Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nasty New Virus Variants

Posted by timothy on from the must-have-windows-to-try dept.

Lucidus writes "Numerous journals, such as Mac Daily News and The Motley Fool, are reporting that the latest versions of the Beagle/Bagle virus can infect users' computers whether or not they open an attachment. Apparently, the simple act of selecting the message activates the code. Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?"

34 of 1,050 comments (clear)

  1. Simple... by Anonymous Coward · · Score: 4, Insightful

    Don't use Microsoft products... or use them and have an up-to-date modern Anti Virus scanner.

    1. Re:Simple... by Sarin · · Score: 4, Insightful

      not a bad idea.

      After the latest infection on my parents' computer, though mcaffee was installed and auto-updating and eudora, I decided to choose for the first.
      I wiped microsoft from the computer and installed gentoo with kde, firefox and sylpheed-claws and I made it autologin into their kde account.

      My parents have never been happier with their computer: 'internet is so much faster now' and 'hey that solitaire game is much more fun' and 'that thing allows you to have multiple virtual screens', it even looks better now and I told them they could click on any email virus they wanted.

    2. Re:Simple... by Perseid · · Score: 5, Insightful

      People have a tendency to forget that the evil-nasty viruses come out BEFORE the virus-scan developers have a chance to add it to their software. It is very possible to have the newest AV updates and get hit by a virus.

      People who hide behind virus scanners as if they solve all of the world's problems are part of the problem themselves.

    3. Re:Simple... by dustmite · · Score: 5, Insightful

      Yes, it's actually impossible to be protected against the 'latest virus that just came out', because it's impossible that your AV vendor has protection against a brand new immediately (unless the AV vendor wrote it themselves). There always must be a "window" between time of discovery of a new virus and the time that your AV is updated to protect against it during which you are vulnerable, and this is typically anything from a few hours to a few days.

      But just try to explain this logic to the damn "if you run an AV and keep your definitions up to date you'll have no problems" crowd ..

    4. Re:Simple... by Weekly+IT · · Score: 4, Insightful
      I told them they could click on any email virus they wanted

      Maybe its just me here, but I think that might be a very dangerous way to think about viruses. Sure there aren't that many viruses know to affect Linux boxes, but one nasty one, possibly written by a Windows geek who's fed up with your kind of thinking, could do a lot of damage. Combined with the simplistic idea that "I have linux, no virus can touch me" and the growing popularity of Linux, I see a growing potential for harm.

    5. Re:Simple... by LurkerXXX · · Score: 4, Insightful
      And if you don't run your Windows machine as Admin, and you do backups of it, your in the same shape.

      The problem is most windows users do run as admin (That's the way it came from the store. They'd run it as 'root' as installed if they had a Linux box. They just don't know better). Most also don't do backups, which is the critical part. Most machines bought these days come with a 'restore' CD that can have the system back to original shape in a hour or two, but the critical thing, the users data is still gone. It doesn't matter if you are on *nix or windows, their is usually a lot more time/value lost in losing the user space files than in simply reinstalling the OS/apps. *nix viruses will do just about as much damage if the user runs something they shouldn't.

      It's not an OS thing, it's a user education thing.

    6. Re:Simple... by doublem · · Score: 4, Insightful

      The problem is, running as anything other than admin isn't always an option because of poorly written applications.

      Case in point: Omnipage.

      We have an older version of Omnipage. I forget the logic behind not upgrading, but we'll leave that as an aside.

      If you run as anything other than an Administrator, the application appears to freeze at startup. What's really happening is that the splash image is concealing an error message. You have to know the windows shortcut keys necessary to either move the error message until it's visible or just hit the "YES." Once loaded it's still a mess, and can't open any files.

      Long story short, in order to be able to use a software package that has become critical to our business process, we have to have a bunch of users running as the administrators on their local machines. W2K "Run As" doesn't cut it, as the problems still occur.

      --
      "Live Free or Die." Don't like it? Then keep out of the USA
  2. Switch!!! by Anonymous Coward · · Score: 4, Insightful

    Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?

    Well, this one is gonna start a whole slew of flaming and trolling over the virtues of one platform over another as it is kinda a loaded question with a simple answer:

    Switch

    So let's start right off with a big razz towards Windows users from both the Linux and Macintosh communities.........

    Thhhbibibibibbbpt!!!

    Seriously though, when are you guys gonna get the picture? Microsoft if chasing a moving target here and they will always be behind the curve, reacting to the latest virus outbreak until they fix what is fundamentally wrong with the Windows architecture. Hopefully this will happen with Longhorn in 2006......or 2007.........or whenever.

    1. Re:Switch!!! by NemesisEnforcer · · Score: 4, Insightful

      Your solution is to switch to an entirely new OS because their "default" email program is poop?

      How about all the windows users check out Mozilla Thunderbird. You can keep your nice, friendly OS, and still not have to worry about insanely sad security. http://www.mozilla.org

      However, if you're feeling a tad adventurous, then by all means check out the alternative OS choices. Need some names? Check out FreeBSD, Red Hat (Fedora Project), Mandrake, and there are plenty more on distrowatch.

    2. Re:Switch!!! by golgotha007 · · Score: 5, Insightful

      you don't really need to go so far as to switch operating systems. perhaps this is a wake up call for those to switch to different applications that have the same or similar functionality.

      i use both windows and linux machines day to day.
      on my windows machines, i've activated the built-in firewall and use Mozilla Thunderbird for mail and Mozilla Firefox for web browsing.

      i have zero problems with viruses or worms.

      The real culprits here are IE, MS Outlook (& Express).

    3. Re:Switch!!! by Coryoth · · Score: 4, Insightful

      Switching won't really help.

      The reason most (or all) viruses are written for Windows is because that's where they'll do the most damage, since most people use Windows.

      All fine and well, but it will help you if you switch, because then you'll be joining the happy minority that don't worry about such things.

      Of course if everyone switches it will be a problem, but really, what are the odds of that actually happening?

      It;s all fine and well to say "If everyone switched we'd still have the same problems with viruses", but realistically, everyone isn't going to switch. A lot of people are heavily locked into their current platform - so, if you can, switch...

      Jedidiah.

      --
      Craft Beer Programming T-shirts
    4. Re:Switch!!! by dougmc · · Score: 5, Insightful
      The reason most (or all) viruses are written for Windows is because that's where they'll do the most damage, since most people use Windows.
      There is some truth to this.
      If everyone switches to Linux or Mac OS then you'll start to see viruses for those operating systems.
      Some more truth ...
      You should be glad you're in the OS minority. That's what's keeping virus writers away from your system.
      That's one small thing that's keeping virii out of my system. But it's only a small thing. Other things?

      My mail client (mutt) does not run under an account that has full access to the entire system. Instead, it runs as me, and cannot replace parts of the OS even if it wants to. So it can't do things like replace part of the TCP/IP stack -- a popular Windows worm/virus trick.

      My mail client does not automatically execute things sent to it. Instead, it shows me the text included in a file, and if I want to, I can open an external program to view it (like a movie player.) But under no conditions does it execute the email as a program, unless I save it to a file myself and execute that.

      ... And I know better than to do that unless I trust the source of the file, or can read through it and tell what it does.

    5. Re:Switch!!! by Anonymous Coward · · Score: 4, Insightful

      I've never had to worry about such things.

      I use Outlook 2003 every day with an up-to-date virus scanner and I maintain my Windows XP with Windows Update regularly.

      Every virus I get is automagically snagged by Norton AntiVirus before it can do any harm.

      My Windows 2000 server running IIS is fully visible to the public, and it never gets hacked. Know why? Because I can properly configure IPSec and maintain my patches.

      Maybe the solution is not "OMG SWITCH TO LUNIX LOLLERS", but rather, educate the Windows users better. Make them more intelligent and clue them in to what they need to do to not fuck up their system.

      People often tout Windows as "it's so easy my dead grandmother can do it" but I've learned in my years of sysadmining that Windows takes quite a bit of general knowledge to get working great, and once you do, you will have no problems.

    6. Re:Switch!!! by ncc74656 · · Score: 4, Insightful
      If everyone switches to Linux or Mac OS then you'll start to see viruses for those operating systems.

      I'd like to see someone try to write a virus or worm that affects plain-text-only mail readers like Mutt. That would be a clever hack. I also suspect it'd be damn near impossible to pull off. How badly would you have to screw up something that displays plain text for a vulnerability to appear?

      The moron who had the "bright" idea to start sending HTML in email needs to be taken out back and shot.

      --
      20 January 2017: the End of an Error.
    7. Re:Switch!!! by KevCo · · Score: 4, Insightful

      Exactly. So many people go on and on about how Linux or MacOS would be hit just as hard as Windows if they had the same market share. So what? The reality is that in the here and now they are safer alternative. If it is because of superior design, or simply insufficent user base to make them juicy targets, the result it the same to the end user.

  3. Aside from... by ZiZ · · Score: 5, Insightful
    ...applying the patch which the article says was out last October?

    I don't know. Webmail, one of the numerous non-vulnerable email clients for Windows, maybe give up email entirely?

    --
    This flies in the face of science.
  4. Monoculture is bad by lavalyn · · Score: 4, Insightful

    The viruses have mutated in the wake of developed resistance (slightly more educated users). It's an evolutionary battle being fought...

    But as there are way too many deployments of Outlook as it is, and because it is Outlook/IE that is being exploited, the first solution would be to increase diversity in that field. Other mail clients, such as Thunderbird, or Eudora, will thrive while Outlook continues to succumb to these new diseases.

    Oh who am I kidding, Outlook will continue to wreak its wrath upon the Net and cause us to all suffer as a result.

    --
    Doing the Right Thing should not be preempted by making a buck.
    1. Re: Monoculture is bad by Black+Parrot · · Score: 5, Insightful


      > But as there are way too many deployments of Outlook as it is, and because it is Outlook/IE that is being exploited, the first solution would be to increase diversity in that field.

      IMO e-mail viruses don't result from monoculture; they result from bad software design. Namely, e-mail clients that execute attachments.

      We'd have Linux e-mail viruses in a minute if the popular e-mail clients added support for automatic execution of attachments. (Assuming anyone was foolish enough to use them.)

      --
      Sheesh, evil *and* a jerk. -- Jade
    2. Re: Monoculture is bad by bgarrett · · Score: 5, Insightful

      Bad software design can emerge from a monoculture. Linux et al. is mostly virus-free because there is no Linux Inc. who writes email clients that auto-execute attachments simply because some corporate customers like it that way. The design goals and objectives of FOSS are capable of being highly secure because there is no central management ensuring that something else takes priority at all costs.

      --
      Nothing worth doing is worth doing today.
  5. how to fix by AnonymousCowheart · · Score: 4, Insightful

    How to fix this? Install mozilla!
    Anyway, according to this article here,
    "Bagle exploits a flaw in Outlook, revealed in October of 2003, that allows a hacker to upload and execute a file on a user's PC without that user opening the file. Microsoft has issued a patch for the flaw in October, but users who have not updated their systems with this patch are at risk."
    If you run an MS machine, and don't know that you have to update regularly, you need your head checked. Besides, updating an MS machine really is easy.

  6. Download Email Headers Only by Boyceterous · · Score: 4, Insightful

    One feature of MS Outlook that is missing from most other email clients is the ability to download just email headers. I use this feature to review sender/subject and I can identify all spam just from that.

    Actually, I use my own program to download headers, score them for likely spam, delete the garbage emails(without ever downloading the actual content), then start outlook to get the real ones.

    Obviously, if a legit sender transmits a virus, it's a problem, but I guess that's why I pay Symantec.

  7. Re:1 answer. by tepples · · Score: 4, Insightful

    Unless your IT department cluelessly refuses to turn on IMAP4 "for security reasons."

  8. Re:How about.... by photon317 · · Score: 4, Insightful


    Mozilla Thunderbird is a great lightweight email client replacement for Outlook. Your average home user who has an imap or pop account from an ISP really has no good excuse not to uninstall Outlook from their machine and switch. Corporate users on the other hand are a little more screwed, since many of them use Exchange servers that don't have OWA turned on and/or aren't Exchange 2000/2003, which precludes using Evolution's commercial plugin to get calendaring integration and whatnot. However corp users that do meet those server-side requirements can do so. Or if you don't use or need the calendaring part in your organization and the exhcnage server has IMAP, then you can also go Thunderbird there too.

    --
    11*43+456^2
  9. How about... by Spacejock · · Score: 5, Insightful

    ... using email software which doesn't render HTML, and instead shows it as plain text without images?

    Yes, I wrote it. I wrote it because 99% of the messages I receive in HTML format are advertising. Most of those use dinky little images with referrer IDs to verify your email address is valid. The 1% I really need to see in HTML ... well the program has a link so you can view it in your default browser, if you really have to.

    I know it's going back to the dark ages, but maybe NOT running javascript, html, etc is actually GOOD when it comes to emails.

    I'm not advertising this thing, it's freeware anyway. I was a moderately happy Outlook Express user for years, but the lack of spam torturing implements drove me to write my own. Yes, I tried Mozilla, Eudora, etc etc. I think Thunderbird looks interesting too, and I recommend it. But personally I can't do without my POP3 preview window with colour tagging for spam, valid mail, blocked senders, ignored, etc. And deleting stuff before download. And bayesian filtering. And anything else I feel like adding, whenever I want to.

    --
    Hal Spacejock: Science Fiction with Nuts
  10. All you poor poor Outlook users by GillBates0 · · Score: 5, Insightful

    I pity you so :'( tsk tsk
    Proud user of Pine since 1994. Thank you, Univ. of Washington!

    ? HELP - Get help using Pine

    C COMPOSE MESSAGE - Compose and send a message

    I MESSAGE INDEX - View messages in current folder

    L FOLDER LIST - Select a folder to view

    A ADDRESS BOOK - Update address book

    S SETUP - Configure Pine Options

    Q QUIT - Leave the Pine program

    Copyright 1989-2003. PINE is a trademark of the University of Washington.
    ? Help P PrevCmd R RelNotes
    O OTHER CMDS > [ListFldrs] N NextCmd K KBLock

    --
    An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
  11. Re:How about.... by pyite · · Score: 4, Insightful

    And it costs MORE not to switch. Unfortunately, most companies can't see past their nose as far as technology costs are concerned.

    --

    "Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman

  12. Generic Rant by _Potter_PLNU_ · · Score: 4, Insightful

    <Insert Generic Windows Rant Here>
    <Insert Generic Praise about Linux/Mac Here>
    <Submit knowing that anyone that has the problem will never see it here>
    --
    "Hard work never killed anyone." -- Some Dead Guy
  13. Yes They Are Sexually Transmitted by amigoro · · Score: 4, Insightful
    One could argue that most of these viruses appeal to the base elements of the human psyche. For example, how likely are you to open an email with a topic like:
    Re: My Photo by Cindi
    Re: Hi Sweetheart by Melissa
    Re: From you Secret Admirer by Linda Lovelace

    etc.

    Moderate this comment
    Negative: Offtopic Flamebait Troll Redundant
    Positive: Insightful Interesting Informative Funny

    --


    Nothing to see here
  14. Re:protecting from viruses by cs · · Score: 4, Insightful
    And ISP filtering can readily be a PITA depending on the lists you read. Example: I'm on several Yahoo lists. Naturally the odd virus (or virus-looking) email gets onto one of the lists and (apparently) my ISP bounces it (even though I've got "no filtering please" chosen with them). Anyway, the bounce is an SMTP 553 bounce. Yahoo considers this a "hard" bounce (which it is) and TURNS OFF ALL MY YAHOO DELIVERY. Very very very annoying.

    Now, one side of this is that SMTP needs (and lacks) a "this particular message will always be refused" error code. That would work well for virus filters, since the delivering system (eg Yahoo) could them just discard that message and continue with everything else.

    The real fix is not to use these buggy mail clients. Like M$ LookOut!

    And, though it's not applicable to the outright-buffer-overflow viruses like this one, not to use systems with the vile design flaw of letting users click on attachments and execute stuff. For example, my mutt mail reader has a mailcap that drives its attachment handling. Every clause runs a viewer. If I get a .exe I get told its size or offered an opportunity to save it to disc. It does not offer or try to run it. This core distinction is the weakness in the windows mail world: no attachment should have executable power. An explicit user driven install ritual should be needed to get such a thing into a context where it can be run. i.e. it should be a safe action for a user to double click any attachment - that act should always invoke a viewer of some kind.

    --
    Cameron Simpson, DoD#743 cs@cskk.id.au http://www.cskk.ezoshosting.com/cs/
  15. Re:protecting from viruses by afidel · · Score: 4, Insightful

    Just strip all executable attachments. We do this and haven't had a single virus hit our network since implementing this simple step. Of course some worms have been distributing themselves inside of zips but that still takes more steps and hence more chances for the user to think about what they are doing, plus MS email clients can't auto-execute them (most people run Groupwise client on the Citrix farm but some do run Outlook via POP).

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  16. The solution is easy, but... by Infonaut · · Score: 5, Insightful
    The fact of the matter is that we're dealing with Windows. Most Windows users just want to use their computer and know as little as they can about how it actually works. They don't know the meaning of terms like "dialog box", "alert message", "preview panel" and so on.

    I'm not saying this to single out Windows users. Most non-professional Mac users are the same way. It's just that Windows is used by people who use what everyone else uses because they feel safe in doing so. They may not know how their computers work, but they're more afraid of looking deviant than having technical malfunctions.

    The subconscious refrain of Windows users around the globe is, "Well, at least I'm not the only one with this problem."

    Those Windows users who actively try to prepare themselves against the almost daily barrage of new worms, viruses, vulnerabilities, and other Windows annoyances still have a difficult time keeping up with it all. Even experienced Windows power users frequently find themselves overpowered by the ongoing war against malicious code.

    So the solution to this vulnerability is simple. But when you look at the situation in context, the potential for widespread havoc is a lot greater.

    --
    Read the EFF's Fair Use FAQ
  17. Re:Two Words: by hallucination · · Score: 4, Insightful

    How can you get a 0.1% false negative rate when 30% of spam is getting through?

    He isn't saying that 30% of spam is getting through.... He is saying that they are blocking 70% of their incoming mail as it is spam. That means that 30% is determined to be real mail.

  18. Devil's Advocate by EventHorizon · · Score: 5, Insightful

    I love Linux and have used it since 1996, but I don't love half-truths. Mods, do what you must:

    1. Unless you have a special 'l00s4h' account for running network programs, you can lose anything owned by your normal account. Typically that's all your data (norp, zeraw, 3PMs, financial data, etc). You're saying losing all that stuff is _better_ than losing the core OS, which you can replace over HTTP in 10 minutes?

    2. Even with 'l00s4h', if your kernel has priviledge escalation bugs, bad guys can still get r00t. Linux had two of these in the past six months.

    3. You've personally audited mutt for overflow issues? How about the 1GB mozilla codebase?

    4. You trust Debian? Gentoo? GNU? Even though they don't always cryptographically sign binaries and even though their servers were 0wned a few weeks back?

    5. apt-get, emerge, etc don't typically use SSL, so how do you know you aren't being man-in-the-middled when you run it (as root)?

    Linux can be made more secure than d0ze--but don't delude yourself, or others.

  19. Re:.NET by Rick+Zeman · · Score: 4, Insightful

    It's called the .NET runtime, and when Longhorn comes out and EVERYTHING including Windows itself is running on .NET libraries, you're going to have some damn secure systems. What will Slashdotters find to bitch about next? There's always something--it's impossible to satisfy people around here. The friggin' sky is always falling.

    Color me cynical, but didn't MS tout the absolute security of W2k3? And Win2k before that? Sorry, with their record they're guilty until proven innocent.