Slashdot Mirror
Evaman Worm Attacks Email Servers
An anonymous reader writes "CoolTechZone is reporting that the mail servers of various popular email services such as Hotmail and Yahoo to be bogged down with a new worm, code-named Evaman.
The headings are common to the ones users encounter everyday in their inbox - "Failed Transaction" or "Delivery Failure". This worm has the potential to take control over Windows 95, 98, ME, 2000, XP, NT, and Windows Server 2003."
This is not a Microsoft exploit, just a trojan that targets MS products. What is the world coming to when I can't get my machine rooted without the work of logging into a free email service to check my pr0n mail?
An Education is the Font of All Liberty
If you want the Symantec release re-written by someone who knows what they're talking about, look here.
"Evaman occupies a false email address" doesn't fill me with respect for CoolTechZone's credentials.
The Slashdot Paradox: "100% Overrated"
Rather than reading a journalists munged interpretation of what Symantec said, you can look at Symatec's original statement
Also been seeing lots of those "MS Security Update" mails too. Anyone know if the two are related?
The article says, "The security firm, Symantec, has given this worm a critical warning and states that this worm could be as as dangerous as the MyDoom virus." Funny, Symantec's description isn't nearly so dire: "Threat containment: Easy; Removal: Moderate."
Stupid job ads, weird spam, occasional insight at
Some good additional available here
Microsoft will do anything to get in the news :oP
We should be OK. The virus requires people to open the attachement on the mail in order for it to work. So unless people are stupid enough to open attachements after we've been telling them for years and years and after countless virus plauges not to we should all be fine... .......
Oh God!! We're all DOOOOOMED!!!!!
May the Maths Be with you!
i'm using Windows 3.1, you insensitive clod.
"There is nothing more frightful than ignorance in action." Johann Wolfgang von Goethe
is that the mail(at least the variant that I receieved) has a fake little message about the attatchment being scanned for viruses. Are people that gullible and/or stupid? I would hope people would be smart enough to realize that it's really easy to type a message saying that something has been scanned for viruses.
Ugh, it's not even like you have to be computer savvy to figure these things out. Do people open their houses to random drifters who say they work for the city and need to do some work without at least checking for ID?
Actually, yeah, they do, oy.,,what a world...
This would be the windows catastrophie of the week huh?
Can someone please, please, please write a decent Unix worm so we can get some interesting headlines?
And don't tell me it's just because MS is a bigger target. Linux runs between 35%-40% of the worlds servers (and more than that if your only counting the DMZd webservers). It's the code stupid.
I would rather be ashes than dust!
I run XP extensively because SofTest and TimeMatters isn't available for Linux yet. = ) I have never been directly infected by a worm or virus because I have Windows Update automatically update itself every week, as well as LiveUpdate for Symantec 2004.
The truth is that the OS is only as safe as the user. The people using Linux are that much more advanced than those using Windows, so that is why there aren't that many Linux bugs (as well as the marketshare argument.)
Yes, Linux is more secure by design, but Debian had its server rooted a few months ago, didn't they? And they presumably know what they are doing.
It's kind of like driving a car. You can buy the safest car on the road, but if you are going to change lanes without checking out your blind spot, well, it doesn't matter, does it?
A NYC lawyer blogs. http://www.chuangblog.com/
Well, I don't see myself as a 'Windows Defender' but I've never gotten a virus/worm/trojan on windows, and I _do_ use IE, for many years, on many machines, on many kinds of network.
There is some sort of parallel 'windows world' in which all windows machines are worm-riddled and uptimes are measured in days if not hours and commercial software randomly crashes and free software is not available, and clearly a number of slashdotters live there. But there's also the rest of the world in which windows stuff mostly is available and works.
Disclaimer: The firewall remains the most important part of a network
Whence? Hence. Whither? Thither.
I'm not so sure about that. Been to #linux on any of the big three networks lately?
"The dew has clearly fallen with a particularly sickening thud this morning"
as well as the marketshare argument.
Which falls flat on its face when you compare IIS and Apache
Can anyone tell me why it uses an smtp server?
:p
I mean - modern vira all include a built in smtp server. Makes them much better distributed...
I hate sloppy virus writers!
Okay, fine, users are dumb. How how about we give them a slight break in this case? Failed deliveries are far enough out of most people's 'normal' e-mail experience that i can understand why they'd read the message. No it doesn't excuse opening anything with .scr, but txt.scr, html.scr, outlook.scrtxt.exe might dupe your avg users.
Anyways, here's a better article linked by McAfee and The Article That Started It All from the Sydney Morning Herald. Perusing the summaries off of Google News makes it seem like this will either be "unlikely to have a major impact on Australian businesses." or (now this is really crazy because it's from the same website, but a different article) "clog mail servers, cause severe slowdown and wreak financial damage as it spreads rapidly around the world when businesses return to work today"
I love that everyone can quote the Sydney Morning Herald to report that the sky is falling, or that things will mostly be okay. how do two journalists end up with such completely different viewpoints? They both quote Tim Hartman
and/or /Rant[Fuck Beta]
o0t!
It will affect you. It spreads by email. You recieve email. It's disguised as delivery failure notifications, which are a pain to filter, unless you want to keep the legtimate ones.
I filter my email at the SERVER not at the client, so its trivial to filter since I can write my own rule sets. I am not talking about yahoo/hotmail which I don't use.
Tequila: It's not just for breakfast anymore!
It's kinda sad though that you've been infected by the time you managed to download the security update...
I've got an idea - Microsoft can start letting the magazines ship the patches on cover CDs again... or even better - they should be legally required to ship a CD containing the patches to every registered user.
http://blog.nexusuk.org
I am not saying that Linux is boolit proof, its just not the target. That said, there are some fundamental differences in the two that make it easier to secure a Linux box. Both can be made as insecure as each other, its just easier to make Linux secure because of the way permissions are done. This is true of any Unix like OS.
;)
Also, I block all traffic incoming and outgoing on port 25 on the router, and use webmail for the company, so infected boxes can't spread the love even IF they get infected. Yes, with a Linux router
Tequila: It's not just for breakfast anymore!
I see the real long term solution to the problem of unwanted software execution being a form of public-key cryptography at the hardware level -- effectively, for every processor to have its own unique instruction set, so that only code compiled for that particular processor can be run on it. (Maybe there would need to be a compatibility-mode switch, to install a kernel and a compiler just to get you going; but please let it be something like a jumper on the motherboard which you have to put on -- certainly there should be no way that software could subvert this security feature.) Also, the installation of new software should require a conscious action on the part of the user, and involve a hardware operation -- such as operating a normally-concealed switch. If you bought a new computer, you would have to recompile all your software from source, but that's a small price to pay. Alternatively, you could allow the user to flash the thing with a new key pair; so you could just give your new computer the same instruction set as the old one. Or a corporation with many desktops to administer need only give all their machines the same keys, and then compile application software once to run on any of them.
The average user won't really notice much. They will simply see an extra step taking place after downloading and before installing, as an automatic configure and make are performed. And they will have to validate the install, but I can't see how anybody would think that unusual: if it can affect the way your computer works, you damn well should have to tell it you're sure you want to go ahead.
Since every piece of downloaded software would have to include the source code, it would be much simpler to chase up infections if they occurred. And if every software installation required users to validate it, drive-by downloads -- arguably a form of virus infection -- would become a thing of the past.
It would still be possible to sell closed-source software; but you would either have to insist that users programmed their machine to a key pair you specified {which is great for locking out your competitors, but rather defeats the entire point of personalised instruction sets} or supply you with the public key of their machine so you can compile software for it {a little more secure for the user, but very expensive to implement}.
BTW, why is anti-virus software closed-source? What don't the likes of Symantec want us to know?
Je fume. Tu fumes. Nous fûmes!
I always enable the ICF firewall that comes with WinXP, update, reboot, update, reboot...repeat as necessary and then disable the firewall. Never got infected this way.
Then I realized that I could download all the updates, and then chain them together in one batch file and then pull them off the server which is behind a real firewall (not just a NAT). When I install, I just filter off the new computers (no Internet access for you!) and then install the patches. Works much slicker and you can simply update the central server.
A NYC lawyer blogs. http://www.chuangblog.com/
> windows - security through patches
> linux - security through smugness
Linux is patched quite frequently, actually.
> surely it's just a matter of time before someone writes a devastating linux virus?
Surely. But it's going to take rather more than one to make Linux look as bad as Windows does.
> i'm not bashing linux / mac / or even (*shock*) windows - but the attitude of "it's only windows users - i'm safe" really irriates me - it seems shortsighted to say the least
Statistically speaking, Linux and Mac users are much safer than Windows users.
Sheesh, evil *and* a jerk. -- Jade
It's a touch sad though, because people start quoting news sources like the inquirer who're in turn quoting another article as their source of info.
I guess this And the sky shall turn red, the sea will turn to jam and so on should have raised a red flag or two, but honestly, news articles are so dubios that i've become jaded. I don't bother to do much more than scan for content because i know i'll read another article saying/spinning things in a completely different fasion.
[Fuck Beta]
o0t!
The security advisory then lists a dozen or so popular multi-stage relays, from some major ISPs. This explains why my system was being hit by Verizon servers over a thousand times this weekend, targeting a non-existant address.
And here I thought it was just their normal "ignore the 550 response code, just retry endlessly" configuration! Turns out, it was just their "Relay anything for anyone" configuration!
Uh huh.
It's not kind of like driving a car. Other drivers don't crash into you just because you're driving a Punto. No one releases huge robots on to the highways that are programmed to crush Fords, then make new Ford crushing robots out of the scrap.
Car analogies suck.
Debian Investigation Report
This was an attack by mounted by an actual blackhat...who initally sniffed a password. The operating system is irrelevant if your password is stolen.
So, yeah, that was a human error exploited by an unscrupulous individual but do you leave your house unlocked because only theives would break in anyway? It's best not to tempt people.
And, again, that analogy sucks too.
It's more like innoculization. You're protecting yourself against the most common diseases (0-day Windows exploits). Yeah, it's not much good if someone decides to break your legs with a baseball bat or you have unprotected sex -- and the shot can be painful -- but, on balance, it's better for you.
Or something. What do I care for your 'health' anyway?
"The number of Unix installations has grown to ten, with more expected." (Unix Programmer's Manual, 2nd ed.; june 1972)
Never ceases to amaze me how people will continually open attachments. We warn them at work verbally, we send out memos, we post cheezy posters, we alter default mail client behaviour to make it harder. STILL some users insist on opening executable attachments. I will never understand what compells them to do so. I understand the first time, you don't know, and it is a nasty supprise, no problem. However after the third time a computer support person has chewed you out, you've AGAIN gotten the memo, etc, people still insist on doing it.
The really scary thing is we have a virus scanner running on our mail server to filter this. However it is only updated once a day max, and the company (Sophos, not what we want but it's a government contract) isn't always on the stick with the updates. So people will do this within the first 48 hours of a new worm comming out. I hate to think what it would be like without filtering.
your quote
"Windows isn't a blackhole for viruses as some people like to overemphasize it as. Windows is a blackhole for people who do silly things like run ridiculous software or click on attachments when they shouldn't."
So my response would be, except for the untold millions of people who ARE running a windows blackhole machine that sucks in every virus, worm, trojan, malware and spyware out there. Which is most of them. They are by far the largest users demographically on the internet, and it goes across national boundaries, and inside practically all businesses out there. It's a HUGE problem, it destroys the global economy to the tune of billions a year, it causes no one really knows how many wasted man hours of effort to try and keep it cleaned up. It is not a minimal problem because a relatively few people comparatively speaking are able to keep their machines organized better.
I think it's just time to admit reality. Windows as designed is just not a good choice for use on the internet. It is acceptable for use on closed intranets and as a standalone work machine or game machine that is not connected to the net.
Despite the availability of updates, patches, service packs,third party programs, thousands of news articles, advisories, etc, to attempt to divert or stop all the various insecure functions related to MS products in general,going to all the windows users out there through generation after generation of windows products, it is still broken for the purpose of being on the internet. You CANNOT just dismiss verifiable anecdotal data, nor can you dismiss the fact that human beings run this stuff, which means this stuff gets run with normal human levels of ability and interest.
Running pure windows now has negated the entire concept of "easy to use, fun, profitable, useful for this purpose" that they push and definetly imply (although their legal disclaimer claims otherwise, I call that a pure outright lie) their software as, because any joe random user now has to become a part time security guru, when that just shouldn't be necessary, not in 2004 it shouldn't.
Same as linux was not a suitable OS for joe everybody when it required being an unix command line guru just in order to run it. It was useful for a very small number of people in specific applications back when. that's true, too, it wasn't for joe everybody. Windows is pushed good for joe everybody, true, it's fine..just not on the internet. Time to just face facts and move on with it, it doesn't pay to cling to what in essence, and not meant to flame just to state a fact, the fantasy that MS is a practical choice if your computing requires being on the internet, personal or business, not if all you want to do is be on the internet and not be a semi professional security expert. It's just broken for that purpose, generally speaking. pointing out individual examples of where it isn't does nothing to take away the reality that in millions and millions of cases it is in fact, a blackhole, except with a definition twist, it sucks them in like a blackhole analogy, then multiplies them exponentially, then spits them back out again.
For every incredibly secure windows installation out there, there are huge numbers of totally broken and insecure examples, that's the real bottom line, and this despite years and years of efforts to make that "not so". I would guess it it is at least 100 to 1, insecure to secure, or some such huge lopsided number like that. Might even be 1000 to 1, no one really knows. It's huge though. And every new version iof the OS and browser and email thingee and SP was supposed to "fix that" and it never has really. It's because of how human beings use computers, and most human beings are not, and will not become, full time or significant part time, security gurus. If this reality is not admitted to, the problem will always exist, and just get worse, not better.