Slashdot Mirror
Nasty New Virus Variants
Lucidus writes "Numerous journals, such as Mac Daily News and The Motley Fool, are reporting that the latest versions of the Beagle/Bagle virus can infect users' computers whether or not they open an attachment. Apparently, the simple act of selecting the message activates the code. Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?"
Don't use Microsoft products... or use them and have an up-to-date modern Anti Virus scanner.
the ISPs need to have some server-side virus scan running. we do through our company's email server, and so far, it seems to work like a champ
Alcohol & calculus don't mix. Never drink & derive.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
Well, this one is gonna start a whole slew of flaming and trolling over the virtues of one platform over another as it is kinda a loaded question with a simple answer:
Switch
So let's start right off with a big razz towards Windows users from both the Linux and Macintosh communities.........
Thhhbibibibibbbpt!!!
Seriously though, when are you guys gonna get the picture? Microsoft if chasing a moving target here and they will always be behind the curve, reacting to the latest virus outbreak until they fix what is fundamentally wrong with the Windows architecture. Hopefully this will happen with Longhorn in 2006......or 2007.........or whenever.
Right-click
err...
One word, hyphenated.
I head straight to the Motley Fool. Likewise, when I want financial info, I'm on Slashdot.
I don't know. Webmail, one of the numerous non-vulnerable email clients for Windows, maybe give up email entirely?
This flies in the face of science.
The viruses have mutated in the wake of developed resistance (slightly more educated users). It's an evolutionary battle being fought...
But as there are way too many deployments of Outlook as it is, and because it is Outlook/IE that is being exploited, the first solution would be to increase diversity in that field. Other mail clients, such as Thunderbird, or Eudora, will thrive while Outlook continues to succumb to these new diseases.
Oh who am I kidding, Outlook will continue to wreak its wrath upon the Net and cause us to all suffer as a result.
Doing the Right Thing should not be preempted by making a buck.
As per the article (Motley, at least) ... the virus is executed by some malicious HTML in the message, which would be activated if the message is viewed in full or preview(pane) modes. Simply clicking on the message in the list (you -did- turn the preview pane off, didn't you?) won't infect the machine. However, this does mean that similar HTML, from a web browser, might also be dangerous. Anyone have info on that idea? (Malicious websites giving you the virus by visiting the site?)
How to fix this? Install mozilla!
Anyway, according to this article here,
"Bagle exploits a flaw in Outlook, revealed in October of 2003, that allows a hacker to upload and execute a file on a user's PC without that user opening the file. Microsoft has issued a patch for the flaw in October, but users who have not updated their systems with this patch are at risk."
If you run an MS machine, and don't know that you have to update regularly, you need your head checked. Besides, updating an MS machine really is easy.
One feature of MS Outlook that is missing from most other email clients is the ability to download just email headers. I use this feature to review sender/subject and I can identify all spam just from that.
Actually, I use my own program to download headers, score them for likely spam, delete the garbage emails(without ever downloading the actual content), then start outlook to get the real ones.
Obviously, if a legit sender transmits a virus, it's a problem, but I guess that's why I pay Symantec.
Unless your IT department cluelessly refuses to turn on IMAP4 "for security reasons."
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
place 2 other junk emails around it, select the top 1, hold shift, select the bottom one.... DELETE.
d. Read your mail on someone else's computer
Sheesh, evil *and* a jerk. -- Jade
Mozilla Thunderbird is a great lightweight email client replacement for Outlook. Your average home user who has an imap or pop account from an ISP really has no good excuse not to uninstall Outlook from their machine and switch. Corporate users on the other hand are a little more screwed, since many of them use Exchange servers that don't have OWA turned on and/or aren't Exchange 2000/2003, which precludes using Evolution's commercial plugin to get calendaring integration and whatnot. However corp users that do meet those server-side requirements can do so. Or if you don't use or need the calendaring part in your organization and the exhcnage server has IMAP, then you can also go Thunderbird there too.
11*43+456^2
... using email software which doesn't render HTML, and instead shows it as plain text without images?
... well the program has a link so you can view it in your default browser, if you really have to.
Yes, I wrote it. I wrote it because 99% of the messages I receive in HTML format are advertising. Most of those use dinky little images with referrer IDs to verify your email address is valid. The 1% I really need to see in HTML
I know it's going back to the dark ages, but maybe NOT running javascript, html, etc is actually GOOD when it comes to emails.
I'm not advertising this thing, it's freeware anyway. I was a moderately happy Outlook Express user for years, but the lack of spam torturing implements drove me to write my own. Yes, I tried Mozilla, Eudora, etc etc. I think Thunderbird looks interesting too, and I recommend it. But personally I can't do without my POP3 preview window with colour tagging for spam, valid mail, blocked senders, ignored, etc. And deleting stuff before download. And bayesian filtering. And anything else I feel like adding, whenever I want to.
Hal Spacejock: Science Fiction with Nuts
I pity you so :'( tsk tsk
Proud user of Pine since 1994. Thank you, Univ. of Washington!
? HELP - Get help using Pine
C COMPOSE MESSAGE - Compose and send a message
I MESSAGE INDEX - View messages in current folder
L FOLDER LIST - Select a folder to view
A ADDRESS BOOK - Update address book
S SETUP - Configure Pine Options
Q QUIT - Leave the Pine program
Copyright 1989-2003. PINE is a trademark of the University of Washington.
? Help P PrevCmd R RelNotes
O OTHER CMDS > [ListFldrs] N NextCmd K KBLock
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
And it costs MORE not to switch. Unfortunately, most companies can't see past their nose as far as technology costs are concerned.
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
It really ensures the user wants to open attachments to emails, and it integrates fine with Norton Antivirus. It even comes with a Bayesian Spam filter (Which really works, once you get a lot of spam emails for it to learn from).
The Bat is a great program, and it's really improved, especially over the past year.
The mime-type bug has been known for a long time. Microsoft has corrected it (twice :-)). I know this because my parents' computer was infected between their first and second attempts to fix the problem.
.exe, and it was executed.
In a nutshell, Microsoft uses the filename extension, not the mime type, to decide how to open a particular file. On the other hand, Outlook uses the mime type to decide whether or not to automatically launch images, sound files, etc. So all you had to do was to send a mail with an embedded image with a filename ending in
It has been more than a year since Microsoft crippled^H^H^H^H^H^H^H^Hfixed IE/OE sufficiently to remove this vulnerability.
I must concur with previous posters that the best approach is to avoid these software products.
"Hard work never killed anyone." -- Some Dead Guy
Also nice are programs that let you delete the email at the server before you download, such as mailwasher, and with free versions.
Of course, there are a number of alternate email clients out there that will also help block this beastie
"It is a greater offense to steal men's labor, than their clothes"
I've said it before, and I'll say it again: people need to start being responsible for THEMSELVES. It's not Outlook's fault that the user didn't patch their system.
I'm sure that if someone wanted to take the time and analyze the source for Thunderbird, they could easily write the same type of worm/virus. However, you won't get the same type of media coverage that the others written for mainstream products will get. And yes, MS does write some exploitable code.
Most users who aid in the spread of these viruses/worms are ignorant. Time after time, news report after news report, they CONTINUE to fail to keep their systems up to date.
What's funny is each and every mainstream worm has been written AFTER the patch has been released.. and it's not like the day/week after, it's 5-6 months after. That's sad.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
Re: My Photo by Cindi
Re: Hi Sweetheart by Melissa
Re: From you Secret Admirer by Linda Lovelace
etc.
Moderate this comment
Negative: Offtopic Flamebait Troll Redundant
Positive: Insightful Interesting Informative Funny
Nothing to see here
The problems come about when you have a bunch of software set up together that works. Then MS goes change something in IE and Acroreader stops working forcing you to go upgrade or reinstall acroreader. Things seem OK for a while, then something else stops working...
This is fire-fighting of an out of control software platform. It is not exactly a great user experience. MS stuff was never really designed to be hooked to the internet.
Engineering is the art of compromise.
It occurs to me that both of the articles in the post are extremely light on facts. Furthermore, one of them has the rather pithy headline "Five new Windows Bagle virus variants break nasty new ground; Macintosh unaffected". Frankly, I don't care enough about the story to go hunting for news from appropriate sources like Symantec or McAffee, but it would be nice to see /. posters and/or editors go the extra mile to get out there and find information that is slightly higher than tabloid-quality.
Normally, I would bite my tongue on something like this, but it seems pretty obvious that in this case, the underlying theme of the article is "ha ha, isn't Microsoft terrible", which is pretty juvenile and meaningless. Here's a company that provided - in October - a working patch to prevent the flaw that is exploited by this virus. I'd say that's pretty reasonable, given the circumstances.
[Cue flames.]
...Whether my Maker is prepared for the great ordeal of meeting me is another matter.
Churchill
might I also add that closing off the bold tag is usually a good thing too :-\
I'm not saying this to single out Windows users. Most non-professional Mac users are the same way. It's just that Windows is used by people who use what everyone else uses because they feel safe in doing so. They may not know how their computers work, but they're more afraid of looking deviant than having technical malfunctions.
The subconscious refrain of Windows users around the globe is, "Well, at least I'm not the only one with this problem."
Those Windows users who actively try to prepare themselves against the almost daily barrage of new worms, viruses, vulnerabilities, and other Windows annoyances still have a difficult time keeping up with it all. Even experienced Windows power users frequently find themselves overpowered by the ongoing war against malicious code.
So the solution to this vulnerability is simple. But when you look at the situation in context, the potential for widespread havoc is a lot greater.
Read the EFF's Fair Use FAQ
AV solutions can and do break. Our's did at my provider. We still haven't got it back online. Our users have had to endure the full brunt of infected email for far too long.
No single AV solution can be up-to-date at all times. For starters we can't update our virus definitions within minutes of a newly discovered virus. It just doesn't happen. AV companies couldn't afford the bandwidth without raising our costs beyond what's considered reasonable. Free solutions such as ClamAV certainly couldn't afford it. Also, not all AV companies discover viruses at the same time. F-Prot might find the latest version of MyDoom before Symantec does. The fact that they found it means it's already in the wild as someone has had to analize it, create a patch for the defs to match this virus, get the patch through Q&A, and get it approved for the next release. There could be numerous hours between the virus getting into the wild, being discovered, being analyzed, and being caught in the latest virus defs.
Finally no defense of any kind should ever be one layer thick. One layer thick means you have no backup plan. No backup plan means you have no contingency for failures. No contingency for failures means your DRP (disaster recovery plan) has either been written fraudulently or you don't have one. In today's business world that means you'd better start updating your resume. A provider's mail system should not be the only line of defense from email-based viruses. Every single end-user desktop should have an up-to-date AV tool scanning all mail ahead or as a companion to the MUA. This is the *only* acceptable means of defense. You have to have end to end protection.
Many AV company's licensing scheme take both mail system users and desktops into account. Read the wording carefully because you may very well be able to use the end-user license to cover that user's part of the mail system....
Well, actually, I do well helping out joe sixpack with exactly this sort of thing. Not everyone is a programmer.
and you might be interested in these articles
Eric Raymond's rants: Part Onet ml
http://www.catb.org/~esr/writings/cups-horror.h
Some follow-ups:e ux.html
http://www.catb.org/~esr/writings/luxury-part-d
And mind you, I really don't like bill gates, either. So your criticism might be slightly off base. have a beer or take a pill, please
"It is a greater offense to steal men's labor, than their clothes"
>c. Stop using Outlook/Outlook Express
I dont know why slashdot posted this particular fact-free article and with the "what are users supposed to do?" tagline.
The patch is six months old, people. This isn't some major zero-day exploit that is tearing the internet apart.
I use firefox/tbird on windows, but still, lets be sensible here. People can use the IE/OE combo without too much fear as long as they keep auto-update running.
Don't use Outlook/OE.
There are tons of other options out there that aren't vulnerable, such as Mozilla and Thunderbird.
Thank you for telling me this!! As a Slashdot reader, I never would have known that Microsoft's products suck and far superior open source equivalents exist!
Everything I ever read on Slashdot has been pro-MS propaganda until your brilliant comment escorted me out of the cave of ignorance to the enlightened world above!
My eternal thanks.
pi = 3.141592653589793helpimtrappedinauniversefactory7
I love Linux and have used it since 1996, but I don't love half-truths. Mods, do what you must:
1. Unless you have a special 'l00s4h' account for running network programs, you can lose anything owned by your normal account. Typically that's all your data (norp, zeraw, 3PMs, financial data, etc). You're saying losing all that stuff is _better_ than losing the core OS, which you can replace over HTTP in 10 minutes?
2. Even with 'l00s4h', if your kernel has priviledge escalation bugs, bad guys can still get r00t. Linux had two of these in the past six months.
3. You've personally audited mutt for overflow issues? How about the 1GB mozilla codebase?
4. You trust Debian? Gentoo? GNU? Even though they don't always cryptographically sign binaries and even though their servers were 0wned a few weeks back?
5. apt-get, emerge, etc don't typically use SSL, so how do you know you aren't being man-in-the-middled when you run it (as root)?
Linux can be made more secure than d0ze--but don't delude yourself, or others.
If a user does not know how to run a windows machine (keeping up to date on patches, running antivirus software, etc) then please explain to me how they'll be able to admin a linux machine.
No idea. An unfortunately MacOS X is also well known for it's extreme complexity and difficulty to use.
Jedidiah.
Craft Beer Programming T-shirts
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
This is nothing new. Leigh Stivers of DP Technology, researching in the wake of ILOVEYOU from May 2000, demonstrated in the fall of that same year that anything goes with poor products like Microsoft Outlook.
This revelation, like ILOVEYOU and all that followed, did nothing to move the masses away from their bad habits. AnnaK followed, and after that things only got worse, and still we find people trying to batten down the hatches and still use Outlook and Swiss cheese Microsoft technology.
So how do you avoid threats like these new Bagles? Easy. You stop using Windows because you're supposed to be smarter than that at this point in time - after getting the shit kicked out of you for four years straight.
Second, if you're simply too lame to abandon your beloved Windows, then you at least abandon Outlook and all IE-related email technologies such as Eudora. Any email client relying on Internet Explorer is a sitting duck, and you know it.
I am not telling anyone anything they do not already know; even posing such a question - 'how in heavens will we protect ourselves now?' - is so lame it's beyond description.
The Bagles are hardly the worst threat right now anyway. Phatbot is out there, harvesting machines like they're going out of style, and coming ever closer to the first million mark. This is outright organised crime. The machines are left as backdoored P2P bots and can harvest bank account details, credit card details, passwords all over the place, and the corrupted machines can be used in further spam attacks - where the unwitting, claiming ignorance and helplessness, go ahead and click on things and use Windows and Outlook and then ask 'how can we protect ourselves?'
It's not interesting anymore. There's no point in trying to help those who categorically refuse to help themselves and take the necessary steps to be safe. The only concern, voiced for years now, is that these ignoramuses are ruining the Internet for the rest of us - and that is a very real and very justified concern.
New Outlook Hole Found
http://radsoft.net/news/roundups/luv
May 8, 2000 0:00 AM UTC
This is getting ridiculous. An email appears in Outlook's inbox, and even before the user does anything, a message pops up on the screen. 'Had this been a real virus, you would not be happy', it reads. The relieved user clicks 'OK' and another box pops up.
'Deleting hard drive now... Just kidding!'
It was written by Leigh Stivers of DP Technology, who is trying to draw attention to a hole in Outlook that is far more dangerous than the ones ILOVEYOU found - this hole allows any email to be loaded invisibly with a destructive program that could go as far as deleting an entire hard drive.
Unlike viruses like ILOVEYOU or Melissa, these programs have no attachment and give no indication that they are anything other than ordinary email.
And with Outlook's factory defaults, this program - which might have been set to wipe your entire hard drive clean - can start running without you having to click a thing, before Outlook even tells you mail is there.
'The script can do almost anything', said Stivers. ''We were amazed to see how open everything was in house here, and we take security pretty seriously.'
You shouldn't have been amazed, Mr. Stivers. But thanks for the tip. We shall now visit the C|net link and read the article and within 30 minutes be running a better email client - for this writing on the wall is surely enough for even the lamest Outlook user?
http://news.com.com/2100-1001-240189.html
I guess you missed the study Slashdot itself posted that showed Linux was the most-breached OS. Incidentally, BSD was the least-breached.
I saw the study. It was done the British group Mi2, who is about as useful as IDC or Gartner, with their own vested interest. In almost every situation, the Linux openings were simple PHP's being hit on systems with multi domains rather than the systems being owned. Too be honest, I would love to see a company/group without a vested interest do a real study and report the numbers.
BTW, even though your BSD statement was a simple red herring, I suspect that it has merit.
I prefer the "u" in honour as it seems to be missing these days.
It's called the .NET runtime, and when Longhorn comes out and EVERYTHING including Windows itself is running on .NET libraries, you're going to have some damn secure systems. What will Slashdotters find to bitch about next? There's always something--it's impossible to satisfy people around here. The friggin' sky is always falling.
Color me cynical, but didn't MS tout the absolute security of W2k3? And Win2k before that? Sorry, with their record they're guilty until proven innocent.
...I think he meant strip out Outlook too :).
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
From best solution to workaround:
1. Don't use a Microsoft E-mail client
2. Use a virus-scanner that catches it before it is opened
3. You do not *have* to view an e-mail in order te delete it, if you close the preview pane you can delete it without viewing (even in Outlook Express). This is not exactly what I'd call convenient, though.
Every expression is true, for a given value of 'true'