bias is KNOWN. Ever see "The Insider"? Wouldn't you like to know if there is bias mucking with your news organization?
You are living in a DREAM world if you think your news organizations are giving you unfiltered, unbiased news.
Time to wake up and do a bit of research son.
Either that or yours was a masterful troll.
Let's see, I'm 35 and work for a US national sized company. They have not fired me yet, so I must have some tact.
I'm interested in all the windows worms and I'm glad that Slashdot documents them. Here disasters that cost companies that trust M$ millions of $ are treated rather cooly, exept by folks like me. You see, here I get to scream my head off about how stupid, irresponsible and incompetent the exchange group is. You don't think I'd actually tell anythig to the moron "standardized" on Exchange then got clobbered by all this? I mean, they tried very hard. They spent all the company money on all the band-aid virus checkers, comercial mail filters and what not. Heck, they are still trying very hard to recover all the contacts, email, calender events, daily journals and what not that contained the characters "hi" in them? Nah, they might get their feelings hurt if they learned how badly the company they trusted let us all down. Here I can scream it all out loud, share laments with others who suffer and more important, learn exactly why such things happen and why they will always happen when you do things the M$ way. Slashdot is teaching me with good and bad expamples of how to do things. Shame on M$ for the way they do things. Here I can gloat and bitchslap trolls like you in a way that would get me shitcanned at work. When I'm finished learning good conceptes and taking out my frustration on loosers like you, I can gently suggest things to my co-workers that might improve the place I work. I don't have to gloat about new viruses, the NAV packs and viruses themselves do that for me.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
You mean the same way some trolls are now hiding Goatsex links by putting a popular site in the front of the url (like Yahoo), having it show [yahoo.com] on Slashdot, then redirecting the user to Goatsex?
Windows isn't the only one with flaws...
To be "popular belief" it would need to be a prevailing opinion. The post you responded to is proof of just one person who knows less about SMTP than they thought they did. Hardly prevailing.
What is really popular right now is the "hate Slashdot" meme. It seems to be trendy to bash Slashdot, people who read Slashdot, people who post to Slashdot, and so on.
If any of these employees wore a bathrobe to the office, and sat all day watching television, I'd fire their ass in no time flat. Yet they do this at home all the time.
I don't mean to come off as a flame, as I agree for the most part with your post, but employees are paid to do a job, and to do as *I* the employer says with *my* equipment. A huge problem with email viruses is that because they're computer related, we somehow feel we shouldn't be able to hold employees accountable for their actions. If an employee doesn't want to lock his house door, fine. If he leaves my office door unlocked after hours, he's gone. When I tell an employee "DO NOT open email attachments" and they do, I'm sorry, but the employee is at fault.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Imagine if you will....
You get an email with an executable attachment.
The attachment executes automatically, because we WANT it to do that.
Upon execution, a EULA pops up, with a "licence agreement" that states the following:
- The program being executed will automatically forward itself to a significant number of people using a variety of means
- Some type of modification will take place to your file system.
- By clicking OK you AUTHORIZE this to happen, and claim full responsibility for any damage that
is caused as a result.
And most importantly, if the cancel button is pressed, the program won't execute.
Chances are good that 90% of the people who would be affected by an illegal virus will just as happily click OK without reading anything. The fact of the matter is, the virus will cause the same amount of damage, but the author could probably plaster his name all over it and not fear any legal repercussions.
Of course, there's always the issue of intent. Bottom line, authorized or not, the INTENT of the program was to cause havok of the same nature as a virus. But in the end, it would sure make an idiot out of anyone who spread it.
And maybe, just maybe, it MIGHT result in people actually READING the EULA's. Yeah.. I know.. I'm dreaming.
-Restil
Play with my webcams and lights here
Have a read of this article at Wired entitled "The Great MS Patch Nobody Uses". (brief extract below).
A free, downloadable update that transforms Microsoft's Outlook into a significantly more secure e-mail application has languished virtually ignored on Microsoft's website for more than a year.
Although the majority of recent viral attacks have come compliments of worms that don't rely only on e-mail to spread, the Outlook E-mail Security Update (OESU) can stop or greatly lessen the impact of most malicious code, such as BadTrans and SirCam, if only people would download and install it.
OESU blocks the receipt and transmission of most of the e-mail attachments that typically can contain virus or worm code. The update also stops malicious code from spreading by blocking unauthorized access to Outlook and its address book. Many viruses and worms spread by surreptitiously e-mailing themselves to e-mail addresses culled from an infected computer's system files.
Funny how if the other 99% of people had this patch then virus spreading would drop drastically.
Avantslash - View Slashdot cleanly on your mobile phone.