Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Piggybacks Microsoft Mail Worm

Posted by ryuzaki0 on from the you-can't-make-this-stuff-up dept.

metacell writes "A virus (a version of the Chernobyl virus) infects an email worm executable (the Klez worm), and is spread along with it. " It's a damn good *delete* thing that Microsoft has been *delete* spending the last few weeks doing a *delete* security audit *delete* of all of *delete* ah never mind. My wrist hurts from deleting over a meg of mail worm viruses a day.

10 of 534 comments (clear)

  1. Re:My wrist hurts, blah, blah, blah... by bigberk · · Score: 4, Informative

    For anyone interested, this is all you need by way of procmail filter in order to never see any of this crap (kills executable attachments).

    :0 B
    *^Content-Type: (application|audio)
    *^.*name=.*\.(vb[esx]|jse?|ws [hf]|c[ho]m|bat|cmd|s hb|hta|exe|lnk|pif|scr|shs)
    /dev/null

  2. Re:Options? by cheebie · · Score: 2, Informative

    Forte Agent is what I use for email and newsreading. I'm pretty happy
    with it so far and have gotten 0 virii/worms. It doesn't render HTML, but I
    consider that a feature. I use it on an individual basis, so I can't intelligently talk about its use by a larger group. You can even download it for 30 days free
    to check it out.

    See Agent Product Page for more information.

    (disclaimer: I don't work for Forte, I'm just a satisfied customer.)

  3. Not Always MS's fault by kpetruse · · Score: 2, Informative

    Now I dislike MS as much as the next man, but let's not blame them for all virus emails.

    Most (but not all) email virus/worms are Javascript, Visual Basic or .EXE files that are sent by email. Clueless users double click on these because they are...well...clueless, and think that they are games/pictures/nudey photos of Kournikova, whatever. This activates them, and allows the worm to read the address book and either use Outlook or its own SMTP routine to send itself to all the people in the address book.

    MS put the "double click" functionality in to make people's lives easier, and on the whole, they have. Outlook is very easy to use and this is one of the reasons it's so widespread (another being that it's very powerful, but that's going off topic). Combine this ease of use with how common MS Outlook is, and you'll see why virus writers write viruses for it. If some new Mail client became as popular, don't think for a minute that it wouldn't have similar viruses.

    All that it takes to stop viruses like Klez is for the mail administrator to block attachments with .exe, .js and .vbs extensions (plus some other little tricks) and this kills 99.9% of viruses stone dead. Either that, or get your user base educated enough to not blithely double click on everything they see.

    I'm not talking here about some of the rather more ominous security holes in Outlook - those that allow code to run by previewing the message - because anyone who hasn't patched that yet is a moron. And there are a couple of holes which MS should be hauled over hot coals for, but they aren't exactly the only software firm to produce insecure software.

  4. Never mind Klez, hoaxes are the annoying viruses by galaga79 · · Score: 2, Informative

    Never mind the the Klez virus, those elaborate virus hoaxes are far more annoying because you need to educate the person that emailed you about it that it is in fact a hoax. One only has to look at the latest hoax that tricks user into thinking jdbgmgr.exe, the Microsoft Debugger Registrar for Java is a virus.

    --

    aus.music.scrapbook
  5. Re:Options? by Izeickl · · Score: 4, Informative

    The Bat ofcourse, seriously, check this mail client out, it has all the features you could want...Includes PGP encryption as standard too. I use The Bat all the time.

    --
    Laptop Reviews
  6. Re:Solution by JThaddeus · · Score: 2, Informative

    Unfortunately, my sources tell me the Outlook and Office team at Microsoft insisted on putting it in--over the objections of the Visual Basic team who knew it was a bad idea from the start. The Office logic was "We make more revenue, we want it, you have to do it." Now if only MS would get stuck with some major suits over it the would clean up their act.

    --
    "Love is a familiar; Love is a devil: there is no evil angel but Love." --William Shakespeare ('Love's Labors Lost')
  7. Re:Options? by Will_TA · · Score: 5, Informative
    Options away from Outlook? In Windows My university uses Pegasus, my favorite is Balsa (Linux/X Windows), Pine ('nix/Cmd Line)or Eudora (Winblows)
  8. Re:Options? by RazzleFrog · · Score: 5, Informative

    How about you just educate yourself and your coworkers instead? Email viruses are not just about the program used - they are also about ignornace. Here is a hint to get you started:

    1) Apply all security patches from Microsoft.

    I was just interupted as I was typing this by a coworker asking me about a virus (talk about synchronicity). We don't use Outlook and she wasn't infected but she printed out the email and showed it to me. Sure enough - whatever.scr. I told her to delete it immediately.

    Why did she ask me first and not print it? Because we have a policy here - which brings me to point 2:

    2) Don't open anything that isn't work related.
    3) All computers show all extensions on files.
    4) Only open files that you expected with .xls or .doc extensions only (no .doc.js, etc.).
    5) If you get anything else - then ask me or somebody else informed about the latest viruses.
    6) When in doubt, call the sender and ask if they intended to send the email.

    With all of these in place, when a virus is sent to one of our employees it does not propogate.

    I leave you with this thought. A few weeks ago somebody in another department received an email warning about a virus go around. The email said to email this warning to EVERYBODY IN YOUR ADDRESS BOOK. One of my coworkers received the email and asked me about it. Of course it was a hoax and I wrote an email back to the original sender telling her that she basically just sent out a manual email. If everybody sent out that email to everybody in their address book it would be a disaster. The moral of the story - ignorance is the worst virus.

  9. Re:Options? by zaphod110676 · · Score: 2, Informative

    The thing to be aware of is that the latest versions of Eudora, by default, use IE to read e-mail that contains HTML. It is the same control that outlook uses to view mail. If you don't turn it off Eudora will also automatically execute attachments if they exploit a vulnerability in IE.

    On the bright side, you can switch it off and use Eudora's built in viewer.

    http://www.iss.net/security_center/static/8609.p hp

    --
    To Do: 1. Take over world 2. Pick up Milk and Bread on the way home
  10. Re:What can Microsoft do? by sheldon · · Score: 3, Informative

    First of all... AmigaOS free of virii? Huh? I encountered a lot of boot sector viruses back in those days. Oh, and my favorite was the arguments about the virus that supposedly embedded itself in A500 memory expansion clock.

    Now as far as what Microsoft can do, let's look at your list and what they have done.

    10. Done. New versions of Outlook by default disable scripting.
    9. Windows XP automatically downloads security patches. This functionality should be extended to universally cover Office and other products as well.
    8. Done. New versions of Outlook by default will warn a user if an external app is trying to use it to send email, and further warn if it's being used rapidly.
    7. Pretty much done with WinXP. There are a few settings relating to domain authentication that can be strengthened by default. I think they are not because it would cause connectivity issues with older NT domains.
    6. That would be virus protection and step on third parties like Norton and McAfee.
    5. That's not Microsoft's responsibility.
    4. Again virus protection.
    3. Again virus protection.
    2. Done. This is part of the Active Directory integration.
    1. Process auditing has been part of NT since the very beginning. What you want is reporting on that, and I don't think you fully appreciate just how big of a task this would be. This functionality is really only useful in more secure DoD installations because of the scope.