Slashdot Mirror
Bugbear Windows Virus Making the Rounds
lysurgon writes "CNN.com is reporting that the "BugBear" virus (Windows/Outlook only) is spreading quickly. Unlike ILovYou-type viri, instead of deleting files or just propagating itself, this animal disables firewall software and opens a port to receive remote commands. The article doesn't draw this conclusion, but this effectively sets up slave machines for DDoS uses. Also worth noting is the puzzlement of anti-virus guys as to why they haven't been able to make the virus spread in the lab. "One of the theories is that this requires an Internet connection in order to spread." Gee, you don't say?"
It's pretty impressive that this virus disables anti-virus software, and covers quite a large list of AV/Firewall programs.
tech details
Have any other virii in the past done this, or is this a first?
www.christopherlewis.com
Unfortunately, people who use MSN as their ISP are forced to use MS LookOut as their e-mail client because the SMTP servers require "Secure Password Authentication" support, and none of the clients you have listed support it.
Score one for vendor lock-in!
Nathan
I agree.
...
People seem to dislike this attitude, but its true. Why should anyone deserve sympathy for driving a car thats already rolled over 3 times
Eventually its up to the user to practice safe computing.
"Old man yells at systemd"
The vulnerability that this exploits in Outlook and Outlook Express has been patched since March 29, 2001.
If you run Apache and haven't patched since March 2001, you're vulnerable.
If you run OpenSSL and haven't patched since March 2001, you're vulnerable.
If you run WU-FTPd, Sendmail, or any other numerous programs with vulnerabilities and haven't patched since March 2001, you're vulnerable.
At this point, there is no one left to blame but people who simply never update their computers. It's the same g&^damn hole that this exploits every single time, folks. Outlook 2000's patch has been out for well over a year. Outlook XP doesn't even HAVE this vulnerability!
Stop whining about what programs other people choose to run, and encourage them to learn how to patch their systems. No matter what OS you run, patching it is going to be important. Windows XP, Mac OS X, Debian, and Red Hat all make it incredibly easy to patch your system. People spreading this crap around no longer have an excuse.
Simpli - Your source for San Jose dedicated servers and colocation!
Of course not. This is Slashdot, after all.
Oh, wait...
The big problem with MS's application is the idea that data can tell programs what do to. THIS IS A BAD BAD BAD IDEA.
How foolish is this? How many people would open an email that said:
Hey here is a perl script with my message in it. Go ahead and run it to see what I have to say.
You'd be a fool on any system to execute what ever it really is but MS wants this behavior by default. The moment you let data run the program you get this bad stuff. Word document with macros that destroy files. A whole slew of Outlook nastiness. Heck nearly all buffer overruns in networked programs are based on the idea that sending bad data to gain control.
Why does MS continue to cling to this idea that they can make data behave like programs?? It just isn't sound...I wish they would abandon it.
You need to learn what my dad drilled into us as kids:
"Never put anything in writing you wouldn't want to read aloud in open court."
I don't have anything to worry about, my computer is completely secure. I run linux with lynx. Who's going to write a virus for that?? That's too obscure, so I know I'm secure.
Some guy out there have his Outlook wronly configured.
I was infected, and the virus sent itself to MANY people... with a wrong email addresse in the FROM...
not his address, but MINE. dammit...
I'm now swimming in spam AND auto-reply from Email Scanning software and people telling me that i'm infected...
So, don't think your safe, even if you're running Linux as I am !
There are serious differences here.
You can just act like every OS is as secure as then next.
I'll take unpatched OpenBSD over unpatched Win2k any day.
To make informed statements, you have to conside the severity of a security flaw. Ex: a buffer overflow, vs a string formatting error. One theoretically allows you access, if you are a skilled assembly programmer, the othermakes it trivially easy to get access.
Patching your boxes is important, but so is security by design.
Life is too short to proofread.
Why is it that whenever some new virus/worm sets up a backdoor to receive commands that everyone thinks they're for DDoS attacks? Judging by the huge number of formmail scans I get from computers that, according to DShild, appear to be infected, they're being used to scan for open formmail.[pl|cgi] relays and send spam.
Viruses aren't just for script kiddies any more. The spam industry needs these infected machines to better cover their tracks in hopes of not getting sued into oblivion.
Actually it's often a sign of bad management if something like this happens.
Employees who repeatedly screw up company property should get verbal warnings, show cause letters, and if they still persist unfortunately they have to be sacked.
It's a disciplinary and management issue. You should have backing from your management to enforce reasonable policies.
If employees keep breaking the rules and getting away with it, it's bad management.
If you don't get backing from management, then it's also bad management. It's bad to have responsibility without power. You get the blame, it's not your fault and you can't do anything about it.
But if you did have management support, then it's probably your fault things things went that way.
Link.
Virus updates are critical - the other posting by A.C. indicates that he sets up the machines on his net to update them frequently, and in a LAN-based environment, that's usually not a bad policy, though updating at boot time sometimes can interfere with what a developer is doing, or with somebody installing new hardware or software that requires reboots, or whatever. But I'm in a company that has people working out in the field, and while it may be important to get a virus update today, a 10 megabyte data file update on a 56kbps dialup line takes a long time - and if I'm out at a customer site trying to show their CIO how our really cool web site can help them make money, or I'm in the airport trying to send an important email before getting on a plane, I can't wait an hour for the latest virus update to download - that can wait till I'm back at the office.
Microsoft Outlook's integration of calendar, incoming mail, and storage of old mail, all in one big system, makes this particularly critical. The other day I needed to get on a conference call, and had the phone number in my Outlook Calendar, and dialed up 15 minutes before the call to get any relevant emails (and my Palm Pilot battery had run out the other day so I hadn't copied the schedule to there.) Somebody in Marketing had decided to mail 10 MB of glossy viewgraphs to everybody, and while it was downloading, I couldn't access the old messages to find the website for the slides for the call. The older antivirus software used to have similar behaviour - it insisted on doing its updates at boot time, before anything else could run, whether the user needed it right then or not. The newer stuff is often sufficiently well-behaved that it just dogs down the network connection rather than totally preventing you from working, but it's still a problem.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks