Slashdot Mirror
Yet Another Windows Worm
kraksmoka writes "MSNBC is reporting that yet another active worm is taking over computers in 115 countries today. 'Antivirus companies were on high alert Thursday after the rapid spread of a new computer worm that includes particularly malicious snooping techniques. Bugbear.B, a variant of a worm released last year, installs keylogging software, back-door software, and in some cases even attempts to control infected computersâ(TM) modems. Some of the wormâ(TM)s functions are designed to specially target financial institutions.' Yummy!"
Yeah, because it's a lot of work to set windows to do updates automatically. Just a troll, nothing to see here.
You obviously don't administer servers with Enterprise Level Code. If you did, you'd know that with Microsoft you can't simply use automatic updates. Microsoft Service Packs break systems all the time. If you run ASP.NET and Sql Server code, you get bitch slapped everytime they release a service pack or "security fix". They consistently change functionality, without warning. Then they just post on their website (three months later) that the service pack changed the way some undocumented feature worked, but you weren't supposed to use it that way anyway, so tough shit.
Ha!! Automatic updates my ass.
Doug Tolton
"The destruction of a value which is, will not bring value to that which isn't." -John Galt
Sure you can.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
Uh... Patch for what? I was unaware I could apply a "patch" that would prevent me from getting viruses. It exploits a user vulnerability (stupidity), not an OS one. And McAfee seems to disagree with you about when this was discovered. See here
There is no sig, there is only Zuul.
Only if you are 2 years behind in your patches.
t in /MS01-020.asp
http://www.microsoft.com/technet/security/bulle
...is one involving how it handles MIME types, especially within IFRAMEs. What happens is, the message headers will say it's one type, such as audio/x-midi, while the payload is really an EXE file, sometimes misidentified as a .bat or a .pif. The unpatched Outlook or OE thinks, "Ah, a MIDI file! Let's play it!" and blithely passes it to the OS, which thinks, "Ah, an executable! Let's run it!".
One more example of why HTML doesn't belong in email, aside from web bugs and other BS.
Oh, no! You have walked into the slavering fangs of a lurking grue!
Patch for what? ... It exploits a user vulnerability (stupidity), not an OS one.
Patch, for the exploit in IE.
According to Symantec and McAfee, Bugbear.B uses an IE exploit that was fixed over 2 years ago : "Outgoing messages look to make use of the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability (MS01-020)".
"Can of worms? The can is open... the worms are everywhere."
Yeah, just imagine if something like Apache gets popular, imagine the havoc people could cause with uptimes on those OS's.
Yes, the server community is different from userland and every piece of software will have its flaws, but popularity is not proportional to the amount of worms and viruses, lack of quality is.
Bad boys rape our young girls but Violet gives willingly.
Pretty simple really; for Windows 2000:
For other versions of Windows, click on the link (it has instructions for 95, 98, NT and 2K; I'd imagine XP is similar to 2K but it was written in 2001 prior to XP's existence).I'm trying to find instructions for modifying the security in Outlook 2000 as well, so it doesn't do anything automatically without a) my approval at the very least, or b) me asking it to run an attachment.
If anyone has pointers/links to articles on Outlook security, please post. Thanks!
I feel fantastic, and I'm still alive.
First, run Office Update so you have at least Outlook SP1 (SP2 has been out for a while, in fact). Next, add the following value to the registry:
i on s/Mail
HKCU/Software/Microsoft/Office/10.0/Outlook/Opt
REG_DWORD: ReadAsPlain = 0x01
Outlook will convert all HTML to plain text before rendering it, and turn all embedded images, etc into attachments.
Thought I'd share that little tidbit.
In this case, other sites that covered this week's pair of Microsoft worms first -- and they'll cover next week's first, and so on. ZDNet, eWeek, Infoworld, Reuters, the Register and others covered it first. ZDNet has the bad habit however of sliding stories that reflect badly on MS quickly off the top pages and into obscurity.
Worms like sobig and bugbear only affect products with design flaws. Brian Valentine, senior vice president in charge of Microsoft's Windows development, said it best:
In short, there's nothing you can do to improve your security except upgrade to a different client: Mozilla or Opera instead of MSIE, Eudora or others instead of OutLook, OpenOffice.org or WordPerfect instead of MS-Office. Usually by upgrading you get better functionality, ease of use in addition to stability.Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
That's bullshit. You'll notice these things don't just use any old extension, they use executable extensions. If you setup your mailserver to strip .pif, .scr, .vbs etc you'll be in a much better world.
When was the last time you got a legitimate email with a .pif attachment? Never, that's when. I setup this on all of my clients networks and have yet to have grabbed a single legit email.