Slashdot Mirror


Nasty New Virus Variants

Lucidus writes "Numerous journals, such as Mac Daily News and The Motley Fool, are reporting that the latest versions of the Beagle/Bagle virus can infect users' computers whether or not they open an attachment. Apparently, the simple act of selecting the message activates the code. Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?"

4 of 1,050 comments (clear)

  1. Not just clicking on it by Unordained · · Score: 5, Interesting

    As per the article (Motley, at least) ... the virus is executed by some malicious HTML in the message, which would be activated if the message is viewed in full or preview(pane) modes. Simply clicking on the message in the list (you -did- turn the preview pane off, didn't you?) won't infect the machine. However, this does mean that similar HTML, from a web browser, might also be dangerous. Anyone have info on that idea? (Malicious websites giving you the virus by visiting the site?)

  2. Re:Switch!!! by the_womble · · Score: 5, Interesting
    The reason most (or all) viruses are written for Windows is because that's where they'll do the most damage, since most people use Windows.

    So IIS has had more security issues than Apache and SQL server more than Oracle becuase they are more widely used right? Oh...

    There has not been ONE single Linux virus that has propagted in the wild: given the huge nubmer of viruses out there I would have thought someone* would have written and released one for Linux just to show it can be done.

    * probably one of those fanatical Windows apologists who think that Linux users are communists** or worse

    ** despite the fact that it is MS that advocates central planning.

  3. Re:Wow, people love to blame Outlook. by kurt_cagle · · Score: 5, Interesting

    I have had received more than a few patches from Microsost which:
    a) Failed to solve the problem in the first place,
    b) Caused another problem to appear in a seemingly unrelated application, resulting in significant time spent debugging, uninstalling, and otherwise wasting time for something I had no control over,
    c) Ended up adding significantly to the amount of unusable space on my Windows XP system,
    d) Added considerably to the bloat of the System Registry.

    I moved our entire company off Windows to SuSE Linux after one of our primary public facing servers became infected with a worm which enterprising hackers used to store (and later serve) German porn movies. This despite our sysadmin religiously installing patches.

    That is a big part of the reason why I no longer find the argument that Windows is just simply the largest target even remotely accurate. My sysadmin also does some coding work, and every patch that needs to be uploaded reduces his profitable time; to have something that compromises the integrity of our system in such an egregious manner is not acceptable.

    I would rather have a good sysadmin that knows what he's doing maintaining a secure Linux system than having a less competent sysadmin maintaining a Windows system because the system tools are easier to use, even if it means paying more to the Linux admin.

  4. Re:protecting from viruses by slamb · · Score: 5, Interesting
    The first time my ISP has a false positive and blocks a legitimate email, I'm going to be pissed. This is probably why they don't do it - they can't risk false positives.

    False positives aren't that bad if you handle them well. The trick is to never silently discard an email. It's much better to send a friendly error message like:

    • "Appears to be W32/Sobig virus. If this is a legitimate message, please change the subject line and resend." (They can easily do so.)
    • "Attachment name "$1" ends with ".$2", which I've disallowed because of worms filling the mail queues. Please arrange an alternate way to send this file." (If nothing else, they can send an email saying 'tried to send you a ZIP file; it didn't work' and I can temporarily relax the rule.)

    I do this with a 5xx rejection during the SMTP session. So what happens is:

    • if their client connects directly to my mailserver, they get an error message before the compose window has even gone away. They can make the necessary changes and resend easily.
    • if their client connects indirectly, the other mailserver will generate a bounce from this message. The sender will get their original as an attachment, so they can modify it even if they don't keep sent messages.
    • if a virus or worm connects directly (the most common case), it receives an error message and gives up. No bounce is sent to the owner of the "From" address. That's good because the address is forged; said owner has nothing to do with the infected machine. No point in filling their mailbox with bounces.
    • if the virus connects indirectly, the owner of the "From" address does get a bounce. Undesirable but not devastating. This seems to happen rarely. Maybe only when there's a transparent SMTP proxy along the way or something.