Slashdot Mirror
Virus Piggybacks Microsoft Mail Worm
metacell writes "A virus (a version of the Chernobyl virus) infects an email worm executable (the Klez worm), and is spread along with it. "
It's a damn good *delete* thing that Microsoft has been *delete* spending the last few weeks
doing a *delete* security audit *delete* of all of *delete* ah never mind. My wrist hurts
from deleting over a meg of mail worm viruses a day.
Hmm, maybe Microsoft could just disable scripts in their email software? That sounds like a good option.
No one uses Outlook macros anyway, except worm writers. It's common sense that I don't want any software, not just viruses, automatically sending email without my consent or confirmation (or even knowledge!)
Now that someone's thought of infecting a virus with another virus, when will a white hat think of infecting Klez with some sort of antivirus. Let Klez think its doing its work, but don't actually delete the files its trying to delete. Then, a few weeks later, have code that just shuts down the Klez virus altogether.
Why isn't there a version of Evolution for windows? It's great software - I'd pay for it if it wasn't free. And, NO VIRUSES!!!
Unitarian Church: Freethinkers Congregate!
Alright. I've been in the field for some time but have never really pursued this: What other options for email clients do we HAVE besides Outlook/Outlook express in a windows environment?
I'm pretty sure that Eudora is still around, but what is out there for windows-based, user friendly software? It'd almost be worth the switch just to avoid all these damn Outlook-friendly virii.
First of all, I did some calculations, and found that there are over 1600 different subject line possibilities alone with this virus! This takes into consideration the number of variable words within the subject lines, and doesn't even account for the number of different message bodies. All things considered, there are probably over 10,000 possibilities!
The second thing about Klez that I find interesting is the payload... You often get totally random files from people's computers (if they survive virus removal)... For example, one of my coworkers got the 2001 operating budget of her church, and was able to see how much everyone was paid, how much they blew on projects, etc... Opening your inbox is like opening presents on christmas morning... most of the stuff is pretty boring, but every once in awhile you open something interesting!
You don't have to remove the functionality; just make it REQUIRE the script to be CRYPTOGRAPHICALLY SIGNED by a known entity, like the sysadmin.
Fucking simple solution, unless you wanna argue that clients should execute code from UNKNOWN and UNTRUSTED sources for some reason?
Belief is the currency of delusion.
I say this because it isn't the first time 2 viruses have bonded together. I recall many moons ago when a couple other viruses got together.
Viruses usually employ a mechanism to detect if a file is already infected, so they don't keep adding to the size of the file. One used a marker at the beginning of the file to decide if it was infected, one at the end. So the first virus infected the file, the second came along (modifying the beginning as per normal virus behavior, and adding it's marker to the end), then the first came along again and saw the file was not infected so infected it again. THen things stayed the same.
So it would show up as containing virus A, but you could not disinfect it properly, because it would just re-infect as soon as it was run. B wouldn't show up because B was actually a layer down.
On a side note.. the #1 thing that has reduced the number of viruses coming out of my office has been to ban the use of outlook/outlook express.
> but wouldn't you love to see SWAT teams breaking down doors to sieze copies of Outlook?
They already do that, except that it's federal marshals instead of SWAT teams, and it's done for agregated petty theft instead of mass murder.
Oh, well... our society almost has it right.
Sheesh, evil *and* a jerk. -- Jade