Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Email Worm Squirming Through Windows Users' Inboxes

Posted by timothy on from the vermicide-delicious dept.

Trailrunner7 writes "There appears to be an actual email worm in circulation right now, using the tried-and-true infection method of sending emails containing malicious executables to all of the names in a user's email address book. The worm arrives via emails with the subject line 'Here You Have' or something similar, and the messages contain a link to a site that will download a malicious file to the victim's PC. The malware then drops itself into the Windows directory with a file name of CSRSS.EXE, which is identical to a legitimate Windows file. From there, it's 2001 all over again, as the worm attempts to mail itself to all of the contacts in the victim's Outlook address book."

11 of 473 comments (clear)

  1. Re:So that's why the UW mail system went down by causality · · Score: 4, Insightful

    The entire UW mail system died yesterday morning.

    Maybe this is why ...

    It's an instance of the reason why. The actual reason is that the users still haven't learned from the last 9 years of experience. The only bad thing is that their stupidity is not self-contained and can affect the networks and computers of others. I say that because this time, it isn't really a technical flaw in Windows since I don't see any reports of the e-mail attachments being automatically executed. This is more like a social engineering attack. It's one that is not remotely new and has provided numerous examples that the even slightly clueful have already learned from.

    --
    It is a miracle that curiosity survives formal education. - Einstein
  2. Re:So that's why the UW mail system went down by MichaelSmith · · Score: 5, Insightful

    Devils advocate here: is there any reason why a normal non-technical windows user should be able to run an executable in a directory they are able to write to? Maybe the ipod/ipad approach is better for most people.

    --
    http://michaelsmith.id.au
  3. Re:The hell? by drcheap · · Score: 5, Insightful

    Stupid question from a Linux / Mac user:

    Are there really operating systems in use in 2010 that let you write files to a system directory without entering an administrator password?

    Yes, because people will give a computer anything it asks for, especially if it asks in an ambiguous manner.

    What's this? A UAC prompt asking for permission to "perform the action I requested"? Wait, what was I just doing? Oh yeah, reading email. Yes I want to do that. ]click[

    Same thing would happen if you gave them a Linux/OSX box that asked for admin password. Granted M$ made it easier by not requiring one to actually type in any actual password to elevate privileges.

  4. Umm.. nope. by CrAlt · · Score: 4, Insightful

    That would only work if you where logged in as an the admin account..
    Or do you do everything as root?

    Last login: Thu Sep 9 18:35:16 on console
    focker:~ cralt$ cd /
    focker:/ cralt$ touch testfile
    touch: testfile: Permission denied
    focker:/ cralt$ uname -a
    Darwin focker.local 9.8.0 Darwin Kernel Version 9.8.0: Wed Jul 15 16:55:01 PDT 2009; root:xnu-1228.15.4~1/RELEASE_I386 i386

    Thank you come again.

    --
    I have to return some videotapes...
  5. Re:Windows is super! by Anonymous Coward · · Score: 4, Insightful

    Turn in your low slashdot ID immediately.

  6. Re:The hell? by goodmanj · · Score: 4, Insightful

    I know this has been said before, but if your operating system is asking for an admin password often enough that replacing it with a mouseclick significantly improves the user experience, you're solving the wrong problem.

  7. Re:So that's why the UW mail system went down by causality · · Score: 5, Insightful

    Devils advocate here: is there any reason why a normal non-technical windows user should be able to run an executable in a directory they are able to write to? Maybe the ipod/ipad approach is better for most people.

    I have no idea why you were modded "Troll" except that some people have an irrational oversensitivity to any mention of the iPod or iPad. They should get the fuck over it, to be direct about it.

    Back on topic, what you mention is a very good idea. It's also not new to Apple products at all. That's the approach Unix has used for a long, long time now. Installed programs on a Unix system are generally root-owned and sit in directories that are also root-owned. For a normal user, both the executable and the directory in which it is located is read-only.

    The problem with Windows is the vast amount of software that is poorly designed and wants Admin privileges even though it could be designed to carry out its task without them. This has trained the more point-and-drool type of user (the majority who gravitate to this platform) to just click away any dialogs without seriously questioning why a program is requesting extra access. That is, of course, assuming they are running as a non-privileged user in the first place.

    The iPhone (I assume you don't intentionally refer to an mp3 player) approach is more like "you don't need root for anything, let us manage that". The Unix approach is more like "programs don't expect to have root privileges without a very good reason, like your package manager for example". In both cases an e-mail client would be run as a normal user. I'm not so familiar with the inner workings of an iPhone but at least on Unix and Unix-like OSs, the binary executable file would also reside in a root-owned directory not writable to any normal user. Combine that with the generally more clueful user base and it's easy to understand why Unix/Unix-like users just don't have these problems.

    --
    It is a miracle that curiosity survives formal education. - Einstein
  8. Three things by Sycraft-fu · · Score: 4, Insightful

    1) Yes, older ones. Unlike Apple, other companies don't force you to stop using an OS after a couple years. MS supports their OSes for a minimum of 10 years, and XP is scheduled to be supported until 2014. On XP most users run as an administrator, and thus need no privilege escalation to do anything. This is not required, they could run as a normal user, however they don't.

    2) Who says you need system access? Most spyware we encounter these days doesn't bother, it just infects the user directory. No admin needed. Also, some detection tools have trouble noticing it when you log in as an admin and run them, since it is inactive at that point.

    3) We are talking about people who will run executables from e-mail, something they've been told not to do about 1,000,000 times. You REALLY think an admin prompt will stop them? Hell no, they'll just grant permission.

    If you think having to escalate privilege protects an OS, you are deluding yourself. Don't get me wrong, I like the feature and in the hands of a technical user it is a useful defense. However it does shit for the clueless users. You cannot protect someone against themselves and still give them control over their own system.

  9. Re:So that's why the UW mail system went down by Missing.Matter · · Score: 4, Insightful

    A repository wouldn't change anything in this situation. It's incredible, but I guarantee you most people who installed this probably have heard that malware can come in e-mail attachments. My direct family is all aware of this, and how many times have I been called over to fix something because they thought it was "okay?" Another poster here related how his friend downloaded this very worm, despite the fact he thought it was shady.

    So we have a situation where users are happy to install programs not just from an unknown source, but from a very likely unsafe source! Why? Who knows? They need to see that latests celeb sex tape or are waiting for an attachment and didn't pay close attention what they're clicking on.

    So yeah, let's give these users a repo and tell them it's safe and they can only install programs from there. Oh but wait, now they want a piece of software that isn't in the repo, and again we're in a situation where users have to judge for themselves how legitimate a piece of software is; I've already demonstrated how that usually turns out.

  10. It's not by Sycraft-fu · · Score: 4, Insightful

    The problem is that Mac/Linux users loved to bang on about this as a reason their OSes were more secure. "Oh asking for an admin password protects us." Of course it doesn't, you still have to know what you are doing but there you go. So then Windows got it too. Well now this is a problem, you can't claim it as an advantage anymore. What's more, Windows does it right, it is true privilege separation, and it doesn't cache it like a number of Linuxes do (you sudo in the GUI and it stays that way for 10 minutes). So what to do? Oh, well attack it from asking too often, of course! Never mind it only asks for, you know, things that actually require access. It is still too often!

    Some people just have a mindset that their OS is Superior and Windows is Inferior. Thus they'll come up with whatever justifications it takes to convince themselves of that. It isn't about facts, it is about a belief they are trying to justify.

    Also to the people who think admin gets asked for too much: Please remember that anything that doesn't need admin to do, a virus/spyware can do without that admin. So if a program can be installed without admin (and it can actually, just only to that user's account, not system wide) then a virus can be installed without admin. There is no half way, you can't have something that only a legit program can do that a virus needs admin for. Something either does or does not require admin. Period.

  11. Re:Dealing with this mess... by turbidostato · · Score: 4, Insightful

    "We had to deal with this mess today, running around to PCs and flat-out shutting them off."

    Somehow this doesn't happen to appear on the Windows vs Linux TCO studies from Microsoft.