Slashdot Mirror
Microsoft Mail Worms Gang War?
cuzality writes "The media is now beginning to suggest that this recent onslaught of new viruses (with new versions of major-impact viruses being found daily) the result of a virus gang turf war, kinda like the India/Pakistan virus conflict, in which official Pakistani sites were savaged by such infamous groups as Indian Snakes and Indian Hackers Club. The gangs are shooting fast and loose: variations of the big ones are being discovered daily (as of March 4, we are up to MyDoom.H, Netsky.F, and Beagle.K), and in the space of three hours on Wednesday morning, five variants of these three were first discovered. Typically these viruses (or more correctly, worms) do little damage to the infected computer, intent mostly on spreading far and wide, and sometimes inflicting DoS on some poor evil empire."
Since Microsoft is in Seattle, this could be a real West Side Story.
Where's the question?
Make even shorter URLs - 8LN.org
MyDoom.F does destroy word, excel, access, jpg, and other files.
SARC
This was a major headache for me the past few weeks. Backup tapes suck. Worms suck harder.
Bored? Why not join a decent mess
"Plenty of letters left in the alphabet" - J. L. Picard
"Draco dormiens nunquam titillandus."
How is my computer their turf? I can understand competition, but turf war? Lame.
why exactly is this posted as an "ask slashdot" when there isn't even a question posed in the submission?
It was bound to happen, given that more and more worms are written for criminal spammers. And since spammers AND criminals are stupid, they will fight each others.
For an ask slashdot article, i saw no questions... just a list of vague statements that could maybe comprise a rumor...
I mean, seriously, how hard is it to write malicious code if you can get the person to run any program. Heck, here's my virus:
This is NOT hacking... it's taking advantage of stupid people...
Jay | http://oldos.org
Actually, the evil empire isn't all that poor; it's got several billion dollard in cash. And the poor wannabe empire isn't poor either; apparently it got a $86 million cash injection, thanks to the evil empire.
I'm getting some forged emails lately, badly forged at that, which look like they're coming from my ISP, "warning viruses being sent from your account", "warning immenent suspension", etc. They have a pif file atteched (which I never open) and have been coming from .lt or .gr servers (my ISP would not likely be using these.) Looks to me like another brand of worm on the rounds and there's a morbid sense of humor behind it.
A feeling of having made the same mistake before: Deja Foobar
is getting gangbanged. sux.
these worms are made by sociopathic 'cool' 15yr olds who've learned BASIC and think they're the bee's knees because they've got a fast CPU. Truly pathetic, with the same social dynamics as street gangs. The real world is spilling into the 'virtual world'.
From the article:
...
Most of the comments tucked inside the latest bugs are brief, unprintable and poorly spelled. "Bagle -- you are a looser!!!" opined the author of the sixth version of Netsky.
Hmmm, where have I seen that misspelling before? Let me think
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
I'd rather they stuck to breaking my wing mirrors and slashing tyres. The damage islimited, and the insurance company pays...
What's interesting/annoying is that the latest variants of the Bagle/Beagle virus use password protected encrtypted zip attachments which has caught quite a few mail gateways and virus companies off guard. Our mail gateway (mailscanner/f-prot/spamassassin) was unable to deal with the encrypted zip attachments and passed them on through.
The virus companies better hurry the heck up and come up with a solution. (Looks like ClamAV and Sophos have already done so.)
I always wondered what motivated these people. Is it as simple as recognition? Its not like they can tell anybody it was they who did it. Really it isn't even "neat" on a technical scale. So they don't do it for a challege. They don't do for noteriety. They just do it to cause trouble.
Seems like the internet version of the street vandalizer has come to pass. Sad really.
It's all Politics
In the late 1800's in the American west there was a boom in illegal activities (Billy the Kid, Butch and Sundance, etc.). The citizenry had enough and banded together (i.e., paid taxes) to fight back (i.e., hired police). Cyberspace is in the equivalent of the late 1800's in terms of working out who controls what. Now we, the citizenry, must decide if we want to hire the Pinkertons or establish a proper police force. Just remember, the Pinkertons were often as dirty-dealing as the crooks they were after, and the Sheriff was usually a former badguy with a badge.
If all this should have a reason, we would be the last to know.
nt
The only reason anyone writes a virus these days is to do it. Even when there's an added payload (like a DDOS to www.sco.com), the virus is out there solely to be out there. The fact that it's due to rivaling gangs makes perfect sense.
If someone were to write a truly destructive virus (you open it, it sends itself to everyone in your inbox, then promptly writes random data over your hard drive) then we'd really see people start to take viruses seriously.
Even the most "destructive" viruses in recent history have wimped out in some way -- just consider Michelangelo, which was hard-coded to become destructive at a much later date, long after it would be discovered and patches written.
Cretin - a powerful and flexible CD reencoder
...kinda like the India/Pakistan virus conflict, in which official Pakistani sites were savaged by such infamous groups as Indian Snakes and Indian Hackers Club...
Seems like virus writers also got oursourced to India!!
...about how boring the MS virus nightmare stories had become.
Remeber folks, MS's virus fiasco is only because 'teh is most poplar'
[Does] Microsoft mail worms gang war?
Similar to:
Do you email me spams?
With that in mind, those programmer comments being reported now, although they do seem to show a gang war, may just be more misdirection and once again the media fell for it. If it really is the spammers behind it all, and criminal elements doing it (yeah, I know, "spammers" and "criminal elements" are redundant), this gang war idea may just be more cover.
Meanwhile there are millions of zombie Windows boxes around the world with clueless owners not realizing they are 0wn3d. That's the real story the media should be following up on.
Typically these viruses (or more correctly, worms) do little damage to the infected computer,
maybe little damage to the computer itself, but they definitely cost a company in terms of IT support calls, and loss productivity. Even though this cost is not easy to measure, but is certainly not a small amount.
Consensus is good, but informed dictatorship is better
Of Neal Stephenson's thing about how in the future when you go outside you'll have to breathe through a hankerchief, a la 19th-century london, because the air will be filled with millions of malicious nanobots, and millions of helpful nanobots neatly neutralizing the malicious ones, and millions of meta-malicious nanobots that only exist to disable the neutralizers... just one big no-net-effect hacker arms race.
I wonder how long it will be and how much futher adoption of windows server operating systems we'll have to see before internet traffic starts to look like that.
If being the victim of a Microsoft worm is like being caught in the crossfire of a gang war, there's a simple solution: stay out of the line of fire. If you had a choice between one house in a safe neighborhood, and another house of roughly the same price in a neighborhood where bullets from the local crack dealers were coming through your walls at three in the morning, where would you choose to live?
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
Pffft...it's in the subject. Sheesh...I've heard of people replying before reading articles, but replying before reading the parent?
This commercial IT market is becoming too patch-dependent.
Can anyone make products out-of-the-box any more? Viruses need daily patch updates. The OS need daily patch updates. This is ridiculous.
Are these really viruses? Only two are actually mass-mailing worms that don't rely on Outlook's address book to send themselves. All of them rely on the user to open and run the malware program. Some of the MyDoom variants I'm seeing don't even make a feeble attempt at social engeering. Apparently most users are just downloading and executing attachments without even thinking. This despite all the warnings and hype surrounding e-mail containing "viruses".
Imagine if e-mail was just plain old ASCII text with no attachment support. *sigh*
Fred
"A fool and his freedom are soon parted"
-RMS
Wouldn't this much virus activity raise the chances of being caught? Pride has been the downfall of a great many "1337 d00dz" who can't seem to avoid bragging about their 5|i77z. Then again, if you did stage such acts, it does nothing for your ego unless people know you did so.
These are not your stealth haxorz, these are the works of script kiddies. But of course everyone here already knew that.
all your computers are belong to us, no US, NO US, NONO US!!!
Well, what are you sposed to do, when you've got thousands of users doing menial stuff all day long, and the people who have to deal with this crap arent the people who can implement change? I fix virus infected machines at the state all day, but that doesnt mean i can just call someone up and ask them to block .bat files at the server, or kill msn messenger ports. They just don't care, because they have 'bigger' concerns.
I run Gentoo linux with Mozilla. If I do ever catch some lamo win32 virus I'll bow down in respect to the master who figures that out.
Tom
Someday, I'll have a real sig.
The Pakistany/Indian conflict is well determined as clubs have names.
Besides the "sorry but i had to" message in one of the MyDoom variants, no one has claimed authory on this "gang" attacks to evil empires. As far as we know it could be a single programmer with lots of free time and a bad temper.
Maybe is many ppl, but they are merely common intrested in a visible evil empire rather than a gang.
"The quality of life is inversely proportional to the number of keys on your keyring."
What are you, the fucking King of England?
Can anyone recommend a good server-side tool to block viruses and worms? I'm using procmail now with a bunch of handwritten rules, and they work well on a bunch of older viruses, but there are so many new variations now that I can't keep up! On the client side, Bayesian filters (in Mozilla Mail and Apple Mail.app, for example) work reasonably well with spam, but they have a harder time with viruses and worms. It's also more annoying because viruses and worms are so large (30k or 100k, typically) and my local mail client has to download the entire message before filtering it out.
Note that I don't want to just block all messages containing attachments with certain extensions. There are many legitimate reasons for someone to send me a zip file as an attachment.
What is a wing mirror?
Damn, the guys at Norton have been busy lately. They should get paid more for all this overtime.
That's where I think this is all ultimately headed. The spammers are in bed with the virus writers, who have taken the penis enlargement pills as commission. :P
Why don't these "hackers" use their skills to do something productive. With the time and effort they're putting into this programming, they probably could have written some utility software that would have earned them bags of money. But where's the fun in that.
TechTV's The Screen Savers last night suggested that one of the motivations of competitive virus writers is because the anti-virus companies put out rank-order lists such as the one shown on SARC's homepage. Maybe those lists should be discontinued to at least knock down some of the motivation?
The coverage by the media on these viruses is just outright terrible. There's always the assumption that all users are affected, when in reality a number of users are completely unaffacted by these viruses (reduced internet bandwidth aside). The growing number of Linux, MacOS X, BSD, and various other unix-based flavors are largely unaffected by these attacks. Furthermore, those Windows users who keep up with patches & fixes and use firewalls are also largely unaffacted.
This piece by MSNBC is a prime example that never once clarifies that some people may not even be affected by these viruses.
For the "cyber" reporters out there: get a clue and portray more than one perspective.
Did Microsoft create them? No.
Do they exploit any vulnerability that Microsoft is responsible for creating? No. (They spread by tricking users into running the attached executables.)
I know it's fun to pretend that everything bad is Microsoft's fault (and I'm no fan of Microsoft myself), but come on... how does it make any sense to prefix something with "Microsoft" when Microsoft had absolutely nothing to do with it? What's next? "Microsoft OpenSSL vulnerability discovered"? "Microsoft recording industry sues 12-year-old kid"? "Microsoft PATRIOT act renewed"? "Hacker charged with violating the Microsoft DMCA"?
Class action lawsuits. Hear me out.
.zip files), and if you find one, you quarantine your likely-infected customer so that the only webpage they can see is one served from your network explaining that they are infected. Until they take steps to clean their machines, you quarantine all outgoing traffic on their connection.
This virus mess could be solved very rapidly: Anyone that provides internet service needs to monitor outgoing port 25 connections, and do attachment scanning. You don't even need to scan the attachments for viruses. Just look for all Windows executable file extensions (including inside
This is drastic, but unavoidable. The people that are causing these viruses to spread are (by and large) too ignorant to ever keep their machines disinfected by themselves, unless forced to. The only people that can force them to do this are the ones providing them with internet service.
Now back to the lawsuits. The ONLY way you are ever going to get the ISP's to spend money to implement this filtering/quarantine is if you sue them for allowing their infected customers to cause harm to your business. A class action lawsuit against ISP's on behalf of people doing business on the internet.
Care to join me?
Ironically, the word ironically is often used incorrectly.
If evil didn't exist, humans would have to invent it. Face it, computers are boring, but "Rival Hacker Gangs Virus Turf War" is the lifeblood of pop media newstertainment.
Here are some more down to earth email worms.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Might the term "worms of mass destruction" be appropriate in this case? Now we just need our hero Bush to save us all...
Theories abound about how Symantec and Mcafee are feeding themsleves by intentially releasing viruses, but I don't believe this to be true.
Seems to me that most, if not all, of the virus writing menace seems to come from immature, insecure, petty young white men. The popular conception of the brooding, unpopular dork who is just trying to cause trouble and to brag and impress others of his ilk is quite true.
Just examine the lifestyles of the people they do actually catch. Who will be the next 18 year old fat-kid loner they capture and you slashbots try to make a martyr of?
It's surpring no consortium (like an ISP group) has come together and filed a lawsuit against MS for having to mop up their work. It's definitely costing to pass the traffic, having to explain 12! times a day to customers that we didn't send them a moronically written "Your account is suspend for virus activity" (yes I know it's a typo). MS should definitely be dishing out some money for this. After the first 100 or so viruses from the years 2000-2002 you would figure they would get their act together, but it's the same old story. And for the users (non geek users) of MS, the grandmothers, housewives, and non techies, you would figure they would wise up to the same shit different day. Instead they still open attachments, and rather altogether, still use the same chopperating system they often have to reinstall after having been infected 12! per year.
Seriously mind boggling. As for the virus creators they too need to be punished for their actions, and severely at that. I'm skeptical about the entire 'cybercrime' terrorist approach the DOJ and others have taken on this, but this is definitely something that's getting out of hand. And if you too also work in an ISP, you would know the guys of headaches one deals with on these virus issues. Hopefully our 3rd party antispam/virus filter mail provider gets their act together. Think about the costs for a mid sized ISP on something like technical support alone. 1000 calls a day to explain why someone should not open those emails multiplied by the salaries. Wasted money.
MoFscker
MyDoom installs a back door on every machine it is run in. If that constitutes "little damage" then I guess we should all set our root password to "root" .
Allow PDF, GIF, and JPEG at the firewall and in the mail client. That's it.
Microsoft needs to turn off the "feature" that clicking on a mail attachment runs it. It should just be "viewed", with a dumb viewer. It should be impossible to launch programs from mail attachments. Users should have to explictly save to a file and run to do that.
"...and sometimes inflicting DoS on some poor evil empire." Or in the case of sco.com, an evil feifdom.
Let us not become the evil that we deplore.
The more they send out, the easier it is to triangulate who they are
see, he just wanted US to ask Slashdot where his question is. It seems to be working pretty well so far.
The solution to the mail virus plague is extremely simple, yet not implemented:
Solution: At the TCP/IP stack level, see what process attempts to do SMTP or IMAP transmissions. If the sending process is a script engine - ask the user to confirm that he whish to send mail to a lot of people (with a prominent Probable Virus alert sentence.)
It would take M$ a couple of months to implement this, but the effect would be quite dramatic.
It should do away with 99% of the mail viruses, if not all (since, after all, writing these viruses wouldn't be much fun anymore, now would it?)
"When you use DOS. You use DOS all the way. From your first data loss till you format drive A."
Anyone have a link to the full version?
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
here in my office (government), we had very little trouble with mydoom or any of its variants - but netsky.d, for whatever reason, was slipping through. this was on march 2, so for a few hours, we had a lot of people calling the helpdesk and complaining about the "weird beepy noises" coming from their computers.
the exchange server is configured to catch most of this crap, delete the attachments, etc. - but if ANY of it gets through to a user, the attachment WILL get opened.
the hell of it is, our security advisor sends out DAILY network alerts, telling people EXPLICITLY what to look for, what NOT to do under any circumstances, right down to the various subject lines and attachment names that these worms will manifest with. she couldn't be any clearer in her instructions if she walked into their individual offices and handed them a stone tablet, engraved by the hand of God himself and saying "Thou shalt not clicketh upon this thing."
the typical excuses we hear are something along the lines of "b-but . . . it came from a guy i know? he wouldn't send me a virus?"
sigh.
** Chigusaaa!!! You're the coolest girl in the WORLD!!! **
Put in a mail filter. Dop all .PIF, .EXE, .COM, etc., etc., including (nad this is the clever bit) all .ZIPs.
.ZIPs we receive is so low that telling the sender to rename the attachment is feasible. They are also getting hammered by Bagle et al. so they understand.
Either route to holding folder or just drop as we do. The number of legitimate
Other than users who still forward us the defanged emails even after being repeatedly told not to do so, we have had no impact to the firm whatsoever.
If you don't want to repeat the past, stop living in it.
Aye, those are the type.
I use an email client which lets me view the full header (if I select option) and view message content as text. As my email address has been forged a lot I considered it, but I'm pretty skeptical of most email. The first tip of maximum bogousity was awkward spacing, the other a check of the header. Off they go to bit heaven.
A feeling of having made the same mistake before: Deja Foobar
Date: Wed, 03 Mar 2004 10:03:48 -0800
From: support@xxx.edu
To: me@cc.xxx.edu
Subject: Warning about your e-mail account.
Parts/Attachments:
1 Shown 10 lines Text
2 12 KB Application
Dear user of "xxx.edu" mailing system,
We warn you about some attacks on your e-mail account. Your computer may
contain viruses, in order to keep your computer and e-mail account safe,
please, follow the instructions.
For more information see the attached file.
Cheers,
The xxx.edu team http://www.xxx.edu
[ Part 2, Application/OCTET-STREAM (Name: "Information.pif") 16KB. ]
[ Cannot display this part. Press "V" then "S" to save in a file. ]
------
Pretty *good* social engineering, if you ask me. The other earlier worms did not send customized messages according to the domain. I had to stop a couple of family/friends from giving in and opening the attachment.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
In most turf wars there is massif tagging all over the place. I don't see any kick ass tags being drawn anywhere. I do hear lovely music thou, I just wish I could get this music to stop.
I've never used Windows, probably never will. Viruses always amaze me.
Why, oh why, oh why, would ANYONE, EVER, run any unverifiable code on his computer?
Isn't the answer here really simple for Microsoft?
Before executing any code, ask the user if it's okay.
Max
s/Dop/Drop
s/nad/and
If you don't want to repeat the past, stop living in it.
The first part of the question is understood, at least by those who understand such things: "[Is this a] Microsoft mailworms gang war?"
Hic iacet Arthurus, rex quondam rexque futurus.
wow, so you've just made it so noone can ever send any kind of executable attachment ever again, legitimate or not. yea, that'll make EVERYONE real happy.
Personally, I send myself zip files with executables in them all the time, on purpose, for work-related stuff. Why should I not be able to do that?
these people have been around for a while. Besides, virus writers in the US have gone to the pound me in the ass camps and reformed. Nothing to outsource here.. move on.
This virus mess could be solved very rapidly: Anyone that provides internet service needs to monitor outgoing port 25 connections, and do attachment scanning. You don't even need to scan the attachments for viruses. Just look for all Windows executable file extensions (including inside .zip files), and if you find one, you quarantine your likely-infected customer so that the only webpage they can see is one served from your network explaining that they are infected. Until they take steps to clean their machines, you quarantine all outgoing traffic on their connection.
1) Sometimes there are reasons that you might want to send executables. Legitimate reasons.
2) Your plan fails when faced with the "require a password to open the zip archive" scheme that the current crop of viruses are using.
3) False positives will make your customers very, very angry and they will take their business elsewhere.
I have a lot of opinions about Cyborgs and Architects
Really - the media thinks this is a gang war. Let's just put an end to the conspiracy theory and not give these misguided individuals that much credit.
I already run Linux everywhere, but I got a couple thousand copies of recent worms. Why? Because I participated in an open source project, and left a mail address so people could contact me.
That email address is only used for one opensource project. But, it has received lots of viruses. And just as many "return to sender" messages from bounced worms.
So, how do I move to a better neighborhood? Do I change that email address? How will I get contacted? Do I change email addresses, and only notify the list administrator?
Where law ends, tyranny begins -- William Pitt
d4 g4n95+3r 1337 933k5 b3 pu77!|\|' 0n 73}{ 5m4<k d0w|\|!!!!!!!!!!!!!!!!!!!!!
// file: mice.h
#include "frickin_lasers.h"
wow, so you've just made it so noone can ever send any kind of executable attachment ever again, legitimate or not. yea, that'll make EVERYONE real happy.
I know this will blow your mind, but (a) there are other ways of transferring files besides email, and (b) if you must use email, just rename the file extension and send it.
Ironically, the word ironically is often used incorrectly.
Uh, so they'll just start zipping their executables first. We've already established that there are millions of people dumb enough to just run an executable without knowing what it is. How large of a step do you think it is to unzip and then run an unknown executable?
If install MyDoom Z on my Fleshlight, does that make me lord of the flies?!!!
I don't know why that post was modded "Funny," but it's actually "Informative." I got that exact email, but with my domain name replaced. Oh and with the virus already removed.
I work for an ISP. We have a simple, inexpensive, yet effective solution. No outbound traffic destine for port 25, unless it routes through our mailserver. Users need to authenticate against our mailserver as well.
Corps that host their own mailserver, must use one of ours as a mail gateway.
As for "The ONLY way you are ever going to get the ISP's to spend money to implement this filtering/quarantine is if you sue them for allowing their infected customers to cause harm to your business."
This is probably the best way to increase your monthly costs for connectivity.
If you want to sue someone, sue the Luser that executed the virus on his machine.
How about the realistic approach, protect your own networks. Make sure none of your users spread any mess. Block incoming attachments on your mail gateway. Understand, not al "ISPs" provide what your AOL or Earthlink account does. Some ISPs supply DS-1 and higher connections and IP Block leases.
Why worry? Each of us is wearing an unlicensed "nucular" accelerator on his back.
Sig changed for readability by G.W.
But since quite a few worms attack Outlook and then send off copies to everyone in the address book, opening attachments from people you know is in some ways MORE likely to lead to infection.
I would say a safer rule is "Don't open attachments you weren't expecting", or "Don't open attachments that you haven't independently confirmed" or the safest of all "Don't open attachments in Outlook, period!"
Microsoft is in Redmond, which to a Seattle resident, is the East Side.
(that's east side of Lake Washington, for you non-residents).
1) Sometimes there are reasons that you might want to send executables. Legitimate reasons.
.bin and send it. Send it to them via IM. There are plenty of ways around it that are not facing the virus onslaught that email is.
.zip file scanning. The most important thing is to block executable Windows attachments.
As I said to someone else, find another way to transmit the executable aside from email. Send the person a link to download it from a server. Rename the file extension to
2) Your plan fails when faced with the "require a password to open the zip archive" scheme that the current crop of viruses are using.
These viruses are not the most effective, obviously. So skip the
3) False positives will make your customers very, very angry and they will take their business elsewhere.
If your company is worried about false positives, then you would need to implement actual anti-virus scanning instead of just looking for executables.
However, once the word is out that trying to email executable attachments will get you quarantined, you'll be amazed at how fast the market place will adapt.
Ironically, the word ironically is often used incorrectly.
I have seen two of these recently.
.exe attachment.
One was "from" the IT group account at Indiana University. it had the proper naming conventions and had the proper accounts in the "To:" line. It looked nearly legit, save for the strange text and
The other was from a friend at UCLA who said his email looked the exact same way.
These emails are not accidental or generated by just some worm looking at an address book. Grabbing an account is one thing, but following the proper "cadence" of an email is intentional and not something a script could generate.
Someone is targeting broadband (perhaps University) connections. Maybe this is an attempt to get more zombie computers with considerably better bandwidth than the standard internet user.
This is as impressive as it is disturbing.
we need you *all* to get on it so we can *all* use it. And soon.
Aren't many people having trouble finding IT jobs? There was the dot-com crash and then outsourcing...
Same here, I got one of the Beagle worms from my school (Drexel University), I knew it was suspect when it was from "administration@drexel.edu" and was poorly formatted. Of course I saved it to my Debian Linux box for later reverse-engineering :-).
that would be LoseNotLooseGuy!
they are not your mother, your nanny, your babysitter, or nipple giver; they provide a pipeline. YOU whitelist YOUR in-mail and *make* customers contact you via you website or the phone.
Turning isp's into "watchers" is a bad, very, very bad idea.
Yes, many are simple, but not all. Have you looked at the MyDoom source? (sync-src-1.00.tbz, pretty easy to find) There are plenty of viruses that took plenty of skill to write.
I've gotten over a hundred copies of Beagle over the past week or so. I've opened several. They haven't done a damn thing. Obviously, Linux simply isn't capable of running the really popular Windows apps. ;-)
I work for an ISP. We have a simple, inexpensive, yet effective solution. No outbound traffic destine for port 25, unless it routes through our mailserver. Users need to authenticate against our mailserver as well.
Do you quarantine users found to be sending viruses through your mail server? How do you handle those users, if not?
As for "The ONLY way you are ever going to get the ISP's to spend money to implement this filtering/quarantine is if you sue them for allowing their infected customers to cause harm to your business."
This is probably the best way to increase your monthly costs for connectivity.
The idea is not to sue the ISP's for money, but to sue them to make them filter or block outgoing viruses. If this raises the cost for their subscribers, those subscribers may go elsewhere, and the ISP will have to decide whether they need to absorb the costs of running these filters, or lose customers. The market place is fierce.
It seems to me the ISP's would actually save money in the long run, since the less virus traffic there is, the less they have to spend on processing virus traffic.
If you want to sue someone, sue the Luser that executed the virus on his machine.
You know as well as I that that is an impossibility. The goal is to effect change for the better. Suing one person that is infected helps no one. Suing an internet service provider that ALLOWS their SERVICE to be used to spread viruses is a perfect plan.
How about the realistic approach, protect your own networks. Make sure none of your users spread any mess. Block incoming attachments on your mail gateway.
We do already. Tell me, how is this working out so far?
Some ISPs supply DS-1 and higher connections and IP Block leases.
Then those ISP's upstream need to filter port 25, or get a waiver signed from these high-end customers that they will do the filtering for their block of IP space. In the event of a lawsuit, the ISP can produce this signed agreement and the blame falls on the customer.
But you know the most common problem is the dialup/cable/dsl user of a regular ISP that is infected and turned into a non-stop virus-sending zombie. I deal with morons like this all day long. You can't reach them because the virus spoofs everything but the originating IP. The ISP is the only one that can stop it, and therefore is liable.
Ironically, the word ironically is often used incorrectly.
This is only a Microsoft worm/virus/trojan in the sense that it runs a Windows exe. This is NOT a failing with Outlook or Outlook Express. This code can be run from ANY client that allows attachments
[paraphrased email text below]
"Hi, I'm the admin from [YourEmailServer]. We've been getting complaints about your account, and we think you have a virus. Please open the attachment, and run the file. Password is 12345
Cheers, [YourEmailServer]
Haven't we been asking the ISP's to get on top of the virus problem? Well...here comes an email, supposedly doing just that!
"We think you have a problem, and here's how to fix it"
This exact same thing could have been targeted to the OSX environment, or a *nix script.
"Hi, due to the traffic we've noticed, we think your Mac/Linux box has been compromised. Please run this script to identify and fix the problem."
Now...most *nix users are a bit more clueful and suspicious. But, more than a few would be caught out.
(and if you, the writer(s) of these things are out there reading this...this is NOT a compliment. You are not cute, nor are you inventive. You are merely a fool. And one that will be caught. Hopefully for you, by the authorities. They will be much easier on you than we will be...we won't be using vaseline)
Seriously, these people need to get lives.
A question, what is it?
It's an interrogative statement used to test knowledge, but that's not important right now.
quarantine your likely-infected customer so that the only webpage they can see is one served from your network explaining that they are infected. Until they take steps to clean their machines, you quarantine all outgoing traffic on their connection.
This is exactly what this email simulates.
"Hi, we think your system is compromised. Here's the fix for it. Until then, we're cutting you off. Thanks"
your email server/isp.
Dear user of e-mail server "Cogeco.ca",
Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.
Pay attention on attached file.
In order to read the attach you have to use the following password: 36013.
Have a good day,
The Cogeco.ca team
http://www.cogeco.ca
Attached: Info.zip
Someone is targeting broadband (perhaps University) connections.
Could be. I'm working at a University in New Zealand and got one.
It was pretty obviously faked. There was the fact that it had a password protected zip file and the appalling grammar in the message itself. Our IT staff aren't that bad.
But the funniest and most obvious part was where it told me to visit www.ac.nz for more information.
Clearly whoever wrote the virus didn't intend for it to escape into the rest of the world, as it just assumes the right most two parts of the url are in fact the full domain.
How in earth are ISP's responsible for the actions of an individual ?
What you are suggesting is like suggesting that we should file class actions against fuel companies for people causing accidents with cars, or against companies selling glas mugs for hooligans acting violently while being drunk with beer drunk from their mugs.
The thing you are suggesting has been and is suggested by a lot of people. People who tend to think that ISP's carry the key to security.
The only ones who do carry that key are the people at 'the wheel'. The people that run their OS'es and load up the virusses, by accident perhaps but accidents happen.
If you're going to blame anyone than at least blame Microsoft for putting out an unsafe OS, which is much more closer to the source - compare that if you want to the car that was unsafe while delivered from the factory.
But that does never leave out the fact that people themselves are responsible for checking up on the device they run, or let it be checked up by professionals. And let's face it, in the end the real guilty party is the people who write the virusses and spread them.
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
Maybe this virus war will tie up all the developers in India and Pakistan who would otherwise take our jobs.
Table-ized A.I.
Friends don't let friends use Microsoft products.
I didn't say the ISP should send an email to the person with an attachment. They QUARANTINE them. Any attempt to use the web, a page is returned from the ISP saying they are infected with a virus and need to deal with it before they can be reconnected.
Ironically, the word ironically is often used incorrectly.
The problem as everyone pointed out is that users, no matter what they are told, will still open email attachemnts and execute them. The only viable solution for Microsoft to release a patch that will disable the ability to execute any application on a Windows box.
The rest of us will contintue to run applications on our Unix variants without worries.
A better interpretation might be: "[Are the] Microsoft mailworms [part of a] gang war?". At which point the title goes way beyond the shortening that is generally acceptable for titles.
Because if you use the virus to create zombies to spam you can make plenty of money from companies who use this marketing tactic.
Posthuman since 2001.
Right, but the concept is the same. You get an 'official' notification of a problem/infection, from your ISP, and the 'fix' for it.
Well, pookie-kins, it's not always possible to move to a better neighborhood. Moving to a better neighborhood costs money, as does the higher rent one would pay in the aforementioned 'better neighborhood'.
... indeed, you'll have probably recouped every minute spent installing and learning a new system inside of one year, over the time wasted by your Microsoft-using friends as they clean out yet another Microsoft worm, virus, or trojan.
... for $0.00 down and $0.00/month, at 0% interest for the rest of your life.
Not the sharpest knife in the drawer, are you?
Moving to the FreeBSD Neighborhood costs you $0.00.
Moving to the GNU/Linux Neighborhood costs you the same: $0.00.
The time spent learning a new system is an investment, that while paid up front, will cost far less (in time) and infinitely less (in money and in lost data) than running a Microsoft system
So yes, you can get out of the Ghetto
The Future of Human Evolution: Autonomy
Do yourself a favor and protect your users.
:-)
Install ClamAv and SpamAssassin and take care of spam and viruses on the front lines before they can hit the stupid users.
YOU HAVE NOW RECEIVED THE UNIX VIRUS
This virus works on the honor system:
If you're running a variant of unix or linux, please forward this message to everyone you know and delete a bunch of your files at random.
The sad thing is that the virus would work!
ISP's provide a service, allowing people infected with a virus to spread that virus to hundreds and thousands of other people on the internet.
ISP's provide a general service, which includes that possibility. Fuel includes the possibility of it being in a car while the car has an accident and it being partly ""responsible"" (I wouldn't call it that).
Terrible analogy. Unlike the gas station, the ISP is continuously providing you with the service that allows you to cause harm (i.e. send viruses).
Hrmm without fuel, a car doesn't drive, hence can't (in any practical sense) cause accidents. Same as the ISP, it 'includes that possibility'.
Really? I very rarely see anyone mention the blocking of viruses by ISP as a solution. Please point out a few of these people that recommend the same thing.
There was a large research by the XS4All ISP in the Netherlands with a huge percentage(85%!) of the people saying a blunt yes to the question whether they think ISP's are responsible for keeping them safe. I would say that qualifies.
I am not blaming the ISP's for stupidity of their users. I am blaming the ISP's for allowing their stupid users to spew viruses across the internet, when it could EASILY be foiled with a very simple filter. Hell, just block port 25 outgoing entirely, and make them send mail through your mail servers or proxies, and do the filtering there, even easier.
Please think and know that that's impossible. Virusses spread within hours, even before an ISP has a chance to update their scanners because there is no update to apply yet... This is a great sense of false security and if applied, should only be applied as a second line of defense, not the last line. Hence, ISP's shouldn't be held responsible. They may be helpful but can never be expected to be responsible.
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
Yeah most are not too damaging, but here's my story.
Symantec's corporate antivirus software only allows for once daily automatic downloading of new virus signatures.
- Last week our AV server downloaded updates at 8am as usual.
- At 11am Symantec released new signature for MyDoom.F.
- At 1pm stupid_corporate_user_04 opens and unleashes MyDoom.F on the network. MyDoom.F blows away all MS Office and image files on stupid_corporate_user_04's machine, then begins the same task on all network shares this person had access to.
- At 8pm automatic backups kick off
- At 11pm backups complete, having successfully backed up ruined shares.
- At 8am the next morning, AV server picks up signature for MyDoom.F. At same time, users begin to notice their files are gone. Alarms go off everywhere.
- At 11pm that second day, all corrupted/trashed files have been removed, all viruses eradicated, all data restored from 2 day old backups.
Summary: 1.5 to 2 days of work time lost by 60 employees, plus 12 hours @110$/hr for support consultant to help clean up the mess.
Needless to say, I wouldn't categorize the virii as doing little damage, whether they actually delete local files or not. Even had we not lost files, we still would have had a big cleanup job, and it still would have impacted our users.
Here's a big Fuck You to the person who wrote that variant, and to all the other virus writers out there.
.sigs are for post^Hers.
What happens when they run out of letters for the variants?
I think we need to establish a committee to explore this, and then another one to oversee that committee -- and, of course, a complicated protocol no one can understand.
As is, this naming convention is much too simple to be used with anything Internet-related.
I just keep wondering what a "proxy-relay trojan server" is...
www.clarke.ca
Please stop using that stupid contrived marketing-speak non-word. It is exceedingly irritating (although it does help me spot your AC posts, since you use it there too).
When I was a kid (way back in the 19-hundred-and-80s), we geeks used to settle our disputes like men: over a game of D&D!
You are attempting to read sigs. Cancel or Allow?
Apparently, they didn't find Microsoft enough of a challenge.
"A new company policy is hereby enacted: It is forbidden for any user on the corporate network to execute any binary email attachment of any kind, including any attachment from anyone within the network. We will occassionally enforce this measure by sending dummy attachments to all corporate users which will report your workstation to network operations should you click on the attachment. Doing so will be grounds for immediate dismissal. We reserve the right to be sneaky, so your best policy for keeping your job secure is to simply never click on an attachment. Thanks, and have a nice week."
Enabling terrorists...
Who do you want to DOS today?
When will Microsoft be held responsible for aiding terrorists?
It's not Linux that is the tool of terrorists, it's Windows.
I don't know the meaning of the word 'don't' - J
I am sure the goverment would support this.
They would love to be forced to have every email sent scanned for "evil" content.
You will have one big supporter with them.
This is just silly. It is not the ISP's responsibility to make sure that their clients do not get viruses.
It is the user's responsibility to not open mail attachments, keep their OS patched, and to install antivirus software and firewalls.
"You spoony bard!" -Tellah
My daughter just double-clicked on a .PIF
attachment from a letter allegedly coming
from her provider Lycos.com.
A stupid mistake, but what kind of morons
are administering Lycos.com, if they can't
filter out this low level of bullshit.
I've had similar problems some months ago
when I was receiving dozens of 150 KB spams
daily. It clogged my 5 free megabytes to
the point that I missed some real mails
if I couldn't manage to sink the shit every
6 hours or so.
I strongly suspected that the real spammer
was Lycos.com's nudging me to open a Plus
account at the price of $25 per annum, which
comes with 25 MB. Eventually I succumbed and
forked the 25 green backs.
Did the spams stop coming in? Well, yes, but
very gradually. There's probably no one
managing/administering the Lycos.com domain.
The whole operation is obviously on auto-pilot.
Honestly, mail account shouldn't be free.
But no one should offer it free, if he doesn't
mean it. And even if it's free, there's a
major problem if Lycos.com delivers its
customers, both free and paying, mails with
viral attachments sporting their own domain
in sender's field. It's CRIMINAL NEGLIGENCE.
Is there such a beast as a "clueless end user test" type executable that I can email to my coworkers, and if they execute it an email is sent back to me as "evidence"?
I think this would be a fairly blunt social engineering test for a company to put it's employees through. Especially since we have to send out quarterly training about it. I want to know if it sinks in at all.
Nuke Gay Whales for Jesus.
I agree it's improper to currently prefix these things with "Microsoft", but
1) An SSL vulnerability did exist in software bundled into their OS, whether they wrote it or not.
2) Microsoft is trying to gain control in the recording industry by being sole provider of formats, DRM, software, and distribution channels. How much longer before they own the content, too?
3) Microsoft lobbied in favor of the DMCA and other legislation. Their lobbying is quite effective, so you can claim some laws only exist because companies such as Microsoft backed them.
My point is you're right, we shouldn't label everything "Microsoft" right now. But we're almost at the point where we can.
Developers: We can use your help.
I go to Ohio State University, and for the past week I and most people I have know have been receiving these message from
staff@osu.edu.
That's over 30,000 users, right there, on broadband. Multiply that by every campus in the world... I was honestly even curious about it, until I saw the attachment file. Their biggest weakness in it, actually, was that it sent several copies, each with a different user@osu.edu. That made it more suspicious.
Computer Weekly
Do really dense people warp space more than others?
Can someone explain to me why MS hasn't locked down the Outlook address book yet?
why executables still allowed in e-mail after all YEARS of worm history? There are only a few legitimate reasons for them and everything could be done in other way. And it's obviously that education users and even presenting them a warning doesn't work.
.exe and .scr, but all a.out, elf and company too.
Why nobody ever came up with default mail server configuration which prohibits any executable content? And not only
So far nobody. You have to patch qmail and add qmail-scanner if you want to do this. Is there a checkbox in microsoft exchange? An option in sendmail.cf?
Fuck.
It is not the ISP's responsibility to make sure that their clients do not get viruses.
I never said it was. However, it should be the ISP's responsibility to make sure their pipes aren't used to further spew the viruses out across the internet.
It is the user's responsibility to not open mail attachments, keep their OS patched, and to install antivirus software and firewalls.
Sounds great. Too bad it obviously doesn't work.
Ironically, the word ironically is often used incorrectly.
...it would be simpler to distribute antivirus software, and up-to-date fixes for the latest worms, in the same way as viruses distribute themselves, along the lines of-
"From: antivirus@generic-company.com
Subject: URGENT - PLEASE READ
To: joe@user.com
Attachments: FREE Music.mp3.exe
Here is your FREE MUSIC. Double-click the attachment without delay!!!"
Judging by the speed with which these worms are spreading, this sort of thing would clean up the problem in a matter of hours, natch.
do little damage to the infected computer, intent mostly on spreading far and wide, and sometimes inflicting DoS on some poor evil empire.
Almost sounds like an endorsement to me.
...these originate from user-run attachments and so are easily prevented if you're not a moron.
I know the intent of posting this article was for Slashdot to somehow illustrate how "bad" Microsoft holes are to the point that there are turf wars going on between worm writers, but these things would go on no matter the operating system. Users are dumb enough to be running these things.
I haven't seen executable attachments in my Inbox in years. Outlook won't even download them from the server. I don't know what else to say.
#bagle.j unencrypted
:0 B
/tmp/baglej
:0 B
/tmp/baglej
* UEsDBAoAAAAAA
#bagle.j encrypted
* UEsDBAoAAQAAA
I remember a political cartoon with a donkey and a Nuclear weapon strapped to it's back (the Donkey was to represent Pakistan).
I guess that's how they are depolying the virus's?
Are you completely retarded? Strip all attachments? That would piss every customer off, not to mention some obscure legal issues I bet that they could dig up. Mark this as flamebait, I don't care, but this is the most retarded idea I've ever heard.
Listen to my experimental-industrial-techno!
Simple three point plan for eliminating e-mail viruses:
1. Microsoft should immediately patch exchange and outlook so that no attachments that include executable files can be transmitted. You get word files, pdfs, plain text, jpegs and similar "passive" file formats. any scripting gets filtered out of html or spreadsheets. An archive (tar, zip, etc) doesn't get transmitted if it contains bad stuff or is not readable. And you can't override this by just clicking "yes" or "okay" upon receipt of a message.
2. viruses propagate similar to spam. ms exchange or other MTAs should make note of 50000+ very similar messages being tossed about and immediately blacklist compromised machines, then go into mail accounts and yank out virus messages that haven't been downloaded yet. Messages with attachments should be subject to a short extra wait time (5 min) to slow propagation and give the system time to react.
3. email attachments, even non-executable ones, should be opened in a restricted environment, e.g. chroot jail, java sandbox, or a refreshable vmware image. if the virus goes nuts, just delete the environment and kill its processes. don't allow outbound connections from the sandbox. In the long run, web pages and downloaded files should be treated similarly.
Yes, virus writers will find workarounds and attack new security holes. But microsoft has an obligation to fix existing security holes and at least make the virus writers look for new ones.
Yes, some people will be annoyed that their excel macros get lost. But it is time to start setting up a social environment where email is about sending a message that you type in yourself to communicate, not just a file sharing system for forwarding zip files.
What about the massive DDoS performed on Spywareinfo, Merijn, and Net-Integration? It was done from a group of MyDoom-controlled machines, and no one did anything about it.
All the worms contriuted to the removal of a cleaner site. >_
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
who always logs in on their linux box as 'root'?
/sbin/iptables.
that's right: nobody does.
this is why an executed attachment cannot replace
i think windows would have less security problems if they had a clear distinction between 'user' and 'administrator'.
windows does have this distinction, but it is not enforced. either there should be a clear distinction (linux style) or a user should be required to enter a password everytime the windows registry or system files are changed.
It's just social engineering, nothing further. Yes, MS has the largest cadre of gullible users and nothing more.
I got one of these emails, it pretends to be from an administrator and says you have to run the file in the zip, oh, and it is encrypted, here's the password.
It is unreasonable to expect MS to design a system which completely prevents users from doing things they might want to do, like run binaries they are sent in email.
Now this may sound a little over aggressive , but I am a poor sys admin who is getting bombarded with blocked messages every 20 secs or so. Personaly if i ever meet a virus writter, if its this shit or some other virus they have written their head is going to end up in a glass jar in my fridge Be Warned
Yes and the responce from the IT people is now to .zip attachment with no
delete all e-mails with a
warning to sender or recipient.
See their notice
nah, the 1 true solution is defenestrate the internet: allow NO winbloze to connect;-)
if (x = antivir.scan(stream,"MyDoom")) {
dangerous.warn(x,stream);
throw new ExceptionAVirus(x,stream);
}
[Signed by MvD00M's author].
Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software.
For further details see the attach.
Attached file protected with the password for security reasons. Password is 24080.
Cheers,
The slashdot.org team
http://slashdot.org
( ... this is the latest one I got, domain names changed to protect the victims)
However, it should be the ISP's responsibility to make sure their pipes aren't used to further spew the viruses out across the internet.
Hear hear! Anybody who runs a mail server at the end of an MX record should be a responsible citizen and have some email virus scanning mechanism in place. It's not that difficult to do, and could save them money in the long term.
The most powerful way to bypass security has always been "social engineering" - so why would you think it'll be different for virii?
If people actually do wisen up and stop opening email attachments they're unsure about, the virus writers will just come up with more creative ways to convince you to run the code. Write a small applet that lets them play a contest game to win money - only, nobody is really going to win anything, and it drops a trojan horse on the PC. Send mail that looks like a legitimate attached form from the ISP, requesting some sort of info your ISP might actually need. (Heck, one popular method seems to currently be bundling "malware" with legitimate freeware apps people want to download and use - like p2p music sharing packages, pop-up blockers, and time synchronizing clients.) Who knows? This problem isn't going to go away just by trying to "educate it away", telling people not to read the stuff they get in their email.
Personally, I think virus scanners are generally a bit "behind the times" in this war. EG. How many scanners have you seen that allow starting up without having to boot the actual OS that's being used, so they can remove a virus without it getting a chance to execute in RAM first? Of these, how many can scan an NTFS file system when started up in that manner? (To my knowledge, only the expensive "Avast BART" product currently offers all of this.) Modern trojan horses and virii are often shutting down the virus scanner processes so scanners can't remove them. They even do such things as prevent "regedit" from running, so you can't just prune them from the registry and reboot. (Of course, so far, many are coded poorly enough so you can just rename regedit to something else and then run it -- but that's bound to change.)
MyBenLaden.B
MyBinLadin.Y
MyBinLadder.Z
where are the news of the Bin Laden's capture?
open4free
Uh, I don't think you have a clue what a security exploit is... better read up.
"don't ruine our bussiness" in Bagle J.
/.ed I confess)
These worms are being written for cash. They're opening spew holes for spammers.
They're being written for spammers, be it the "OEM CD" spammers who seem to have taken up residence in my spambox seemingly untouchable by the big companies (Corel, Microsoft, Adobe, Symantec) - all we see is the exact same site moving around day by day. Currently it's squatting it's ugly ass at http://www.cdsforyou.biz/ (yeah, I'm trying to get
Now let's get the congresscritters informed that viruses and spam are *the same fucking issue*
One of the problems with the destruction of files is that it implies this virus author isn't interested in commercial games (as such people want their virus well hidden). Thats worry because they are then not trying to hide within a system (like a well evolved natural virus) but can be quite happy to kill the host.. and all it takes is a bios erase or randomly setting the IDE disk password on all modern IDE hard disks and its factory return time.
Thank God that crackers don't know how to spell. I just look at the spelling of the message and count the spelling and grammar errors. Once they reach a threshold, I know it's a virus/worm message. ;-)
"The media is now beginning to suggest that this recent onslaught of new viruses (with new versions of major-impact viruses being found daily) the result of a virus gang turf war..."
Good for them. The deeper they get into their pissing contest the stupider they'll become, until someone makes a mistake or goes RL on the others. Then someone will get caught, and we can seriously get down to nailing some nads to trees.
Figuratively. Probably.
If, as has been suggested, some of them are associated with spammers, perhaps we'll be able to get two nads with one nail.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Worms require no human intervention. Mydoom, Netsky, Beagle, require a user to go ahead and open the attachment. Hence, human intervention, hence viruses.
Are you completely retarded? Strip all attachments?
No, that is not what I said. Interesting, you call me retarded and yet you cannot even read simple sentences.
What I said was they should scan outgoing port 25 traffic looking for executable attachments, and if found, they should quarantine that customer so they cannot continue to spew viruses across the internet.
I see that you were able to persuade some idiots to mark my original post as flamebait/troll. Typical.
Ironically, the word ironically is often used incorrectly.
Can someone please provide a lucid explanation of the difference between a "worm" and a "virus"? Please cite references.
My understanding was that a "worm" required no user action, such as Blaster/Nachia/Welchia last August, whereas a "virus" required user action for an infection to take place (executing a malicious e-mail attachment for example).
I run Mercury Mail and McAfee does a fine job keeping virus infected e-mails (or any file for that matter) from staying on the server to be downloaded by a user. In the off chance it can clean an e-mail I sometimes get a previously infected message with a zero byte attachment. When MyDoom came through McAfee reported 10,000+ deleted/cleaned files.
There is Open Source anti-virus software out there and there's really no reason to not run it on the server. Your server may not be succeptible to Windows viruses but your users are.
This new batch of viruses being zipped up seem to be getting past the anti-virus software. Most likely because they're zipped up and (supposedly) password protected which changes their signiture until you decompress it.
It may just be that software hasn't updated yet. It does that automatically on Fridays.
Ben
Work Safe Porn
Tonight on Fox!
sig mind freed
Has anyone else noticed that Mcafee hasn't been putting out def's very reliably lately? Their website claims they protect from latest viruses, but uvscan (their command-line unix client) doesn't find them, and their ftp site sometimes goes a few days without being updated.
Norton seems to have updates more often than once per hour.
I'm curious if this is a new thing (I hadn't noticed this before), or this has been going on a while. Also, do others have observations of frequency & latency of virus definitions? (Review sites seem to only test completness of catching thousands of historical viruses...)
When I read the articles this morning, I wondered why it was that they were 'including taunts' in the code.
You want to prove that your worm is better than the others? Make it not only propagate itself, but also make it clean up the competing worms in the process.
Jas
Software is like a goldfish - it'll grow to fit the size of it's bowl...
I got one of the Beagle variants to run under WINE. It was quite funny watching it spew under tcpdump.
Something wasn't right, though....it was sending empty attachments. I think I should report this bug to the WINE development team.
You're absolutely right! What I find so staggering (at least at MY company), is how little interest management has in enforcing "computer responsibility" rules like this. Users do all manner of deliberately stupid and occasionally destructive things to/with their computers (getting infected, mangling the OS, deleting the share folders because they "don't need them anymore", and this doesn't include the physical damage to equipment) and management doesn't seem to care how much time or money it takes to fix it.
I'm actually a peon manager myself and when I've actually *tried* to have meetings employees' managers and I'm amazed at the amount of disregard for deliberate, repeated behavior like this among these people's managers. They just don't give a shit.
I once asked our HR manager what she would do if an employee deliberately broke a window or cubicle, repeatedly; she told me they'd probably get fired THE FIRST TIME if the damage threatened someone's health, defintely the second time.
I told her that an employee had repeatedly done something stupid with their computer that was as expensive and time-consuming as a broken window, and she said "Well, I guess you'll just have to work out something with their supervisor."
I don't know what the unintended consequences of a "fuck your computer up and you're fired" policy would be (perhaps as destructive as a fear-based rollback of automation, productivity and information management gains), but it would certainly be nice if there was a concrete set of punishments including termination for at least the most eggreigious offenders. One good firing for computer malfeasance per year might just teach them some responsibility.
My ISP already filters outgoing traffic, and is much more effective. Whenever a major virus breaks out, they have a filter installed within a day or two that will monitor all traffic looking for certain signatures and patterns. If anything is detected, they cut of your internet connection and contact you to let you know your infected. Once you let them know they'll re-enable your connection (with filtering) and there will be a fix waiting in your mail box for you. The down-side is this only detects them after your infected (if the infection got past all their mail server virus scanning and such). Another good thing is that these filters detect most spam trojans too.
My User Agent: "Where is the pr0n?"
Number one people first need to tag (chmod or set exe bit)the script so it can be run. No default exe of the script. A little more time to think about what you are doing. It is a major failling of Outlook and Outlook Express. Under linux you have to save the attachment out and mark it as a exe before infection.
Now there is a little more here a infected user on linux will not infect any other user on the system with out cracking or a shared file. Most cases unless poeple are working on the same project there is not shared files.
This is default setup the instructions on linux setup tell you clearly to setup a root user passwd and a general user. This is to cause a protective system access to stop major infection. I have seen lots of windows users running as Admin this is completely stupid when you understand the risks. In side linux I can drop in and out of root user without a lot of trouble. But windows I have to login on a new screen. So poeple get tempeted to run a Admin to stop having to swap backward and forwards.
I must say...myself and the other academic evolutionary biologists that I'm surrounded by are entralled, collecting data and can't wait to see the outcome.
Nobody likes me
Everybody hates me
Just because I eat worms
Short fat hairy ones
Long tall skinny ones
See how the little ones squirm
Bite all their heads off
Suck all the juice out
Throw the empty skins away
Nobody Likes me
Everybody hates me
Cos I eat worms all day
Nobody likes us
Everybody hates us
Just because we eat worms
Short fat hairy ones
Long tall skinny ones
See how the little ones squirm
Bite all their heads off
Suck all the juice out
Throw the empty skins away
Nobody Likes us
Everybody hates us
Cos we eat worms all day
(Apologies to terry scott et al..)
"You lied to me! There is a Swansea!"
I'd be interested to hear what Steve Ballmer thinks of his company's software being used as the ammunition in this little gang war?
If I move into the rough neighbourhood, I'm not going to be able to stop the bullets just by being well educated. However, I can stop all of these viruses from infecting my computer by simply not opening executable mail attachments. With a very small bit of extra effort, I can keep my copy of Windows up to date as well, which should prevent against any of the attacks that don't rely on user stupidity.
"so that the only webpage they can see is one served from your network explaining that they are infected. Until they take steps to clean their machines, you quarantine all outgoing traffic on their connection." since fixing most virus problems involves using the internet somhow this doesnt seem to be a very effective way of making the customer remove the virus...
Sad part is, that something like this worked for windows users pretty well. I had a few of them almost screaming at me that I should check my (linux) machine for that evil SULFNBK.EXE file which was supposed to be some "internet based virus"
we remove attachments that are executables and candidates for malicious ones (.com, .exe, .bat, .pif, .zip, .scr, .vbs, .rar, .arj, etc.,) this has tremendously reduced our problems with viruses and worms. though it may impede some productivity, we opted to give big quota for users instead so they can receive uncompressed files. we have also started removing pop3 and imap4 access, restricted smtp access as well. we are using a web based e-mail service. this prevents any further infections exploiting outlook. if a computer gets infected, they won't be able to send to the smtp server as well since only a very selected few computers are able to relay there. our helpdesk calls have been reduced by this.
Live your life each day as if it was your last.
Yes.
might have said . . . (sig) . .
.
(David Bowman, EVA near HUGE Monolithic Win-PC in orbit around Jupiter) "My God - its full of Malware!"
Simple solution (sorta).
Post the file itself on your webspace or ftp space
and send the (encypted) link to it to the recipient.
The problems are:
1)The sender has no webspace / ftp space access.
2)The file is too big to post to your webspace / ftp space or it has to be 'chopped up' and 'spread out' accross several accounts (ala AOL).
3)You live in a place where (strong) cryptography is PROHIBITED--ILLEGAL TO USE!!! (like France?)
So what do you do now?