Slashdot Mirror
Microsoft Virus Spam: SoBig.F
If you're being barraged with Microsoft virus spam emails today, this story notes that it's a flare-up of an older Microsoft virus in a new, improved form. Yay for trustworthy computing.
← Back to Stories (view on slashdot.org)
I find it funny that once again a virus is being blamed on Microsoft. The only way to spread this is to open the attachment and run it. How is Microsoft supposed to stop people from opening attachements? If you use MS Outlook you are actually immune to this virus, as Outlook blocks most executable attachments. Please explain to me why a user running a file (which then opens it's open SMTP server and emails itself to people) is Microsoft's fault? This same thing could happen on Linux, there is nothing stopping a Linux user from running a file attachment. This isn't a MS problem, it is a user education problem.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
"No I don't."
Because of course they're running anti-virus software. And of course the definitions have never ever been updated.
These same people decide when their PC is two years old that it's just "too screwed up" and go buy and brand-spanking-new one with the same flaws which they will proceed to bugger up in a month in a half.
I wouldn't last a week in tech support.
Won't work. Dumb people are incapable of a realistic self-evaluation. Here's why.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
...that just because you're not using Outlook or Outlook Express, you still may be vulnerable to worms or email viruses?
All it takes is one user to click the attachment who has an LDAP-enabled address book of the entire company, and poof! you're screwed.
The only sensible way to kill these worms is to block them at the mail server. If you block them at the mail server, you don't have to try to train people or keep hundreds of anti-virus clients up-to-date. Do yourself a favor and set up XWall if you have Exchange (this is about the coolest spam-blocker/email filter program I have ever used, BTW) or SpamAssassin/MailScanner if you have Linux/UNIX. This will save you a ton of headaches in the future, and won't require you to worry about hundreds of clients being up-to-date as much as focusing on whether a few email servers are up-to-date. (Block the standard Microsoft "bad executable" list and you should be fine.)
Seriously, in the year 2003, there's no excuse for "But my 400 clients weren't up-to-date!" Block these things at the server, which is something you as the network administrator should have complete control over, and which is where the worms should have been blocked to begin with.
Simpli - Your source for San Jose dedicated servers and colocation!
that's just the thing.
.exe so the user doesn't except it to be an executable because as you say 'but users are used to the whole 8.3 format where executables end with ".exe"'. some even use holes to hide the payload in files that wouldn't normally have executable code at all.
this like others uses other extension from
showing the mimetypes/what the email reader is going to _do_ with it would be much more useful than just displaying the name of the file and telling the user to click on it.
they're educated usually alright, mis-educated.
world was created 5 seconds before this post as it is.
But what the fudge does this have to do with trustworthy computing?
Everything. Aside from the concerns that trustworthy computing is doublespeak for restricted computing, even if you assume that MS is talking about the *right* kind of trustworthy computing, this virus is the latest in a well-populated freakin' pantheon of examples of their failure to be able to provide anything of the sort.
In other words, this is one more chance to ask yourself: why should you trust microsoft?
Side note: I've had several acquaintances attempt to commiserate with me in the last week about various windows viruses. But I don't feel the pain. I'm using Win XP, but a good firewall helps with most of the problems, and you know, Thunderbird is a good email client and a nice way to avoid the Outlook viruses that people erroneously call email viruses.
Tweet, tweet.
Its an executable that requires someone to run it. People need to learn to stop clicking on every damn executable they get in their email. Hell Outlook even displays a warning that attachments can contain virii or have malicous intent, but people still click on them.
Have you ever been to a turkish prison?
Friends don't help friends install M$ junk.
using Win XP, but a good firewall helps with most of the problems
Your firewall helps with this? What, by blocking the mail port? Or does your firewall parse SMTP and block viruses (hint: if it did, it might be called a mail filter or something)?
Thunderbird is a good email client and a nice way to avoid the Outlook viruses that people erroneously call email viruses.
This one has nothing to do with an Outlook vulnerability. It's an e-mail trojan horse. Unless your mail client is unabled to receive files with certain extensions, virus checks them, or executes them under a different permission level (unlikely under Windows), then it's vulnerable.
You represent the most dangerous class of computer users - confident and uninformed.
Let's not stir that bag of worms...
Haven't actually seen the virus itself, but I've been getting barraged by notices from various server installations of "Declude Virus" telling my that my server sent them an infected e-mail. They then proceed to include the original headers which clearly show the offending e-mail came from somewhere else. They suggest, "If this virus did originate from one of your users, you may want to consider adding virus protection to your mailserver." Uh, I won't be installing their software, that's for sure.
We occasionally get an important message with an executable attached. We can either let executables through and hope nobody clicks on them, or send a message back to the supposed sender letting them know it didn't go through. Deleting a message without telling anyone is not an option, even though most of those notifications aren't going to valid addresses, whether it's from Spam or Viruses.
:-)
Those notifications are just a way for a company to save themselves a lot of work, at the expense of others. So, we take the risk so we don't have to pollute the 'net with (almost always) useless notifications. So I would say the call to admins should be tweak your filters and educate your users, and then turn off the notifications. Becasue you know the first important message to an officer of the corp that gets deleted without any notification is going to get someone fired, and they're not going to take that risk.
I feel your pain - I'm getting swamped myself. But at least I'm getting an idea of how many viruses are going out in my name.
As far as I'm concerned, you can blame all of this on the spammers. Look at the schedule of these SoBig releases and deactivations. I believe this is a response to more and more open relays getting shut down. These viruses are the new open relays, and the only way to stop them is to stop Spam itself - by beating the living crap out of anyone you know who buys anything from a spammer
666-607: 6th floor apartment of the beast
- most of these would be surprising to me to find in an email.
- DO* Word Documents and Templates
- URL Internet Shortcut (Uniform Resource Locator)
- POT PowerPoint Templates
- PPT PowerPoint Files
- XL* Excel Files and Templates
Yeah, who'd ever expect to receive one of those as an attachment?-- @rjamestaylor on Ello