Slashdot Mirror
Nasty New Virus Variants
Lucidus writes "Numerous journals, such as Mac Daily News and The Motley Fool, are reporting that the latest versions of the Beagle/Bagle virus can infect users' computers whether or not they open an attachment. Apparently, the simple act of selecting the message activates the code. Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?"
Don't use Microsoft products... or use them and have an up-to-date modern Anti Virus scanner.
the ISPs need to have some server-side virus scan running. we do through our company's email server, and so far, it seems to work like a champ
Alcohol & calculus don't mix. Never drink & derive.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
Well, this one is gonna start a whole slew of flaming and trolling over the virtues of one platform over another as it is kinda a loaded question with a simple answer:
Switch
So let's start right off with a big razz towards Windows users from both the Linux and Macintosh communities.........
Thhhbibibibibbbpt!!!
Seriously though, when are you guys gonna get the picture? Microsoft if chasing a moving target here and they will always be behind the curve, reacting to the latest virus outbreak until they fix what is fundamentally wrong with the Windows architecture. Hopefully this will happen with Longhorn in 2006......or 2007.........or whenever.
How about...
a. Turn off preview pane
b. Use OWA
c. Stop using Outlook/Outlook Express
?!
pine (or mutt)
Jon Bardin
Right-click
err...
One word, hyphenated.
Use thunderbird, connect to exchange via IMAP4, use the web interface for calendaring.
Karma: Chameleon (mostly due to the fact that you come and go).
I head straight to the Motley Fool. Likewise, when I want financial info, I'm on Slashdot.
I don't know. Webmail, one of the numerous non-vulnerable email clients for Windows, maybe give up email entirely?
This flies in the face of science.
The viruses have mutated in the wake of developed resistance (slightly more educated users). It's an evolutionary battle being fought...
But as there are way too many deployments of Outlook as it is, and because it is Outlook/IE that is being exploited, the first solution would be to increase diversity in that field. Other mail clients, such as Thunderbird, or Eudora, will thrive while Outlook continues to succumb to these new diseases.
Oh who am I kidding, Outlook will continue to wreak its wrath upon the Net and cause us to all suffer as a result.
Doing the Right Thing should not be preempted by making a buck.
As per the article (Motley, at least) ... the virus is executed by some malicious HTML in the message, which would be activated if the message is viewed in full or preview(pane) modes. Simply clicking on the message in the list (you -did- turn the preview pane off, didn't you?) won't infect the machine. However, this does mean that similar HTML, from a web browser, might also be dangerous. Anyone have info on that idea? (Malicious websites giving you the virus by visiting the site?)
How to fix this? Install mozilla!
Anyway, according to this article here,
"Bagle exploits a flaw in Outlook, revealed in October of 2003, that allows a hacker to upload and execute a file on a user's PC without that user opening the file. Microsoft has issued a patch for the flaw in October, but users who have not updated their systems with this patch are at risk."
If you run an MS machine, and don't know that you have to update regularly, you need your head checked. Besides, updating an MS machine really is easy.
One feature of MS Outlook that is missing from most other email clients is the ability to download just email headers. I use this feature to review sender/subject and I can identify all spam just from that.
Actually, I use my own program to download headers, score them for likely spam, delete the garbage emails(without ever downloading the actual content), then start outlook to get the real ones.
Obviously, if a legit sender transmits a virus, it's a problem, but I guess that's why I pay Symantec.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
place 2 other junk emails around it, select the top 1, hold shift, select the bottom one.... DELETE.
... using email software which doesn't render HTML, and instead shows it as plain text without images?
... well the program has a link so you can view it in your default browser, if you really have to.
Yes, I wrote it. I wrote it because 99% of the messages I receive in HTML format are advertising. Most of those use dinky little images with referrer IDs to verify your email address is valid. The 1% I really need to see in HTML
I know it's going back to the dark ages, but maybe NOT running javascript, html, etc is actually GOOD when it comes to emails.
I'm not advertising this thing, it's freeware anyway. I was a moderately happy Outlook Express user for years, but the lack of spam torturing implements drove me to write my own. Yes, I tried Mozilla, Eudora, etc etc. I think Thunderbird looks interesting too, and I recommend it. But personally I can't do without my POP3 preview window with colour tagging for spam, valid mail, blocked senders, ignored, etc. And deleting stuff before download. And bayesian filtering. And anything else I feel like adding, whenever I want to.
Hal Spacejock: Science Fiction with Nuts
I pity you so :'( tsk tsk
Proud user of Pine since 1994. Thank you, Univ. of Washington!
? HELP - Get help using Pine
C COMPOSE MESSAGE - Compose and send a message
I MESSAGE INDEX - View messages in current folder
L FOLDER LIST - Select a folder to view
A ADDRESS BOOK - Update address book
S SETUP - Configure Pine Options
Q QUIT - Leave the Pine program
Copyright 1989-2003. PINE is a trademark of the University of Washington.
? Help P PrevCmd R RelNotes
O OTHER CMDS > [ListFldrs] N NextCmd K KBLock
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Except that it's on by default. :)
I found that out when I started work at a new company with my PowerBook. Connect to the Exchange via IMAP4 for mail, point the address book at the exchange server via LDAP. iCal wasn't around then, but using that along with groupcal would allow you to do your calendaring, and all without using a single 'authorized' MS client.
On windows...dunno, perhaps there something similar to the groupcal/ical combo to get your calendaring done without Outlook, but I'm not aware of one offhand.
Karma: Chameleon (mostly due to the fact that you come and go).
It really ensures the user wants to open attachments to emails, and it integrates fine with Norton Antivirus. It even comes with a Bayesian Spam filter (Which really works, once you get a lot of spam emails for it to learn from).
The Bat is a great program, and it's really improved, especially over the past year.
The mime-type bug has been known for a long time. Microsoft has corrected it (twice :-)). I know this because my parents' computer was infected between their first and second attempts to fix the problem.
.exe, and it was executed.
In a nutshell, Microsoft uses the filename extension, not the mime type, to decide how to open a particular file. On the other hand, Outlook uses the mime type to decide whether or not to automatically launch images, sound files, etc. So all you had to do was to send a mail with an embedded image with a filename ending in
It has been more than a year since Microsoft crippled^H^H^H^H^H^H^H^Hfixed IE/OE sufficiently to remove this vulnerability.
I must concur with previous posters that the best approach is to avoid these software products.
It has been STANDARD practice for quite some time to not use the "Preview Pane" feaute in Outlook. Since html code is displayed as if it were in a browser, this has been open to malicious attacks for quite some time.
This is not New.
This is not News.
This doesn't even matter.
This is not even accuratly portrayed. Selecting an email isn't the problem, displaying it is the problem.
"Hard work never killed anyone." -- Some Dead Guy
Also nice are programs that let you delete the email at the server before you download, such as mailwasher, and with free versions.
Of course, there are a number of alternate email clients out there that will also help block this beastie
"It is a greater offense to steal men's labor, than their clothes"
I've said it before, and I'll say it again: people need to start being responsible for THEMSELVES. It's not Outlook's fault that the user didn't patch their system.
I'm sure that if someone wanted to take the time and analyze the source for Thunderbird, they could easily write the same type of worm/virus. However, you won't get the same type of media coverage that the others written for mainstream products will get. And yes, MS does write some exploitable code.
Most users who aid in the spread of these viruses/worms are ignorant. Time after time, news report after news report, they CONTINUE to fail to keep their systems up to date.
What's funny is each and every mainstream worm has been written AFTER the patch has been released.. and it's not like the day/week after, it's 5-6 months after. That's sad.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
Easy for casual email users, but not for corporate people like myself. All meetings are scheduled via Outlook and if I don't promptly respond to meeting requests, I get rough verbal feedback from my boss. Even though I do most of my development in Linux, I still need a windows machine to use Outlook 2003. You're lucky if your company doesn't force you to use Outlook for all the meeting/appointment scheduling. But unfortunately there is no solution here. Even Evolution is not a solution since it doesn't quite support calendaring very well. Would you care to offer more useful advice? Thanks!
Re: My Photo by Cindi
Re: Hi Sweetheart by Melissa
Re: From you Secret Admirer by Linda Lovelace
etc.
Moderate this comment
Negative: Offtopic Flamebait Troll Redundant
Positive: Insightful Interesting Informative Funny
Nothing to see here
The problems come about when you have a bunch of software set up together that works. Then MS goes change something in IE and Acroreader stops working forcing you to go upgrade or reinstall acroreader. Things seem OK for a while, then something else stops working...
This is fire-fighting of an out of control software platform. It is not exactly a great user experience. MS stuff was never really designed to be hooked to the internet.
Engineering is the art of compromise.
It occurs to me that both of the articles in the post are extremely light on facts. Furthermore, one of them has the rather pithy headline "Five new Windows Bagle virus variants break nasty new ground; Macintosh unaffected". Frankly, I don't care enough about the story to go hunting for news from appropriate sources like Symantec or McAffee, but it would be nice to see /. posters and/or editors go the extra mile to get out there and find information that is slightly higher than tabloid-quality.
Normally, I would bite my tongue on something like this, but it seems pretty obvious that in this case, the underlying theme of the article is "ha ha, isn't Microsoft terrible", which is pretty juvenile and meaningless. Here's a company that provided - in October - a working patch to prevent the flaw that is exploited by this virus. I'd say that's pretty reasonable, given the circumstances.
[Cue flames.]
...Whether my Maker is prepared for the great ordeal of meeting me is another matter.
Churchill
I've said this before, SWITCHING FROM WINDOWS TO LINUX WILL NOT ELIMINATE THE PROBLEM. .zip file prove that.
If a user does not know how to run a windows machine (keeping up to date on patches, running antivirus software, etc) then please explain to me how they'll be able to admin a linux machine. The truth of the matter is, they can't and they won't. The ranting of *nix fanbois aside, the problem exists between chair and keyboard. The email viruses that require you to open a password-protected
I'm certainly not trying to hold up windows as the platform of choice, because it sure as hell isn't mine; but regardless of your operating system of choice, if you're clueless you're clueless; and unless you fix that first, you're not going to fix the overall problem.
I'm not saying this to single out Windows users. Most non-professional Mac users are the same way. It's just that Windows is used by people who use what everyone else uses because they feel safe in doing so. They may not know how their computers work, but they're more afraid of looking deviant than having technical malfunctions.
The subconscious refrain of Windows users around the globe is, "Well, at least I'm not the only one with this problem."
Those Windows users who actively try to prepare themselves against the almost daily barrage of new worms, viruses, vulnerabilities, and other Windows annoyances still have a difficult time keeping up with it all. Even experienced Windows power users frequently find themselves overpowered by the ongoing war against malicious code.
So the solution to this vulnerability is simple. But when you look at the situation in context, the potential for widespread havoc is a lot greater.
Read the EFF's Fair Use FAQ
AV solutions can and do break. Our's did at my provider. We still haven't got it back online. Our users have had to endure the full brunt of infected email for far too long.
No single AV solution can be up-to-date at all times. For starters we can't update our virus definitions within minutes of a newly discovered virus. It just doesn't happen. AV companies couldn't afford the bandwidth without raising our costs beyond what's considered reasonable. Free solutions such as ClamAV certainly couldn't afford it. Also, not all AV companies discover viruses at the same time. F-Prot might find the latest version of MyDoom before Symantec does. The fact that they found it means it's already in the wild as someone has had to analize it, create a patch for the defs to match this virus, get the patch through Q&A, and get it approved for the next release. There could be numerous hours between the virus getting into the wild, being discovered, being analyzed, and being caught in the latest virus defs.
Finally no defense of any kind should ever be one layer thick. One layer thick means you have no backup plan. No backup plan means you have no contingency for failures. No contingency for failures means your DRP (disaster recovery plan) has either been written fraudulently or you don't have one. In today's business world that means you'd better start updating your resume. A provider's mail system should not be the only line of defense from email-based viruses. Every single end-user desktop should have an up-to-date AV tool scanning all mail ahead or as a companion to the MUA. This is the *only* acceptable means of defense. You have to have end to end protection.
Many AV company's licensing scheme take both mail system users and desktops into account. Read the wording carefully because you may very well be able to use the end-user license to cover that user's part of the mail system....
Well, actually, I do well helping out joe sixpack with exactly this sort of thing. Not everyone is a programmer.
and you might be interested in these articles
Eric Raymond's rants: Part Onet ml
http://www.catb.org/~esr/writings/cups-horror.h
Some follow-ups:e ux.html
http://www.catb.org/~esr/writings/luxury-part-d
And mind you, I really don't like bill gates, either. So your criticism might be slightly off base. have a beer or take a pill, please
"It is a greater offense to steal men's labor, than their clothes"
>c. Stop using Outlook/Outlook Express
I dont know why slashdot posted this particular fact-free article and with the "what are users supposed to do?" tagline.
The patch is six months old, people. This isn't some major zero-day exploit that is tearing the internet apart.
I use firefox/tbird on windows, but still, lets be sensible here. People can use the IE/OE combo without too much fear as long as they keep auto-update running.
Don't use Outlook/OE.
There are tons of other options out there that aren't vulnerable, such as Mozilla and Thunderbird.
Thank you for telling me this!! As a Slashdot reader, I never would have known that Microsoft's products suck and far superior open source equivalents exist!
Everything I ever read on Slashdot has been pro-MS propaganda until your brilliant comment escorted me out of the cave of ignorance to the enlightened world above!
My eternal thanks.
pi = 3.141592653589793helpimtrappedinauniversefactory7
Their study specifically excluded email client and web browser vulnerabilities, the principal vectors of Windows viruses, worms and trojans. No wonder they found Windows to be "more secure" than Linux - their study left out most of the Windows security problems.
The firm doing the study are known bozos - they pretty much predicted armageddon on 1/1/2000, and still have much egg on their face from that. They also stretched the truth about their experience and expertise in the computer security field - they were doing something quite different for the first several years of the company's existence, but their press claims security expertise for the whole time.
An AC citing a "study" known to be flawed, designed to gain free press for the flawed company conducting it should not be trusted.
Even if you don't switch to a client that's more secure, switching to one that's *less used* will work equally well. How many viruses are going to target, say, Pegasus Mail, even if it's riddled with overflows? Not a hell of a lot. I can understand interoperability issues with Word, Excel, etc, but this is *email*. All the clients out there work fine together, and it's not as if it takes long to learn an email client. The main concern in such a switch would be moving old stored email, and I would guess that any major Windows-based email client would provide Outlook import.
Email is also a good candidate for a piece of software to be written in eiffel or ocaml or some other safe language (Java might use too much memory, but there are safe languages that aren't as RAM-intensive). An email client does very little that's computationally expensive.
May we never see th
I love Linux and have used it since 1996, but I don't love half-truths. Mods, do what you must:
1. Unless you have a special 'l00s4h' account for running network programs, you can lose anything owned by your normal account. Typically that's all your data (norp, zeraw, 3PMs, financial data, etc). You're saying losing all that stuff is _better_ than losing the core OS, which you can replace over HTTP in 10 minutes?
2. Even with 'l00s4h', if your kernel has priviledge escalation bugs, bad guys can still get r00t. Linux had two of these in the past six months.
3. You've personally audited mutt for overflow issues? How about the 1GB mozilla codebase?
4. You trust Debian? Gentoo? GNU? Even though they don't always cryptographically sign binaries and even though their servers were 0wned a few weeks back?
5. apt-get, emerge, etc don't typically use SSL, so how do you know you aren't being man-in-the-middled when you run it (as root)?
Linux can be made more secure than d0ze--but don't delude yourself, or others.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
This is nothing new. Leigh Stivers of DP Technology, researching in the wake of ILOVEYOU from May 2000, demonstrated in the fall of that same year that anything goes with poor products like Microsoft Outlook.
This revelation, like ILOVEYOU and all that followed, did nothing to move the masses away from their bad habits. AnnaK followed, and after that things only got worse, and still we find people trying to batten down the hatches and still use Outlook and Swiss cheese Microsoft technology.
So how do you avoid threats like these new Bagles? Easy. You stop using Windows because you're supposed to be smarter than that at this point in time - after getting the shit kicked out of you for four years straight.
Second, if you're simply too lame to abandon your beloved Windows, then you at least abandon Outlook and all IE-related email technologies such as Eudora. Any email client relying on Internet Explorer is a sitting duck, and you know it.
I am not telling anyone anything they do not already know; even posing such a question - 'how in heavens will we protect ourselves now?' - is so lame it's beyond description.
The Bagles are hardly the worst threat right now anyway. Phatbot is out there, harvesting machines like they're going out of style, and coming ever closer to the first million mark. This is outright organised crime. The machines are left as backdoored P2P bots and can harvest bank account details, credit card details, passwords all over the place, and the corrupted machines can be used in further spam attacks - where the unwitting, claiming ignorance and helplessness, go ahead and click on things and use Windows and Outlook and then ask 'how can we protect ourselves?'
It's not interesting anymore. There's no point in trying to help those who categorically refuse to help themselves and take the necessary steps to be safe. The only concern, voiced for years now, is that these ignoramuses are ruining the Internet for the rest of us - and that is a very real and very justified concern.
this is why I check my email on other people's computers...
New Outlook Hole Found
http://radsoft.net/news/roundups/luv
May 8, 2000 0:00 AM UTC
This is getting ridiculous. An email appears in Outlook's inbox, and even before the user does anything, a message pops up on the screen. 'Had this been a real virus, you would not be happy', it reads. The relieved user clicks 'OK' and another box pops up.
'Deleting hard drive now... Just kidding!'
It was written by Leigh Stivers of DP Technology, who is trying to draw attention to a hole in Outlook that is far more dangerous than the ones ILOVEYOU found - this hole allows any email to be loaded invisibly with a destructive program that could go as far as deleting an entire hard drive.
Unlike viruses like ILOVEYOU or Melissa, these programs have no attachment and give no indication that they are anything other than ordinary email.
And with Outlook's factory defaults, this program - which might have been set to wipe your entire hard drive clean - can start running without you having to click a thing, before Outlook even tells you mail is there.
'The script can do almost anything', said Stivers. ''We were amazed to see how open everything was in house here, and we take security pretty seriously.'
You shouldn't have been amazed, Mr. Stivers. But thanks for the tip. We shall now visit the C|net link and read the article and within 30 minutes be running a better email client - for this writing on the wall is surely enough for even the lamest Outlook user?
http://news.com.com/2100-1001-240189.html
I guess you missed the study Slashdot itself posted that showed Linux was the most-breached OS. Incidentally, BSD was the least-breached.
I saw the study. It was done the British group Mi2, who is about as useful as IDC or Gartner, with their own vested interest. In almost every situation, the Linux openings were simple PHP's being hit on systems with multi domains rather than the systems being owned. Too be honest, I would love to see a company/group without a vested interest do a real study and report the numbers.
BTW, even though your BSD statement was a simple red herring, I suspect that it has merit.
I prefer the "u" in honour as it seems to be missing these days.
It's called the .NET runtime, and when Longhorn comes out and EVERYTHING including Windows itself is running on .NET libraries, you're going to have some damn secure systems. What will Slashdotters find to bitch about next? There's always something--it's impossible to satisfy people around here. The friggin' sky is always falling.
Color me cynical, but didn't MS tout the absolute security of W2k3? And Win2k before that? Sorry, with their record they're guilty until proven innocent.
It's astonishing that you can do anything useful in it, let alone write a virus in it.
I spent a large part of my last job writing custom Excel applications in VBA. Most of them were for engineers who wanted an easy yet flexible way to input and summarize data. Excel provides an interface they're already familar with, and I provided a few bits of VBA code to make complicated tasks easy. Sure, I could have written a custom application for each task, but that would have been overkill, not to mention a waste of my time and my employer's money.
The virus writers started to piss me off when we switched to Office XP. XP automatically sets your macro security to maximum, and it became a big hassle to tell my users to lower their security. Anymore, they don't trust any macros, even from someone in the same company. (In anticipation of someone mentioning signed macros: setting up my cert on every computer is no easier than setting the macro security to medium.)
...I think he meant strip out Outlook too :).
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
If you refuse to use a mail client besides Outlook Express:
1) Disable the preview pane. View messages by double clicking them. That way you're never forced to view a message you haven't made the decision to view, either by trying to delete it or by it being the top message in your inbox. This also helps to reduce spam, because spams with linked images can be used to verify that you read the email.
2) Only view email you trust. For the rest, view the message source or ignore the message.
3) The above will stop 99% or more of email viruses out there. To further reduce the risk, patching frequently and using a spam filter helps. Virus scanners like AVG also help but you can expect a noticeable slowdown in system response if you use one. I don't. No virus problems ever in 12 years.
Aparently they've never heard of e-mail software other than Outlook. Many e-mail programs do not execute the VBS code or other attachments of a message simply by selecting it from the Inbox.
signature pending slashdot approval
Yeah right. The other day I saw a programmer write a .NET aspx page that provided a command shell, with full permissions on his computer. Very scary, especially since he just used a built-in library and no hacks. .NET is not going to suddenly make people write good code. Windows will continue to have exploitable holes for the foreseeable future.
In the meantime, I'm running clamAV, Amavis, and spamassassin on my mail servers and haven't been happier.
The sad thing is the parent is both a troll and insightful.
The Unix experts have been saying for decades now that using a secure operating system will protect you from viruses.
The anti-virus industry would have you believe Unix was never populare enough to make this possable. WHAT A LOAD OF BS.
Unix was THE operating system for mainframes in the 1970's and 80's.
So they adjust the excuse "Oh well virus writers are only after desktops"... Wrong again.
First what is a virus?
According to The Dirty Dozen it is "The Ultimate Trojan Horse".
What do hackers do with trojens?
According to the book "Outside the Inner Circle" (By Microsoft press) trojens are used by hackers to gain more access to the servers they already have low level access on.
But to use the trojen you need to hack into the system to start with. Wouldn't it be great if you could trick a system admin (or better yet user) to install the trojen for you?
Thats what a virus is. That is what it's for. Every script kiddies wet dream has been for the last 2 decades a Unix virus.
And we don't have a Unix virus yet becouse the virus writers don't have any motivation to write one? Bull.
Outlook is just one example of just how sloppy Microsoft really is when it comes to software design.
Download and install ANY other e-mail client and you won't need to fear e-mail viruses. That's easy enough isn't it? You don't even need to install a new OS just use a better e-mail client.
I don't actually exist.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
Disable the Preview Pane (Pain).
It's a stupid feature anyway, it's unsafe by design, and the last thing on earth I want is my computer opening my e-mails without my input.
This is OLD news. The Preview Pane shouldn't even exist until Microsoft can find some way to totally secure it, which probably won't ever happen as long as harmfull tricks can be planted in e-mail.
I've NEVER used the Preview Pane, and I don't miss it one bit. Maybe more so called "computer experts" should stop carrying stupid misconceptions and actually learn the truth behind the stupid ideas they so firmly hold onto.
"Everything you know is wrong. (And stupid.)"
Moderation Totals: Wrong=2, Stupid=3, Total=5.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
From best solution to workaround:
1. Don't use a Microsoft E-mail client
2. Use a virus-scanner that catches it before it is opened
3. You do not *have* to view an e-mail in order te delete it, if you close the preview pane you can delete it without viewing (even in Outlook Express). This is not exactly what I'd call convenient, though.
Every expression is true, for a given value of 'true'
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Try Knopix or any other of the several live CD distributions.
Stop the excuses, you can try Linux today.
IANAL but write like a drunk one.