Slashdot Mirror
Virus Piggybacks Microsoft Mail Worm
metacell writes "A virus (a version of the Chernobyl virus) infects an email worm executable (the Klez worm), and is spread along with it. "
It's a damn good *delete* thing that Microsoft has been *delete* spending the last few weeks
doing a *delete* security audit *delete* of all of *delete* ah never mind. My wrist hurts
from deleting over a meg of mail worm viruses a day.
Hmm, maybe Microsoft could just disable scripts in their email software? That sounds like a good option.
No one uses Outlook macros anyway, except worm writers. It's common sense that I don't want any software, not just viruses, automatically sending email without my consent or confirmation (or even knowledge!)
Now that someone's thought of infecting a virus with another virus, when will a white hat think of infecting Klez with some sort of antivirus. Let Klez think its doing its work, but don't actually delete the files its trying to delete. Then, a few weeks later, have code that just shuts down the Klez virus altogether.
Since Outlook is propogating virii, it is responsible for electronic havoc. According to the new legislation, that classifies Outlook as an electronic terrorism program. Ok, so I'm dreaming, but wouldn't you love to see SWAT teams breaking down doors to sieze copies of Outlook?
I am !amused.
Just deleted this klez mail:
Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me.
Ofcourse, an infected file was attached with the mail..
Why isn't there a version of Evolution for windows? It's great software - I'd pay for it if it wasn't free. And, NO VIRUSES!!!
Unitarian Church: Freethinkers Congregate!
Alright. I've been in the field for some time but have never really pursued this: What other options for email clients do we HAVE besides Outlook/Outlook express in a windows environment?
I'm pretty sure that Eudora is still around, but what is out there for windows-based, user friendly software? It'd almost be worth the switch just to avoid all these damn Outlook-friendly virii.
Because, there hasn't been an Outlook patch kicking around for some time now. And because no open-source software has bugs. Ever.
So, in short, there's two lines of Microsoft bashing there, accompanying a really dull story about a virus that no AV software has any trouble detecting?
Must be the slow season I guess.
Score:-1, Funny
Legislation containing the language "BWUHAHAHAHA", while not specifically prohibited by the Constitution, has historically been held in disdain by the Supreme Court.
Karma: Good (despite my invention of the Karma: sig)
First of all, I did some calculations, and found that there are over 1600 different subject line possibilities alone with this virus! This takes into consideration the number of variable words within the subject lines, and doesn't even account for the number of different message bodies. All things considered, there are probably over 10,000 possibilities!
The second thing about Klez that I find interesting is the payload... You often get totally random files from people's computers (if they survive virus removal)... For example, one of my coworkers got the 2001 operating budget of her church, and was able to see how much everyone was paid, how much they blew on projects, etc... Opening your inbox is like opening presents on christmas morning... most of the stuff is pretty boring, but every once in awhile you open something interesting!
Okay, as a long-time Mac user and a reader of Linux sites like this, I know that Windows carries a massively larger burden of virii than other Operating Systems out there. Time and time again, I have heard it said that this is due to their market share - hackers want to be seen and thus make their virii attackers of the software that most people have. But this really rings hollow for me - the MacOS has always been relatively free of virii, as has Linux, as has BSD, as has AmigaOS, as has BeOS etc. This seems to imply that maybe aside from marketshare, Microsoft engineers (or marketting staff) are doing something wrong.
Let's take a constructive approach to this topic. With so many SysAdmins out there, what are the TOP TEN things that Microsoft (or any OS maker) can do to prevent virii? I am just a humble Business Analyst, but here are a few ideas that come to mind for me (I hope the coders will forgive my ignorance on some of the finer points):
10. Disable scripting in certain programs (e-mail) by default.
9. Automatically download security pactches to PCs if they are of a sufficient severity level (but put measures in place to make sure the same mechanism is not used to transmit virii/worms)
8. Auto-detect large numbers of e-mails being sent at once and alert users before sending
7. Make the default install for all systems the most secure install
6. Create a system to auto-report virus/worm infections to a central (independent) agency for monitoring (user-selectable kill switch for this functionality should be available tho)
5. Allow purchase of "health insurance" for PCs by Microsoft to reimburse for lost productivity/hardware due to infection - monetary incentive for MS to push quality and security
4. Create a module of the OS to track virus reports/alerts and display them in the taskbar - produces one trusted source for alerts and to decrease the effectiveness of e-mail hoaxes
3. Integrate virus alert into mail program for incoming e-mails - advise users when a known large-scale e-mail virus/worm is out there to decrease openning of infected mail.
2. Give sysadmins the ability to change e-mail setting for all users when a large-scale outbreak is going, to specifically turn off scripting, html reading, java, etc.
1. Provide a method for a daily audit of all processes running on a machine to identify all those not initiated by the user, and flag those taking part in suspicious activity.
Not sure if those are insightful or lame. But feel free to improve upon this list, ad infinitum.
You don't have to remove the functionality; just make it REQUIRE the script to be CRYPTOGRAPHICALLY SIGNED by a known entity, like the sysadmin.
Fucking simple solution, unless you wanna argue that clients should execute code from UNKNOWN and UNTRUSTED sources for some reason?
Belief is the currency of delusion.
I say this because it isn't the first time 2 viruses have bonded together. I recall many moons ago when a couple other viruses got together.
Viruses usually employ a mechanism to detect if a file is already infected, so they don't keep adding to the size of the file. One used a marker at the beginning of the file to decide if it was infected, one at the end. So the first virus infected the file, the second came along (modifying the beginning as per normal virus behavior, and adding it's marker to the end), then the first came along again and saw the file was not infected so infected it again. THen things stayed the same.
So it would show up as containing virus A, but you could not disinfect it properly, because it would just re-infect as soon as it was run. B wouldn't show up because B was actually a layer down.
On a side note.. the #1 thing that has reduced the number of viruses coming out of my office has been to ban the use of outlook/outlook express.
metacell writes "A virus (a version of the Chernobyl virus) infects an email worm executable (the Klez worm), and is spread along with it. " It's a damn good *delete* thing that Microsoft has been *delete* spending the last few weeks doing a *delete* security audit *delete* of all of *delete* ah never mind. My wrist hurts from deleting over a meg of mail worm viruses a day.
Maybe you should tell the people on your contact list to stop opening attachments (or at least get the latest patches). Microsoft is all but Moron proof.
linux machines get hacked into every day. Is it a linux flaw? no...it's a user flaw. So why should Microsoft be nay different? Maybe because they're against open source?