Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Email Worm Squirming Through Windows Users' Inboxes

Posted by timothy on from the vermicide-delicious dept.

Trailrunner7 writes "There appears to be an actual email worm in circulation right now, using the tried-and-true infection method of sending emails containing malicious executables to all of the names in a user's email address book. The worm arrives via emails with the subject line 'Here You Have' or something similar, and the messages contain a link to a site that will download a malicious file to the victim's PC. The malware then drops itself into the Windows directory with a file name of CSRSS.EXE, which is identical to a legitimate Windows file. From there, it's 2001 all over again, as the worm attempts to mail itself to all of the contacts in the victim's Outlook address book."

82 of 473 comments (clear)

  1. Apples by sexconker · · Score: 4, Funny

    I thought worms were found in apples.

    1. Re:Apples by _Sprocket_ · · Score: 5, Funny

      No, they tend to stick to windows.

    2. Re:Apples by gmuslera · · Score: 2, Funny

      That were with the old style apples... what newer ones have are iWorms

    3. Re:Apples by Erikderzweite · · Score: 4, Funny

      That is why Steve Jobs takes a bite of every Apple he sells — to make sure there are no worms inside.

    4. Re:Apples by w0mprat · · Score: 2, Funny

      Steve Jobs has worms? Would explain his reccent illness and weightloss.

      --
      After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
    5. Re:Apples by drewhk · · Score: 2, Funny

      They turn into -- Butterflies!!

  2. So that's why the UW mail system went down by WillAffleckUW · · Score: 2, Informative

    The entire UW mail system died yesterday morning.

    Maybe this is why ...

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:So that's why the UW mail system went down by causality · · Score: 4, Insightful

      The entire UW mail system died yesterday morning.

      Maybe this is why ...

      It's an instance of the reason why. The actual reason is that the users still haven't learned from the last 9 years of experience. The only bad thing is that their stupidity is not self-contained and can affect the networks and computers of others. I say that because this time, it isn't really a technical flaw in Windows since I don't see any reports of the e-mail attachments being automatically executed. This is more like a social engineering attack. It's one that is not remotely new and has provided numerous examples that the even slightly clueful have already learned from.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    2. Re:So that's why the UW mail system went down by MichaelSmith · · Score: 5, Insightful

      Devils advocate here: is there any reason why a normal non-technical windows user should be able to run an executable in a directory they are able to write to? Maybe the ipod/ipad approach is better for most people.

      --
      http://michaelsmith.id.au
    3. Re:So that's why the UW mail system went down by causality · · Score: 5, Insightful

      Devils advocate here: is there any reason why a normal non-technical windows user should be able to run an executable in a directory they are able to write to? Maybe the ipod/ipad approach is better for most people.

      I have no idea why you were modded "Troll" except that some people have an irrational oversensitivity to any mention of the iPod or iPad. They should get the fuck over it, to be direct about it.

      Back on topic, what you mention is a very good idea. It's also not new to Apple products at all. That's the approach Unix has used for a long, long time now. Installed programs on a Unix system are generally root-owned and sit in directories that are also root-owned. For a normal user, both the executable and the directory in which it is located is read-only.

      The problem with Windows is the vast amount of software that is poorly designed and wants Admin privileges even though it could be designed to carry out its task without them. This has trained the more point-and-drool type of user (the majority who gravitate to this platform) to just click away any dialogs without seriously questioning why a program is requesting extra access. That is, of course, assuming they are running as a non-privileged user in the first place.

      The iPhone (I assume you don't intentionally refer to an mp3 player) approach is more like "you don't need root for anything, let us manage that". The Unix approach is more like "programs don't expect to have root privileges without a very good reason, like your package manager for example". In both cases an e-mail client would be run as a normal user. I'm not so familiar with the inner workings of an iPhone but at least on Unix and Unix-like OSs, the binary executable file would also reside in a root-owned directory not writable to any normal user. Combine that with the generally more clueful user base and it's easy to understand why Unix/Unix-like users just don't have these problems.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    4. Re:So that's why the UW mail system went down by 93+Escort+Wagon · · Score: 3, Informative

      You'd think by now UW would have written their own mail client or something.....

      Problem is - those both suck (yes I'm at UW).

      Of course like many universities, UW now offers hosted Gmail - a much better web option than pine or alpine IMHO. I reailze there are security implications using hosted Gmail, but when the other main option is UW servers accessed via Outlook then it's a bit harder to argue about Gmail's security.

      Unfortunately, my department's default mail client is still Outlook. That decision was made by someone who's never used anything BUT Outlook, and so doesn't realize just how behind it is... several of us have argued for Thunderbird (which UW does officially support) but PHB always gives a rambling, incoherent statement against and it doesn't happen.

      --
      #DeleteChrome
    5. Re:So that's why the UW mail system went down by Annorax · · Score: 5, Interesting

      No, it's more of the fact that "a sucker is born every minute" or more along the lines of every millisecond.

      The college freshmen of today never experienced the "2001 all over again", so they are ripe for the pickings of email bombs that look "old hat" to old farts like us.

    6. Re:So that's why the UW mail system went down by causality · · Score: 3, Insightful

      Devils advocate here: is there any reason why a normal non-technical windows user should be able to run an executable in a directory they are able to write to?

      Normal, non-technical windows users often own their own machines; consequently, yes, they should be able to run an executable in a directory they are able to right to.

      It's not so much about whether you should be allowed to do with your own property what you wish. Of course you should. It's more like the security model of capabilities. If there is no good reason to allow something to happen then it is better security not to allow it.

      This breaks down in Windows because Windows does not have a centralized package manager that handles both the installation and the uninstallation of all new software. The proprietary nature of most Windows software would preclude such a thing. A Linux user can have the full use of their system without ever having to directly download a binary executable and then run that executable just to install or use a piece of software. Instead, they have package managers and repositories which have all but eliminated the issues of third-party malware.

      By contrast, on Windows it is far more common to directly download an "Installer.exe" file and then run that installer in the directory into which it was downloaded and with the elevated privileges needed to install software. That introduces problems when such executables come from untrustworthy sources. Introducing undetected malware into a Linux repository is much more difficult and thus has occurred far less frequently than the much easier task of conducting a social engineering attack against a user of an e-mail client.

      The way things are done on Windows makes it far more prone to these attacks. The fact that the average Windows user is much less knowledgable than the average *nix user compounds the problem. That's why you have attacks that are about nine years old that are still successful, which is really quite pathetic.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    7. Re:So that's why the UW mail system went down by DragonWriter · · Score: 3, Insightful

      It's not so much about whether you should be allowed to do with your own property what you wish. Of course you should. It's more like the security model of capabilities. If there is no good reason to allow something to happen then it is better security not to allow it.

      I am aware of the basis of your questions; what I am saying is that fact that normal, non-technical Windows users often don't have someone else to administer their machines means that they have to be able to run executables from directories that they can write to.

      Now, distinct security roles for the same user can mitigate some of this is risk, and it might make sense to not allow a normal Windows user to run code that they have "casual" write access to (e.g., without escalating to an administrative role temporarily), but the problem with that without is finding a way to make the security model simple and comprehensible enough that users don't simply get into the habit of escalating to an administrative role to do things without understanding what they are doing.

      This is not a particular easy problem, because for a general purpose computer, you have to have a fairly fine grained security model to allow software to do what the user wants it to but not other things, and non-technical users aren't going to want to learn the details of a fine-grained security model.

      Instead, they have package managers and repositories which have all but eliminated the issues of third-party malware.

      I don't think that's really all that true; if Linux becomes popular enough with casual users that the kind of malware that is directed at them becomes worth targeting at the platform, third party repositories will be setup and emailed invitations distributed to add them and download screen savers and other seemingly-innocuous software from them. Which will, of course, be malware that the users are being tricked into installing with elevated privileges. (Of course, you can install packages on Linux straight from files -- even files in email -- since, e.g., Ubuntu, IIRC, runs the graphical package manager by default if you click on a .deb; while many Linux systems have security models that are somewhat better than Windows, I don't think they are all that much more secure against social engineering directed at non-technical users with administrative rights on their own boxes.)

    8. Re:So that's why the UW mail system went down by Missing.Matter · · Score: 4, Insightful

      A repository wouldn't change anything in this situation. It's incredible, but I guarantee you most people who installed this probably have heard that malware can come in e-mail attachments. My direct family is all aware of this, and how many times have I been called over to fix something because they thought it was "okay?" Another poster here related how his friend downloaded this very worm, despite the fact he thought it was shady.

      So we have a situation where users are happy to install programs not just from an unknown source, but from a very likely unsafe source! Why? Who knows? They need to see that latests celeb sex tape or are waiting for an attachment and didn't pay close attention what they're clicking on.

      So yeah, let's give these users a repo and tell them it's safe and they can only install programs from there. Oh but wait, now they want a piece of software that isn't in the repo, and again we're in a situation where users have to judge for themselves how legitimate a piece of software is; I've already demonstrated how that usually turns out.

    9. Re:So that's why the UW mail system went down by causality · · Score: 2, Insightful

      So yeah, let's give these users a repo and tell them it's safe and they can only install programs from there. Oh but wait, now they want a piece of software that isn't in the repo, and again we're in a situation where users have to judge for themselves how legitimate a piece of software is; I've already demonstrated how that usually turns out.

      Ah but that's a direct refusal to utilize the software repos as a trusted source. Just because a user refuses to get their software from a trusted source does not constitute a flaw in the trusted source. To give a car analogy, sure you can drive your car without a seatbelt, but it won't surprise anyone if you are seriously injured in an accident that you could have walked away from. That doesn't mean that seatbelts don't work or aren't a good idea.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    10. Re:So that's why the UW mail system went down by causality · · Score: 2, Insightful

      Devils advocate here: is there any reason why a normal non-technical windows user should be able to run an executable in a directory they are able to write to? Maybe the ipod/ipad approach is better for most people.

      Back on topic, what you mention is a very good idea. It's also not new to Apple products at all. That's the approach Unix has used for a long, long time now. Installed programs on a Unix system are generally root-owned and sit in directories that are also root-owned. For a normal user, both the executable and the directory in which it is located is read-only.

      It's certainly possible for a Linux user to download an executable to his/her home directory and run it. That was GP's point.

      Sure. For that matter, it's possible for you to deliberately chew on broken glass. So what? The point is, Linux users have little or no need to get their software that way. So they overwhelmingly tend not to do so. I don't know how to make this any simpler. There are none so blind as those who refuse to see and you very well may be one of those.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    11. Re:So that's why the UW mail system went down by dbIII · · Score: 2, Funny

      The college freshmen of today never experienced the "2001 all over again"

      That's right all you college freshmen going ape at parties, don't touch that big black monolith or bad stuff will happen.

    12. Re:So that's why the UW mail system went down by turbidostato · · Score: 2, Insightful

      "it isn't really a technical flaw in Windows since I don't see any reports of the e-mail attachments being automatically executed. This is more like a social engineering attack."

      In a single word: PEBKAC

    13. Re:So that's why the UW mail system went down by causality · · Score: 3, Insightful

      This breaks down in Windows because Windows does not have a centralized package manager that handles both the installation and the uninstallation of all new software. The proprietary nature of most Windows software would preclude such a thing.

      No, it does not. The only real barrier to something like that on Windows is the usual cries of "monopoly", which tend to be louder on Slashdot than anywhere else.

      If Microsoft released Windows with a default configuration that could only install applications they approved of, Slashdot would be in a state of apoplectic outrage, even if it was trivially simple (say, a checkbox in a control panel) to turn that feature off (that is to say, defeat the purpose of having it at all).

      I think you fail to appreicate the proprietary nature of most Windows software. Even the freeware is closed-sourced and copyrighted in such a way that you are not authorized to redistribute it. That means you cannot legally operate a repository containing a library of Windows software from a single source, because you'd have to get written permission from the authors of each individual piece of software allowing you to redistribute their software from your single source. It'd be an absolute nightmare and one mistake would make you end up on the wrong end of a lawsuit.

      That is, of course, not beginning to address the issues surrounding the redistribution of commercial for-pay software. Redistributing that without the express blessing of the creator is usually called "piracy" and may be severely punished by the civil courts.

      The only way around this would be for Microsoft to create a walled-garden type of environment sort of like Apple's App Store. Then they could dictate what licenses and/or terms of copyright are and are not acceptable. But you better believe that this would raise monopoly issues when that single vendor controls over 90% of the marketshare. Want your software to reach 90% of all desktop users? Then you play by their rules, or else. At that point the software license is no longer between the vendor and the user who is their customer; Microsoft is now the referee whether or not this is against the will of the vendor or user.

      You may characterize concerns about monopoly power as categorically illegitimate and overblown in all possible cases. I do not. It is not desirable for anyone to give Microsoft that kind of power over that many users. Centralized package managers just aren't compatible with monopolies and proprietary licenses for a wide variety of good reasons that aren't just going to go away.

      A centralized package manager for Windows is such a great idea that it would have been implemented by now except that there are some damned good reasons why such a thing is destined to fail miserably.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    14. Re:So that's why the UW mail system went down by DinDaddy · · Score: 2, Insightful

      FYI, the iPod Touch models do just about everything the iPhone does, except take pictures and make phone calls.

      You're a week out of date. The new touch has front and rear cameras similar to the new iphone.

      On topic, 150+ of these landed in my email box today. If my company had any sense of fairness, they would harvest the names of everyone infected's email account, and force them to sit through a 4 hour learning module. We already take a yearly 1/2 hour session where they very explicitly explain not to click on links in things like this.

    15. Re:So that's why the UW mail system went down by spun · · Score: 2, Funny

      I've heard this worm only infects users who are prone to both sexually harassing coworkers and stealing from the company. I'm notifying HR.

      --
      - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
    16. Re:So that's why the UW mail system went down by Missing.Matter · · Score: 2, Insightful

      That's the difference between official repos endorsed and maintained by your distribution and unofficial third-party repos. It certainly doesn't make it impossible, nor is this the intent of the design, but it does ensure that a user who selects third-party repos is doing so at their own risk and has to take the intiative to make them available. That's still a damn sight better than the way things work on Windows.

      Except the official repos don't contain every piece of software out there. I recently tried out the new beta of Ubuntu, and the very first piece of software I wanted to install wasn't in the repo (Opera).

      So say I set a user up with Ubuntu, and tell him to only install software from the package manager. Well, he doesn't care about 99% of the packages in there anyway; he wants software_X which isn't part of the repo, so he searches on how to find it. He stumbles upon some instructions, enters his password happily when prompted, and is saddled with the same worm we're talking about today.

      How has the package manager played any part in saving this user from himself? A package manager is only a form of security if it is the ONLY way to load software onto the machine, and as Apple is finding out it starts getting awful hard approving what software gets admitted

      There's a significant difference there. Not the least of which is that a user has to go out of their way (often editing config files) to enable a third-party repo.

      So the system is more secure because it's a pain in the ass to install new software outside of the distribution's repo, malicious or otherwise. Of course as I've stated above, it really isn't all that hard to install third party software outside of the distro's repo.

    17. Re:So that's why the UW mail system went down by dbcad7 · · Score: 2, Interesting

      Ok.. I have received an email with an executable file.. please list the steps necessary for me to run it.. I'll wait... ok.. Oh really ? it's that simple ?.. I can't imagine why these tricks don't work on Linux users.. sheesh, I'm scared now.

      --
      waiting for ad.doubleclick.net
    18. Re:So that's why the UW mail system went down by Dr_Barnowl · · Score: 3, Informative

      Yes, it is. But you have to, download it, save it, set the executable bit, and then run it.

      The core problems in Windows that enable this ;

      • The shell decides which file types are executables based on the file name extension
      • The shell, by default, is configured to hide the file name extension from the user
      • The shell trusts executable files to be able to choose their own icon
      • There is no executable bit in the filesystem

      This means files like MyHappyDocumentAndNotAnEvilWorm_pdf.scr can pass themselves off as a PDF file by having a PDF icon, but will be executed as soon as a user double clicks them (because they have the obscure but "executable" extension for screen savers, which are just normal executables).

      On Unix...

      • The shell makes it's own mind up about what a file is, it doesn't trust the extension
      • The shell presents a single icon for binary executables, and a single icon for scripts
      • The user has to explicitly set the executable bit on anything they download

      All of which means that they are not so easy to take in with this particular variant of user-exploit.

    19. Re:So that's why the UW mail system went down by tendays · · Score: 2, Informative

      That's the approach Unix has used for a long, long time now. Installed programs on a Unix system are generally root-owned and sit in directories that are also root-owned. For a normal user, both the executable and the directory in which it is located is read-only.

      System-wide programs are stored in directories not writable by normal users, but that doesn't prevent a user from downloading a trojan into his own directory and running it, which is what the parent was talking about.

      Unix systems do offer the option to mount /home (and other mount points like /tmp where the user has write access) with -o noexec which would close that issue, but I've never seen a linux distribution that would do that by default, because users expect to be able to run programs they've downloaded without having to jump through hoops.

  3. Appropriate Prince song plays in the background by TheRealMindChild · · Score: 4, Funny

    "Tonight We're Gonna Party Like It's 1999"

    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  4. Got mimedefang? by Shoeler · · Score: 3, Interesting

    People still allow .exe files through filters? Helllloooooo mimedefang...

    1. Re:Got mimedefang? by Technoodle · · Score: 2, Interesting

      I had a client that got a link to a .scr file. They thought it was suspicious but clicked it and ran it anyway. When will Users ever learn?

    2. Re:Got mimedefang? by gmuslera · · Score: 4, Informative

      The actual file don't go in the mail, just the link to download it. mimedefang or antivirus at the mail server don't have anything to do with it.

    3. Re:Got mimedefang? by __aaqvdr516 · · Score: 4, Interesting

      I was called to a co-workers office today. He told me that he received an email from someone in our company. He didn't remember the name of someone he had spoken with yesterday and assumed it was the person that he had talked to. He clicked the link and then witnessed the awesomeness that is this exact worm. I got to see the email. It had all the usual signs of being junk/scam/phishing/younameit. I then further continued to giggle as the company posted a warning on our main site page having already shutdown the mail server. By the time he had caught the worm in action it had operated for about 30 seconds and managed to get around 800 messages (and counting) in his outbox before he killed the process.

  5. The hell? by goodmanj · · Score: 3, Insightful

    Stupid question from a Linux / Mac user:

    Are there really operating systems in use in 2010 that let you write files to a system directory without entering an administrator password?

    1. Re:The hell? by drcheap · · Score: 5, Insightful

      Stupid question from a Linux / Mac user:

      Are there really operating systems in use in 2010 that let you write files to a system directory without entering an administrator password?

      Yes, because people will give a computer anything it asks for, especially if it asks in an ambiguous manner.

      What's this? A UAC prompt asking for permission to "perform the action I requested"? Wait, what was I just doing? Oh yeah, reading email. Yes I want to do that. ]click[

      Same thing would happen if you gave them a Linux/OSX box that asked for admin password. Granted M$ made it easier by not requiring one to actually type in any actual password to elevate privileges.

    2. Re:The hell? by Abcd1234 · · Score: 2, Interesting

      Okay, now try replacing, say /bin/sh, and tell me how that works out.

    3. Re:The hell? by archmcd · · Score: 2, Interesting

      Well, in the case of Windows XP and common corporate practices, it's not unusual for an individual that would require administrative rights to log in with an account in the Administrators group on a regular basis, whether administrative tasks will be performed or not. I've worked for companies where 1 in 3 users have administrative rights on their workstation due to a "business need" which may have been a one-time task, but the escalated privileges remain indefinitely. 1 in 3 is an awful lot of people in a company with over 100,000 employees.

      --
      I'm not an expert, but I play one on slashdot.
    4. Re:The hell? by goodmanj · · Score: 4, Insightful

      I know this has been said before, but if your operating system is asking for an admin password often enough that replacing it with a mouseclick significantly improves the user experience, you're solving the wrong problem.

    5. Re:The hell? by tepples · · Score: 2, Informative

      Are there really people crazy enough to use operating systems released in 2001 in 2010?

      Are there really people crazy enough to play video games released in 1980s in 2010? If a 2001 OS is the only thing that will run your application properly, you run the 2001 OS.

    6. Re:The hell? by Skuld-Chan · · Score: 3, Informative

      You can't write files to \windows\system under vista/windows 7 without elevation to administrator. Under XP/2000 as a regular user - ditto.

      That said - there's probably an alarming amount of people who would enter credentials upon getting the elevation prompt on Mac/Windows/Linux after clicking on an attachment or link in their email client.

    7. Re:The hell? by Missing.Matter · · Score: 2, Insightful

      The default UAC behavior in Windows 7 is to notify when installing programs and when programs try to change protected Windows settings on their own. The ONLY time I see a UAC prompt is when I install software. How is this unreasonable?

    8. Re:The hell? by Sir_Lewk · · Score: 2, Insightful

      If you want to use a decade old operating system to play your little games or whatever, then by all means go for it.

      But don't check your goddamn email with it! Use a separate install with a secure operating system for that. Doing anything else is damned near criminal negligence.

      --
      "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
  6. What do you mean 2001? by Superdarion · · Score: 5, Informative

    What do you mean it's 2001 all over again? I never stopped receiving those. Every once in a while I receive a mail "from a friend", from the friend's address or not, telling me stuff like "Hey, here are the pictures of that party!" or "Have you seen this? I can't believe there are pictures of it!". They all contain links to weird-looking pages which, of course, I never open.

    Sometimes I even receive those mails with URLs that actually contain my email address, like www.thisisnovirus.com/picturesfromlastnight/superdarion.

    From what I can tell, they usually come from my friend's MSN/hotmail's address books.

    1. Re:What do you mean 2001? by afabbro · · Score: 4, Informative

      Along similar lines, people still use Outlook? What if you need to log in from somebody else's box? I'm not a big fan of "web apps for everything", but email is one of those things where a web app makes much more sense than a desktop app.

      Not to defend Outlook, but MS Exchange does come with Outlook Web Access. It provides a web-based interface that provides a web 2.0 interface to Outlook. Probably 90% of what you want to do in Outlook (read/writeyour mail, setup meetings, contacts, etc.) can be done in OWA. It even degrades nicely for older browsers. It's actually quite a sophisticated webapp...though of course, you're still using Outlook.

      --
      Advice: on VPS providers
    2. Re:What do you mean 2001? by scdeimos · · Score: 2, Insightful

      [on OWA] It even degrades nicely for older browsers.

      I wish it downgraded nicely for newer browsers, too.

    3. Re:What do you mean 2001? by LordLimecat · · Score: 2, Funny

      It even degrades nicely in older browsers...

      ...And in any browser that doesnt state "internet explorer" in its useragent.

    4. Re:What do you mean 2001? by dbIII · · Score: 2, Funny

      It even degrades nicely

      That's a new feature for MS Exchange. It used to degrade quite nastily in previous versions.

  7. U R teh winnar! by drcheap · · Score: 2, Insightful

    Sigh. We need licenses to operate computers, that way we can revoke them when people click on the shiny red buttons.

    --
    Click to read more great comments: ILoveSlashdot.exe

    1. Re:U R teh winnar! by Pentium100 · · Score: 3, Insightful

      Because there is no way for a virus to spread on a Linux machine.

      Even assuming that Linux does not have security bugs and the user runs as user and not root, the virus can still:
      1. Access all of the users files.
      2. delete them (rm -rf /home/username )
      3. Send itself to every email address it could find in the users files.

      For a single user machine, rm -rf / and rm -rf /home/username is about the same in the damage.

      Yes, most of Linux users now are the ones that know what they are doing and would be able to stay clean even using Windows. If, say, everyone goes to Linux, the "oh, look, my friend sent me a screensaver " users and virus creators will go too and Linux will have the same problem as Windows do now.

      For now, the number of Linux users, not to mention the number of stupid Linux users is too low for the virus writers to care (why spend time to create a virus that works for 5% of people, 90% of whom know how to protect themselves, when he can create a virus that works for 90% of people a lot of whom will run it).

      I use both Linux and Windows, my opinion is that both operating systems have their own advantages and disadvantages, but both are good at what they do, especially Linux for servers or work computers that need a browser and OpenOffice.

    2. Re:U R teh winnar! by _Sprocket_ · · Score: 4, Funny

      Now Timmy... can you tell me which of the shiny... candy-like... red buttons has an electric current on it's surface? Ooooh. Sorry. It WAS a trick question. They all do. We're going to need another Timmy.

  8. Hit NASA today by Anonymous Coward · · Score: 2, Interesting

    It started working its way through NASA and contractor mail servers today. Lots of folks send mail to distribution lists and so those were getting lots of backwash from people replying to them, saying they didn't think the message was for them...

  9. People still fall for this? by kheldan · · Score: 2, Funny
    For that matter, people are still using Outlook?

    They're still using Outlook for email

    laughingwomen.jpg

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
  10. Windows is super! by CrAlt · · Score: 2, Informative

    My MS Exchange email box at work filled up with these right before the server died..

    Subject: Here you are
    --------------
    Hello:

    This is The Document I told you about,you can find it Here.http://www.sharedocuments.com/library/PDF_Document21.025542010.pdf

    Please check it and reply as soon as possible.

    Cheers,

    Domain Name: SHAREDOCUMENTS.COM

    Registrant:
            Worldwide Media, Inc
            Domain Administrator (info@mostwanteddomains.com)
            Po Box 129
            Highlands
            North Carolina,28741
            US
            Tel. +001.8132675600
            Fax. +001.9543370351

    Creation Date: 09-Oct-2003
    Expiration Date: 09-Oct-2011

    Domain servers in listed order:
            ns17.this-domain-is-4-sale.com
            ns17.mostwanteddomains.com

    -----------------

    --
    I have to return some videotapes...
    1. Re:Windows is super! by Anonymous Coward · · Score: 3, Informative

      The actual underlying link is from http://members.multimania.co.uk/yahoophoto/... sharedocuments.com is a decoy

    2. Re:Windows is super! by Anonymous Coward · · Score: 4, Insightful

      Turn in your low slashdot ID immediately.

    3. Re:Windows is super! by Marauder2 · · Score: 4, Interesting

      Before the collective wrath of Slashdot falls upon an innocent* cyber squatter, bear in mind that the URL listed in the text of the email wasn't actually the URL that the href linked to (text claimed to point to one spot, actual href tag pointed some place completely different). It didn't link to a PDF either but an executable with the .scr (Windows Screensaver) extension.

      *Presumed innocent in the context of this malware, not in the grander scheme of effing up the domain registry system for the rest of us...

  11. Adobe PDF zero day saved me by Maxo-Texas · · Score: 2, Interesting

    I was suspicious of any PDF today.

    Might not have clicked on it but I might have. You normally think of PDF's as safe.

    --
    She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
    1. Re:Adobe PDF zero day saved me by archmcd · · Score: 2, Informative

      I haven't thought of PDF's as safe in a couple years now.
      http://www.computerworld.com/s/article/9176117/PDF_exploits_explode_continue_climb_in_2010

      --
      I'm not an expert, but I play one on slashdot.
    2. Re:Adobe PDF zero day saved me by bloodhawk · · Score: 3, Informative

      You normally think of PDF's as safe.

      What planet are you from? have you not seen or heard of the literally dozens of exploits and vulnerabilities constantly flowing from Adobe's readers and file format? they make microsoft look like fort knox.

  12. It's already hit NASA by ToSeek · · Score: 4, Interesting

    Got sent to a maillist that covers just about everyone who works at a NASA center east of the Mississippi. Once you add up the virus-generated emails, the emails warning everyone it's a worm, and the emails complaining "for God's sake don't reply to everybody" (which replied to everybody), there were several score messages sent to thousands of users.

  13. i JUST got this virus! by nimbius · · Score: 4, Funny

    thank goodness I saw this article...i was seconds away from clicking on the attachment in Pine.

    --
    Good people go to bed earlier.
  14. Umm.. nope. by CrAlt · · Score: 4, Insightful

    That would only work if you where logged in as an the admin account..
    Or do you do everything as root?

    Last login: Thu Sep 9 18:35:16 on console
    focker:~ cralt$ cd /
    focker:/ cralt$ touch testfile
    touch: testfile: Permission denied
    focker:/ cralt$ uname -a
    Darwin focker.local 9.8.0 Darwin Kernel Version 9.8.0: Wed Jul 15 16:55:01 PDT 2009; root:xnu-1228.15.4~1/RELEASE_I386 i386

    Thank you come again.

    --
    I have to return some videotapes...
    1. Re:Umm.. nope. by BenoitRen · · Score: 2, Informative

      The grandparent was talking about Macs, smartass.

    2. Re:Umm.. nope. by treeves · · Score: 2, Insightful

      he did say,

      In the original account set up on your Mac ...

      I think that can be translated as, "While logged in as Administrator..."

      --
      ...the future crusty old bastards are already drinking the Kool-Aid.
  15. Lulz @work today by mrsam · · Score: 5, Interesting

    Initially, got a few batch of these at $work$ today -- one of the remaining 800lb Wall Street gorillas. The mails originated from some senders @NYSE, and were sent to some internal mailing lists.

    It didn't take long before a bunch of our own drooling baboons clicked the link, causing more mails to go out to the internal lists. That went on for a few hours. Then came the inevitable "why are you sending this", "i must've gotten this by mistake", "take me off the list" replies from more internal senders, resent to the same internal lists. Then came the inevitable "this is a virus, do not reply to all" replies to all.

    I told my management that what they have in their inbox, basically, is a list of people to get the axe when the next round of layoffs comes around. Can't create a more accurate list of people who are truly the bottom of the barrel, and do not belong in an organization that's supposedly charged with with billions of investors' and depositors' money.

    P.S. -- I also thought that this was the exploit for the 0-day PDF flaw too, given the .pdf extension. But if this was just an ordinary executable, that you actually had to click through an extra time to execute, then there's even less excuse for anyone with a brain to get infected with this.

    1. Re:Lulz @work today by KevinIsOwn · · Score: 2, Interesting

      Looks like somebody is embarrassed that they clicked the link to the virus. No, those weren't pictures from the party. Sorry.

      But seriously, how is that a non-relevant criteria? Especially if you had somebody who has done it multiple times, that is a major risk to the company's network. Especially for a company with people's financial information, you can't have people downloading such ridiculous things.

  16. Three things by Sycraft-fu · · Score: 4, Insightful

    1) Yes, older ones. Unlike Apple, other companies don't force you to stop using an OS after a couple years. MS supports their OSes for a minimum of 10 years, and XP is scheduled to be supported until 2014. On XP most users run as an administrator, and thus need no privilege escalation to do anything. This is not required, they could run as a normal user, however they don't.

    2) Who says you need system access? Most spyware we encounter these days doesn't bother, it just infects the user directory. No admin needed. Also, some detection tools have trouble noticing it when you log in as an admin and run them, since it is inactive at that point.

    3) We are talking about people who will run executables from e-mail, something they've been told not to do about 1,000,000 times. You REALLY think an admin prompt will stop them? Hell no, they'll just grant permission.

    If you think having to escalate privilege protects an OS, you are deluding yourself. Don't get me wrong, I like the feature and in the hands of a technical user it is a useful defense. However it does shit for the clueless users. You cannot protect someone against themselves and still give them control over their own system.

    1. Re:Three things by joeyblades · · Score: 2, Informative

      Unlike Apple, other companies don't force you to stop using an OS after a couple years.

      Huh? Ummm... I have a G3 Gossamer, purchased in 1997, running OS 9 since 1999, that is still going strong... still running Mac OS 9. Apparently I escaped under Apple's merciless radar because they have not forced me to stop using it. It's still a rock solid machine and I sometimes still use it to run some old PowerPC software and (get this) I can still run some 68000 software in emulation mode.

      And for the record, I know you were really trying to make a statement about OS support, but I couldn't let you get away with rewriting history:

      • Windows 95 was supported for less than 3 years.
      • Windows NT was only supported for 4 years.
      • Windows 2000 was only supported for 5 years.
      • Windows XP has only been supported for this long because Microsoft screwed the pooch. If Vista would have come out sooner and if Vista wouldn't have been such a bomb and if Microsoft could make their new OSes support the tons of enterprise software that currently depends on XP, XP would be long dead.
    2. Re:Three things by Eskarel · · Score: 2, Insightful

      Bullshit.

      Linux is a multi-user system, it's specifically designed to allow you to run pretty much any kind of software as a user that you might possible want.

      True you can't write to the system directories, but you can sure as hell write to anywhere in the users home directory and cause anything you like to auto run when that user logs in. The only thing you can't do is open a port below 1024, but you don't need to use any of those ports unless you want to use default ports.

      Want a zombie SMTP server, file server, web server, all fine and dandy, you just use non default ports, hell 8080 doesn't even require root access to start. You want to access someone's files, exploit their web browser, all fine.

    3. Re:Three things by Eskarel · · Score: 2, Insightful

      For the purposes of most home PC's THE USERS FILES ARE THE ONLY ONES THAT MATTER Very few home pc's have multiple isolated users.

      Desktop windows is not a truly multi-user system, but it isn't supposed to be because that's not how it's used.

    4. Re:Three things by turbidostato · · Score: 2, Insightful

      "Really? So in Linux/Unix, I can download a file and it autoruns and runs amok?"

      Of course yes. Do you think is there any magic forbidding a browser from downloading an openoffice document and gladly open it or, say, a firefox extension from downloading a shell script mime-typed as text/x-script and executing it?

      "I open a folder containing a bad shortcut and my computer gets owned?"

      Owned? maybe not. But if you use a KDE desktop environment please put into ~/.kde/Autostart a script (or a symlink to a script) with something like `rm -rf ~` or `nc -l -p 23456` and see what happens (other desktop environments have different directories to same effect). Oh, and if you don't want to put the script, how do you think your filesystem browser is able to produce thumbs for common applications (hint: have a look at those directories with `ls -la`).

      "In Linux/Unix the user's files might be affected not the system files"

      And what the heck do you think your standard home user thinks is of more value? /bin/ls or his foreignly studing son's e-mails?

      "Windows was never designed with security from the beginning."

      Quite true. And what the heck has that to do with the fact that Linux is wide open to both PEBCAK and "marketing pushed for the good of joe sixpack usability" application design malpractices?

  17. Not a worm... by TrancePhreak · · Score: 3, Informative

    This is a merely a trojan. A real worm would infect other machines without intervention.
    http://en.wikipedia.org/wiki/Computer_worm

    --

    -]Phreak Out[-
  18. "Download"? by LambdaWolf · · Score: 2, Insightful

    ...the messages contain a link to a site that will download a malicious file to the victim's PC.

    Shouldn't it be that the site uploads a file to the PC, while the PC (or the worm itself) downloads it? I know the distinction is lost on the vast majority of users these days—which is a shame, since the concepts of "sending" and "receiving" are important enough to distinguish—but c'mon, this is Slashdot.

    --
    "This algorithm runs in constant time. Come on, 2,147,483,648 is a constant..."
  19. It's not by Sycraft-fu · · Score: 4, Insightful

    The problem is that Mac/Linux users loved to bang on about this as a reason their OSes were more secure. "Oh asking for an admin password protects us." Of course it doesn't, you still have to know what you are doing but there you go. So then Windows got it too. Well now this is a problem, you can't claim it as an advantage anymore. What's more, Windows does it right, it is true privilege separation, and it doesn't cache it like a number of Linuxes do (you sudo in the GUI and it stays that way for 10 minutes). So what to do? Oh, well attack it from asking too often, of course! Never mind it only asks for, you know, things that actually require access. It is still too often!

    Some people just have a mindset that their OS is Superior and Windows is Inferior. Thus they'll come up with whatever justifications it takes to convince themselves of that. It isn't about facts, it is about a belief they are trying to justify.

    Also to the people who think admin gets asked for too much: Please remember that anything that doesn't need admin to do, a virus/spyware can do without that admin. So if a program can be installed without admin (and it can actually, just only to that user's account, not system wide) then a virus can be installed without admin. There is no half way, you can't have something that only a legit program can do that a virus needs admin for. Something either does or does not require admin. Period.

    1. Re:It's not by MrSenile · · Score: 2, Informative

      It seems? So you're basing these comments off of something, rather than blowing hot air? I would love to see some examples of these mysterious and unexpected UAC prompts. SInce you've never used Windows 7, I'm sure this will be a hard request.

      I find a lot of games and some applications (mostly window tool applications like spybot search & destroy) always brings up the UAC. It'd be nice to be able to tag it saying 'yes, I know this application will bring up this prompt, now ignore this one application' without having to raise or lower the security operating system wide, but that's my personal beef with Win 7.

      What's the difference? So they have to click instead of entering "123" and you've slowed them down a 10th of a second. And seriously, this is the Linux user's solution to a user problem? Modify the behavior by making the UI a pain in the ass and pissing the user off? No wonder no one uses your OS.

      And I'm assuming you've used this OS to compare what he's saying or are you taking someone else's word for something without first hand experience? You know, like you've accused the other guy of doing? Just curious.

      I'm sorry, root can do absolutely ANYTHING to a Linux machine. If a user is convinced (through way of enticing screensaver) to give a malicious piece of code root access, what exactly is stopping it from destroying the system? Also for most users destroying home is equivalent to destroying the system.

      You've obviously not used Linux. LIDS, ACL's, SELinux, and many other tools, including, but not limited to chroot jails, allows you to lock down a system, even from root, from specific areas. While I'm sure Windows has similiar 'tools', especially in a networked environment where you can set up security policies, the fact that you said Linux can be configured to allow 'root to do absolutely ANYTHING to a Linux machine' is a fallacy and you need to retract that statement. Your opinion is flawed. Perhaps because like you accused someone else, you've not used Linux enough to draw conclusions?

      Because we all know Linux is bug free

      This was a stupid statement. Nothing is bug free. You're obviously trolling, but at least Linux seems to address bugs, generally (but not always) faster than the Windows counterpart. And yes, there's several links to confirm that, and no, I'm not going to bother repeating other slashdot topics to feed you.

      If you had even bothered to use Windows 7, you wold know it's stable, fast, secure, and a pleasure to use. At least that's the general consensus. Of course you should actually, I don't now, USE the software before you critique it. I still can't believe you're basing these assertions from your experience with pre-SP1 XP

      Oh agreed, it's more stable than XP, but as I've had it bluescreen a few times, sometimes with similiar screens as XP (like the NOT_LT_OR_EQ bs), or have explorer crash on me asking me kindly if I want to send the bug report to Microsoft (I do of course), the fact your global comment of 'stable' is flawed. More stable than XP, yes. Stable globally? No.

      Fast, yes, it's faster. But on the same hardware that XP ran 'fast' on it's actually a touch slower. It needs better video and better CPU to actually run 'faster'. Does this obviously by better threading, better memory management, and streamlined I/O. Only took them 20 years to do it right (or at least 'better'). So while overall, yes, it IS faster, this is also bias based on the hardware you run it on.

      Secure? The security is about equal to Win 2008 server for security, which while a great improvement over other windows, is still, frankly broken at the object layer allowing viruses (like flash viruses, email viruses, etc) to propigate quite nicely. The fact that other operating systems have less (or no) real viruses, while enjoyable, is moot. The fact is Windows still does, thus, shoots th

  20. Re:Sandboxie: 29 EUR by causality · · Score: 2, Insightful

    The people who fall prey to a virus like that won't be technical enough to do that (even with an easy point and click tool)

    If something like Sandboxie were bundled with the operating system, mail clients would by default run mail attachments in a sandbox. But you're right that it wouldn't stop "This application wants to break out of jail: Cancel or Allow?" from getting a click on Allow. The only thing that can stop that is mandatory verification of the hardware maker's digital signature on everything from the bootloader on up, as seen in iPhone and other consoles.

    An iPhone may or may not be an appliance, but general-purpose computers and the operating systems designed for them are certainly not appliances.

    --
    It is a miracle that curiosity survives formal education. - Einstein
  21. Depends on Who Patient Zero Is... by IonOtter · · Score: 4, Interesting

    I got one of these at work.

    The reason it didn't nail my machine is because...

    1. I have HTML disabled on Outlook
    2. I never click ANY links that go outside the company.

    I did a quick search on the URL, and it led me to Slashdot in the Google results. Yay Slashdot!!

    But here's the catch? Someone INSIDE the company *did* get hit, and it spread from their address book to everyone else. That's the usual progression, of course, but the source and headers actually made me look twice.

    ALL of the headers, everything, came from inside the company firewall. I could see where it passed through at least 3 firewall systems to get to me.

    When I spoke to network security, they said they'd been fighting it since noon. The reason why is because people are actually READING THE HEADERS and checking the user, and it's coming up legit!

    The folks on our end are actually doing due diligence, they're just not paranoid enough.

    --
    [End Of Line]
    1. Re:Depends on Who Patient Zero Is... by cbhacking · · Score: 2, Insightful

      You know, all that due diligence makes perfect sense right up until you get to the fact that the "document" or "picture" you were sent isn't actually a PDF or image, but a .SCR - a PE-format executable binary. Windows will bitch at you about 3 different ways if you try and run one of those off the web, and the simple fact that it didn't just open in Adobe Reader should be more than enough of a tip to click no.

      Personally, I suspect the people at your office are simply lying about checking the headers and all to try and look less retarded. It seems to have worked on you.

      --
      There's no place I could be, since I've found Serenity...
  22. Dealing with this mess... by don_carnage · · Score: 5, Interesting

    We had to deal with this mess today, running around to PCs and flat-out shutting them off. One user that I came across clicked on the link because he "verified that it was from someone in the office." His Outlook outbox had over 34,000 emails ready to send. Quite a mess and we're still cleaning it up. I thought we had learned our lesson with the "I Love You" virus. What's worse is that the spam filter, IPS, Windows firewall, antivirus, and web proxy all failed to stop the attack.

    --
    Wooden armaments to battle your imaginary foes!
    1. Re:Dealing with this mess... by turbidostato · · Score: 4, Insightful

      "We had to deal with this mess today, running around to PCs and flat-out shutting them off."

      Somehow this doesn't happen to appear on the Windows vs Linux TCO studies from Microsoft.

    2. Re:Dealing with this mess... by turbidostato · · Score: 3, Insightful

      "What, you think replacing Windows with Linux is magically going to grant its user 20 IQ points?"

      I think that, at the very least, the grandparent wouldn't need to "run around to PCs and flat-out shutting them off": he could have done the same from the comfortability of his chair and the aid of ssh.

    3. Re:Dealing with this mess... by don_carnage · · Score: 3, Informative

      The main point of physically visiting each machine was to leave a note stating, "Do not turn on this machine until further notice." It's all fine and dandy that you shut them down remotely, but how do you prevent the user from coming in the next day and turning the machine back on?

      --
      Wooden armaments to battle your imaginary foes!
  23. Re:User & Admin Retards by IonOtter · · Score: 3, Insightful

    User retards:
    - What retard still uses Outlook?

    You use what the company tells you to.

    - What retard still opens exe files it receives in e-mail?

    This wasn't an .exe file. It was a .scr file that was encapsulated in HTML to make it look like a .pdf. If you had HTML enabled, you'd only see a .pdf.

    - What retard still opens links it receives in e-mail?

    If I wasn't a paranoid security-nut, I would have. It came from inside the company, from a legitimate user I'd been in contact with in the past. But because I'm paranoid and have HTML disabled in Outlook, I could see the REAL link going to someplace in the UK.

    Admin retards:
    - What retard still deploys Outlook/Exchange

    Have you got something better that can support 150,000 unique email addresses in the United States alone???? Do you wanna add 100 additional countries to that, with all the additional email addresses? No, please! Amuse us. Tell us how wonderful your particular flavor of *nix is for taking care of such a big system.

    - What retard still allows exe files to pass through e-mail?

    See above.

    - What retard still doesn't classify links in e-mails that point to shoddy domains as spam?

    See above.

    - What retard mounts a corporate home directory without the noexec flag?

    That's what a zero-day exploit does. It finds a way around that.

    - What retard still allows their users to run as root/admin?

    See above.

    - What retard allows a client computer to send more than 1 mail per second?

    They're called "distribution lists". When the bad guys get inside, they work just as well for them as they do the user.

    --
    [End Of Line]
  24. Re:User & Admin Retards by Anonymous Coward · · Score: 3, Insightful

    Have you got something better that can support 150,000 unique email addresses in the United States alone???? Do you wanna add 100 additional countries to that, with all the additional email addresses? No, please! Amuse us. Tell us how wonderful your particular flavor of *nix is for taking care of such a big system.

    I wonder why you got modded so high. Do you have any clues about email systems?

    1) Support for 150,000 unique email addresses: There is no need to use unique in that sentence. Also support for what? Even my texteditor can hold that many email addresses (unlike notepad) and since it is unicode based there is no difficulty adding other countries usernames. So what the hell do you mean by support for 150k email addresses?

    And why should it be a problem at all for any system? MTAs and MDAs are limited by the amount of traffic and not by user accounts. IMAP takes care of the mailbox access for the individual user. Every part of the system can be split over multiple server if you need more performance. The mail storage is database driven and scales depending on your choice of database. LDAP can store many more than 150k addresses.

    2) What has the operating system to do with the programs running on it?
    I can run the un'x flavour services as you call it on any system I like (Even windows). There is no real tie between os and services. They compile on every flavour of un*x and some mad people always take it and port it to windows, too.

    3) Distribution lists?
    I guess you mean mailing lists with restricted access. Maybe you should restrict the access harder. I can't see any reason for normal people to have access to lists like just because they are a member of the university for example.