Massive Spam Shot of "Storm Trojan"

jcatcw writes "Postini has already counted nearly 5 million copies of the spam in the last 24 hours, and calculated that the run currently accounts for 87% of all malware being spread through email. 'Expect this to grow much larger,' a Postini spokesman said; 'It should top out at 60 million messages within the next 24 hours.' It's the largest attack in the last 12 months, and more than three times the volume of the two biggest in recent memory: a pair of blasts in December and January. The spam carries a ZIP file attachment posing as a patch with subjects such as Worm Alert!, Worm Detected, Spyware Detected!, or Virus Activity Detected."

Re:Simple problem

Windows is perfectly secure when it is properly set up and administered.

It has been repeatedly shown that any local (non-admin) exploit on a Windows machine can be turned into an admin exploit. There are just too many ways. About the only time when a Windows machine is safe is the 5 minutes following the patch-tuesday (what a concept).

Now you combine that with, say, the CSS .ANI exploit where people get local code execution when someone running a "perfectly secure" Windows goes to a web page using IE... You read correctly: by viewing a web page using IE people were infected and "rooted". When was that discovered yet? Oh, right... Two weeks ago.

So if your "properly set up and administered" Windows machine means, say, "not running IE and not running Office", you might as well see the light and decide to dump MS altogether and go buy (or simply install) a Unix system (OS X, Linux, Solaris, whatever...).

Windows is not, by any stretch of imagination, a system designed with security in mind. It is an insecure piece of patched monstrous code with countless vulnerabilities lying around waiting to be exploited. Even Fortune 500 companies are trojaned and botted. If these guys don't have clueful Windows admin, then nobody does. Vista tries to adress some of these flaws and we'll see how it turns out... But apparently it is already looking quite bad.

MS is not the answer, no matter how many MS astroturfers spam the various online forums. MS is the question... And the answer is "no".

You, cdrguru, have huge blinders on. Note that I'm not saying either that a properly administered Linux system is "perfectly secure". To me it's way more secure than a "properly administered" Windows system but this doesn't say very much.

Saying that a system is "perfectly secure" is just plain dumb. Plain, plain, dumb. Have no worries, nothing will happen on the next tuesday... Oh, wait, there maybe a patch coming. But a patch for what? A "perfectly secure" system does not need any patch (if it does, it is, by definition, not "perfectly secure"). The fact that you got a +insightful is really, really, part of the problem...