W32.Sobig.E@mm Worm Spreading Rapidly

mabu writes "Apparently there is another worm spreading online. Symantec has upgraded its severity to 'category 3.' This worm appears to primarily affect Microsoft systems, has an expiration date of July 14th, and searches users' machines for select files containing e-mail addresses that it uses to propagate itself."

"Primarily affect"

"This worm appears to primarily affect Microsoft systems..."

What's this "primarily affect" business? It only affects Microsoft systems, just like every other friggin' virus on the face of the planet.

Re:"Primarily affect"

[Gorfman]

If enough systems are infected, it affects us all in the slow down of the network as a whole.

Good marketing etc

[Ice+Tiger]

When these are known as Internet worms and not Microsoft worms........

To be honest...

[traskjd]

I can't really see how it's microsofts fault. Reading about it, it comes in a zip file, the user has to get the zip, extract it and then execute the payload.

Is it just me or is this more like social engineering than a real problem with the system?

In other news

[Eric(b0mb)Dennis]

"Linux and Mac users are immune."

If you were writing a virus and wanted to do some harm, why would you even bother trying to infect mac and linux users?

I mean, people make a big deal on "windows is so insecure that's why this happens blah blah".. but in reality it's just because it's so much more popular...

Not that windows isn't insecure and not that microsoft isn't an evilbad company et cetera.. just wanted to make that point..

"Mac and Linux users are immune"

I want to see a really intuitive and effective worm for OS X... all these mac users thinking they are immune.. it could be a problem.. (More likely to click on attatchments) Not that it would make a big impact :)

Re:Why Never Apple?

[Mr_Silver]

Ok, this is a serious question, not an attempt to start a flame war or anything, but why does this always happen to MS systems? I use a Mac and have only had to work with Windows at my college and a few other times here and there. I've NEVER seen a live Mac trojan or worm and have only ever encountered one virus (the 666 one) that wasn't really malicious and only added some extra resources labeled "(Box thingy)666" in an application's resource fork that caused an application to run a little slower. And that was 4 or 5 years ago in OS 7.5 or 8.

Couple of reasons:

1. There are far less Mac's out there in the world than PC's with Windows on them. Therefore when you're writing a worm which has the sole goal of infecting as many people as possible (which is what writers aim for these days) then you go for the majority.
2. There are a lot of unpatched versions of Internet Explorer out there. There is a bug in the HTML renderer that allows code to be executed without input from the user. Since Outlook uses the IE DLL's to do HTML rendering, simply viewing an email can cause the program to run.
3. Under other operating systems you have to explicitly state that a file is an executable. Windows doesn't have such a thing - in effect everything is treated as executable. Combine this with the fact that Windows comes out of the box with extensions for known filetypes hidden means that something like "Invoice.doc.exe" will be shown as "Invoice.doc".
4. Generally there are far more tech savvy people using OS X or Linux than Windows who don't blindly open unknown attachments.

Contratry to popular Slashdot belief, the fact that it's easy to get details of your contacts in your address book is not a major reason why worms propogate so frequently. I can write a perl script to extract the details from Pine or most other UNIX mail programs just as easily - the actual problem is getting the virus launched on the victims PC in the first place.

Re:email will soon be rendered useless ?

[CrazyWingman]

Dammit - stop attaching files in the first place. Instead, post them somewhere (your webpage, personal FTP server, AIM, friggin' windoze network, etc.), and then send a link. It's much nicer - the person on the other end doesn't have to worry about waiting for a long download, and you won't have to worry about your e-mail getting filtered.

A couple of small nits

[FreeUser]

1. There are far less Mac's out there in the world than PC's with Windows on them. Therefore when you're writing a worm which has the sole goal of infecting as many people as possible (which is what writers aim for these days) then you go for the majority.

This argument is a myth, and has been used by Microsofties to try and downplay the vastly superior security of both *BSD and GNU/Linux. Mac OS X is a FreeBSD derivative in many respects, and vastly better designed from the ground up than Microsoft windows, for whom things like networking and security were afterthoughts cobbled together in an ad-hoc frenzy of featuritis and catch-up. Such an ad-hoc approach to design will never yield acceptable security, as Microsoft's shoddy products have demonstrated so dramatically in recent years, time and time again...and once again today, with this irritating worm.

Why is the numerical argument a myth? Because the truth is that, on the internet backbone, more than half the servers are a variant of Linux, *BSD, or Unix. And servers are the real prize for system crackers looking to take control of a system or cause significant harm. Yet these systems, which present a far more tempting target in terms of power and potential harm, and their derivatives (such as Mac OS X), remain unaffected by the plethora of worms that strike the internet. These worms are almost always exclusively Microsoft worms, affecting Microsoft operating systems exclusively. Not because there are more Microsoft desktops than anything else (for, once again, servers are the real prize, and most of them are not Microsoft), but because Microsoft's operating system design is so rife with security issues that it makes a profoundly easy target, and a decent chunk of servers can be affected with very little effort on the part of the malicious cracker.

It isn't about numbers. It is about design, and everyone in the industry, with the exception of Microsoft, has taken security seriously and designed their systems appropriately.

[Excellent examples of poor design by Microsoft leading to security issues removed for brevity]

4. Generally there are far more tech savvy people using OS X or Linux than Windows who don't blindly open unknown attachments.

This is true for GNU/Linux and *BSD. It isn't true for OS X (unless the knowledge to avoid Microsoft's shoddy products is considered being "tech savvy", an argument you could make that I wouldn't dispute, except to say that (a) I don't think that is what was meant and (b) most people understand something a little more comprehensive when defining someone as more "tech savvy", so while I might grant you that point on a technicality, I would dispute the implication). A lot of OS X users are as capable, and incapable, as their Microsoft using counterparts. They do click on unknown attachments, they do download plugins without a thought, etc. BUT, they have the good fortune of using a relatively secure and very well designed system, and are thus protected from their foolishness in ways Microsoft, even with its competition-destroying Palladium, will likely never achieve.

Contratry to popular Slashdot belief, the fact that it's easy to get details of your contacts in your address book is not a major reason why worms propogate so frequently. I can write a perl script to extract the details from Pine or most other UNIX mail programs just as easily - the actual problem is getting the virus launched on the victims PC in the first place.

Absolutely right. And as you describe so well, doing so is trivial on Microsoft systems, and difficult or impossible on virtually every other system.