Slashdot Mirror
Microsoft "Swen" Worm Squiggles Into Sight
greenhide writes "As forecast in this story, a new Microsoft worm has indeed wriggled to the surface. The W32.Swen's claim to fame is its professional looking email advertisement that pretends to be a fake Microsoft patch. Earlier viruses have made the claim, but none of them looked this good. It appears to have infected over 1.5 million machines. "
It's been flooding my mailbox for more than a day now. Grr...
At work, they have duped over 5 of my collegues...even AFTER the email went out saying that it was going around. Well, Make an OS that any idiot can use, and only idiots will use it, I guess...
My problem with all these worms is that it doesn't do anything after it propogates, so no one will really care except bandwidth-concious IT people. It should send itself out, then erase all the FAT tables on a hard drive.
Or deltree the c:\winnt or c:\windows directory (or both).
That would REALLY piss people off, who would demand that they do something to make sure that not happen again...like...I dunno...Linux or OSX?
Just a thought...
On the bright side, deliveries of unrelated spam seem to have fallen due to the worm's load on the internet :-)
So, I have recieved a number of these (thank goodness I am running OS X) and it appears that the "notification" also contains html. So, examining the html, it appears that it actually references microsoft.com.
If I were microsoft, it appears there is a simple way to defeat this by inserting html in the referenced source that warns recipients of this sort of thing.
Visit Jonesblog and say hello.
....because they're noticed too quickly. If you destroy your host immediately you're not going to propogate too far, now are you?
Yes, you could make it a little more complex with time-outs or a way to select certain targets as hosts for more sending and others to destroy, but it wouldn't last and last like some of the recent worms, because it's effects would be so noticeable.
When is the last time your car mechanic told you that you couldn't drive your vehicle because you are an idiot? Does your plumber forbid you from using your faucets?
I can't speak to the plumber situation, but if you've ever listened to mechanics behind the scenes, they sound *exactly* like computer techs. Sometimes they really *do* wish they could tell people they shouldn't drive a vehicle because they're idiots. (I'm betting body shop folks do even more of that sort of griping...)
Slashdot's token middle-aged housewife
Has Linux based Virus scanner that can update itself to scan hard drives for known viruses. That way if Windows goes Wonky, boot to Knoppix and do a virus scan to see if you got infected.
That way you won't risk running an infected machine on the Internet and infect others.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
I know how you feel. I was getting them at a rate of 1 or 2 every 10 minutes. Ugh. If you happen to be running SpamAssassin, I've got rules that seem to take care of it. Luckily for you, but unluckily for me, I was hit starting on Thursday, so I've had days to tweak the rules.
Check them out at my web site. Feel free to add comments and tweaks there. Oh, and in case you're using maildrop, you can apparently choose not to deliver the message by using if ($MAIL_IS_SPAM) { exit }
So now my own server is spam free, but unfortunately even though I use Linux at work, the mail server is an Exchange server so... *sigh*