Slashdot Mirror

← Back to Stories (view on slashdot.org)

Britney is #1 Virus Celebrity

Posted by CmdrTaco on from the a-dubious-honor dept.

No France writes "The two ways for an email virus to spread is to use an exploit, or entice the user to click the link/executable. Of course the latter is the easiest, and is the most effective when used in conjunction with a celebrity's name. Despite the recent Jackson suicide emails, Britney Spears is the one to recently edge out Bill Gates as the top virus celebrity. The top 10 (in descending order): Britney Spears, Bill Gates, Jennifer Lopez, Shakira, Osama Bin Laden, Michael Jackson, Bill Clinton, Anna Kournikova, Paris Hilton, and Pamela Anderson."

41 of 275 comments (clear)

  1. CowboyNeal! by Anonymous Coward · · Score: 2, Funny

    'nuff said.

  2. A little ironic... by ChrisF79 · · Score: 5, Funny

    Isn't it ironic that to trick a user into clicking a fake email, they use the fakest of all celebrities?

    --
    Finance tutorials and more! Understandfinance
    1. Re:A little ironic... by sakri · · Score: 2, Funny

      irony? that's just what's missing from these virus authors today... if it was me, I'd use far cooler names like jessica simps0WN j00 n00b!!! ;)

    2. Re:A little ironic... by /ASCII · · Score: 4, Funny

      Britney is not fake, she is really smart person. Check out her guide to semiconductor physics, if you doubt her abilities. I actually read some of her work while studying for my semiconductor finals.

      --
      Try out fish, the friendly interactive shell.
    3. Re:A little ironic... by roman_mir · · Score: 3, Funny

      You are probably wrong. I don't listen, but I am sure she is not a fake celebrity. She is a real celebrity, people like to talk about her and know more about her and such.

      She is a fake musician/singer, that is probably true.

      --
      You can't handle the truth.
    4. Re:A little ironic... by kurzweilfreak · · Score: 2, Funny

      And are you thinking about me when you fuuuuuuck her.... Oh wait...

      --

      kurzweil_freak

      5th Kyu Genbukan Ninpo/KJJR student

      Be the darkness that allows the light to shine.

    5. Re:A little ironic... by Frank+T.+Lofaro+Jr. · · Score: 2, Funny

      #define spoon for (int i=0; i1000; i++) { fork(); }

      --
      Just because it CAN be done, doesn't mean it should!
  3. Link, please? by cuzality · · Score: 5, Funny


    Please post a link where we can read these emails.

  4. sad by calvincopter · · Score: 2, Insightful

    I don't understand how anyone can get e-mail viruses easily. i never get any e-mail viruses, but when I do, it's either too obvious and I delete them. how do you guys get e-mail viruses then?

    1. Re:sad by daikokatana · · Score: 2, Insightful
      Easy. Because people out there actually *want* to be fooled.

      I bet you 100$ that I can go out on a sunny day, offer people a deal where they have to pay for air (or something similar), and they fork over the dough after a while of creative talking.

      As long as people think that there must be at least a few mails that deliver what they promise, they'll keep on clickin'.

      --
      http://jcsnippets.atspace.com/ - a collection of Java & C# snippets
    2. Re:sad by Filip22012005 · · Score: 4, Funny

      i never get any e-mail viruses, but when I do [...]

      erm...

      --
      When the policeman of the tie, rule you violate, hello punishment of the kitty?
    3. Re:sad by RCanine · · Score: 2, Insightful

      You've obviously not worked with non-computer-types before. I use the word computer-types because computer-savvy does not accurately describe the phenomenon, an Individual who:

      • may be (but often is not) very good with computers
      • may (but often does not) use a computer every day
      • may (but often does not) invest a lot of money into their own personal computer.

      Yet

      • Does not read warning dialogues, merely clicks "Ok" through each
      • Cannot user or locate preferences, configuration or options
      • Forgets about the second mouse button
      • Refuses to learn anything other than the click-this-to-do-that
      • Expects it to work, all of the time, no matter what
      • Likes fun things like Bonzi buddies and weatherBugs
      • Will not remember a new task that has more than 3 steps until they have done it four or five times with instruction.

      These sort of people are the majority of computer users, and they operate on the Anton (not Pavel) Chekov theory of computer use: if there is a file attachment over the mantle in act one, it must be opened by act three.

      These people are the reason why I only recommend Macs--because their system offers a lot more built-in protection between the keyboard and chair, and their software is (for the most part) easy enough to teach gradually and without a jarring, frustrating or confusing experience.

  5. No big surprise by moz25 · · Score: 5, Funny

    Well, if I have to choose between "see Britney Spears naked" and "see Bill Gates" naked, I'll pick the first worm any day!

    --
    see a Text Widget
  6. More intelligent software or users? by Crimson+Dragon · · Score: 3, Insightful

    These kinds of stories, while making the majority among us cringe at the stupidity of the user that falls for this, underlies an important point.

    THIS IS WHAT YOUR IT DEPARTMENT HAS TO DEAL WITH!

    Millions of man hours and hundreds of millions of dollars go down the tubes to user ignorance. As these costs spiral, the IT sector diminishes. At some point, we will have to stop the patchwork of protecting the users from themselves and engage in the proactive education from these people so they don't hurt themselves and cost their companies, ISPs, and our economy in lost man hours and dollars. How to do this merits exploration, as for every new procedure we establish to protect the user, the user seems to find a way to break it somehow.

    --
    The Crimson Dragon
    1. Re:More intelligent software or users? by jalefkowit · · Score: 5, Insightful
      These kinds of stories, while making the majority among us cringe at the stupidity of the user that falls for this, underlies an important point.

      THIS IS WHAT YOUR IT DEPARTMENT HAS TO DEAL WITH!

      ... at some point, we will have to stop the patchwork of protecting the users from themselves and engage in the proactive education from these people so they don't hurt themselves and cost their companies, ISPs, and our economy in lost man hours and dollars.

      You're talking about educating human nature out of people. Good luck with that.

      The lesson of stories like this one are not that we need to somehow engineer smarter users -- it's that modern information systems are not designed around users to begin with. They're designed around lists of features and ship-by dates.

      A system should behave in a way that one would expect it to. Certain operations -- deleting things, say -- are obviously risky, and I've never met any user who didn't get that. But who would expect opening an e-mail to be a risky proposition? The fact that it undeniably is (in some environments) doesn't mean that people are stupid for not knowing which e-mails to leave closed, it means that e-mail is broken for many millions of users. The fact that e-mail as a medium can be exploited like that is a weakness of the medium, not the user.

      You can lament human nature all you want, but it is what it is. A well-designed system should be able to deal with that. Having to train users to do alien things should be taken as a sign that your system may not be so well-designed, not as a sign that we need to get cracking on Human Being 2.0.

      --

      Read my blog.

    2. Re:More intelligent software or users? by Capt+James+McCarthy · · Score: 2, Interesting

      Yeah, but I had some users who would purposely click on everything just to cause their work system to get a virus. Since it was not their home system, they didn't care and thought it was funny. What needs to be done is to have some sort of consequence for their action if it can be proven that they were not being ignorant, but just stupid. They thought it was humerous until I told them I had to take their system off line for hours until I could get to it and they can go explain why they can't get any work done to management.

      --
      There are no loopholes. It's either legal or it's not.
    3. Re:More intelligent software or users? by Crimson+Dragon · · Score: 2, Interesting

      Your points are well taken, but I do take issue with a few of them, and feel it important to respond as follows.

      "You're talking about educating human nature out of people."
      - If this was the implication derived, I spoke too strongly. I am not implying an absolute solution here, but I am implying we spend far more effort making bullet-proof software then slowing the sale of as many of the armor-piercing bullets as possible.

      "The lesson of stories like this one are not that we need to somehow engineer smarter users -- it's that modern information systems are not designed around users to begin with."
      - Antivirus software, malware removers, spam-reducing solutions.... these are not designed around users? These systems were designed explicitly to deal with the consequences users encountered. They were not designed in a vaccuum: that is to say, it wasn't reduced to "what are the specs?". It was a bunch of companies capitalizing on the suffering USER base.

      "But who would expect opening an e-mail to be a risky proposition?"
      - A person who has any idea that a computer is a general purpose machine. That is the point of its design. It can do MANY THINGS. Why should anyone be surprised when it does something new or malicious? IT IS COMPLETELY MALLEABLE! A user that does not know this was never given a proper foundation for operating the machine in the first place. The computer does not equal the toaster oven.

      "Having to train users to do alien things should be taken as a sign that your system may not be so well-designed, not as a sign that we need to get cracking on Human Being 2.0."
      - Considering how at least a third of the world's adult population can't read in DEVELOPED nations, to say software that some users don't immediately understand and make the stretch to say the software sucks is quite a stretch to make. Why can't we assail all sides of these issues? Why must the responsibility be placed solely on the software developer, and the user be indemnified of all wrong-doing? You can't plan for every possible contigency as to why the problems of the IT world happen, but ruling out one possible angle that you can't disprove and blaming a group of people who, by and large, strive to produce workable solutions is an insult to the good work many among us have done.

      --
      The Crimson Dragon
    4. Re:More intelligent software or users? by IWantMoreSpamPlease · · Score: 2, Interesting

      There is a simple solution when dealing with this.

      Don't try to educate the users, for that is futile and will fail.

      Instead, all the users to educate themselves, by presenting them with the bill for the costs of thier stupidity.

      They will learn very quickly...

      --
      So rise up, all ye lost ones, as one, we'll claw the clouds.
    5. Re:More intelligent software or users? by jalefkowit · · Score: 4, Insightful

      Good points... a few thoughts:

      Antivirus software, malware removers, spam-reducing solutions.... these are not designed around users?

      Nope. No, they're not. They're palliatives to problems that we have inflicted upon users, not systems designed with users in mind. How many users understand what "malware" is -- even those that run Spybot? Is a malware remover something that a user would choose to run, if they weren't forced to by imminent threat from exploitation of broken systems by malicious parties?

      (None of which is to belittle the heroic work that people have done on products like Spybot to help patch these holes. It's hugely important. But can we depend forever on heroes?)

      A person who has any idea that a computer is a general purpose machine... Why should anyone be surprised when it does something new or malicious?

      See, this is the problem. The average user does not see their computer as a general purpose Turing device -- they see it through the prism of whatever application they happen to be using at that moment. If they're reading e-mail, the computer is an e-mail terminal. If they're browsing the Web, it's a Web terminal. If they're in Word, it's a word processor.

      You and I know that the computer is a general purpose machine, infinitely reprogrammable, but the average person does not think that way. They approach the computer through a series of metaphors ("desktop", "mail", "pages"), and the vast majority expect it to follow those metaphors as closely as possible. When it doesn't -- when the abstractions start leaking -- it creates opportunites for malicious parties to exploit the user's resulting confusion.

      Which is exactly what has happened with e-mail -- in certain cases it can behave in a very un-mail-like way. This behavior is being exploited to confuse users into doing the wrong thing. You can try to educate people into not doing the wrong thing, but as long as the underlying metaphor is "mail" it will be very hard to make significant progress.

      Why must the responsibility be placed solely on the software developer... ruling out one possible angle that you can't disprove and blaming a group of people who, by and large, strive to produce workable solutions is an insult to the good work many among us have done.

      Don't look at it as placing blame (my apologies, I didn't mean to come across as blaming you for the problem) -- look at it as opportunity. Apple's recent success in taming UNIX, and Firefox's success in taming Mozilla, should be a lesson to developers everywhere that you can really make it big by reducing complexity, locking down unnecessary options, and streamlining the user experience.

      --

      Read my blog.

    6. Re:More intelligent software or users? by arkhan_jg · · Score: 2, Insightful

      Which is exactly what has happened with e-mail -- in certain cases it can behave in a very un-mail-like way. This behavior is being exploited to confuse users into doing the wrong thing. You can try to educate people into not doing the wrong thing, but as long as the underlying metaphor is "mail" it will be very hard to make significant progress.

      Actually, I'd argue that email works in a very mail like way, even when it's being used against the recipient.

      Say someone sends you a letter. You open it, read the pretty coloured card inside, and toss it in the bin. Thing is, you are now infected (through your skin and breathing ultra fine dust) with the infectious agent that was impregnated on the card. You now spread that virus to your family and friends by close contact (spreading on a lan).

      Possible, but not likely, right?

      Now imagine where 10%-20% of your letters are like this, and 60% more of them are the worst kind of fraudulent advertising and hardcore porn adverts. (numbers pulled from my server logs)
      Imagine that people can send you these virus infected letters anonymously, with virtually no chance of them being caught, and even if they are, there's virtually no law's against what they're doing. Oh, and make it so sending all this crap to you is free for the sender, and is paid for by the recipient.

      Think our human friendly postal mail system would survive like that? Or would it start to collapse from fear of hidden viruses, and dead postman from carrying the huge sacks of junkmail to each door every day.

      In the end of the day, it's not the over-trusting user, it's not the post system that allows anonymity, it's not the lack of enforcable laws from the government, it's not the low cost of sending that causes the problems - it's all of them combined.

      Altering the user metaphor for the way they interact with their computers won't make the problem go away; we need a multipronged approach, and user education to not do bloody stupid things is part of that.

      To draw a metaphor; sharp knives are dangerous objects. If an adult stabbed themselves in the eye with one, because someone left a post-it note on it telling them to do so, could we legimately blame the user for being a bloody idiot? (well, as well as the post-it note leaver).

      --
      Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
  7. Impression of random internet user by dannyitc · · Score: 2, Funny

    Hot_britney_sex_video.exe for free?? And all I have to do is click yes? Awesome!

  8. Biggest, most effective spam celebrity of them all by ScentCone · · Score: 4, Insightful

    Is, of course, ourselves. My experience with phishing and other social-hacks-by-email suggest that the ones that seem to really trip people up are the ones that recipients think are about themselves. I have seen the enemy and he is us.

    --
    Don't disappoint your bird dog. Go to the range.
  9. Virus Drills by bigtallmofo · · Score: 5, Interesting

    I've said this many times before, but my idea is to stage virus drills. Every week or so, the IT department should send fake viruses to a random population of the corporate environment. It will have an attachment that will only report to the IT department who opened it. Once a user opens the fake virus attachment, they must watch a 2-hour video on their own time on the subject of "safe email habits".

    Pretty soon, they'll be too paranoid to open any attachment.

    --
    I'm a big tall mofo.
    1. Re:Virus Drills by Linker3000 · · Score: 2, Insightful

      Pretty soon they won't check their email at all and the organisation grinds to a halt!

      --
      AT&ROFLMAO
    2. Re:Virus Drills by xMilkmanDanx · · Score: 5, Funny

      Nope, pretty soon they don't check their email at all and productivity skyrockets!

      --
      I am not in anyway affiliated with Max Cannon
  10. not so innocent . exe by Speare · · Score: 2, Informative
    Reminds me of a page I wrote a few years ago, for newcomers to Linux. I included an explanation of "file type determined by contents" versus "file type determined by extension."

    http://halley.cc/ed/linux/newcomer/filename.html includes a simple graphic to accompany the text.

    --
    [ .sig file not found ]
  11. Re:Oh great by wed128 · · Score: 2, Funny

    Simple People.

  12. Re:Toxic by Simon+for+$1 · · Score: 3, Informative

    http://www.google.com/jobs/britney.html

    You come in at number 2. Well done.

  13. Re:Oh great by daikokatana · · Score: 2, Funny
    Nude shots of Britney? Why does the following Simpson quote enter my mind: "Ze goggles - they do nothing!!!"

    Why this obsession with Britney (or other celebs) - if she was just someone you knew and you saw here naked you'd look away.

    --
    http://jcsnippets.atspace.com/ - a collection of Java & C# snippets
  14. The irony there is that the song wasn't ironic by ianscot · · Score: 2, Funny
    Okay, but that song drove me nuts. When it rains on your wedding day, that's not ironic, it's just disappointing. (If you'd set up a gazebo to prevent the effects of rain, but then the system of drinking fountains in it had a problem that wound up sprinkling all your guests despite it being a clear sunny day, that would be ironic.) A free ride when you've already paid is, similarly, not really "ironic." Argh.

    As far as what it is with Brittney, repeat after me: "Lowest Common Denominator." "White Trash Schadenfreude." There's some fascination with the squalid quality there -- poverty of spirit despite all the money and fame. She's like a punctured silicone implant lying on the hood of a rusty pimped Civic. And I do mean "pimped."

    --
    "Fundamentalism" isn't about divine morality. It's about human authority.
  15. Isn't this obvious? by J+Barnes · · Score: 4, Funny

    There's some sense of satisfaction I get in knowing that every time a person ogles, clicks, downloads or otherwise interfaces with that pizza-faced mess known as Brittany Spears, there's a good chance their computer will catch the clap.

    --
    :::: the insomniac's digest
  16. No Surpirise Here by rudy_wayne · · Score: 2, Insightful

    "entice the user to click the link/executable. Of course the latter is the easiest, and is the most effective when used in conjunction with a celebrity's name. "

    Proving once again that the number one security problem is not Windows, or flaws in Windows -- it is user stupidity.

  17. Say what? by catdevnull · · Score: 2, Funny

    Osama bin Laden is a celebrity? ...I guess he is on Al Jazeera

    --

    I might know what I'm talkin' about, but then again, this is Slashdot...
  18. I find it rather disturbing... by EphemeralPhart · · Score: 3, Funny

    in that I recognize every one of those individuals. I can even put a face to most of them !

    What gamut of innate garbage must my brain contain beyond that...

    I'm disgusted by the cesspool that is my mind and, for once, very conscious of the torrents of crap being sluised into it every moment.

    And here I am reading slashdot.

  19. At the CIA by jdepons · · Score: 3, Funny

    Agent: "Cheif, we interceped another email from Osama Bin Laden"

    Chief: "We got him this time. Open it asap"

    Agent: "I don't understand, all it did was change my home page to xxxarabia.com"

    Chief: "Damn you Bin Laden!"

  20. Now and then they're actually sneaky. by Vacindak · · Score: 2, Interesting

    Sneakiest one I ever saw tried to infect my computer by searching through the currently infected computer's sent messages in outlook express looking for ones with attachments. It took the subject line of the original, changed it to "Re: [original subject line]", and set the body of the message to be something along the lines of:

    I hope you didn't open that last attachment I sent you. Turns out it was actually infected with a virus. I've attached a cleanup tool that ought to remove the virus for you. I'm really sorry about that!

    Fortunately for me, the last attachment he had sent was a jpeg. So I let him know he was infected with a rather clever virus...

    But I rather imagine that that virus didn't spread well for all its cleverness. Relying on the contents of someone's sent folder has got to drastically reduce the number of people for the virus to spread to.

  21. Creative, but wrong. by RealProgrammer · · Score: 2, Insightful

    I applaud your creativity, but that's bad training.

    • Some users may never see the virus-laden email, since the junk email controls you have implemented (haven't you?) will catch your message.
    • Users will bypass it. Word will quickly spread about the test, probably by an email "hoax warning" from that tech wannabe in the office. Users will have a heightened resistance to your mail, or on the other extreme may open it since they know it's from you.
    • It sets up the IT department as the villain, perpetuating the "us vs. them" mentality.
    • It doesn't give the users enough A:B comparisons between good attachments and bad ones.

    Generally speaking, positive reinforcement (reward for good behavior) works better than punishment for bad behavior. Punishing bad behavior may get results, but it also reduces overall performance for both the individual and the group, by engendering fear of failure.

    Negative reinforcement (rewarding good behavior by removing punishment) can work well in the right circumstances. The punishment should have been already earned and deserved, and both the good and bad behavior should be related somehow to the punishment.

    Users are demanding the ability to use their email as a file copying and storage mechanism. We as sysadmins can point out that we have a much more efficient means of doing that - this file server over here - but they don't seem to like that. You can lead a horse to water but you can't make him think.

    If you really want to do some training:

    1. Make a fake virus that when run gives the user immediate feedback, lying to them that it's doing damage.
    2. Make another attachment that just says "bad choice, I could have been a virus".
    3. Make other messages that are harmless text or pdf attachments
    4. Set up a formal testing session in which the users are given a bunch of regular spam, good mail, and a mix of your attachments. Tell them not to open bad attachments but to try to open the good ones.
    5. After the formal training session, do a real world test in which they are rewarded for the good attachments they open. This time for the bad choices, only include the "I could have been a virus" ones.

    Done in a spirit of cooperation, rather than confrontation, you should see an immediate sharp reduction in the number of viruses that people open.

    --
    sigs, as if you care.
  22. Re:Lemme Guess by Golias · · Score: 2, Insightful

    The limit of two terms for a US President goes all the way back to George Washington. A lot of our founding ideas were a reaction to what we perceived as the fundamental unfairness of the monarchy, so we took steps to rigidly limit the power of our executive. An 8-year maximum term was one of those steps.

    FDR broke it by serving part of a thrid term before his death, and there were a lot of people who wanted to get a third term out of Reagan... but traditionally, it's not an option.

    Even if we've got a "really great president" (which seems increasingly unlikely these days, given the candidates put up by both major parties over the last 20 years), it's two terms and out, and, generally speaking, we like it that way.

    --

    Information wants to be anthropomorphized.

  23. Re:Lemme Guess by SatanicPuppy · · Score: 2, Informative

    It WAS a tradition, but with the 22nd Amendment it became immutable law. Two terms is the limit.

    Amendment XXII

    Section 1. No person shall be elected to the office of the President more than twice, and no person who has held the office of President, or acted as President, for more than two years of a term to which some other person was elected President shall be elected to the office of the President more than once. But this article shall not apply to any person holding the office of President when this article was proposed by the Congress, and shall not prevent any person who may be holding the office of President, or acting as President, during the term within which this article becomes operative from holding the office of President or acting as President during the remainder of such term.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  24. Re:You almost have to love virus writers... by m50d · · Score: 3, Interesting

    Yes, they did. Back in "the day" viruses were often written in hand-coded assembly. That was craftsmanship, that was /misty eyes. Seriously, visual basic is used mainly for two reasons. Firstly, most virus writers are fairly immature (except those trying to get botnets for money) and visual basic is often the first language they learn. Secondly, visual basic scripts include their source, thus if you want to base your virus on an existing one, it's a lot easier to do with a visual basic one than decompiling a virus and trying to make sense of it. Any other dynamic language would work for this, but windows ships with visual basic interpreter wheras it doesn't include one for perl, python etc. (and dos scripting is too useless)

    --
    I am trolling
  25. Britney? No worries! by cburman · · Score: 2, Funny

    Britney? Whew! That's a Windows virus! Now, if it had been Natalie Portman (petrified and naked) I would have been worried.