Slashdot Mirror
W32.Sobig.E@mm Worm Spreading Rapidly
mabu writes "Apparently there is another worm spreading online. Symantec has upgraded its severity to 'category 3.' This worm appears to primarily affect Microsoft systems, has an expiration date of July 14th, and searches users' machines for select files containing e-mail addresses that it uses to propagate itself."
just kidding.
"This worm appears to primarily affect Microsoft systems, has an expiration date of July 14th,"
Yuck. The only thing worse than worms are rotten worms.
I have an "early slashdot worm story alert system" built in to my DSL connection. I found out about this around midnight last night, when my DSL connection proceeded to crawl to a slow, and even google was returning results with considerable lag.
Anyone else so lucky to have a system such as mine? This works well on the UTA campus network, also. At least, a worm story has been reported w/in 24 hours of every noticable long slowdown of the net for me...
moox. for a new generation.
1. Virus writers
2. Spam merchants
3. ???
Is there an organized group involved in
trying to take control of the Internet
through the nefarious means of planting
virus and trojan software on a critical
mass of systems from which they can launch
deadly attacks to take over the entire
Internet?
Ahem. No MSN, Kazaa or AOL jokes please.
This is a serious question.
Ceci n'est pas une signature
I actually just got this virus and was coming onto /. to post about it when I saw that it had already made the front page. /. keeps up its tradition of reporting news before it happens. Anyway, I got this virus as an attachcment (didn't open it of course), and I noticed that it had spoofed its return address. Something else to think about.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
expiration date of July 14th
Well isn't this the french national holiday. Maybe somebody is angry because they didn't join the war against weapons of mass.. er, what was that war about again?
"So BIG" and "spreading"?
This will be flagged as pR0n browsing by our bofh. Oh shit.
-- No sig today
I'm going to have to use that last line as my new quote... I hope you don't mind, but it's damn true and damn funny at the same time. Which puts it in the "sad but true" catagory. This catagory, of course, is to live and die by.
||| I still can't believe Parkay's not butter.
All it takes is for one of those spammers with 15 million email addresses to get infected...
Fortunately my virus scanner DAT was up to date, although it did misidentify it and the info page said that it was supposed to expire June 6.
Unfortunately, all the suckers that set their system time back to get 'extended' shareware use periods will be spreading the worm/virus (true slashdotters never read the article) for years to come.
- Andreas
"This worm appears to primarily affect Microsoft systems..."
What's this "primarily affect" business? It only affects Microsoft systems, just like every other friggin' virus on the face of the planet.
but can someone please write a good virus for once. :P. So, instead
I mean back in the day virii actually did stuff,
now they just email over and over. Remember when
your computer used to get "Stoned"
of bitching about virii, I just ask, if you're
gonna write one at least make it do something fun.
When these are known as Internet worms and not Microsoft worms........
"Because we are not employing at entry level, offshoring will kill our industry stone dead."
From: Cowboy Neal
To: Cowboy Neal
Subject: Re: Your Mail
Click the attached link - it's great...
Attached file:
www.yahoo.com
[application/octet-stream]
I wish we had some Darwinism happening on the internet, could you imagine the bandwidth freed up from your local cable node?
You receive an email from support@yahoo.com with the subject "Re: Documents". You know you never have written an email to this adress with this subject.
Would you really click on this attachment??
I guess there are still people who do.
They are a dying race. We should let them pass.
-- Ambassador Kosh, Vorlon Empire
Does anyone tested it with wine ?..
You know, linux lacks of choice in good software.. We shouldn't let them win.
Yahoo! variant! of! Microsoft! support! worm! spreading! rapidly!
.scr and .pif files. Like its predecessors, Sobig-E has a built-in expiry date - in this case 14 July. Click on the infectious attachments and you catch the pox.
.wab, .dbx, .htm, .html, .eml, .txt. This trick is the likely reason behind the worm's rapid rise to prominence.
By John Leyden
Posted: 26/06/2003 at 10:22 GMT
Stop us if you've heard this before, but there's another prolific email worm loose on the Internet today.
Sobig-E differs from its predecessors, the Sobig-B (aka 'support@microsoft.com') and Sobig-C (aka 'bill@microsoft.com') worms, by spreading itself in the form of a ZIP file. This time around infectious emails sent out by Sobig-E pretend to come from support@yahoo.com or another spoofed email address.
The worm is spreading rapidly, with many vendors upgrading the severity ratings they attach to the worm this morning. At the time of writing, managed services firm MessageLabs has blocked 22,156 copies of the worm over the last 24 hours.
Sobig-E normally spreads via emails with randomised subject lines (such as Re: Documents and Re: Re: Movie) and . zip attachments containing infectious
As usual, the worm affects only Windows PCs. Linux and Mac users are immune.
On infected PCs Sobig-E sends email to addresses collected from files with the following extensions:
Sobig-E appears to also have the ability to spread via
network shares and uses its own SMTP mail engine for sending email to further propagate.
So what to do?
Don't run suspicious email attachments and update your AV signature files. Don't allow Rob Malda to have write access to your box. He *will* put illegal gay porn on it, trust me.
It's as simple as that really.
A write-ups of the varmint by Symantec provides more detailed information. ®
Q: Is this alert severe?
A: Yes, it is. Systems that connect to the internet using any Microsoft OS are vulnerable.
Q: When can I get a Service Pack for this?
A: When we include this bug..er, fix in the next Service Pack. We released SP4 yesterday. Six months more, atleast.
Q: Are there any mitigating factors?
A: Yes.. if you run Linux or GNU/Linux or NetBSD, you need not worry.
This bug will disappear by July 14th, and the replacement bug will be announced in Dec 22.
Contrary to Gartner reports, we know that millions of people use Linux on the desktop without much trouble. If you want a permanent solution, install Linux.
Q: How can I protect myself from further attacks?
A: Learn to use a Linux system. Contrary to what Aberdeen says, there are fewer bugs in Linux.
Q: What if I never connect my system to the Internet?
A: Then tell us your address, so we can send you the ServicePack and an invoice for $50.
Q: Are pirated copies of Windows more vulnerable?
A: We like you to think so, yes.
If you keep throwing chairs, one day you'll break windows....
How dumb do you have to be to first open a mysterious zip file, then run the payload?
> This worm appears to primarily affect Microsoft systems
<Nelson>
Ha - Haah!
</Nelson>
And now...
<Hanz&Franz>
Once again, ha haa! I lauugh at you silly foolz, with your flabby Windowz and your buuggy virus-baiiting Outlook email reader. I sit here with my puuumped-up Linux system, and my maanly Mutt text-only mail reader, and I open up my spam and virus emails and lauugh again because they cannot haarm me!
Ha Haaaah!
</Hanz&Franz>
"Orthodoxy is unconsciousness" - Orwell
This is just another nail in the coffin for email.
.zip attachments being declined by many mail server admins, just as it did with .exe files.
.zip files too...
It will inevitably lead to email with
It will soon be impossible to guarantee that any attachment you put on an email will be received, which so many of us rely on.
Just as your average users are finally starting to understand
A slashdotting - you get the stick first and then the carrot !
I am running OS X on my Powerbook G4, and I have never had a worm. Am I missing something ?
Ok, this is a serious question, not an attempt to start a flame war or anything, but why does this always happen to MS systems? I use a Mac and have only had to work with Windows at my college and a few other times here and there. I've NEVER seen a live Mac trojan or worm and have only ever encountered one virus (the 666 one) that wasn't really malicious and only added some extra resources labeled "(Box thingy)666" in an application's resource fork that caused an application to run a little slower. And that was 4 or 5 years ago in OS 7.5 or 8.
Now, I understand the "security through obscurity" theory that basically says Mac's have far fewer virii problems than PCs because not nearly as many people use Macs, but that's sort of a dead idea nowadays. While we don't have nearly the numbers of any MS OS, by Apple's numbers, there are 7 million users of OS X, which makes the current number of users in the OS X community about as large as the populations of Hong Kong (7,303,334) or Switzerland (7,301,994), and about 1 million more people than the pop. of Israel (6,029,529). (Go on, check my numbers.) And just for good measure, add to that the fact we now have a more or less Unix based OS and therefore must have some common ground with numerous other OSes. It's not like we're a tiny little niche to go after, or one that no one knows how to program for. Hell, Apple even gives away developer tools to write out and compile programs. So why don't we ever see any worm, trojan, or virus outbreaks for OS X?
Request: ECM unit, 1000 km fullerene cable, 1 tactical nuclear weapon. Reason: Birthday party for foreign dignitary.
This is news? Men should be able to synchronize their calendar by a) their woman's period or b) the latest windows worm.
Stuff that matters? The only people that this really affects are sysadmins who have to deal with tons of wormspam in their users' mailboxes. Maybe also those poor souls who maintain large networks of windows boxen. But really, those people would already be on top of this...
Every time a new mass mailing worm comes out all the antivirus vendors issue updates to their virus definitions. This stops _that_ particular virus from infecting a machine or spreading further. A better approch would be to monitor socket connections on port 25, I think Norton antivirus already does that, aren't the other AVs already doing this or the people getting infected simply not running a antivirus scanner at all? In any case the anuvirus vendors need to figure out a different way of dealing with these pests.
I can't really see how it's microsofts fault. Reading about it, it comes in a zip file, the user has to get the zip, extract it and then execute the payload.
Is it just me or is this more like social engineering than a real problem with the system?
My blog [.net, rants, general IT]
Damn. In the first moment I read "Microsoft systems have an expiration date of July 14th". Well, I guess that's what I would like to read one day. :-)
"Linux and Mac users are immune."
:)
If you were writing a virus and wanted to do some harm, why would you even bother trying to infect mac and linux users?
I mean, people make a big deal on "windows is so insecure that's why this happens blah blah".. but in reality it's just because it's so much more popular...
Not that windows isn't insecure and not that microsoft isn't an evilbad company et cetera.. just wanted to make that point..
"Mac and Linux users are immune"
I want to see a really intuitive and effective worm for OS X... all these mac users thinking they are immune.. it could be a problem.. (More likely to click on attatchments) Not that it would make a big impact
Excuse me, I don't mean to impose, but I am the ocean
You mustn't forget that the reason why Microsoft systems get hacked so much is because hackers go for Microsoft systems first. Microsoft dominates the market and the hackers want to affect as many systems as they can and embarass the Big Mighty Microsoft - all for pure ego reasons.
I think if - say - Linux dominated the world, then we'll see many more worms/virsuses written for the Linux platform. Let's not forget it's open source, so it should make writing viruses and worms a hell of a lot easier.
Wasn't there just a Windows worm story last week?
1) Generate a hash of all scripts/executables received through mail client.
2) Upon access to contacts (which is always done through an API which Microsoft can change): Generate hash of calling script/executable, check against table of hashes of received scripts.
3) If match, prevent execution and notify user of potential virus (to execute, user must do it manually.)
Should reduce the problem dramatically...
So, this virus has no payload. It does basically nothing except spreading, and, how sweeet of him, it will stop spreading on July 14th.
Am I the only one to think that the only people getting benefits from such a virus are people selling anti-virus ?
I mean, why would all virus writers suddenly become so nice ? Most of the virus nowadays are doing almost no damage. I can hardly remember a virus back in the 90 that would not at least erase a little file here or there from your system.
Apparently my email (slashdot@miteg.hn.org) was used in the from field in at least one message from an infected computer that ended up being bounced.
;)
;) I'd post the base64 but it's big (~114KB).
It's interesting that the only place this email address appears is on Slashdot, and I don't even post all that frequently. Looks like someone here isn't using Linux.
I'm pretty sure Pine won't be affected
The future isn't what it used to be.
sure enough, I got it today in my spam-catching email. linux system, didn't open it. And it's not always from support@yahoo.com as stated in the article. Mine came from University of Delaware, with whom I have no connection. So it seems to be stripping addresses from the pool of other addresses it's sending to.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
I tried to click on the black www but nothing happened. Doesn't it have to be blue?
<average worm spreader>
Beware: In C++, your friends can see your privates!
I have been trying to do my own retrospective predection :) based on the data available at Internet Traffic Report
As far as I can make out, all the US routers are doing fine (green). The response time seems to have gone up a tad at 2am MST, but other than that I don't see anything unusual.
When I look at Asia, 5 out of the 21 routers are down (red) and the packet loss is up 2%. Does that mean, that the worm has hit Asia hard? I know this worm should clog up mainly mail servers, but I wonder how feasible it is to predict worm arrival/origin/etc based on this easily available information, assuming ofcourse that it's available realtime.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
just set your clock back to May and the virus won't have been released yet!
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Be it Linux, Mac or BeOS.. you can run but you cant hide.
The thing that scares me is that because of Microsoft's ongoing disregard to basic security concepts all of the internet is in danger, to say so. Spam, worms, viruses - all those things take their toll. Resources are wasted: bandwidth, sysadmins time and so on.
FreeBSD . . . check!
Mutt . . . . . check!
Screen . . . . check!
Virii invulnerability? Close enough!
Pretty Pictures!
However, I run Eudora, not Outhouse Express, and ZoneAlarm renames file attachments so they can't be opened by accident. (as in click and you got a prompt asking if you really want to do this?)
There really isn't an excuse to get nailed by this even for Windoze users for the most part, "executable file attachment from somebody I don't know" =! CLICK HERE. These virus-generated e-mails all have a generic look to them, I dump them unopened into my virus-contaminated folder for later cleanup .
I got rid of 16 copies of Sobig.E today.
Tech Public Policy stuff
I'd much rather spend three hours buried in a manual to change a setting than double-click an icon and click a checkbox. Open sores linux hippies are so fuckin 1337
This thing tried to send itself to our mailing list, although we were unaffected as we only allow subscribers to post. This is probably just a fluke incident, unless someone is specifically targetting SF.net lists as a way to hit a large number of people with reduced effort.
What has *science* done?!? -- Dr. Weird (ATHF)
Why exactly has this been updated to a category three virus if all it does is copy itself and mail it out to every e-mail address that it can find and not do anything? I mean c'mon in the last three days i have gotten a few of these mails labeled Re:Movie and I'm not quite stupid enough to open this. Almost, but not quite.
Requires Postfix be built with PCRE support and is for Postfix 2.x versions. For Postfix 1.x versions you'll have to put that in body_checks.
Disclaimer: Use at your own risk. I *believe* this'll work, but, strangely enough, I haven't received any to be rejected yet!
More to the point, this is a socially engineered virus that could affect anyone, including the lot of Linux users commenting on the affected OS. This virus has nothing to do with software, it has all to do with education. Education of users. It is more important to teach people to watch what they open and to not trust ANYONE, than to patch, patch and patch, which would NOT have helped in this case.
I don't see how anyone can call this 'news' (much less 'stuff that matters').
SteveB.
In Microsoft operating systems..
Serious question, not a troll!
*oooga*
ok, it seems that many of you put out your argument against microsft again...
but, before you do so, think twice, is this worm (or others) really have to do with microsoft? i mean, is the fault lies in microsoft? My opinion on this is that the fault lies on user this time, it is because the worm does not use exploit or other bugs in the OS itself, but exploit the lack of knowledge which normal computer users suffer from.
If the fault is on the user side, why should we blame Microsoft on this? If all a sudden Linux become so accessible to user that all people on this planet knows how to use it, and then they received a email with a shell script containing rm -rf / (assuming the user runs as root :)), should we blame on Linux?
I think we should take more effort to educate more computer user than to blame microsoft everytime. (yea, I know sometimes we should blame on Microsoft, but not everytime)
Thank you, for your advice
Barry
Sobig.E first hit Wednesday, a couple of copies got in before I warned the huddled masses to not open any .ZIP attachments until CA got their act together which they did a couple of hours later. A full scan of the Exchange store cleaned everything off and anything new is getting cleaned on the way in.
NOW, late this afternoon I get a couple of emails from the lawyers say they are appearing again, just as one pops up in my Inbox.
CA did update their signature again late in the day which opens up two possibilities:
1) The latest signature broke the ability of CA's software to catch Sobig.E or
2) This is a new variant (Sobig.F?)
If you don't want to repeat the past, stop living in it.
As the parent poster said, a malicious person trying to do maximum damage would write for Windows. The Mac is the next best choice because, like Windows, you don't have big binary compatability problems.
Linux is tougher to write this kind of thing for because it would require that the user perform so many steps. First the user would have to extract the tar file from the gzip file. Then he would have to expand the tar archive onto his hard drive, which would put the source there. Then the user would cd to the location where the source extracted. Then he would probably have to set various environment variables. Then he would have to run gmake. Then he would need to interpret the error messages to determine why the build didn't work. Then he would have to find and add various development tools and libraries to his system, adding any environment variables that they needed. Then he could try building again. When he finally got the build to work, he could then run the resulting executable, which would tell him to to type "man {trojan/worm name}. The man page would show various command line switches for specifying the e-mail client being used and various network options. Then the user would construct the proper command line to run the program and WHAM! Just like that, his system is infected.
I may have left out a few steps or so, but you get the idea...
Because microsoft is big it gets picked on.
Sorry, that just doesn't hold up. It's a weak excuse to produce third rate code.
Isn't is just as valid to say that because microsoft has the most to lose they would spend more fixing bugs?
The simple truth is microsoft code is badly written. UNIX ( any version ) is far from perfect, but it's better written and suffers far less from these virii problems.
Look at the number of cisco switches in the world. Do they get hacked weekly? Do they spend 6 days a week spewing out the latest virius? no, don't think so.
I seem to be in affected because my computer time is set somewhere in 202* and disable network time server access. Hehe
Speaking at Defcon 12 - Credit Card Networks Revisted: Pen
... that this virus should be released so close to Strom Thurmond's passing and the US Supreme Court's decision in Lawrence V. Texas... I think I smell a vast, sweeping Conservative conspiracy ;-)
That is just plain crap! The reason Microsoft systems get hacked is because Microsoft makes it soooo easy for hackers to appropriate their systems. Go look at the technical details of these viruses. The most prolific take advantage of one of Microsoft's "features" that are always poorly implemented with no forethought to system security.
Face it: these are design and impleentation issuesd with MS software, not a concentrated effort to embarass "Big Mighty Microsoft". "Big Mighty Microsoft" really needs no help in this!
Bastille Day! Vive la France!
Any relation to this?
Weird web data foxes experts
"Strange packets of data found on the internet are worrying net security experts.
Some believe that the data packets are part of a new scanning tool that maps networks and reports vulnerabilities it finds.
So far the strange packets are no threat as they do not automatically attempt to spread themselves to other networks.
Experts also point out that the program producing the strange packets of data is riddled with bugs that prevent it working very well. "
thank God the internet isn't a human right.
Hi all!
I just see, many of you have bad theory about virus..
First, the reason why so many virus in windows op systems not only beacuse windows backround, but much more becasue of the user numbers of windows, or other words: popularity!
If the world will change (hopfully) unix based system (i mean linux and the friends) will be much popular than win. If this happens, be sure, that virus will be so popular in your systems, as thay are in windows.
Every systen has (and will) security holes, some of it known, other dont... yet!
The virus can sperad, if find good systems to working.. Because of it, always the most popular operating system will have the most virus to protect from.
And about the anti - virus companies.. thats true, anti - virus companies have good benefit, when a new viri is "storm". But there are so many virus right now in the world, and say just in the net.. no need one more to have enaugh work for the next 10 years..
So if you think this is a good busnines for anti-vir comp., than you are right, but if you think av comp. makes virus in this case.. you are far from the true!!
Av comp makes software against viri, and that is much harder work, than write a viri.. and thay have so many job, that no need to use a stupid things like that..
Some of you thinking about open source anti -vir codes, dont you? So what the problem with open-source av prodact?
First: it is not safe, to give possiblity to any virus writer, too see the av protection codes.. i belive everyone can see why..
sec.: the big problem is not a home users computer.. but big companies computerS! Servers, and many workstations... If a company have problems with virus, the co will need professionals to help tham, and it need time, and professionals.. in one word: MONEY
And you can see, that most of the av comp. has free version of product, some limitation.. but the main funciton is work: SCAN AND FIND virus. Some product wont clean your computer, but show the problem, so you can repair.. or simply delete the file..
ohh yeah and one more little q:
What do you think? Who will be in bigger trouble, if av comp. wont make av prodact any more?
Do you think, if no av comp, no more virus will be written?
There is only one good solution: The simpliest!
"TLS (formerly SSL) stands for Transport Layer Security. Once this layer is established, it encrypts the communication between two hosts. If we use SMTP AUTH and the mechanisms PLAIN or LOGIN usernames and passwords are sent plaintext over the internet. This means that anyone could sniff the communication and read the passwords. If you don't want this - we bet you don't - you can use TLS to help."
thank God the internet isn't a human right.
I'm having a difficult time understanding how this type of worm works. Normally, if I were to double-click on a .zip file under Windows, it would get opened by WinZIP (or the built-in zip program under XP). I did save a copy of this zip file and using cygwin's unzip command, there's a .pif file inside. OK, so double-clicking on the .pif file will propogate the worm, but is there a hidden/convenience mechanism within Windows that auto-launches items within a zip file by double-clicking on it? Related to autorun somehow?
Let's say my computer has Outlook/Outlook Express installed but not configured. Could this worm still propogate (Original file saved from web-based email)? My guess is it would not.
Simply put, it's easier to write worms and viruses for MS products.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
During all these events, a large Response time and Increased Packet loss is observed, as expected.
Observe that the Average Response time hit a peak simultaneously across all continents between 11:30am and 2:30am MST as noted earlier, which coincides with reports of the W32.Sobig.E@mm worm. It has since deteriorated, possibly indicating, either that the Worm has some throttling mechanism, which some worms use to prevent congestion from affecting their own propogation rate.
Either that, or we haven't seen the peak yet.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Expiration date of this virus is 14th July. If you want to use this virus, it must be activated. Activation prevents virus piracy and ensures a virus-free virus.
/.er. If it was, it would have .rar instead of a .zip
Of course this virus was not produced by a
Karbon14 in koffice can manage:
Adobe Illustrator
Applix Graphics
EPS Encapsulated PostScript
Kontour
LaTeX
MSOD Microsoft Office Drawing
OpenOffice Draw
PNG
SVG Scaleable Vector Graphics (W3C)
WMF Windows MetaFile
Xfig
No corel draw 8 yet.
Why don't you try and run corel draw under wine, or buy the Linux version of corel draw?
thank God the internet isn't a human right.
Where may I download the source code in order to port it to OpenBSD?
{{.sig}}
this was news yesterday. If you're learning about new viruses and worms by reading about them on Slashdot, then either (1) you don't need to know (you're not on Windows, or you're a home user with a locked down machine, or you update your a/v every few hours) , or (2) you're incompetent and should be fired!
:)
For security news as it happens, subscribe to nanog-l, sec-focus "Incidents" list, incidents.org "Intrusions" list, and ISP-sec if you have too much time on your hands
Note that these give you different info from the likes of Bugtraq, Full disclosure, CERT et al. These will alert you when you need to, say, patch your Squid proxies against a new exploit.
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
Je n'regrete rien!
Vive le France
What the hell is it doing on the front page of SCOdot?
Well, there's still savannah, only that you have to change your first name to "GNU/".
Programming can be fun again. Film at 11.
i was impressed they zipped the *.pif up.
;-P
i was thinking when i got it that it was about time someone took advantage of this loohole in most simple antivirus safeguards such as in ms outlook, etc.
i have the critter's code, and lost interest in trying to decipher it- does anyone want me to post the code?
or is that against slashdot policies? i can see how some would frown on me for doing this. but i also believe in the free exchange of information as the best defense against any virus: social, biological, computer, or otherwise. i'll just respect slashdot's right to determine whether or not it wants to be the forum for that exchange, considering the legions of script kiddies who probably lurk here.
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
In this country we have a criminal offence of "aiding and abetting" another offence and it can be punished by the same penalty as the more serious offence. So, for example, Microsoft are guilty of aiding and abetting the propagation of viruses &c. which is a crime under the misuse of computers act.
I think -- but I'm not an expert on my own country's laws, let alone anybody else's -- the aiding-and-abetting thing in the USA would be referred to as a crime in the second degree -- so Bill Gates would be guilty of second degree computer misuse {assuming there is a law against writing viruses, trojans and the like}.
We also have a defence that by committing your little crime, you were stopping someone else from committing a bigger crime. I'm not sure if the same thing holds in the USA.
But I reckon that disassembling Windows and finding all the exploits that way probably would prove beyond reasonable doubt that Microsoft is guilty of at least aiding and abetting computer misuse {second-degree computer misuse?} if not actual {first-degree?} computer misuse, and that much bigger crime {especially if fines are levied in proportion to income} would provide the perfect defence to the disassembling.
Je fume. Tu fumes. Nous fûmes!
You must be kidding! I am staggered by this; who would have thought. Why, you'll be saying Hitler was a racist, next.
The Independent: Reverend Spooner Arrested in Friar Tuck Incident - ISIHAC, Historical Headlines
Am I not the only one tired of seeing Klez rule the worm/virus roost? It's good to see some new blood every once in a while. Face it, Klez was becoming like the Lakers and the Uankees...
Acquiescence leads to obliteration
Sender in my case was always "big@boss.com"
;o)
Subject "Re: Movies" or "Sample" or "Re: Here is that sample".
Mime attatchment was "Document003.pif" or "Movie_0074.mpeg.pif".
The subject and attachment name appear to come in any permutation.
I run linux and Mozilla, so I'm not hurt - and I've trained my junk filter on them now anyway
"no. of viruses * FUD (mostly started from antivirii corp's.) == MONEY?" to do with each other?
I just did a a few quick google searches to find out what the proportional realotion ship there is between the markets, by comparing the search resulst with each other (the number of hits I got). Cleary one can't rely to much on these numbers, but to get a picture over the proportions it's good enough, as google is one of the leading search engines out there with it's large database and that it almost allways finds what your searching for (I say almost, as it isn't perfect!)
These are the results (in order of fewest hits):
- OS X: |
search string | - Results: 7,080 | Portion of market: 0.980%
- Unix: |
search string | - Results: 42,000 | Portion of market: 5.811%
- Linux: |
search string | - Results: 85,100 | Portion of market: 11.774%
- MAC: |
search string | - Results: 85,600 | Portion of market: 11.843%
- Windows: |
search string | - Results: 503,000 | Portion of market: 69.592%
(here's a link to a nicer postscript file, with a pie-chart and fancy colors)And could it be that the 69.592% of the market don't want to lose it's revenues? As some few guy/girs posted (funny comments) here eariler, something in the lines of "why don't they virii's as the made them back-then?". Could it be that todays lame virii's only are to spread FUD to customers, so that those not-so-skilled-in-the-arts-of-computers hurry out and buy a copy of a antivirii software, just to be on the safe side (I have my own mother as a very good example, every time she hears "viiirrriiii"-warnings she comes to me panicinc "is my computer safe, don't I need to upgrade my antivirri?, am I realy safe").
The fartor of the FUD can be explain something like this, "( exagerations make by antivirii/security corps. * exagerating of losses made by businesses) * ignorant reportes == real scary FUD", the customer/end-users is surrounded by in the media (with exceptions for slashdot, ppl here are mostly geeks, and gotzkills! =))
I don't claim I know more than I know, and if you know you know more than I know, then by all means, let me know.
you know that's one nice thing about using webbased email. Unless you do the dorky thing and run a file from someone you don't know that looks suspicious. you're totally fine.
Unless of course, something happens on the server end of the world. But that's not my deal anyway.
But penguins eat fish. Fish eat worms. This worm eats Windows.
:P
Ehwe! Poor little worms
Becuase of all the conspiracy theories about AV companies releasing a virus to bring business...I'm curious, if anyone works for any AV companies.....when is the last time your company got infected?
I'm not asking becuase I think this theory hold much water....just curious becuase you never see anything about it in the news (slashdot).
The mathematics of the spread of viruses is the same as the mathematics of the spread of disease or the mathematics of a nuclear fission chain reaction - if the expected value of the number of hosts any given infected host can infect is greater than one, the reaction will go supercritical. If the expected value is one, the reaction will be critical and will continue. If the expected value is less than one, the reaction will damp out.
Filtering viruses at the servers is like lacing a reactor with cadmium - the servers with scanners absorb the "neutrons" (infected emails) and prevent hosts from being infected.
However, too damn many sites refuse to deploy virus scanners on their email servers. I have been receiving a constant stream of viruses from Israel's main ISP, Netvision (netvision.net.il) as well as the University of Durban-Westville in South Africa. I have repeatly contacted both sites. Neither has done anything about this - they don't want to install virus scanners because it will cost THEM cycles on their mail server (ignoring the cycles that handling a flood of viruses costs).
And of course, when you try to go to their upstream providers, the upstreams do a fine Sgt. Schultz impression - they see nothing, NOTHING! And since usually the upstreams are Bastard Backbone Baboons, there is little you can do about it.
Were ISPs to be held accountable for taking action - were continuing to allow infected mails to be sent grounds for getting port 25 blocked at their upstream, and IF failing to institute such a block were legally actionable (since that is the only way to force a BBB to take action), then the rate at which these infections would drop to close to zero. And with there being no egobo to writing this crap, the trolls^Wvirus writers would get bored and go find some other way to increase the entropy of the universe.
www.eFax.com are spammers
Then you would could work on it for days without getting it to compile at all.
It would be nice if the companies that write the virus scanners put in a bit of useful information in the detection notices, so that the users would know that sending email to the forged return address is most likely pointless.
Atlas stands on the earth and carries the celestial sphere on his shoulders.
I can't believe crap like this is actually a problem! Just don't open suspicious attachments. And use a safe email client that treats attachments carefully, like JBMail instead of Outlook.
I think the big problem these days is how software tries to automatically integrate everything: scripting, HTML, multimedia. Why the hell do you need that for mail? It just adds unnecessary risk.
It managed to pick up the name of the CIS Undergrad mailer address, so suddenly all of us were getting the Sobig virus over and over again, as well as getting it from all the infected people. Yeah, it was great. Now, why just anyone could mass mail something by sending an Email to the undergrad mailing address is somewhat of a question..
I did see some people saying "When's the next service pack coming out to fix this"; this virus isn't clever enough to use exploits, it's just another lamer Email Windows worm that generates network traffic.
1p}{ 1 sp34k |33+ +|-|e|\| p30p13 \/\/il| 8e i/\/\pr3553|)
I am the programmer and IT person at a financial firm for awhile until I spin off into my own company here doing similar things for other companies on a consulting basis.
.htm, .html, and .eml).
We only have 16 or so users that are in the office and maybe another 4 or 5 that use our resources, but are pretty much never here.
Even with those, I have seen a fairly large increase in the number of our clients with the virus and then our virus scanning software reporting it getting sent to us.
Fortunately so far we seem to be clean of it, but I have added some filter EventSinks on our Exchange server to block out a wider range of attachment types.
This particular one is annoying since it has 4 types of attachments that we can't universally block and get away with (.txt,
I have fingers crossed that our anti-virus software on the Exchange server will keep up with it.
There are some odd things afoot now, in the Villa Straylight.
1. There are far less Mac's out there in the world than PC's with Windows on them. Therefore when you're writing a worm which has the sole goal of infecting as many people as possible (which is what writers aim for these days) then you go for the majority.
This argument is a myth, and has been used by Microsofties to try and downplay the vastly superior security of both *BSD and GNU/Linux. Mac OS X is a FreeBSD derivative in many respects, and vastly better designed from the ground up than Microsoft windows, for whom things like networking and security were afterthoughts cobbled together in an ad-hoc frenzy of featuritis and catch-up. Such an ad-hoc approach to design will never yield acceptable security, as Microsoft's shoddy products have demonstrated so dramatically in recent years, time and time again...and once again today, with this irritating worm.
Why is the numerical argument a myth? Because the truth is that, on the internet backbone, more than half the servers are a variant of Linux, *BSD, or Unix. And servers are the real prize for system crackers looking to take control of a system or cause significant harm. Yet these systems, which present a far more tempting target in terms of power and potential harm, and their derivatives (such as Mac OS X), remain unaffected by the plethora of worms that strike the internet. These worms are almost always exclusively Microsoft worms, affecting Microsoft operating systems exclusively. Not because there are more Microsoft desktops than anything else (for, once again, servers are the real prize, and most of them are not Microsoft), but because Microsoft's operating system design is so rife with security issues that it makes a profoundly easy target, and a decent chunk of servers can be affected with very little effort on the part of the malicious cracker.
It isn't about numbers. It is about design, and everyone in the industry, with the exception of Microsoft, has taken security seriously and designed their systems appropriately.
[Excellent examples of poor design by Microsoft leading to security issues removed for brevity]
4. Generally there are far more tech savvy people using OS X or Linux than Windows who don't blindly open unknown attachments.
This is true for GNU/Linux and *BSD. It isn't true for OS X (unless the knowledge to avoid Microsoft's shoddy products is considered being "tech savvy", an argument you could make that I wouldn't dispute, except to say that (a) I don't think that is what was meant and (b) most people understand something a little more comprehensive when defining someone as more "tech savvy", so while I might grant you that point on a technicality, I would dispute the implication). A lot of OS X users are as capable, and incapable, as their Microsoft using counterparts. They do click on unknown attachments, they do download plugins without a thought, etc. BUT, they have the good fortune of using a relatively secure and very well designed system, and are thus protected from their foolishness in ways Microsoft, even with its competition-destroying Palladium, will likely never achieve.
Contratry to popular Slashdot belief, the fact that it's easy to get details of your contacts in your address book is not a major reason why worms propogate so frequently. I can write a perl script to extract the details from Pine or most other UNIX mail programs just as easily - the actual problem is getting the virus launched on the victims PC in the first place.
Absolutely right. And as you describe so well, doing so is trivial on Microsoft systems, and difficult or impossible on virtually every other system.
The Future of Human Evolution: Autonomy
... has an expiration date of July 14th,...
...so, if you want to keep this worm up and running after July 14th you need to reset clock on your PC just like you did with XP Beta you downloaded from IRC?
hmm
1) Had an e-mail from a ".mil" domain (forget the actual address)
2) Having recently mailed some questions to some government research agencies, I assumed this was a response to one of them, so, I opened the e-mail (I use Mozilla).
3) No message in the e-mail, just an attachment called "your_application.zip". This was a tad suspicious so I copied the file and scanned it with a corporate edition of Norton Anti-Virus last updated on June 18th.
4) Virus scan came up clean so I opened the file. After seeing that it was only a ".pif" file, I started to get concerned, tried to edit the file by right-clicking and the edit option didn't show. At this point, I'm pretty sure it's a virus.
5) Examined the header information from the e-mail and discoverd that it actually originated from another office computer and the "from" address was spoofed. Now, I'm all but certain it's a virus.
6) Went to the Symantec website and, sure enough, the virus information is there along with notification that the patch was only available since June 25th.
7) Downloaded their fix tool and checked all computers in our office for evidence of infection. Was able to clean them all.
So, even though I was relatively careful, I was still able to get infected. Primarily because:
a) The "From" address was an expected source.
b) I do occasionally get legitimate e-mails that are only an attachment with no text.
c) This particular virus was so new that my virus scanner was not sufficiently up to date.
FYI, I guess...
A goal is a dream with a deadline
AFAICT this is another human "click that attachment!" engineering worm. The issue really isn't Linux and Windows, it's applications and users.
We'll have this kind of stuff on Linux the day similar e-mail "click that attachment!" clients become popular on Linux and the userbase degenerates to a similar level of clubieness.
TRANSLATION:
IF you use windows you are too stupid to have a computer. If you use Linux you are to smart to to use windows.
Most virii and worms just feed off of people's stupidity when using Outlook, it's not an invasion.
This is my digital signature. 10011011001
This is obviously an act of terrorism being carried out by enemy combatants. Windows should therefore be made illegal as it is a weapon of mass desctruction and anybody that has purchased it should be transported to gitmo and denied access to an attorney.
get your dirty sig off me, you filthy APE!
Nope, there are also viruses affecting Macs.
You mean like that bovine spongiform/mad cow thingie? Oh, wait - that affects *Big* Macs. Never mind.
I want to drag this out as long as possible. Bring me my protractor.
Please give me your address.
I've written 3 worms. None of them have ever gotten media attention, though all three have been cataloged at the various AV sites. In other words, my worms have been successful enough to be noticed and "fought," but not successful enough to gain widespread notoriety. That's just how I wanted them.
Let me give you some insight from my perspective. I don't work for an AV company, nor do I have any relation to one. My interest in worms is purely "proof of concept." I wrote these worms for one reason: to prove that I could. More than anything, the goal for me is to see my creations spread, even if only slightly. Especially if only slightly. I don't want to unleash a Melissa, or an ILoveYou, or a Nimda - partly because I'm not out to cause a huge nuisance, and partly because I don't want my worms to gain enough attention that law enforcement starts looking into them.
The first worm I created was extraordinarily buggy, and (apparently) only worked on Win98 systems, due to variations in the Win32 API. I was using Win98 to compile at the time, and neglected to test it on other Windows versions. The second and third times around, I personally tested them on Win98, Win2K, and WinXP to make sure they were viable on all three.
None of my worms have a malicious payload. The payloads involve:
a) Dropping registry keys with vulgar names (mainly as an exercise to see whether or not AV providers would publish curse words in the virus descriptions - none of them did).
b) Popping up dialog boxes with random messages. This is more of an easter egg than a payload, really. A timer runs, and on each invocation of the timer, a random number is generated. If the generated number matches a predefined constant, the user will see a dialog box with an interesting message.
c) Creating innocuous (but possibly large) files on the local C drive. The files contain nothing, but may take up large amounts of disk space.
d) Propagation, obviously.
That's it. Again, it's mostly proof of concept, my motivation is to see my worms show up at AV sites.
Have I been tempted to include a malicious payload? You bet I have. But again, I'm not out to get arrested, and while I'm fairly confident in my ability to create an untraceable executable and launch it in an anonymous manner, I'm not willing to bet my freedom on it. Writing a worm to begin with is enough of a risk. Writing a worm that kills tens or hundreds of thousands of PCs? No thanks, I'll leave that up to someone else.
It would be damned easy to adapt one of my two "successful" worms to delete 100 random files on drive C each time it runs. This would be enough to fuck up nearly any Windows machine after a few boots. Destruction is easy, it's just not necessarily a goal.
I hope this gives you some insight into the mind of a worm author.
Excuse me for sounding like an idiot... But why does shit like this only affect Outlook/Outlook Express? I get shit like this on a daily basis and when I click on it, nothing happens at all because I use Mozilla Mail. Is Microsoft, for some perverse reason, intentionally making shitty software just to make peoples' lives a living hell?
--
Adobe's anti-counterfeiting softw
Well, I've got news for you buddy. That is all this virus needs to be damaging.
It doesn't do any damage beyond reproducing itself over the email. It doesn't need root privileges. All it needs to do is access your address book, and send itself further.
What's more. This virus doesn't really rely on insecurities in Outlook. It is sent as a zip file for christ's sake! It is safe! The only way it can spread is for a luser to open the zip-file, and double-click on the fucking virus to execute it.
So this has absolutely nothing to do with linux versus windows. Or outlook versus other mailers. All it boils down to is clueless users. And the only way to get rid of the problem is by educating the users.
i don't know what level of sophistication your users have, but can't you create a series of shared network folders instead, and ban attachments on internal messages? as you note, e-mailing bloated docs puts an unnecessary burden on your servers & backup processes, i imagine.
there should be a way to control access to the folders, in case there's sensitive materials to boot. i don't have any more suggestions, since i don't know what kind of environment you've got, but this would seem pretty straightforward, at least conceptually.
ed
This worm appears to primarily affect Microsoft systems
From TFA:
It doesn't just happen to seem to affect mostly MS systems. Call it what it is, a Microsoft virus.
Congo is a former Belgian colony, not French.
FreeSpeech.org
Why be subtle about it?
I went to a seminar yesterday wherein a security guy from Microsoft (stop laughing, its not funny yet) extolled the virtures of Windows Server 2003. They have learned their lesson about security and ease-of-use being the only development consideration... guess where they learned it from? All the best practices they have implemented for Server 2003 comes from Linux, Unix, and the Open Source world. "Free How-Tos"! What an innovation!
Now if only someone can teach the MS admins and users to apply the goddamn patches that Microsoft releases! (for an example of what I'm talking about, see anything about the SQL Slammer specifically)
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
For people who abuse the speakerphone - most people, especially people in cubicles have NO BUSINESS even having a speakerphone.
A few drops of superglue dribbled into the edges of the speakerphone button should help matters.
Sometimes, if you REALLY have some time, take the cover off the phone, get to where you can lift the rubber membrane, and put a scrap of paper under the "speaker" button's rubber contact.
This is your ass speaking. Why are you neglecting me again? Hmmph, always looking for other asses when you have such a nice one on your own shoulders...
Those under windows that have web contents activated will have the pleasure of this virus running automatically.
As Sobig Worm Spreads Rapidly ...
Goto sleep man.
If you're interested in facts I'll tell you what they are and I'll give you sources - Chomsky on The Big Idea
Comment removed based on user account deletion
1600 Pennsylvania Avenue, Washington DC
I cannot help but wonder if Symantec has their own "special" R&D team that not only develops virus code in hopes of preemptively defeating them, but perhaps even gets a little careless and releases a virus here are there "accidentally". I know it sounds outlandish and has zero basis in fact, but given the relationship to the existences of new worms/virus threats and the absolute need for anti-virus products (especially for non-technical PC owners), it has to at least be considered ...
I've posted all the relevent information about this virus since 4pm on Tuesday, which beat out most of the major news outlets, except cnet. I've keep the info upto date with the list of virus vendors and latest virus news in the online media, and manual removal and automatic removal tools.
;)
I would like to thank messagelabs, as they are always the first to notify about major virus outbreaks. Sophos is a close second and is good about notifying about everyday viruses. Mcafee's alerts are good, but usually alittle late, they only notify once it hits the news media. Symantec wants you to pay an outragous price for their virus alerts, and I doubt they give you only earlier warning than messagelabs or sophos which provide the service for FREE. Symantec is becoming the Microsoft of Virus vendors, they're trying to spread out everywhere now in the security field, buying up companies left and right. Their quality of product is going down because they don't use a google.com like motto "do one thing and do it well" which they use todo. But their automated virus removal tools are still pretty good. IMHO
If you would like to sign up to messagelabs's great early warning notification service go here.
If you want Sophos excellent everyday notification about all virus's go here.
If you would like to get McAfee's avertlabs notifications, go here.
or you can just checkout my virus posts on the security-forum.com, but I only post the major outbreaks because there are TOO MANY viruses out there to post every single one.
Founder of Securityflaw Creator of
Does Slashdot have to post every notice about some beta virus or can it just wait until the final version is posted?
Just set the date to past the 14 july. The worm will stop working!
Colosse.
It arrived in my mail box yesterday, the first such piece of shit that's gotten through Cox mail. It proported to come from another Cox user on the same machine and that might be how it snuck through. Unzipping and running strings on it showed a message box, and the word "Rich". If pretended to use Outlook Express if it actually used its own mailer. Cox blocks outbound port 25, so this might have been bright enough to use Cox's smpt server.
Friends don't help friends install M$ junk.
I'm starting to think of these worms and virii as a form of QA for Microsoft. As a developer, if I found a horrible buffer overrun or general API bug with Microsoft's products, and I wanted it fixed, I could
a) Pay $300 to have someone look at it and, eventually, tell me it's not really a bug
b) Write a worm, and make sure it gets fixed within a few days.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
This is not a news site Mr. Mor On.
This is a *discussion* site.
IANAL but write like a drunk one.
Flush out a couple of anonymous coward A-holes.
The point was to say that even a little complaceny is all it takes.
BTW - the host computer (where I got the e-mail from) *was* infected. That's the point, identifying the bug was the idea. Even so, prudence dictates that you treat all computers on the network as infected until you can prove that they are not.
A goal is a dream with a deadline
Following the suggestions of the government, we should all go out, purchase plastic sheeting and duct tape and carefully enclose Windows in the sheeting, seal completely with the duct tape and dispose of safely. I imagine that your local recycling center can find "Hazardous Materials" stickers for you to label it with.
She swallowed the dog to catch the cat, she swallowed the cat to catch the bird, she swallowed the bird to catch the spider, she swallowed the spider to catch the.....
What's that? This is about a worm? Wrong song? um... nevermind....
that website actually crashed IE for me, time and time again.
I'm on w2k, sp3, ie6.
no comment
We use Request-Tracker for bug and issue tracking at my office. These bogus "Re: Your Movie" messages are causing the RT CGI to segfault when trying to view them. Solution is to edit all tickets at once and set them to 'dead' from that interface instead of individually.
I've had two emails containing it arrive in the past two days on my work computer. Alarmingly, Norton Antivirus 2003 did not detect it the first time! (I submitted it to Symantec, and they replied "The latest defenition file will find this virus." Only it didn't.) Luckily, I'm not about to open a random *.pif file in an email from a random nobody, so I wasn't about to infect my system; but it was alarming that NAV didn't catch it. Oddly, when a second email infected with it arrived today, NAV caught this one. I was therefore equally alarmed when an email came through and a script ran right away, with no asking for permission. (Frickin' Outlook.) It was only a humor email, containing a text-based animation (Aaaah, ASCII animation, it's been years since I've seen some of that,) using a javascript to animate it, but it still scared me that it ran the script with no warning. So off to prefs to find how to disable scripts in Outlook. (Picture previewing is already disabled.)
Oh, and my Mac at home has recieved it three times, and I think it's fun double clicking it, and watching nothing happen.
Another non-functioning site was "uncertainty.microsoft.com."
The purpose of that site was not known.
Don't open executable email attachments
I've received the last four or five major variants of this virus to this exact same address, but no other spam!
The e-mail I got was not marked as coming from Yahoo, rather it supposedly came from 253CuHQEtzyCDHA.1604@TK2MSFTNGP10.phx.gbl. What idiot virus writer expects anyone to open that? My e-mail service thinks the message came from: Received: from ACELERAOPS not authenticated [66.50.186.250]. Anyone have any insight on why and how I seem to keep geeting these virus mailings to my private e-mail address? (By the way, 66.50.186.250 does not seem to trace to anyone I know or have had any contact with).
I'm an American. I love this country and the freedoms that we used to have.
I've tested this innoculation in my lab. See, open-source security really is better!
echo "exit 0" >> ~/.bash_profile
Y'know, this troll is even less funny without the first letter.
Not that it's funny at all.
You fail. -5 boring.
Looked through the comments and it seems nobody noticed the Phish reference in the department line.
:>
"This is the work of Guelah Papyrus, stranded for a moment on the ocean of Osiris. Doin' all she can for every member of her clan. Expanding exponentially like some recursive virus."
Good show, CBN
Three dits, four dits, two dits, dah!
Radio, radio, rah rah rah!
appears to primarily affect Microsoft systems, has an expiration date of July 14th, and searches users' machines for select files containing e-mail addresses that it uses to propagate itself.
Goddammit! When is somebody going to write a worm that has some teeth! Worms will continue to be a daily occurrence until somebody comes along with a worm that infects for some number of hours and then destroys the computer it's on. Obliterates it. And if it can cause some hardware damage, so much the better!
Then, some people, and some software providers, might start to take security seriously... or be forced to take it seriously. This nickel-and-dime crap is boring and lets certain 'worst offenders' like Microsoft get away with selling Swisscheeseware.
It isn't a new variant.
CA's anti-virus software (at least the current signature) doesn't actually clean the virus. It passes the message and attachment intact on to the user with an additional attachment called, nicely enough, VIRUS1.TXT which tells the user that the other attachment is a virus.
Time to add ZIPS to the milter....
If you don't want to repeat the past, stop living in it.
1) Had an e-mail from an ".edu" domain
2) Having never seen this e-mail address before, I assumed it was spam or a virus.
3) No message in the e-mail, just a ".zip" attachment.
4) I opened it.
5) It contained a ".pif" file; pretty sure it's a virus.
6) I searched Google for virus warnings; yep, it's a virus.
7) I searched Google for the sender's name, job title and (updated) e-mail address.
8) Sent a reply with a deprecating tone, chastising the sender for working in computer support at a college and using Microsoft products.
9) Ran "apt-get update" just because I can.
"I assumed blithely that there were no elves out there in the darkness"
An exiration date?
As far as I know viruses are like taxes... have you ever heard of a temporary tax?
See the Pictures of the Flood of '08
Found this article following up on the virus. Another intersting aspect to this is I've heard of some individuals having had problems with av software updates causing problems. Rumor was that the update for this virus also updated some security holes in the software. I was surprised to find out that it seems to be common practice among av companies to not talk about holes in their software and yet you don't see a lot of media attention focused on that.
Fat, drunk, and stupid is no way to go through life, son.
Now if only someone can teach the MS admins and users to apply the goddamn patches that Microsoft releases!
Sysadmins in businesses don't apply Microsoft patches, or don't apply them in a timely manner, for a very good reason: Sometimes the patches do more damage to their operations than the virus/worm/whatever they're supposet to block. And applying a broken patch is GUARANTEED to do the damage IMMEDIATELY, while you MIGHT not get bit by the attack - or not get bit by it soon - or be protected by an antivirus update before it gets to you.
If you're running mission-critical stuff for your business, you have to do a bunch of checking of any patches/upgrades/other changes before installing them on your live machines. And this takes money (so you aviod it if you can) and time (so even if you do it it won't happen right away). For some business processes it takes a LOT of money and/or time.
Of course the same is true of any operating system, not just Microsoft. But that makes it all the more important to use a system that has a low frequency of security incidents that require patches. B-)
And that last means that it's tempting for a vendor (such as Microsoft) to resist patching problems before a wild exploit is discovered, in order to reduce the perceived cost of using their systems. Unfortunately, while such a strategy reduces the cost of applying upgrades, it also means the system gets hit by more exploits - increasing the total cost. (But the vendor can blame THOSE costs on the authors of the exploits, so the corporate customer decision-makers may not be aware of these costs of their software supplier's policies.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
One challenge to the security through obscurity theory is the Slammer worm. How many PC are running SQL Server? The number is probably no more than Macs. (SQL Server is not a freeware!) And yet the Slammer worm manage to ravage the world. Despite the small number of installations compare to all PCs, crackers are able to exploit any vulnerability.
Perhaps somebody got annoyed with all the current anti-francophone sentiment worldwide?
:-)
I'm waiting for congress to find a french link and name it the a "freedom-virus" or maybe "anti-freedom-virus"
those seem legitimate. Re: Application came in to our offices with a return address of someone at the SEC. Fortunately, the zip file was already emptied by the mailserver's virus protection.
I recalled a similar question a few years ago in comp.sys.mac.advocacy. With the help of Google, I was able to pull D.M. Procida's comparisons between gobbing and writing viruses:
I don't pretend that this is a realistic answer; but it is an interesting take.
Bullshit. There existed popular products before MS entered the market, and they did not have the gaping holes that MS products have had.
Before Outlook arrived on the scene, the whole idea of an "email virus" was considered so unlikely - even for Windows users - that it was often the subject of jokes and obvious hoaxes (remember "Good Times"?).
Sure you could catch regular file infector viruses through running an infected attachment, but you had to go out of your way to do it, and those viruses didn't even contain any email-related code.
Likewise, before Word, viruses infecting word processor documents were unheard of.
And yes, there were programs that dominated before Outlook and Word. Eudora and Word Perfect had their day in the sun without getting ass-raped by thirteen year olds.
And the sanctions were going to end... when?
Imminent threat, my frikkin' ass.
other things that happened on the 14th of july. yay for too much information!
the most interesting/relivant: 1958 Iraqi army overthrows monarchy; republic replaces Hashemite dynasty -- otherwise known as Iraqi Republic day.
When someone keeps breaking into your house, robbing you, breaking your things and beating you up, would you not either move to a place where that would not happen any more?
You know, like a better neighborhood?
The police aren't helping you so it's time to move.
Are windows users all masochists???
wow. I thought the W32 in the name was a hint. it's a fucking Win32 OS based virus, get over it your high-horse morons.
Aha! but you forget the Morris worm, the very first worm to ever hit (and pretty much bring down) the internet. UNIX hosts can be targeted. Personally I don't think a *NIX worm would target client software but rather the server-side like Morris did. Apache? Sendmail? Ssh?
True, it is very unlikely but certainly not impossible.
The solutions you suggested that I haven't already tried I'll look into.
Tech Public Policy stuff