Clever New Windows Worm

freakboy303 sent in linkage to a new worm that will no doubt be cluttering our inboxes soon. Clever bits include running its own SMTP service to increase chance of success, as well as using a bunch of spaces to disguise the true extension of the executable. No doubt countless copycats will soon follow and our inboxes will be cluttered by countless copies of the thing. Not that there's a problem with windows security.

Without Outlook?

[krony]

"The worm utilises it's own SMTP engine so it does not depend on Outlook for e-mail sending."

Not even a virus can depend on Outlook anymore...

:-P

There's a few differences

[BadDoggie]

Differences:

• 1) "Legitimate"-looking Subject line.
• 2) Legitimate-looking warning message straight out of Outlook.
• 3) Good social engineering
• 4) Own SMTP engine, so an Outlook script to warn that there's mail w/ attachments going out is useless.
• 5) New "method" of hiding file extension which is harder to see even if extensions are displayed.

We were all talking about this a week or two ago, but I'm too busy trying to get this pinball machine on eBay, so no time to search through old articles.

woof.

Get a Mail FIlter Already!!!

[seigniory]

Mail worms/virii/sausage - whatever - can be unbelievably contained with a simple attachment checking process - after Melissa, I implemented Mail Essentials (www.gfi.com) at my company - one server - 200k+ messages a day capacity - extention filtering ON.

Since then, we got hit with evey major email worm, but got infected by none - 1,000's of messages per incident blocked at the server - none made it to the internal Exchange box... they all get blocked at the "mailman" (block EXE, VBS, PIF, whetever)

The sender gets a "kindly" message saying "Sorry, we don't accept this extention type - try again".

It'll even scan for uncertified macros in Office Docs, filter spam (i.e. GREP searches), autorespond, basically a nice .procmail GUI. Works with any SMTP server.

It's amazing how a small company like us can spend the $1,500 to protect our mail system, while larger ones (i.e. employers of my roommates) would rather lose 4 hours of mail to one of these buggers.

It makes no sense NOT to use a simple filter - when will people learn. Until then, I'll just laugh.

Re:Get a Mail FIlter Already!!!

[ralmeida]

Put this in your server's /etc/procmailrc:

#LOGFILE=/var/log/procmail
#VERBOSE
VIRUSDUMP='/var/spool/virus'
GOTCHA=`formail -xTo:`

:0
*^Content-type: (multipart/mixed|application/octet-stream)
{
:0 HB
*^Content-Disposition: attachment;
*filename=".*\.(vbs|wsf|vbe|wsh|hta|scr|pif|com|ex e|js)"
{
:0 fhwc
| (formail -r -I"Precedence: junk" ; echo -e "Our mail server refuses e-mail messages with suspect attachments, like: \n\n vbs, wsf, vbe, wsh, hta, scr, pif, com, exe ou js.\n\nYour e-mail was not delivered.\n\nPlease contact webmaster@host if you have any questions.") | $SENDMAIL -t
:0
${VIRUSDUMP}
}
}

Re:problem with the users

[Wire+Tap]

just like the rep AOL gets, the more users you have the more dumb users you have.

Do you know what that means? It means the system needs to be engineered to handle those users. It does NOT mean we should shout and flame about how stupid those users are. Guess what: Everyone who uses an online service (or the Internet, for that matter) is NOT a Computer Science or Engineering major, and they should NOT be expected to act accordingly. They are there for their own purposes, to accomplish their own ends. The systems should be designed accordingly, with error prevention and correction built in, to catch things that would otherwise hurt users or administrators.

I wonder how long it will be before...

[mrroot]

Viruses get sophisticated enough that they look at subject lines in your current "Sent Items" folder and use the same subject and text, just adding the attachment, or if they find an email you previously sent that had an attachment and replace it and re-send the message.

Its only a matter of time. Its amazing how even a dumb virus can fool so many people.

Not a bad virus...

[Pete+(big-pete)]

Most sensible organisations will already be blocking .pif files in mail - this virus is already known by McAfee as W32/Shoho@MM and they have detailed it as a LOW risk worm.

On another note, I hope Slashdot isn't going to run a story on every new virus that gets released...

-- Pete.

Re:Am I the only one...?

[Tackhead]

> Are the people I converse with in email just cooler/smarter than everyone else

At the risk of stroking the collective /. ego, yeah, they are.

Canonical example - someone who got Sircammed at work, came to me and said they were having trouble opening up this attachment someone had sent them, and they wondered why someone sent it to them in the first place.

I did my best "All your base!" voice and said "I send you this file to have your advice!"

Cow orker said "Yeah, hey, how did you know that? Are you reading my mail?"

Another admin and I spent the next hour disinfecting 0wn3d box3n from other cow orkers who had done the same thing.

Re:More Slashdot demagoguery?

[Wire+Tap]

I simply assumed that people on Slashdot are above those biases. We are (mostly) computer and science enthusiasts, and, generally, those types are able to make well-informed decisions about things. And, decisions of that sort are best made without the influence of bias. Some would argue that if bias is a factor, those decisions are no longer well-informed - they are inherently ill-formed.

I could be wrong, but I thought that most of the users of Slashdot were above bias. I may have been wrong. Please excuse me if I was.

Looks like a hoax

[sphix42]

I didn't see any misspelled words in the sample email at that link...this is an obvious hoax.

Re:Am I the only one...?

[ethereal]

That's the idiot that picked Outlook/Exchange for the corporate messaging system, right? Sorry, I'm not ranting at you, but I hear this a lot at work and want to set the record straight.

I don't think it's fair to blame the user for not knowing that ".txt.pif" is a magic extension that can hurt their computer, or just to tell them "don't open email from someone you don't know". The fact of the matter is that it's wrong for your email client or your web browser to executed code from an unknown source, and the user should have to take positive steps (more than one) to execute such things. Microsoft's email tools are fundamentally broken, even to the point where they betray their supposed ease of use by requiring the user to puzzle over which emails are safe and which aren't.

So no, I don't really blame the marketing guy for not knowing that ".txt" is OK but ".txt.pif" isn't OK - it's not his job to know. It's the job of the tools Mr. Marketing is given to tell the difference for him and not automatically or easily do something dangerous. And it's the job of corporate IT purchasers to make sure that the right tools are being given to Mr. Marketing. More than anything, the repeated Microsoft virus and worm attacks point to a fundamental failure to learn from past IT purchasing mistakes.

Don't get me started on my company's new internal IM system that only works from Windows - thanks for nothing there, guys.

Is a 6ft-deep pothole in front of your car "news?"

[Tsar]

For us Windows users, reports of new security issues seem to come as often as potholes on an Arkansas highway. Like the potholes, looking for the next one isn't all that interesting or entertaining, but we still have to try to avoid them or at least minimize their impact.

"Net access: $20/mo. -- Electricity for computer: $20/mo. -- Reaching the 50 Karma cap: Priceless"
I'm at the karma cap, and I've been oscillating between 47 and 50 for some time. Does anyone else in that situation agree with my Modest Karma Proposal?

When will we see the real worms?

[tuxlove]

Windows is so easy to write worms for that we see a constant influx of simple stuff. Simple VB scripts, etc., can do a great deal of damage, and worm authors don't seem motivated to try a harder because they don't have to. This new worm seems like a step in a scary direction, towards real sophistication. Depending on system services to propagate will not be easy forever, and I expect to see more worms with their own protocols (like SMTP) built-in.

The "optimal" worm is one in which all it needs is a thread of execution and access to basic OS APIs like sockets and elementary file access. You're not going to stop a worm from calling the most basic APIs, so the key to stopping worms (once all the fundamental holes are patched in Windows, if ever) seems to be not letting them have that thread of execution in the first place. Of course, there will always be lots of users willing to run unknown executables, but the less automatic, the better. Patching buffer overflows in IIS, etc., will only go so far because there will always be users ready and willing to execute email attachments. Until focus comes to bear on ways to keep unsophisticated users from doing this sort of thing, there will always be a cornucopia of devastating worms.

Re:More Slashdot demagoguery?

[FortKnox]

I'd prefer it if they just wouldn't post anything about MS unless its related to Linux. Fact is, bad publicity is still publicity. If they wanted to be mature about MS vs. Linux, they wouldn't post this stuff.

The key word is in the above paragraph is "mature". Its like I always say about elitests and linux. They like being able to put other OSs (in this case) down, that is why you find people bashing Linux newbies instead of helping them out. Cause if everyone used Linux, they wouldn't be "special" and be able to insult the "average man".

Remember, the men behind /. are kids fresh out of school, without any business tact (not that I've shown much, but I'm not being paid to be here...).

You don't get it

[Frank+Sullivan]

Apache has a veto-proof majority of the web servers out there. Where are the Apache worms? Why is IIS, with far less market share, getting them? It's because Apache is secure and IIS is not, period.

Linux and OSX are both based on the Unix security model, a fundamentally sound design refined by two decades of real-world practice (dating back to the RTM worm in the early 1980s). It's not a matter of the virus writers aren't looking... it's a matter of a lack of exploitable holes. Name ONE Unix email client stupid enough to auto-execute code. Just one!

Yes, there are still exploitable holes here and there in Unix/Linux. But they generally require real mastery to find. Windows macro viruses can be written by 14 year old boys. My wife, a technical writer, doesn't know enough programming to write heapsort (do you?), but she knows enough to write a macro virus in VBA.

Get it through your head... the number of viruses and worms today is not a function of popularity or attention. It is a function of poor design and poor implementation, combined with security by obscurity (a technique discredited everywhere but Microsoft).

Really, learn about it. Don't just whine because Microsoft is getting a richly deserved spanking, and you don't want to hear how bad your favorite OS sucks.

Re:You don't get it

[rlp]

I agree with your basic thesis. However, it should be noted that Unix design and Windows design started with different premises. Unix was derived from Multics which was an early time-sharing system designed to be (relatively) secure. As a multi-user system, mechanisms had to be built-in to protect a users environment from other users. Windows is descended from DOS (and CP/M) and came from an environment that assumed one machine / one user. Hence their were no protections built in.

Unix was built by developers for developers. In many cases the system administrators were also the system programmers. System administration problems tended to be solved by code. For example, in the early 80's Unix did not limit the number of processes per user. At Bell Labs, whenever the Intro. to Unix Programming class got around to the 'fork()' system call, machines started crashing. This was soon fixed by a kernal change. Linux has continued (and expanded) on this tradition.

In contrast, Microsoft has focused on ease of use for the average user. This focus has been rewarded with market share. Security has been an after thought. Prior to mass adoption of the Internet - this was not an unreasonable approach. Now, of course, it's a disaster.

This is funny.

[JeremyYoung]

From the AP on Yahoo:

Just last week, Microsoft's corporate security officer, Howard Schmidt, expressed frustration about continuing threats from overflows. ``I'm still amazed that we allow these things to occur,'' he said at a conference of technology executives. Schmidt is expected soon to resign from Microsoft to work for President Bush's top computer security adviser.

Funny that SOMEONE at Microsoft is finally, publicly, admitting that there's a pattern to Microsoft vulnerabilites.

Re:More Slashdot demagoguery?

[Hormonal]

It's unfortuante, as Slashdot is one of the best places on the Internet to go for news, and heady, informed discussion.

OK, I come here for news, and for discussion. I read the headlines, generally the blurbs, and I poke around in the discussion until I can't stand it any more.

I don't use this site as a basis for generating opinions regarding what company is bad, what company is good, or what text editor I should use. I have my own methods for said exercise.

Surely, you realize that this site is coded, maintained, and read by geeks. I find it quite unlikely that a reader of this site hasn't formed an opinion one way or another regarding Microsoft. We don't thaw out cavemen, and then teach them to read, using Slashdot (boy, that's be an exercise in futility, with the l33t speak, and the horriffic grammar and spelling.)

Bottom line is this, and I know it's been said many times in the past: This is not a real news site. It's just a weblog, and it happens to have a lot of people who like it. The Slashdot editors are under no obligation to be fair, or unbiased. If you don't like it, create your own site. Buh-bye.

Re:Is this slashdot or a Windows bug tracker?

[Frank+Sullivan]

The XP exploit, at least, is an entirely new class of security hole, not seen before, and every last one of the 10M+ XP boxes shipped is vulnerable to total control from the outside.

If that ain't news, what is?

As for the worm... well, it's mildly technically interesting. But if Microsoft worms have become so common that they are no longer news... well, i think that's news, too!

Slashdot demagoguery, or troll snacks?

[eddy+the+lip]

I simply assumed that people on Slashdot are above those biases.

and i simply assume most people have a sense of humour, but we don't all get what we want, do we?

sure, i know that windows isn't complete crap - hell, i can admit it's gotten pretty useful in the last couple revisions. i've even been known to use it to play the occasional game. but i don't come to /. for flat, ZDNET style reporting. i come to it for useful links and snide comments.

i also come here to do this once in a while:

is this bugging you? poke poke poke.

Re:problem with the users

[Mike+Schiraldi]

I wonder if, say, construction workers, when building a shopping mall, say stuff like, "Man, we have to put railings up? Come on, what kind of idiot would just walk off the edge and plummet to the floor below? Stupid users."

"What? Circuit breakers? What sort of moron would overload a circuit? Who needs circuit breakers? Stupid users."

Re:So

[Tower]

Hmmm, I thought there was already a patent for that. Something like:

Method and Apparatus for delivery of a self-replicating bytestream through use of a square port number and excessive white space.

Couldn't find it on the patent search site, though ;)

Quite a large list of offending extensions

[mclearn]

See here for a discussion on the experiments of a particular fellow on finding a list of offending Windows extensions that are not unhidden even if "Show all extensions" is used.

Okay... so we can't fix the software or the users.

[pi_rules]

It's still mind-boggling to me that companies don't have better policies in place for handling these situations. As another poster mentioned using mail filters to strip attachments w/ dangerous file types is nice and all, but it isn't going to be 100% effective. George Guninski released an example a while ago where filename.txt.{some big guid here} would look just like filename.txt on the desktop, but when opened you'd find it was HTML w/ an IE exploit inside. So... now you have to add a rule to your filter script to catch those, and hope that you knew about it before an expoit in the wild. Not 100% safe.

Why are companies letting people thrash the mail system inadvertantly and go on like nothing happened? This is a social problem, albeit one that has been made more prevalent by bad technology. So what if Outlook took out the double-click-run-and-destroy feature for attachments? Trojan's would get mailed along w/ instructions on how to safe to your disk and run the program. And some idiot would do it too.

I'd much rather see corporations making their employees responsible for breaking things on the network. If the admin fscks up the entire system he'd be up to his knees in shit -- but the "users" are allowed to do it because they can claim ignorance? No thanks. Draw up some strick hard-line rules for your employees and get this crap taken care of. My personal suggestions would be:

1. No using IE at work -- Netscape/Mozilla/Konq only. Far fewer vulnerabilities.
2. No Outlook/Outlook Express for mail. Use Outlook -only- for calendering functions. I'd personally like to see corps going back to how my old university did it. One Unix box w/ pine on it for users to read their mail. Use SMB to attach the user's /home dir to the Windows machine and let them save attachments that way. No HTML email viruses, no buffer overflows. Plain jane simple email.
3. Running an attachment sent via email should be punished just as if the user walked in w/ a virus on a disk and ran it from home. And make them -work- to get that attachment to run.
4. Forgo the use of the .doc format entirely. What's so bad with RTF? Do you -really- need to spend all this extra time authoring up nifty documents for internal use only? Sure, use .doc to interface with clients but keep it's use limited.

Sure, it's a bit drastic. But is productivity really benefiting from wreckless use/abuse of insecure software? Must your employees use Outlook so they get that warm fuzzy feeling of being able to fiddle with all sorts of buttons on their screen? Why can't the computer be viewed like another other tool? If you don't know how to use it why in the world are you using it at work? I wouldn't dream of putting joe-schmoe on a fork life w/out some training, why put people w/ no training on a computer? If joe-schmoe runs the fork-lift into a wall you bet he'll get some heat for it. Run a virus though? Nah, everybody does that.. let it slide, let IT clean it up.

Re:More Slashdot demagoguery?

[JabberWokky]

But editors in the respected news firms of the world do not say things as unproductive as those who edit on Slashdot. As editors, they have a RESPONSIBLITY to get _news_ to us, not their own biased point of view.

Bullshit. If Slashdot wanted to be a "respected news firm", then that would make sense. However, it's run by some guys who liked Legos, Star Wars and KDE on Debian. They post links to stuff they think is nifty around the web, and a community grew around it. Now most links are submitted by readers and we all chat in the discussion board under each story. But at the heart, it's *still* just a website run by some guys who think legos (now mindstorms) Star Wars (now the pre-trilogy) and... well, CmdrTaco still uses KDE on Debian at any rate.

Think about what influence Slashdot has over a very large proportion of the "geek community" and other technical and scientific gropus.

It's opinion. People have them, and some people make theirs very public. It's part of human nature. I'm sure your office has a guy who goes off about how great some type of coffee is, or some woman who will tell anybody who will listen the plot of last night's TV show that she loves. Well, remember how I said that this is *not* a news site, but a site run by some guys who like geeky stuff? Their opinions are that Microsoft generally sucks (and it's shared by quite a few people). I may not agree (in fact I don't - and I run Linux on server and desktop), but I don't bitch about them stating their opinion on the site they run.

Dear Ghod - do you write in to Art Bell and bitch that he shouldn't have weirdos on his show? Do you write in to Howard Stern and tell him he should be more compassionate? Do you write in to Rush Limbaugh and tell him that he should stop expressing his opinions on political issues? No - they (and two of those three I can't stand listening to), are great radio *because* they are opinionated bastards that put weird, occasionally informative crap up on their show.

--
Evan

Proper Egress Filtering

[Gothmolly]

Egress filtering at the firewall will block the spread of this. Simply don't allow anything but the mail server to make SMTP connections out. Done. Same thing with all of those "home firewall" products.

Irradiate the mail

[filtersweep]

The post office has taken steps towards irradiating mail. Maybe more ISPs need to "irradiate" email.

The consumer-level answer (repeated like a mantra) of course is to use anti-virus software, and I find it interesting (and conspicuous) that MS has stayed out of the anti-virus racket- but I suppose one cannot integrate AV software into the OS.

It still boils down to individual "responsibility"- at home I run no AV software on my windows box, and I've never had a problem. I'm no windows apologist, but the fact remains that most people treat their PCs as if they are leaving their keys in the car, garage door unlocked, etc... I mean, it certainly is more "convenient" to ignore any security precaution in actual life (think airport)- but is it safe? And is it at all convenient to clean up after a security breech?

Windows *has* most of the tools for a reasonable level of security if only people educate themselves and use them. The widespread problems people experience, such as this, boil down to NOT opening unknown attachments- which is email 101. This STILL boils down to an .exe attachment... it is boring. Show me an actual .txt file that can do some damage and I'm interested!

Credit Card Processing

A Credit Card Processor, CCBill has been hacked and credit cards were stolen. No mention of it on Slashdot. Is it because the site runs Apache/PHP?

Re:Okay... so we can't fix the software or the use

[leonbev]

You've never done corporate IT support, have you? Even if you could convince the pointy-haired bosses to accept these draconian security restrictions, the employees would attempt lynch you for it. Business people don't like being told what they CAN'T do! They aren't like apthetic college students, who usually care less about the rules (unless it affects their precious beer supply).

If a manager (Or a sales guy, or an accountant, whatever) is used to using IE at home and sending e-mails with pretty fonts and pictures attached, they'll demand that they can do it at work. They'll want to be able to read Word attachments from outside sources, and share files with their co-workers. If you say no, they'll just keep complaining louder to your manager and your manager's managers until someone forces you to cave in to their demands. Most of your changes will get shot down, and you'll put up with a lot of grief in the process.

Most users don't give a rats ass about security, they just want to be able to do their jobs as quickly and easily as possible. If you try to get in their way, they'll fight you on every change until you get frustrated and give up.

That's why it's important to make SMALL security improvements, and make them slowly. Start by blocking certain attachments on the server side, and continously remind people not to click on unknown files. Make sure that your virus software runs automatic scans, and updates itself automatically. The users aren't going to do it for themselves, or at least not until they are already infected. Warn constantly, but never try to FORCE anything on your users unless it's absolutely necessary. The nastier you get, the more that they'll start ignoring you.

Re:This would be worse in Linux

[grammar+fascist]

Umm no only root can bind to low numbered ports (of which port 25 is a member)

Contrary to popular belief - and it's really, really prevalent on Slashdot nowadays, of all places - you don't need an SMTP server to send an email. You just need a client.

All you need to do is open a connection to port 25 on an existing SMTP server to send an email to an address it assumes is its own, and send off a bunch of commands: HELO, MAIL FROM, RCPT TO, DATA, and QUIT.

Try it sometime. Telnet to a mail server on port 25, and type the following commands, without using the backspace key:

HELO heaven.gov
MAIL FROM: god@heaven.gov
RCPT TO: <actual email address>
DATA
I've been watching you. Your fly is down.
.

QUIT

Make sure the email address domain is one that the mail server will answer for, otherwise you'll get an error saying it won't relay for you. (Usually.) And make sure the user is a valid user on that domain. If those two requirements are met, you've sent an email - without needing an SMTP server, I might add.

So if you don't need a server, you don't need to bind a port, and a worm like this could spread through Linux systems the way it spreads through Windows systems.

no, knowledge to help.

[Erris]

Remember, the men behind /. are kids fresh out of school, without any business tact (not that I've shown much, but I'm not being paid to be here...).

Let's see, I'm 35 and work for a US national sized company. They have not fired me yet, so I must have some tact.

I'm interested in all the windows worms and I'm glad that Slashdot documents them. Here disasters that cost companies that trust M$ millions of $ are treated rather cooly, exept by folks like me. You see, here I get to scream my head off about how stupid, irresponsible and incompetent the exchange group is. You don't think I'd actually tell anythig to the moron "standardized" on Exchange then got clobbered by all this? I mean, they tried very hard. They spent all the company money on all the band-aid virus checkers, comercial mail filters and what not. Heck, they are still trying very hard to recover all the contacts, email, calender events, daily journals and what not that contained the characters "hi" in them? Nah, they might get their feelings hurt if they learned how badly the company they trusted let us all down. Here I can scream it all out loud, share laments with others who suffer and more important, learn exactly why such things happen and why they will always happen when you do things the M$ way. Slashdot is teaching me with good and bad expamples of how to do things. Shame on M$ for the way they do things. Here I can gloat and bitchslap trolls like you in a way that would get me shitcanned at work. When I'm finished learning good conceptes and taking out my frustration on loosers like you, I can gently suggest things to my co-workers that might improve the place I work. I don't have to gloat about new viruses, the NAV packs and viruses themselves do that for me.

Re:Okay... so we can't fix the software or the use

[freeweed]

If a manager (Or a sales guy, or an accountant, whatever) is used to using IE at home and sending e-mails with pretty fonts and pictures attached, they'll demand that they can do it at work.

If any of these employees wore a bathrobe to the office, and sat all day watching television, I'd fire their ass in no time flat. Yet they do this at home all the time.

I don't mean to come off as a flame, as I agree for the most part with your post, but employees are paid to do a job, and to do as *I* the employer says with *my* equipment. A huge problem with email viruses is that because they're computer related, we somehow feel we shouldn't be able to hold employees accountable for their actions. If an employee doesn't want to lock his house door, fine. If he leaves my office door unlocked after hours, he's gone. When I tell an employee "DO NOT open email attachments" and they do, I'm sorry, but the employee is at fault.

Still waiting for the LEGAL virus.

[Restil]

Imagine if you will....

You get an email with an executable attachment.

The attachment executes automatically, because we WANT it to do that.

Upon execution, a EULA pops up, with a "licence agreement" that states the following:
- The program being executed will automatically forward itself to a significant number of people using a variety of means
- Some type of modification will take place to your file system.
- By clicking OK you AUTHORIZE this to happen, and claim full responsibility for any damage that
is caused as a result.

And most importantly, if the cancel button is pressed, the program won't execute.

Chances are good that 90% of the people who would be affected by an illegal virus will just as happily click OK without reading anything. The fact of the matter is, the virus will cause the same amount of damage, but the author could probably plaster his name all over it and not fear any legal repercussions.

Of course, there's always the issue of intent. Bottom line, authorized or not, the INTENT of the program was to cause havok of the same nature as a virus. But in the end, it would sure make an idiot out of anyone who spread it.

And maybe, just maybe, it MIGHT result in people actually READING the EULA's. Yeah.. I know.. I'm dreaming.

-Restil

The great Outlook patch that nobody uses

[Mr_Silver]

Since this submission was rejected by the editors, I think that here is going to be as good a place as any for it.

Have a read of this article at Wired entitled "The Great MS Patch Nobody Uses". (brief extract below).

A free, downloadable update that transforms Microsoft's Outlook into a significantly more secure e-mail application has languished virtually ignored on Microsoft's website for more than a year.

Although the majority of recent viral attacks have come compliments of worms that don't rely only on e-mail to spread, the Outlook E-mail Security Update (OESU) can stop or greatly lessen the impact of most malicious code, such as BadTrans and SirCam, if only people would download and install it.

OESU blocks the receipt and transmission of most of the e-mail attachments that typically can contain virus or worm code. The update also stops malicious code from spreading by blocking unauthorized access to Outlook and its address book. Many viruses and worms spread by surreptitiously e-mailing themselves to e-mail addresses culled from an infected computer's system files.

Funny how if the other 99% of people had this patch then virus spreading would drop drastically.