Slashdot Mirror
Virus Piggybacks Microsoft Mail Worm
metacell writes "A virus (a version of the Chernobyl virus) infects an email worm executable (the Klez worm), and is spread along with it. "
It's a damn good *delete* thing that Microsoft has been *delete* spending the last few weeks
doing a *delete* security audit *delete* of all of *delete* ah never mind. My wrist hurts
from deleting over a meg of mail worm viruses a day.
why can't they make a law: "if your PC send a virus, you'll be sued, even if you didn't do it yourself (BWUHAHAHAHA)"?
If at first you don't succeed, then sky diving definitely isn't for you.
Hmm, maybe Microsoft could just disable scripts in their email software? That sounds like a good option.
No one uses Outlook macros anyway, except worm writers. It's common sense that I don't want any software, not just viruses, automatically sending email without my consent or confirmation (or even knowledge!)
no need for "wrist hurting" jokes ;)
Microsoft IIS is to webserving as KFC is to healthy eating
It is still unpatched, right? Otherwise your submission just looks like stupid MS bashing.
Now that someone's thought of infecting a virus with another virus, when will a white hat think of infecting Klez with some sort of antivirus. Let Klez think its doing its work, but don't actually delete the files its trying to delete. Then, a few weeks later, have code that just shuts down the Klez virus altogether.
Since Outlook is propogating virii, it is responsible for electronic havoc. According to the new legislation, that classifies Outlook as an electronic terrorism program. Ok, so I'm dreaming, but wouldn't you love to see SWAT teams breaking down doors to sieze copies of Outlook?
I am !amused.
Just deleted this klez mail:
Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me.
Ofcourse, an infected file was attached with the mail..
Why isn't there a version of Evolution for windows? It's great software - I'd pay for it if it wasn't free. And, NO VIRUSES!!!
Unitarian Church: Freethinkers Congregate!
That reminded me of one thing... DELETED!!
Yup, it's off-topic, and probably hard to follow if you've never been to the site, but it's a riot.
Alright. I've been in the field for some time but have never really pursued this: What other options for email clients do we HAVE besides Outlook/Outlook express in a windows environment?
I'm pretty sure that Eudora is still around, but what is out there for windows-based, user friendly software? It'd almost be worth the switch just to avoid all these damn Outlook-friendly virii.
Because, there hasn't been an Outlook patch kicking around for some time now. And because no open-source software has bugs. Ever.
So, in short, there's two lines of Microsoft bashing there, accompanying a really dull story about a virus that no AV software has any trouble detecting?
Must be the slow season I guess.
Score:-1, Funny
Norton will be having a recall of its anti-virus product someday when the install is infected with w32.stoned or something just as stupid.
The problem as I see it is that I have no personality of my own.
Wow computer viruses are getting more and more like real viruses!
So the e-mail worm is the vector for this virus!?!
Thoughts on tech, Software Engineering, and stuff
>>The report says that a virus known as W95.CIH.1049, a slight variation of the W95.CIH bug dubbed the Chernobyl virus when it began spreading four years ago, has been detected in recent infections of the Klez worm.
;p
For Klez worm infections they need a dose of good ol' PC-Illin ©
Ba-Rump-Bum! *kssshhhhh*
God did I just do that?
Sehr geehrter Toilettenbenutzer!
no mather how good a patch is, some people will always remain unpatched/unupgraded. And some of those people also gets viruses and everybody gets irritated by that, I mean, everytime I check at someone's else's PC it ain't patched.
If at first you don't succeed, then sky diving definitely isn't for you.
I use outlook
I have done for many years
I like the interface, its easy to use, and I'm used to it
However, in the past few months I have been recieving more and more viruses and it has seriously made me reconsider my position... Last week alone my virus scanner blocked atleast 50 virus infected emails
I never open attachments, I have the preview pane turned off, I have outlook set to use the restricted zone for emails, I have norton scanning every email I get - but just yesturday I got an email informing me that I'd sent an infected mail out...
I will almost certainly be moving away from outlook within the next week just to get away from it all
Chernobyl virus rides Klez's coattails
By David Becker
Staff Writer, CNET News.com
May 6, 2002, 12:30 PM PT
The Klez worm just keeps on giving.
The persistent pest, which made a strong comeback last month in the form of the Klez.h variant, is now helping revive the Chernobyl virus, according to a new report from antivirus company Symantec.
The report says that a virus known as W95.CIH.1049, a slight variation of the W95.CIH bug dubbed the Chernobyl virus when it began spreading four years ago, has been detected in recent infections of the Klez worm. The main difference with the new virus is that it's set to activate on Aug. 2 of every year, as opposed to the April 26 attack date of the original Chernobyl.
Vincent Weafer, senior director of Symantec's Security Response team, said the company began seeing Chernobyl-infected messages last week, but they continue to account for only a handful of the thousands of Klez infested messages the company sees daily. Weafer said the viral bonus wasn't intentional but rather a by-product of Chernobyl-infected PCs also propagating the Klez worm.
"As far as (Chernobyl) is concerned, the Klez worm is just another file to infect," Weafer said. "It's quite common to see piggybacking effects when you have worms that have been propagating for a long time in the world."
Even though Chernobyl is ancient by virus standards and easily detected by almost any antivirus software, Weafer said it's not unusual to have bugs still making the rounds years after their debut.
"When you look back at viruses, you see recurrences," Weafer said. "They can live for many years out in the wild."
The first version of the Klez worm surfaced early last year, with subsequent variations causing damage ranging from moderate to minor. Bug writers hit pay dirt with the Klez.h variant, however, which quickly became one of the most active worms ever after it surfaced last month.
Moscow-based security company Kaspersky Labs recently ranked Klez as by far the most active e-mail threat in April, responsible for 94.5 percent of all incidents reported during the month.
British e-mail screening firm MessageLabs ranks Klez.h as No. 3 on its list of all-time most active computer pests, with more than 391,000 infections intercepted. At current rates of infection, Klez.h should surpass the No. 2 bug, BadTrans.b, in a few days. It'll have a long way to go, however, to catch the all-time champ, the SirCam worm, still going strong with more than 748,000 interceptions to date.
Attention all planets of the Solar Federation! We have assumed control! - Neil Peart
No it is MS's fault. They made it EASY.
Comment removed based on user account deletion
I get like 4 virus e-mails a day, sometimes more. It's starting to become slightly ANNOYING! And being that my virus software is way out of date and is rarely turned on anyways. I have to pick them out myself. I know all the little things to look for thanks to SecurityFocus and other nice internet security sites, but still...it's a major pain in the arse.
OK - Now all they have to do is write a virus that infects itself... In this world of recursive acronyms, why not do a recursive virus too. And just think of the payload size, we could end up getting our megabytes of worm-mails in a single email!
(To all you worm/virus writers out there - please note, this is a joke! The current load of crap out there is bad enough, we really don't want a recursive virus too!)
-justin
its not that hard
allspam folder grows and the sensible people who dont send you worms + virus because they use a decent mailer dont get abused
simple why are you haveing such a hard time ?
ah you must run outlook or be unable of adding filter rules OR even asking you local sysadmin to do it for you all of which mean your a moron
regards
john jones
The BEST virus spreader evern invented... The sad thing is, it doesn't MATTER IF MS fixes it, there are so many millions of the "take me in the ass, script kiddie" versions of Outlook and/or IIS running on 2000/NT and 9x workstations owned by users with no clue as to how to patch their systems that this will be a problem for YEARS...
I'm telling you, software makers NEED liability. It's the only way we will ever have responsible programs released. Right now, software makers can get away with selling products that have defects in them on the order of ones that if they were in cars, would send Ford or GM into receivership.
These e-mail worms would never be able to spread in this way if it were not for defects in Microsoft products.
Until software houses are FORCED by liability that can't be EULA'ed away, there will never be wuality control.
=== The price of freedom is eternal vigilance
all my years on slashdot, NEVER has a cnet article got slashedotted, you fucking karma whorific troll!
While it seems a little draconian, holding individual users liable for viruses that spread via their machines makes sense to me. I'd liken it to automobile collisions--if your failure to properly control your car on the road leads to someone else's property being damaged, you get sued. After all, the owner/operator of a computer, even a home PC, does have the ability to prevent their machine from becoming a vector--if not by picking secure software, then simply by disconnecting the machine from the Internet.
If the incentive existed, individual users would tend to take more responsibility for what moves through their computers.
And sure, most people with PCs and email today don't have a clue about virus transmission, but why should that be an excuse to let their irresponsible behavior cause damage to everyone else? Either get a clue, or leave the net to people who have one.
There's really no reason at all that the email application itself can be scripted. Nobody uses the feature except people writing mail worms. It's just been a persistent source of security problems, and all the kluges around it that microsoft has tried have done little to eliminate this central use of the feature.
For once, it would be nice if microsoft did something correctly and rewrote outlook to eliminate the ole automation. Yeah, a major rewrite, but the only to squash this consistent source of secuity holes.
Comment removed based on user account deletion
Procmail is your friend. As soon as I get more than 4 or 5 copies of a spam / worm / virus, it gets a procmail rule to autodelete it. Simple, really...
"The invisible and the non-existent look very much alike." -- Delos B. McKown
I've worked at two. Just FYI.
So let's see. We have a worm. It's infected with a virus. Double your damage, double your fun... reminds me a little of flesh-eating streptococcus. Regular strep, you get a sore throat and a week or so of penicillin. Give that strep a virus, suddenly your arm starts melting.
Now what I want to know: is this train wreck a coincidence or has someone been cross-breeding?
/Brian
God help America if they use ANY damn M$ product and think its secure.
There are NO internet worms, viruses or other parasities. They ALL infest M$ Windows, the gut of the beast. (Hmmmm. I'm trying to remember the last Linux Virus I ever got. Oh that's right. I have NEVER got a Linux Virus. Okay maybe I got lucky.)
M$ & Homeland Security... What a concept...
Might as well hand out jackets with dynamite and a detonator already sewn in, and a map of "homes of the senators" to every wild-eyed goat-f*cker as they get off the plane.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
I love a m$ bashing any day ... but let's not get carried away, even if this IS slashdot.
The fault lies at the idiots who write the worms.
The idiots that open emails and the idiots who wrote the app that helps it spread are not at fault, they were unwilling cooperators. It's like laying the blame at Ford cos you went and ran someone with their car.
If M$ would've left scripting out, we would not have this problem. TRUE. But i could assure you that we certainly would not have it if the genious who wrote the worm thinking he was 3l337 would dedicate the time to something else.
I received an email virus today. My AV software caught it immediatly, but even if it didn't it wasn't a script virus it was an .exe virus and I would not be stupid enough to run it. You must have a lot of stupid friends. You're probably in good company. We are getting sick and tired of you whining about Microsoft this and Microsoft that. Get a life, get over it. Move on to something useful.
Blaming Microsoft is fashionable here, and, IMHO, encourages people who write viruses that attack MS products (one of many factors, but I suspect it is a major one). However, just because someone leaves there car unlocked does not mean they are at fault should they get robbed.
I'm not saying that better security should not be implemented. However, by simply saying it's MS's fault is simply condoning the virus-writers. Let's make them the pariahs.
Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me mailto:rzhavoc@yahoo.com
I was rolling when I read that one. Or this one
F-Secure give you the W32.Klez.E removal tools
W32.Klez.E is a dangerous virus that spread through email.
For more information,please visit http://www.F-Secure.com
Of course they weren't smart enough to change the 'from' address to 'f-secure'. Oh well.
GPL had viral effect.
Oh but Mr.Gates your producs creates more viral effect than any GNU project...
[My english is better than most other people's Turkish, so please point out mistakes politely. Thank you.]
There are antigens that delete stuff. Antigens that send mail.
Why can't somebody take it a step further. Think of the time I could save if a worm would, prior to deleting the mail, read it and reply
appropriately.
:-)
Insurence companies doesnt pay you anything, if you forgot to look the door to your appartment/house.
So in a way, (how odd it now sounds) Its your fault. From the insurence companies viewpoint anyhow.
The notes about releasing a benivolent virus that locks down Outlook features reminds me of the movie "Brazil," where there was a character that clandestinely made repairs to the failing infrastructure. The "legitimate" repair people never fixed anything; they stalled with paperwork and broke more things than they fixed. On top of that, numerous products were advertised and sold that just put pretty paint over the top of the flawed plumbing, instead of actually improving anything. To top it all off, nearly everybody thought that the "official" technology worked fine, because they'd never experienced anything that actually worked _well_.
Life imitates art.
All that *deleting* makes me believe Taco is a zit faced 14 yr old in Wisconsin running Outlook98 on Windoze98 box..
Wait!! You were kidding right ???
Rapid Nirvana
Now I dislike MS as much as the next man, but let's not blame them for all virus emails.
.EXE files that are sent by email. Clueless users double click on these because they are...well...clueless, and think that they are games/pictures/nudey photos of Kournikova, whatever. This activates them, and allows the worm to read the address book and either use Outlook or its own SMTP routine to send itself to all the people in the address book.
.exe, .js and .vbs extensions (plus some other little tricks) and this kills 99.9% of viruses stone dead. Either that, or get your user base educated enough to not blithely double click on everything they see.
Most (but not all) email virus/worms are Javascript, Visual Basic or
MS put the "double click" functionality in to make people's lives easier, and on the whole, they have. Outlook is very easy to use and this is one of the reasons it's so widespread (another being that it's very powerful, but that's going off topic). Combine this ease of use with how common MS Outlook is, and you'll see why virus writers write viruses for it. If some new Mail client became as popular, don't think for a minute that it wouldn't have similar viruses.
All that it takes to stop viruses like Klez is for the mail administrator to block attachments with
I'm not talking here about some of the rather more ominous security holes in Outlook - those that allow code to run by previewing the message - because anyone who hasn't patched that yet is a moron. And there are a couple of holes which MS should be hauled over hot coals for, but they aren't exactly the only software firm to produce insecure software.
Never mind the the Klez virus, those elaborate virus hoaxes are far more annoying because you need to educate the person that emailed you about it that it is in fact a hoax. One only has to look at the latest hoax that tricks user into thinking jdbgmgr.exe, the Microsoft Debugger Registrar for Java is a virus.
aus.music.scrapbook
I'm a half-owner of a small web development company in Ottawa, Ontario (Canada). When we discuss email with our clients (new and old) we *strongly* warn them about the dangers of using MS Outlook (well, MS anything, really). Many are dumbfounded to find out that all the viruses, worms and macros are targeted at MS software. We urge them to change to something else. We should all be doing this. The more users we can get away from MS Outlook, will directly translate into less trouble for ourselves because who do they call? Certainly not Ghostbusters. ;-)
Even if it means setting up just a few systems that don't use outlook, the next time around something clever and nasty is released, those systems won't get infected. Then we bring that to the attention of the PHB's (Pointy Headed Boss, for you non-Dilbert readers). Explain that because those systems weren't infected, it saved x hours.
Just about everyone that we have infuence with has stopped using outlook (with the exception of uncle Bob, but hey, thats his problem). Its saved us time and energy.
In a way, its our duty, as people in the know, to move them away from MS software. Why use software that is going to cause problems? Is Outlook so amazing that it is worth the hours of problems caused by virus outbreaks? I would say no.
I like the kind of software that you install, it works and doesn't cause any troubles.
Besides, migrating users to something else (Opera, Mozilla.. anything!) takes licencing bucks away from MS. ;-) And thats always a good thing.
Comment removed based on user account deletion
It's ridiculously funny how email apps (outlook in particular) spread virii.
:)
Think back on a bunch of the copyright issues. Basically, one of the problems is that you are in trouble if your work can be used in illegal ways with great ease. Thats why napster got busted--the courts found that their system was often used for illegaly violating copyright laws, and that they didn't do enough about it (saying "Don't steal music != enough).
well, I am seeing potential lawsuits against microsoft here. Clearly their software is commonly used for spreading virii, and clearly they, too, aren't doing enough about it.
Suuuuuure. They say that security is a "focus," but nothing has really changed. So they obviously are condoning, even promoting, virus writing! Microsoft must be sued to stop them from spreading email virii. It's for the good of the country that this evil corporation must be kept from promoting the internet terrorism which costs taxpayers millions every year.
Just a thought to keep you smiling.
First of all, I did some calculations, and found that there are over 1600 different subject line possibilities alone with this virus! This takes into consideration the number of variable words within the subject lines, and doesn't even account for the number of different message bodies. All things considered, there are probably over 10,000 possibilities!
The second thing about Klez that I find interesting is the payload... You often get totally random files from people's computers (if they survive virus removal)... For example, one of my coworkers got the 2001 operating budget of her church, and was able to see how much everyone was paid, how much they blew on projects, etc... Opening your inbox is like opening presents on christmas morning... most of the stuff is pretty boring, but every once in awhile you open something interesting!
1.) Look at the headers in these emails. Odds are, the return address is forged, but the IP address just before the mail server hop seldom is.
2.) Resolve that IP address.
3.) Report the incident to the internet provider hosting the connection using a stock email message and simple mail script, with a copy of the headers appended at the end. Most of the time, these virii are not from malicious people so much as they are from infected machines. Keep that in mind when you alert the respective ISP of the problem.
4.) Rinse.
5.) Repeat.
Not trying to sound like a crybaby but can you give it a break, looking back on your last 24 posts, only about 3 of them don't included the words 'In' 'Case' 'Slashdotted' while mostly this is great for small independant sites that cannot handle high trafic levels or geocities and other free accounts that collapse after a fixed level of traffic sites like 'Wired' 'CNN' and 'Gamespot' are not likely to collapse under the weight of a Slashdot assult. While yes its appreciated when the sites are slashdotted to have someone post the text up in most cases articles link to major sites capable of surviving an assult and then some. If you really wish to help then please give a link to a google cache of the page its easier on the eyes and doesn't look as needy or desperate for Karma points. Im not trying to make you feel bad its just getting on my nerves, having to skip past all your text. -Ever notice the people who don't care about Karma always have about 49 points.
Okay, as a long-time Mac user and a reader of Linux sites like this, I know that Windows carries a massively larger burden of virii than other Operating Systems out there. Time and time again, I have heard it said that this is due to their market share - hackers want to be seen and thus make their virii attackers of the software that most people have. But this really rings hollow for me - the MacOS has always been relatively free of virii, as has Linux, as has BSD, as has AmigaOS, as has BeOS etc. This seems to imply that maybe aside from marketshare, Microsoft engineers (or marketting staff) are doing something wrong.
Let's take a constructive approach to this topic. With so many SysAdmins out there, what are the TOP TEN things that Microsoft (or any OS maker) can do to prevent virii? I am just a humble Business Analyst, but here are a few ideas that come to mind for me (I hope the coders will forgive my ignorance on some of the finer points):
10. Disable scripting in certain programs (e-mail) by default.
9. Automatically download security pactches to PCs if they are of a sufficient severity level (but put measures in place to make sure the same mechanism is not used to transmit virii/worms)
8. Auto-detect large numbers of e-mails being sent at once and alert users before sending
7. Make the default install for all systems the most secure install
6. Create a system to auto-report virus/worm infections to a central (independent) agency for monitoring (user-selectable kill switch for this functionality should be available tho)
5. Allow purchase of "health insurance" for PCs by Microsoft to reimburse for lost productivity/hardware due to infection - monetary incentive for MS to push quality and security
4. Create a module of the OS to track virus reports/alerts and display them in the taskbar - produces one trusted source for alerts and to decrease the effectiveness of e-mail hoaxes
3. Integrate virus alert into mail program for incoming e-mails - advise users when a known large-scale e-mail virus/worm is out there to decrease openning of infected mail.
2. Give sysadmins the ability to change e-mail setting for all users when a large-scale outbreak is going, to specifically turn off scripting, html reading, java, etc.
1. Provide a method for a daily audit of all processes running on a machine to identify all those not initiated by the user, and flag those taking part in suspicious activity.
Not sure if those are insightful or lame. But feel free to improve upon this list, ad infinitum.
Comment removed based on user account deletion
Hmmm...so alot of computers with Klez will have their bios flashed on august 2nd. To me, that's almost a good thing.
It will hurt many people, yes, but those are the people who don't bother to run antivirus software even though they use outlook. They will learn a tough lesson.
I know I'm cruel, but I'm quite tired of hearing the phrase: "I think I have some sort of virus on my computer but I'm not gonna do anything about it"...that same jerk is spreading the virus every second he's online.
...and do some super-cool "m$" bashing. you, sir, are very intelligent.
morris worm + variants, anyone? they were written for window$, right? wait...no....
The reason Klez is so successful is that it doesn't rely on Outlook. From the Symantec writeup (http://www.sarc.com/avcenter/venc/data/w32.klez.h @mm.html): "This worm searches the Windows address book, the ICQ database, and local files for email addresses. The worm sends an email message to these addresses with itself as an attachment...The worm contains its own SMTP engine and attempts to guess at available SMTP servers. For example, if the worm encounters the address user@abc123.com it will attempt to send email via the server smtp.abc123.com."
Ok, can someone post a clear, easy-to-understand primer on how to read Email Headers????
My wrist hurts from deleting over a meg of mail worm viruses a day.
riiight...my wrist hurts from the "email" too.
four-oh-four
So Klez works even by simply previewing the message and launches itself. It has its own mail sending engine, and forges the From: field to look like it's real. It also copies past Subject: fields to fool the recipient.
But this time, our little friend Klez has brought his little friend Elkern32. This nasty little guy infects executables on the infected computer, and is also network aware and infects files across the network. So even people who didn't use Outlook were infected. Some people had hundreds of infected programs on their computer.
And a cool thing about Elkern is that it can randomly overwrite a files bytes with all zeroes, while maintaining the file length. It can be nasty.
All this because no one updates their virus definitions.
Muerte
klez forges the From address, so you'll end up blocking people who aren't infected. likewise, there's a decent chance that your own (you, yes you) email address is on some of the infected emails, because, like i just said, klez forges From lines with addresses from address books.
PITA.
-c
I have discovered a truly remarkable proof which this margin is too small to contain.
A patched copy will NOT run js or vbs unless you Double-click on it. Even then, you should change your own file associations to open these types of files in Notepad (or some txt editor of your choice) rather than run them using Wscript.exe.
An unpatched copy will run it, which is what I said in the original mail. I believe I called people with unpatched copies "Morons". What part of "morons" didn't I make clear? The ONLY way to get most of the worms around to run is to double click them, end of story.
And "if you press keys really fast" on a Unix system you can quite happily delete everything. Any system, come to that (if you have the access rights).
What MS have tried to do is take computing out of the hands of the geeks and into the hands of the rest of the world. Nothing wrong with that, but people must realise that computers are rather powerful and that there are some stupid buggers around who like messing up peoples lives. Add those two together and you have widespread viruses.
Why doesn't Microsoft, by default, disable scripting and in Outlook? This is where Outlook is weak at and where the root of all it's problems come from.
Otherwise, more viruses will just keep coming and coming.
You don't have to remove the functionality; just make it REQUIRE the script to be CRYPTOGRAPHICALLY SIGNED by a known entity, like the sysadmin.
Fucking simple solution, unless you wanna argue that clients should execute code from UNKNOWN and UNTRUSTED sources for some reason?
Belief is the currency of delusion.
Come on! Only a lame farker would think Strong Bad was funny.
Strange women lying in ponds distributing swords is no basis for a system of government.
You wrist probably hurts for reasons that shouldn't be mentioned on /.
-
-- Probability does not dismiss possibility --
Your wrist hurts? As in... you're using a mouse to delete mail? You use a GRAPHICAL email program???!!!
Oh. Oh Commander Taco. We thought you were so elite... (weep)
In a related note, a _meg_ a day? Who are all these losers that have CmdrTaco's email address stored in their outlook address book? When I sent email to slashdot, I telnet to the SMTP server directly and type it out, just so I can mock all the lusers who have to use pine.
Here's a hint to CmdrTaco. Use the mouse to select all the unwanted e-mails, and press the "Delete" button once.
IE is such a vital part of the operating system that it's used in everything - including Outlook. The HTML control (which is most of IE) is used in the preview pane plus loads of other stuff.
This is why it cannot be removed from Windows.
"Under the iron bridge, we fist" - The Smiths, Still Ill
Can't patch this! (stupid repetitive music) Can't patch this!
Box cutters don't kill people, crazed fanatics with box cutters crashing planes into tall buildings kill people.
but more seriously, I am perpetually amazed that some lawyer has not started a class action law suit for all the damages these things do. It's the analogous of the Pinto gas tank. Not technically dangerous unless someone rams you. Should you sue the guy who rams you or the pinto manufacturer? Should you sue the virus maker or the Internet explorer manufacturer. Maybe a better analogy would be a Bank that leaves its safe unlocked. While its a crime to rob the bank, the bank has a responisbility to lock the safe.
As far as I know there is only one product in america specifically exempted under the product liability legislation (if your dieing to know the answer is hand guns). For Outlook to be protected it would have to be advertised that the program was intentionally a giant security hole and not mail program.
As this problem has been plaguing a client of mine, I've recently been in search of an E-Mail that looks like Outlook, but doesn't BEHAVE like it. The reason for needing to look like Outlook is that the client isn't what one would call the most computer literate. So, a client that looks like outlook, works like outlook, runs under Win32, and is free or relatively cheap, is needed. Does anybody have any suggestions?
My wrist hurts from deleting over a meg of mail worm viruses a day
Yes, Taco, it is from handling your mouse that has caused your wrist trouble..
Yeah, sure.
Just so you know.
I'm not a server admin by trade, so I don't get involved with mail server administration duties all too often. Can someone suggest some links to mail-server based AV software for Sendmail, Qmail, others?
I often end up providing "tech support" to those who know I'm a "computer guy". None of their hosts use server-based AV software, but I'd like to send them some links.
I only post comments when someone on the internet is wrong.
I can't control a handful of unknown miscreants and prevent them from writing malware. I can use platforms which aren't susceptible to these form of attacks when I'm allowed and do a variety of other things, like not opening unknown executables and running a virus checker, to lower the chance that I get infected.
I know it is unreasonable but as I do it I expect others to keep their virtual backyard tidy. Run Windows? Buy a virus checker and use it. Read email using Outlook? Lock it down. Because if you don't take care of it you might wind up screwing with my backyard.
I don't want knowledge. I want certainty. - Law, David Bowie
They usually fail to mention that this and 99% of all other virii affect only Windows machines. When will users learn that they should upgrade to MacOS X or Linux for safer systems?
We need to blame the company that persists in allowing an application like an email client to be scriptable in the way that outlook is. It's a design flaw; true, people should not exploit it, but that's not the central issue. With a better design, the problem wouldn't be an issue.
Give the polyanna crap a rest: there's assholes in the world, and expecting them to stop being assoles is unrealistic. Much better to deprive them of the opportunity to be assholes.
About a year ago, my home computer got infected with a worm, the name of which eludes me. Part of its behavior was to install a copy of the distributed.net client, to do its dirty work. Instead of downloading the client, it copied it from the infecting computer, which happened to be infected with another virus, Kris?, the one that would screw your cmos on dec 26...
So, its not news, and probably not that uncommon. Its just viruses infecting viruses. And viruses want to be free!
For as long as people keep insisting that sending spam doesn't hurt anyone cause they can just hit the delete key.
These viruses don't affect Macs. One need not be an Apple zealot to understand the cost savings and peace of mind of owning a Mac. I know people whose machines have been wiped by email viruses, and the cost has been monetary, not just stress and aggravation. It's likely that worse things are ahead, that the problem consists of unknown vulnerabilities, and that those vulnerabilities WILL eventually be exploited. It's an argument for open source as well, and a strong one, but for those who want to use familiar programs like Outlook, it's just a lot safer to use them on a Mac. I get several Klez attachments a day, but they pose no risk.
A patch to fix all of Outlook Security problems can be downloaded here
No I'm not trolling, but sometimes I wonder if the writers of Klez / Sircam et.al, were infact white-hats trying to show the average MS user to take security seriously and patch there machine!
Yeah, every office worker knows something about this "security thing" and how the boss said they shouldn't write there passwords down. But only when they start getting mailed other peoples confidential info will they sit up, take notice and patch, or so you would think! Maybe it backfired a bit.
Incidently, try setting your gnutella client to look for .doc .xls and other MS extentions. The number of idiots who have misconfigured there clients (installed on work machines) to share there entire hard drive is worrying. Wake Up!
Anyone quoted by a reporter knows how little they understand
Don't believe what you read is the truth.
Is this the first (known) instance of one digital virus changing/modifying another digital virus? Science fiction has always pointed to the "smart machines" that wake up, become self-aware, and realize that they don't need humans. Looks to me like virii have a jump start on this path...
"I'm just here to regulate funkiness."
I say this because it isn't the first time 2 viruses have bonded together. I recall many moons ago when a couple other viruses got together.
Viruses usually employ a mechanism to detect if a file is already infected, so they don't keep adding to the size of the file. One used a marker at the beginning of the file to decide if it was infected, one at the end. So the first virus infected the file, the second came along (modifying the beginning as per normal virus behavior, and adding it's marker to the end), then the first came along again and saw the file was not infected so infected it again. THen things stayed the same.
So it would show up as containing virus A, but you could not disinfect it properly, because it would just re-infect as soon as it was run. B wouldn't show up because B was actually a layer down.
On a side note.. the #1 thing that has reduced the number of viruses coming out of my office has been to ban the use of outlook/outlook express.
that Eudora is not user friendly or windows based?
We switched the whole company to Eudora for this very reason. It's good, yet somewhat obscure now and virus writers don't target it.
It's also much better at dealing with attachments, and doesn't corrupt mailboxes as often. It's easy to store years worth of mail in eudora.
Eudora.
Netscape communicator's mail client seems popular as well.
If some other email client becomes popular, then this same argument would apply to that. Although, often a program is popular for a reason, so personal preferences may make this argument moot.
I was in the same boat as you, until I tried Mozilla Mail. Seems to work quite well for me. I also heard somewhere that a pretty good web browser comes with it too.
First, MS was doing security audits on the software they were about to release. Second, the klez virus won't infect outlook XP by default because it automatically strips out potentially hazardous attachments. Third, there has been a patch for this for a fucking year. Fourth, if you knew shit about linux you could easily set up a procmail filter to get rid of this stuff.
Of course no one has ever accused you of being intellegent. If you were then slashdot would be powered by PHP or JSP or any of the dozen other languaged that are better for the task. Of course you probably don't have what it takes to actually code in any of those languages. Now shut the fuck up you fucktard.
That likely only applies to NEW shipping software - all that old vulnerable stuff out there will need to be 'updated' at something like $85 a pop or more - can you say "80 Billion in the bank" ?
It's always worked before....
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Openoffice is now on my system. Yeah, it kinda screws up and Eudora is now my e-mail client. Not integrated you say? Well, I'm not deleting worms and virii off my system I say!
Screwed once, shame on you, screwed twice, shame on me.
BTW, this e-mail is copyrighted, so the Scientologists can't copy it [grin].
IANAL, but I've seen actors play them on TV
Comment removed based on user account deletion
This is really cool. From the article:
"As far as (Chernobyl) is concerned, the Klez worm is just another file to infect," Weafer said. "It's quite common to see piggybacking effects when you have worms that have been propagating for a long time in the world."
So it is likely not that someone was trying to make Klez worse, it just happened on its own.
Kapersky Labsr oduct= 1
e /linux.html
i virus/savu nix.html
/
w .asp?ID=3049
http://www.kaspersky.com/products.html?allp
CommandCom
http://www.commandcom.com/enterpris
Sophos
http://sophos.com/products/software/ant
TrendMicro Viruswall
http://www.antivirus.com/products/isvw
F-Prot
http://www.f-prot.com/f-prot/download/
ComputerAssociates InoculateIT
http://www3.ca.com/Solutions/Overvie
That wasn't from deleting e-mails, it was from your viewing too much pr0n.
At least I hope this guy isn't serious. I especially like the sentence (although I see no punctuation to indicate it as such), "ah you must run outlook or be unable of adding filter rules OR even asking you local sysadmin to do it for you all of which mean your a moron"
Back under the bridge with you.
What's more nasty would be viruses which simply modify words and numbers here and there in documents.
Deleted
Only with a combination of viralator/uvscan with McAfee on our mailserver/proxy.
No one, 0, nada.
It's easy. We're making a lot of money instaling this little thingies on our clients.
Uh.. and you can continue using Outlook if you want.
Okay, I may be playing the shill, but I'm not getting paid for it. I don't know if that makes me bad, or worse.
:)
Anyway.
Check out Intellisync by Pumatech. It's a third-party conduit manager for PalmOS and PocketPC platforms, and it can connect just about everything to everything else. The list of Groupware and Email apps it can sync your handheld to is just staggering.
And although it does have to authenticate to the mail server to retrieve email and calendar items and such, the actual email application does not have to be loaded. Nothing gets previewed. It just goes from the server to your handheld. Nice.
Of course, this does mean that if anybody comes up with a PalmOS virus that can run through an email, you're fscked. And syncing to another machine may help spread the virus. However, and least your sync station will be that much more secure.
GMFTatsujin
Hey, why not put an update for Outlook as payload and spread it around?
There's one huge thing that's at the root of all these viruses: the fact that MS provides all sorts of scripting hooks in their apps, eager to execute code, which have degenerate or nonexistent security models.
The solution is simple: anything which executes without the user explicitly installing and running it should run in a security sandbox.
This is a very difficult thing to pull off. It's not simply a matter of setting permissions correctly -- untrusted code must actually only be able to access a limited subset of the system APIs. Opening a socket, for example, could lead to a security breach. So could reading a globally readable file. (What are the permissions on your Outlook address book?) And a clever program must not be able to bypass these security checks by exploiting weird pointer arithmetic, runtime code generation, or buffer overruns. The security model has to extend to all aspects of the system APIs and the runtime environment of the language, so the scripting language's runtime environment has to be designed from the ground up for it.
Maintaining complete sandbox closure is not a simple fix; it is a deep architectural problem.
It's a tall order, but it's possible. Java does it, and that's why (as far as I know) there's never been a Java applet virus. Applets get downloaded and execute on the client machine, but have a very limited ability to open sockets, read files, and so forth. Java's virtual machine model even makes it impossible for malicious programs to crash their host, or sneak through some backdoor into a protected API -- buffer overruns are ruled out as a fundamental language feature. The worst a malicious program can do is allocate a lot of crap and stage a denial-of-resource attack.
There was one applet-based exploit I've heard of, but it exploited a weakness in ActiveX -- which demonstrates my point.
All this is why MS's big security push is a joke. Security isn't just about fixing bugs. A system has to be designed from the ground up for security -- and Microsoft's products, especially the Office line and Windows itself, have a long way to go on that front. I'll repeat:
Maintaining complete sandbox closure is not a simple fix; it is a deep architectural problem.
Instead of "deleting" Klez on your system, try the following procmail recipe to wipe out incoming klez before your mail program ever sees it:
i 0SODIlEjwyLRI4IiUSPCItE$
/dev/null so that it all goes to one big junk mailbox. That way, if someday someone base64 encodes a file that has *exactly* this same line and emails it to me, unlikely as it may be, I'll still get to see it eventually.
:0 B
* ^135AAItEjhyJRI8ci0SOGIlEjxiLRI4UiUSPFItEjhCJRI8Q
/dev/null
I use klez instead of
Anyway, at least you won't have to keep deleting stuff. Using Linux/UNIX and not having the computer automatically do stuff for you is silly.
May we never see th
The plot thickens!
Because anybody who keeps sending the virus will be gretting by the following:
Norton AntiVirus removed the attachment: doc.zlq.
The attachment was infected with the W32.Klez.gen@mm virus
Unless you are absolutely wedded to Outlook, there are good alternative programs. Mind you, I've been happily using mutt on Linux for a while, so my suggestions may be out of date, but:
* Eudora: this is a nice (very configurable, for a Win/Mac GUI program) mail client. Good filtering capabilities. Has a commercial version and a free version (without filtering abilities) called Eudora Lite.
* Netscape Communicator: Well, I suppose it's okay. Everyone and their brother already has it installed. Has support for SSL certs, though I kind of think that PGP is the way to go instead.
* Pegasus Mail: supposedly good -- I didn't like the interface much. Free.
* Mulberry: Good client if you're into IMAP -- if you're on a always-on Internet connection and move from computer to computer, like a LAN environment. Good security features.
There are also a lot more Windows and the Mac. Honestly, I don't know why so many people use Outlook -- it isn't the fastest, most scalable, most secure, or most powerful. Its interface isn't that incredible. It *is* installed by default on a lot of systems, but that's about it.
May we never see th
For fun, see my graphs of Microsoft malware. :-)
It's a damn good *delete* thing that Microsoft has been *delete* spending the last few weeks doing a *delete* security audit *delete* of all of *delete* ah never mind. My wrist hurts from deleting over a meg of mail worm viruses a day.
I don't get it? Is he deleting viruses while writing this story at the same time?
If you disable scripting in Outbleak/Outbleak Express, you also disable it in IE. And Quickbooks is nothing but a bunch of scripts that runs in a IE window. You can't even get your payroll updates.
Everysucker who uses QuackBooks has to have all scripting active. It's the way it is.
I've never even gotten one of these email worms before. I'm not sure if this is due to me not having stupid friends that open every single attatchment they get, or what.
I think that my ISP filters mail on the way in to check for virii (i have pacbell DSL in san diego, CA), and if they do they are doing a great job of it.
The parent should be modded up, imo.
For those of you too lazy to do it yourself:
Gullible on dictionary.comWe make our budget public. The whole church goes over it together one or two Sundays a year. When we budget an item, I don't think, "They are spending the money we gave," but, "We are spending the money we have." Maybe your coworker should question why the budget needs to be secret?
So before you consider yourself immune, be certain you turn off any writable shares on your system.
Other than its behavior of introducing all of a person's contacts to each other (as I recall, it also looks for Eudora contact lists), Klez is relatively harmless. The Chernobyl variant, Elkern, on the network I helped disinfect was the major cause of damage and spread far beyond machines infected with the Klez worm.
Get off my virtual lawn, you damned virtual kids!
So who do I sue when some vulnerability comes out in Linux or some other open source product? If you think you'll hurt commercial software concerns with liabilities, just wait till someone sues the people who don't even take in revenues.
Down with all virus writers!!!!
A curse on anyone that spreads Worms!!!!
A pox on anyone that writes a Trojan Horse!!!!
I feel better already.
But lets be realistic.
If your house was protected be a lock that was designed in the 1400's, would you feel safe? NO
Would it be a crime if someone broke into your house that was protected by that lock from the 15th century? Yes, of course.
Would you try to find a better lock for your front door after this unfortunate incident?
Could your house get broken into even after getting a better lock? Yes
Security is an arms race. Like it or not.
The bad guys are going to do what they do no matter what you or I say. For now and it seems that for the rest of time Microsoft is going to be providing the low hanging fruit for the hackers to go after. Who knows?? If Microsoft gets its act together maybe even OpenBSD will have something to worry about.
because all the new apps are just scripting in an IE window. Go ahead, disable scripting on a computer running the current version of Quickbooks. I dare ya'.
If you can get away with it make them use webmail. It is a lot simpler but not as powerful but for most users (especially the users who cannot fix even the simplest problems with their email let alone support their own personal choice of email client).
Free and open source solutions.
IMP Webmail
http://www.horde.org/imp/
Squirrel Mail - Webmail for Nuts
http://www.squirrelmail.org/
Less features means less work for admininstrators and less things that can go wrong (virii).
Of course slashdotters are always going own about the Calendar and collaboration features of prioprietary desktop solutions such as Lotus Notes and Outlook+Exchange.
--
This is not a Troll
It's not the email client though - the reason I bring up this (off topic) issue, is if Evolution is ported to Windows, there may be trademark issues. fyi, Evolution is a payroll package - check Paydata for details - we (unfortunately) use this software at my workplace and I would not recommend it.
Robots are everywhere, and they eat old people's medicine for fuel.
(replying to an AC)
My instructions were to disable scripts in the Restricted sites zone only. It won't affect your browsing, which is affected by the "internet" zone. It won't affect programs which use the "browser" ActiveX either.
Also, putting sites with annoying pop-ups and pop-unders to the "Restricted sites" list may save a lot of troubles. You can get rid of the small ad-window of Geocities if you add geocities.com to the restricted sites list. If you're really bored, you can define more security zones using registry manipulation.
The seperate security zones are very useful, and I'm surprised there's no similar thing in Mozilla/Netscape - and as a result you can't disable automatic Java execution from email messages there without disabling it as a whole.
hemi
Don't need AV software. To answer your question, "what kind of idiot runs mailservers without AV software installed?" I say: the kind of administrators who don't need it. Believe it or not, some of us actually use a non Microsoft platform. I feel no pity for those who use Microsoft products willingly. They are digging their own hole.
Nathan's blog
Hold microshit accountable for their irresponsible coding practices! Sue their asses!
since when is open source about a single platform?
Open Source has never been about a single platform. Free Software isn't either (GNU/*, *BSD, AtheOS, the former OpenBeOS, etc. are all free) but it does have a concept of a "free system" that contains no proprietary software.
Will I retire or break 10K?
While it's no excuse for lax security, I've found the best solution to this problem is to go through a third party mail filtering service.
;)
I work in a Microsoft shop, and we use the Outlook/Exchange combination for our e-mail system. We've got our mail running through a good third part service, and I have not received a single virus since we implemented it several months ago. It also serves as a spam filter. It's not completely accurate, because every once in a while I get a piece of spam in my Inbox, but I've yet to have it confiscate a normal piece of e-mail.
Like it or not, we're stuck with it, so we may as well find ways to live more comfortably with it.
if and when Ford puts out a car that contains key defects, is the driver responsible? This issue is a little more complicated than you make it sound.
Additionally, why would you expect the users to get a clue? It's only in the shoddy computer software market that we blame user ignorance when software producers create flawed software. I don't expect to know more than the basics of auto care to avoid my car randomly exploding, so why should a user need to know more than the point-and-drool basics of using a PC?
Robots are everywhere, and they eat old people's medicine for fuel.
I wonder if anyone has ever done a study on the amount of net traffic caused by a virus propagating itself. I would think that viruses that can replicate in exponential fashion will end up generating huge amounts of traffic, even if it is only a small text message and executable. To think of all that wasted bandwidth that could be used for important things like pr0n ;-)
metacell writes "A virus (a version of the Chernobyl virus) infects an email worm executable (the Klez worm), and is spread along with it. " It's a damn good *delete* thing that Microsoft has been *delete* spending the last few weeks doing a *delete* security audit *delete* of all of *delete* ah never mind. My wrist hurts from deleting over a meg of mail worm viruses a day.
Maybe you should tell the people on your contact list to stop opening attachments (or at least get the latest patches). Microsoft is all but Moron proof.
linux machines get hacked into every day. Is it a linux flaw? no...it's a user flaw. So why should Microsoft be nay different? Maybe because they're against open source?
there will still be a way to cause damage. All you need is a spambot and some bait, such as "If this offends you as it does us, help us by typing FORMAT C:/ and put an end to it."
Because the creativity of dirtbags and the stupidity of the Teeming Masses is without bounds.
Ad luna, Alicia! Ad luna!
Donations accepted to get him off that Windows machine, and onto a Linux box!
Critical features:
* Store individual emails as plain text files. It makes archiving so much easier...
* Provide a way to turn off HTML rendering (or don't offer HTML rendering in the first place).
Not critical but really nice:
* Multiple storage folders that simply echo a directory structure.
* (POP3) Provide a method for previewing emails on a server, deleting unwanted mails, and downloading others.
* PGP integration is nice.
The only client I've seen so far that has most of these is a small open-source Windows app called "Phoenix Mail". Unfortunately, it's got some bizarre bugs of its own, but I put up with them because it does what I need.
Does anyone know of a client that has all of these features?
Pegasus was the best email app seven years ago and is still the best! Some may find the interface old and outdated, but I find it fresh and simple. Pegasus Mail still has more features than most email apps, epecially the viri-spreading MS ones. Handles multiple accounts, inline images, color-coding messages with a couple clicks, outstanding filtering. It has group/network mail capabilities as well.
Morris worm + variants???????????
That was in 1988 you dumbass. 14 years!!!!!! Let me repeat. 14 YEARS!!!!!!!!!!!
Is OSS invicible to an email delivered virus or worm? Probably not. But you have to admit that You're going to sleep alot easier knowing that 99.99999% percent of the viruses and worms out there are targeting another system.
Even if a virus is targeted to my system they would find my computer to be a very difficult place to make friends. My email software will not run scripts. Even if it could run a script the script would not have the permissions necessary to do any damage to my data or OS.
For the record I would agree more don't use it. I agree the defaults should be more secure in Outlook. What I was responding to was the suggestion that NO ONE used Outlook/VBA scripting. I can assure you, that is not the case.
:)
I don't give a flying fuck about the people who do use it, and if you do, it's probably cause you get paid to pick up the pieces when their shit blows up.
There is absolutely no excuse for selling consumer pc's with blatant security holes like outlook express's scripting "features". I think the microsoft product managers responsible should be prosecuted right along with the virus authors. They bear equal responsibility for email viruses.
I remember back in the day when there was the "Good Times" email virus hoax. (A warning about a nonexistent email virus with the subject "Good Times".) The big joke at the time was, you can't get a virus just from reading an email. It was funny. Computer experts at the time assured users that unless you manually downloaded and executed a malicious attachment, email was safe.
Now, everything has changed. Email viruses have become a reality, solely because most people use outlook. Is it the best mail client? Clearly, not. Why does it remain #1? Because it is the default one installed with windows, the OS that ships on almost every fucking PC. And non-tech people are too lazy to install something else. This is antitrust shit we're dealing with here, people. Microsoft created this problem by inventing a mail client that was vulnerable to email viruses (which were once, and still should be, impossible) and forcing it on an unsuspecting consumer base. The filthy worm/virus authors are definitely at fault, and should be prosecuted, but they couldn't have done it without help from their accomplices at microsoft.
Think of it this way (warning: computer/car analogy ahead):
Lets say Ford started including an explosive device in Ford Explorers that was easily triggered by, say, an RF signal at a certain frequency. They start including this feature quietly, and most Ford Explorer owners don't even realize it. Ford says it's because a few corporate customers actually need this feature, for whatever reasons. Then some crazy kids build a triggering device, and start driving up and down the freeway blowing up every Ford Explorer they see. In this unlikely scenario, the kids would most definitely be guilty of murder, terrorism, etc etc, And so would ford. Nobody would stand for it. Clearly, Ford is Microsoft in this analogy, and the Ford Explorer is Outlook (or, *grin*, Internet Explorer). Why does Microsoft get away with this bullshit that wouldn't fly in any other industry? Because people don't get it. Your average computer user does not understand, and they just accept that email viruses are a inevitable risk of computing, and thank goodness for microsoft update for giving them their fix fix.
I feel sick thinking about it.
Ah, what the heck. I think I'll post this with my +1. I honestly don't know if this will hit 5 Insightful or -1 Troll but I bet it will be one of the two.
__
Choose mnemonic identifiers. If you can't remember what mnemonic means, you've got a problem. - Larry Wall
This how to guide gives step by step instructions (with pictures, yay!) on how to secure an Outlook client.
The World is Yours.
My wrist hurts from deleting over a meg of mail worm viruses a day.
No, your wrist hurts from whacking off too much, and trying to bash Microsoft constantly.
Why don't you get a virus scanner installed on your e-mail server? Maybe that would be a Good Thing (tm).
Jackass.
Not All Who Wander Are Lost
Evolution is a Gnome application, making it into a clean portable application is probably doable just not profitable.
If a company contracted Ximian to do it then they probably would but actually installing linux (on VmWare maybe) would probably be more economical.
Since MS created the breeding ground for these viruses.. maybe we should forward all of our virus-alert messages to microsoft... like billg@microsoft.com, or abuse@microsoft.com
-- You can't idiot-proof anything, because they're always coming out with better idiots.
One of the primary authors is Cyrus Daboo, one of the folks who invented IMAP. Here's a short list of some of my favorite features:
Supported on Windows, MacOS, OS X, Linux, and various other Unices
Great PGP support
encrypted logins, SSL, etc
kick-ass technical support
amazingly configurable, remote administration, cool "kiosk" mode
They even make a web-mail solution called "Silky Mail" that does a remarkable job of mimicking the appearance and functionality of Mulberry!
and, like all Truly Great mail readers, it's named after a tree.
I don't buy much software, but Mulberry was the best $40 I've ever spent. I bought a license way back in 1999, and I still get the most recent upgrades and plug-ins for free. Cyrusoft also has very generous site-license pricing. And no, I don't work for them, my only connection to Cyrusoft is as a satisfied customer.
I'm telling you, software makers NEED liability. It's the only way we will ever have responsible programs released. Right now, software makers can get away with selling products that have defects in them on the order of ones that if they were in cars, would send Ford or GM into receivership.
I'm concerned that attaching liability to software will send a chill through the software development community, especially the free/open source software projects. Large corporations might have the resources to insure against and pay liability claims. Individuals developing software in their free time certainly do not.
In my opinion, writing software is an exercise in freedom of speech, and deserves the same protections afforded to other forms of speech. If I make my speech available to others, under the condition that they accept responsibility for all damage that may occur as a result of its use, I believe that is reasonable.
A few thoughts...
1. Perhaps the burden of non-EULA-immune liability should only be attached when a piece of software is designed to transport, support or safeguard human life, and has failed to meet specific safety standards. Otherwise, I believe you're opening up a huge can of worms, in the already litigious American culture.
2. Software developers and vendors should have the right to dictate any other terms for licensing their software, including limitation of liability, waiver of warrantee, and "as is" delivery. Users and consumers are free to decline to use any software whose licenses are not acceptable to them.
3. Some free software developers have already stopped releasing their software, citing concerns over liability. Broadcast 2000 is one example I am aware of. This is a concrete example of the chilling effects liability can have on software development.
4. People are free to choose software platforms that are more stable, reliable and less prone to being exploited by viruses and worms. If they persist in using unsecure platforms, and take no steps to protect themselves (e.g. antivirus software), they shouldn't be particularly surprised by the outcome.
5. Those who purposely unleash viruses and worms on the Internet with the intent to do damage should be answering for their actions.
</rant>
My car gets 40 rods to the hogshead, and that's the way I likes it!
Then again, with the grammar and spelling skills on display around here, maybe most /.ers don't count as "native English speakers".
;)
The auto-preview/run exploit is a PRE IE 5.5 SP2 issue.
That's right. The auto-launching EXE exploit only affects people:
a) Running Outlook Express
b) Running a version of IE before 5.5 SP2.
Considering that IE 5.5 SP2 is VERY old as it is, people who are still using 5.1 or 5.5 initial release haven't bothered updating their software in years--let alone worrying about security patches.
Microsoft can make as many patches as they want, but if people don't install them even given the opportunity of two years, what can you do?
(BTW, I'm not saying that later versions are immune. Just that they won't be auto-infected. All it will do it pop up an Open/Save dialog box at worst...of course, someoen can still run the EXE if they're stupid and get infected.)
-Jayde
What's a sig?
It brought my 20-30 klez emails a day down to 0.
Oh and it's reduced my inbound spam by 100% as well :)
someone should write a virus that sends out a few messages, applys patches, and moves on... on the same note why doesn't someone just write a code red based virus that deletes exisiting codered/red alert infections and applies the required patches then proceeds to find another infection....
Sure, deleting these emails is a pain, but it's a lot less time-consuming than giving everyone your advice!
> No I'm not trolling, but sometimes I wonder if the writers of Klez / Sircam et.al, were infact white-hats trying to show the average MS user to take security seriously and patch there machine!
The problem with that theory is, the viruses/worms/etc do no substantial local damage - the injure network bandwidth, mail servers, etc, what what real, painful harm do they actually cause to the clueless many who open and spread them? NOTHING.
No wonder they don't care; they aren't directly affected, it's "someone else's problem".
Now, if the nasties were to start deleting files off of hard drives, or setting random BIOS passwords, then I'd bet you'd see a lot more clueing in than what's (not) happening now.
Now for some contrast: Email users under Linux may be just as clueless, but they must explicitly set execution permissions on anything received from the net in order to run it. God forbid auto-running complicated apps for viewing, with the ability to execute scripts -- this will be the dawn of a Linux virus era.
Add to this other "convenient" practices like hiding crucial meta-information from the user's eyesight. I'm talking about file extensions -- yes, Windows is that dumb in deciding over what can be done with a file.
Protection of an inherently insecure system with strict border checks is ineffective. Any breach on the border (another file extension to abuse, previously considered safe?
My exception safety is -fno-exceptions.
When those same people regularly bring things that are proven to be dangerous into their homes and they are often ambivalent or even supportive, to say the least, about products which have been statistically shown to lower life expectancy. They will rise up against the laws requiring safe operation of a product and cry "They are taking my liberties away!" Why should (l)users behave any differently when it comes to software? (And for that matter, is it fair to hold software companies to some higher standard of conduct, when other clearly defective products get special legal protection?)
I agree, the script kiddies and software authors are both culpable - but the idiot users aren't exactly innocent. People use Outlook for the same reason virus writers do - because it's easy, and to hell with the consequences.
Everyone will start to cheer when you put on your sailin' shoes.
We often get 50 a day, sometimes as many as 200+ per day. We've had enough of Exchange/Outlook and are about to install Lotus Notes/Domino instead, this is for a 500+ user city government network.
I don't use outlook but my wife does. What I find so amazing is that Microsoft can still let this happen after it has happened so many times before. I know it is easy to procure a patch that will fix this problem....But what about the last patch that I applied the last time an "outlook" scripting bug decided to reak havoc on the rest of her system? Why did not that patch disallow any arbitary executing of scripts or programs just by viewing an email in the preview pane? Did they only patch it good enough so that that the current virus of the day would be stopped --- but leave it open for future virii to get in through the same door....different angle. Why were they not smart enough to notice the symptoms the first 50 or so times and somewhere cure the disease along the way? And yet many (not mine) fortune 500 companies still use this software? What a joke -- these are the same companies that screan applicants backgrounds, and have 50000 processes in place to protect other business interests -- yet continue to use software that is like a ticking timebomb that is going off on a weekly basis.
(+1 Funny) only if I laugh out loud.
They usually have such cute names. C'mon, people, all they want to do is nibble on a few files. Where's the harm in that?
:)
I think I'm going to get a huge hard disk and put MS Windows on it. I'll stick it in a box in the corner, and throw captured virii on it. Kinda like the tank thing the Ghostbusters had.
Ah, what the heck. I think I'll post this with my +1. I honestly don't know if this will hit 5 Insightful or -1 Troll but I bet it will be one of the two.
You didn't do it right. You have to say "I'm going to be modded down for this" to get to 5. If you say "I know I'm going to be modded up or modded down" then you get modded down, because you're presenting a choice to the feeble-minded moderator instead of a clear reverse psychology directive. Moderators need to be told which way not to mod your post.
That's the wonderful thing about having a good ISP, and friends and family who don't use Outlook. (Friends mostly use Linux, family mostly uses Netscape or Hotmail... I'm trying to convert the Hotmail people to something else.)
To date, I have never received an e-mail virus or worm.
Now, back in the day when I did a lot of floppy exchange... well, I saw several virii "in the wild."
"Alcohol, Tobacco, Firearms, and Explosives" should be a convenience store, not a government agency.
the payroll download is defined by Intuit as restricted. we be stuck.
1: goto any trouble to un afflict a computer.
2: reconfigure servers to deal with poorly thought out software
3: worry about email viruses
4: bug microsoft to close security holes
btw should not have to do these things, like in the title
...latest research indicate that "Foot and Mouth" disease is the first virus unable to spread via Outlook.
:).
Experts and laymen alike were shocked
<!-- DHTML / JavaScript menu, popup tooltip, Ajax scripts -->
Now I get it what microsoft means with "We have created an ecosystem with Windows".
:-)
This is pretty cool. Maybe one day the payload of the virus will be the installer of phat-linux
Edwin, not a Linux-fan but thought mentioning the possibility was funny.
bash$
Virii is not a word. If you're going to speak Latin, at least learn it first.
if you get more than 1 a day your a moron for not using filters, and btw, you canget stuff you have to delete on ANY email account, its email not whtyou use to view it. and don't give me that bs about outlook being insecure, because they allow you to change your security settings, it takes at absolute max 30 seconds to hit the checkbox saying do not run scripts..so sick of morons thinking that one os is better than the other or one program better than the other without every using the other..
The Truth: There is no string:)
Here's a rule that I use for Imail (a windows mail server) to take all msg's with executable attachments and put them in a folder called "possibleViruses".
m |c pl|crt|exe|hlp|hta|inf|ins|isp|js|jse|lnk|mdb|mde| msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|url|vb |vbe|vbs|wsc|wsf|wsh):possibleViruses
a s smodulee f t MS-DOSprograme cu ritycertificatea :HT MLprogramm in gService: JS criptfileo rt cutc ce ssMDEdatabaset o f tWindowsInstallerpatcho u rcefilese d scriptr at ionentrieso mp onentc tr ip tEncodedscriptfilew sS criptComponento ws ScriptHostSettingsfile
Put this in your rules.ima file (all on one line).
B~(name=|begin6).*\.(ade|adp|bas|bat|chm|cmd|co
Here's a list of the executables I scan for:
.ade:MicrosoftAccessprojectextension
.adp:Mi crosoftAccessproject
.bas:MicrosoftVisualBasiccl
.bat:Batchfile
.chm:CompiledHTMLHelpfil
. cmd:MicrosoftWindowsNTCommandscript
.com:Microso
.cpl:ControlPanelextension
.crt:S
.exe:Program
.hlp:Helpfile
.ht
.inf:SetupInformation
.ins:InternetNa
.isp:InternetCommunicationsettings
.js
.jse:JscriptEncodedScriptfile
.lnk:Sh
.mdb:MicrosoftAccessprogram
.mde:MicrosoftA
.msc:MicrosoftCommonConsoledocumen
. msi:MicrosoftWindowsInstallerpackage
.msp:Micros
.mst:MicrosoftVisualTests
.pcd:PhotoCDimage,MicrosoftVisualcompil
.pif:ShortcuttoMS-DOSprogram
.reg:Regist
.scr:Screensaver
.sct:WindowsScriptC
.shs:ShellScrapobject
.shb:ShellScrapobje
. url:Internetshortcut
.vb:VBScriptfile
.vbe:VBSc
.vbs:VBScriptfile
.wsc:Windo
.wsf:WindowsScriptfile
.wsh:Wind
If you think about it... of all the people who are capable of hacking into high end servers. I will bet about 90 percent of that group run Linux, FreeBSD or some form of open-source software. Now the typical Linux fan also is a fan of Open Source and usually... almost always a hater or in some way is disgruntled towards Microsoft.
So why on earth would they hack a Linux server?
They would naturally attack the source of their grief. It is common sense. Of all the virii I have seen, I have only once seen a virus that attacked Linux and it was specifically Redhat Linux. However, for sometime, since Windows inception into the world as the main OS of use virii have spread wild like the fucking black plague. Linux... 1 that I have heard of.
I am not saying Linux has superior security, I am saying that Windows, is always being attacked. If you attack your "Enemy" long enough, weaknesses will be revealed. Windows could have just awesome security but everything has flaws. You can't walk around telling me Linux, which has been in BETA since the beginning of time, is more secure. You can't say it is less secure either. Because you don't have a source code comparison.
I don't think MS has bad security. I just think they are being attacked by (hack,crack,script)-ers more than they should be. Yeah it is a great way to get Linux to be the number one serving platform. You could also level the playing field by getting a few hundred people to sit around all day using vulverabilities in Linux to bring it to its knees.
It is a relative.
~Admrlnxn
"I got your mom in my trunk"
Are you THE famous admin who filtered out all messages with "hi" in the subject line just a while back? So funny how many HIgh fligHIng cHIcagoians HIt tHIs sHIpment HIatus. Oh yeah, my companie's clueless exchange group did this to and deleted all sorts of legitmate email.
Quick, tell me something about IIE that's easier to set up than a debian box or two running exim! Give up? So do I. Point whatever client you want at it! Add a corporate calender and sheduler as a seperate application, ZOIKS, they can work togeter! Amazing but true, nothing but M$ shit works with M$ shit, and it hardly does that while dishing out viruses and worms for the world.
My favorite part of this new plauge is that it is an unintentional combination of ancient virus with slightly modified and fast worm. All those, "brainwash" (M$ spokesman's own word) sessions to waste? So sad, too bad, nothing new, get back to work and get rid of that garbage please.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
What a total ludite solution. God forbid someone make a reasonable system with permisions and sandbox clients. Well, M$ did not make a reasonable system, better make sure no one runs anything, let alone write a script or compile a program that makes the computer do something you want it to. Outlook runs as what, "sytem" one click less that "Admin"? There is the problem, not the rest of the world. A good analogy is a house with a roof over half the rooms, Don't let anyone go in there without a rubber! Srcreen saver, music player, greetings card web site, what are you smoking man!? Don't share your work, only M$ can program you know. Don't enjoy your computer, it's like stealing from the company.
The simple and obvious solution is to NOT BUY M$ junk. With free software the company is root and really owns the machines. The users are free to do what pleases them, as they and their clients can not trump the company. Those that use M$, smart updater and what not are NOT root. M$ and other third parties own their machines and everything on them. Duh.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
I've been running E-mail Sanitizer for a few months. It has worked very well. It only tracks the attachments types instead of actually trying to identify viruses. Therefor it even finds most future Outlook-viruses.
Us working or volunteering to do tech support for companies who publish their e-mail address in the open are getting klez viruses in the customer support e-mail, making it a pain in the royal ass to get any work done when 1 in 5 e-mails is a klez virus (the other 4 are "legit e-mail", "help me I'm an idiot" and the rest "SPAM!")
And because Klez spoofs the from header... some look like it's coming from spammers.
Telling people to scan for viruses proves futile, as the people it's "aparently" from aren't the ones sending it.
nope, sorry, that wasn't me. I'm sure it was funny, but not everyone who uses MS software is a moron. I'm not going to go to war with you on this, but i can connect to my exchange server with several different email clients (probably more than i even know about).
I'm not sure what your talking about on setup of a debian box, so i'll leave that alone. but i've had very little problem doing anything i wanted to do with this companies MS software. Sure, there are problems with MS software (more so with the companies business practices) but can you name any piece of software that has ever been released by any company that didn't have ANY bugs?
on the virus front, i've been here 2 years. not one virus has gotten through. one man's garbage is another man's treasure, we simply have a difference of opinion. I'm not sure why your so angry.
you're all figments of my deranged imagination
I wonder whether the answer to this is for Outlook competitors on Windows or Linux to sell 'virus insurance' against major virus outbreaks. Since most of the major viruses attack iis/outlook/vbscript, the insurance would be pretty cheap. They might even be able to provide a guarantee instead of fee-based insurance. Corporations would look closely at something that could be cheaply insured or that comes with a guarantee (insurance for Outlook I assume would be quite expensive).
Will antivirus packages clean any infected copy of Klez?