After 7 Years, MyDoom Worm Is Still Spreading

An anonymous reader writes "Researchers at Sophos have revealed that the MyDoom worm, which spread via email and launched denial-of-service attacks against websites belonging to SCO and Microsoft, is still spreading on the internet after more than seven years in existence. The firm suggests, tongue-in-cheek, that it would be nice if computer users updated their anti-virus software at least once every 5 years to combat the malware threat."

7 years ago?

Hello dear christian friend,

In the year of 2004 it is with great pleasure that I leave to you the sum ...

Windows is nothing if not backward-compatible

[lseltzer]

But if you got a MyDoom message in any modern software you'd get tons of warnings, and many e-mail programs would strip the attached executable as a matter of policy.

Re:Windows is nothing if not backward-compatible

[jimicus]

Stuff the MUA, the MTA should be stripping executables - and it should be doing so using the file signature, not the extension.

Re:Windows is nothing if not backward-compatible

[Lord+Byron+II]

Yes, because there's never a legitimate reason to send/receive executables. My university does this stripping crap and it's annoying as hell. They even yank out archive files. I eventually had to switch to Gmail from the university system, because I would send a colleague a zip file and they would email me back that I forgot to send an attachment (or vice-versa).

A better option than blindly modifying emails is to look for virus signatures in the files. At least that way, you're only eliminating the things that are known to be harmful.

Re:Windows is nothing if not backward-compatible

[MichaelSmith]

One shot windows executables are pretty much a standard espionage tool these days. Used only once a virus checker will never recognise them.

Re:Windows is nothing if not backward-compatible

[PsychoSlashDot]

If only there were a dozen or so other ways to transfer potentially harmful data that coincidentally require user intervention.

E-mail is fine for passive data, but it's too easy for executables. Users should have to jump through some hoops when handling executables, just like chemists have to take extra precautions when handling unknown or potentially hazardous substances. Handling protocol requires you to slow down and treat the material differently. Sounds good to me.

If your users can't handle FTP, or any of the myriad web file transfer systems, perhaps the answer isn't leaving hydrochloric acid in a Pepsi can on their desk. Don't dumb down the process... smart up the users.

Re:Windows is nothing if not backward-compatible

[jimicus]

And your university is broadly doing the right thing. (Though it's wholly unnecessary to yank archives unless they contain executables, any self-respecting mail scanner will be able to read more-or-less any archival format).

Scanning for "known-bad" things stopped being a good idea years ago. Frankly, unless you take a very hard line to block everything even remotely risky you are more-or-less guaranteeing a lot of clean-up work dealing with exploits. Every time something gets through, your staff can look forward to several hours of clearing up the resulting mess - and that's with a relatively small organisation.

Google have the resources to effectively crowdsource much of this, and they don't have to deal with the fallout of anything that slips the net.

What you should be doing is working with the system rather than against it - and the system should be set up to make it easy for you to do this. Services like yousendit.com are a rather more satisfactory solution for most endusers than an FTP server; I daresay a university should be able to put something similar together inhouse.

Re:Windows is nothing if not backward-compatible

[houghi]

You are on /., so I assume you have access to at least a website and the ability to upload files there. Copy and paste the URL.

As you are using email to send those files, security should not be an issue. If you want some minimal security, you could link to a page with a login and/or password. Several more methods are available to make it secure.

Re:Windows is nothing if not backward-compatible

[rednip]

Users should have to jump through some hoops when handling executables

Such as not running as root/Administrator? However, I know plenty of professional SAs who could take that advice; it's just easier to run that way and they (in theory) know how to deal with permissions.

Also, not all attachments are executable, yet most blanket exclude them all, so it eliminates one of the best ways to casually transport files. Worse, those that only go after attachments that appear to be executable miss some and create a false sense of security when dealing with them.

I don't really know the answer to this problem, I only know that all the solutions I have seen are not enough.

Re:Windows is nothing if not backward-compatible

[donaldm]

Yes, because there's never a legitimate reason to send/receive executables. My university does this stripping crap and it's annoying as hell. They even yank out archive files. I eventually had to switch to Gmail from the university system, because I would send a colleague a zip file and they would email me back that I forgot to send an attachment (or vice-versa).

A better option than blindly modifying emails is to look for virus signatures in the files. At least that way, you're only eliminating the things that are known to be harmful.

Yes we do know that is a a problem but "think of the children" :)

On a more serious note. The best way is to take off the .exe or .zip or .whatever and send the binary as a simple file or even enclose the binaries in an compressed archive and take off the extension so you can send it. The problem is the person who is going to receive the binary must know how to put it into a format that is usable and it is amazing the number of people who have no idea how to do this even when you explicitly tell them in the email.

Actually I use Gmail as my main mailer and can easily operate in Corporate environments. The only issue I have in the particular place I working at the moment is the firewall stops my Kmail client so I just use Web Gmail during the day and when I get home i transfer all mail to my local folders.

Re:Windows is nothing if not backward-compatible

[L-four]

any modern software

Is outlook 2000 modern software?

Re:Windows is nothing if not backward-compatible

[ultranova]

E-mail is fine for passive data, but it's too easy for executables. Users should have to jump through some hoops when handling executables, just like chemists have to take extra precautions when handling unknown or potentially hazardous substances. Handling protocol requires you to slow down and treat the material differently. Sounds good to me.

Like the infamous UAC messages of Windows Vista, which popped up whenever any application tried to do anything, and did nothing but annoyed people and conditioned them to click allow on any message that pops up?

Modern computers don't have any security. Yes, this includes Linux, which isolates users from each other (to some extent) but doesn't give a single user any way of isolating his processes from each other and data. It's difficult to figure out what's happening in your system, and it's impossible to roll back any changes, besides reformatting and restoring from a backup. Even such basic functionality as letting a program change what it will, but only applying the changes only to said program's context - pretend-admin, in other words - is missing; you need to run a full virtual machine to get that.

Why can't you just create a context, and run programs in that context, letting them do what they will while preventing any effect outside the context? We do that with memory, and everyone agrees that memory protection is a good thing - yet when it comes to the filesystem, it's no can do?

The fact that computers operated by professionals for pay keep on getting pwned is irrefutable evidence for these facts.

If your users can't handle FTP, or any of the myriad web file transfer systems, perhaps the answer isn't leaving hydrochloric acid in a Pepsi can on their desk. Don't dumb down the process... smart up the users.

Since a Pepsi can is made of aluminium, it would simply dissolve in HCl (and blow up if it was closed due to the build-up of hydrogen). And the rest of your statement is just as nonsensical - what, transferring files through FTP is somehow more dangerous than through HTTP?

Re:Windows is nothing if not backward-compatible

[Randle_Revar]

>Services like yousendit.com

Please don't encourage those assholes. The spread of services that make their name include their TDL and come up with the rest of their name by describing what they do is one of the most irritating computer-related trends to come along in recent year. It might not be quite as bad if users didn't fall for it - "gotomypc.com? They can do that now? I'll try it, sounds useful!"

Re:Windows is nothing if not backward-compatible

Because any security gateway worth its subscription fees will be scanning for file signatures and blocking anything that is 'malformed'. An encrypted zip file with no extensions will certainly attract attention on anything I've setup, just because of the risk that a user is trying to bypass something.

Re:Windows is nothing if not backward-compatible

impossible to roll back any changes, besides reformatting and restoring from a backup

Btrfs snapshots. Fedora already has support for automatic snapshotting with yum so that you can yum install or yum remove something and, hey, unintended change? Rollback.

Even such basic functionality as letting a program change what it will, but only applying the changes only to said program's context - pretend-admin, in other words - is missing

Google for cgroups and isolation... there's a more specific term that will get you there immediately, but I can't think of it at the moment, as I've never used it, only read about it. It's basically a better, Linux-only chroot capability.

What the grandparent is trying to say about FTP vs. email is that FTP clients won't automatically execute the viruses they download (unlike Outlook.)

Re:Windows is nothing if not backward-compatible

[uid7306m]

Absolutely. By blocking anything potentially dangerous, you end up with a safe organisation that isn't able to function well.
Obviously, the I.T. guys see their own pain. But, the pain that excess security causes is widely distributed across space and time, and no one counts it all.

So, in this case, yeah, a virus is bad news. But, the question is, is a virus more lost productivity than 1000 people who are unable to send zip files?

Re:Windows is nothing if not backward-compatible

[hairyfeet]

But everyone here seems to be missing the forest for the large green things in the way. As a PC repairman that does this 6 days a week when you see an old worm that has been patched still running loose? Piracy, pure and simple.

You'd be amazed at how many machines I've seen with "XP SP2 Corporate Razr1911 Edition" or one of the variants. Hell more than half the machines on Craigslist are probably running pirated Windows, it is everywhere. Now since WGA will bite the person they sell the box to in the ass* the pirates turn off Windows Update. So what happens? The machine runs for years with NO patches and becomes a haven for malware like MyDoom. Hell I've seen XP Sp1 machines cross my desk as late as earlier this year, and most of the Razr1911 boxes are SP2. That leaves....what? Something like 1800+ patches missing the script kiddie can use against them?

Despite many here thinking I'm "pro MSFT" I actually lay the blame for this squarely at the feet of MSFT. Frankly killing the $50 Win 7 HP plan was stupid and caused increased piracy, because that $50 plan had many pirates going legit. I would have taken it one further and released Win 7 Starter as a $25 OEM disc for those whose machines can't handle Aero. This would have wiped out piracy overnight, while giving them a platform for the latest IE and WMP as well as giving them a chance to upsell to HP or Pro. The fact Ballmer killed it is just one more proof in my mind that he is incompetent and needs a good firing. When one has the dominant market switching the pirates over equals a HUGE gain and throwing away that chance was fucking dumb.

So no matter what some here say about "educating users" (never works) or hardening the OS, I'd say the vast majority of myDoom and its friends are running on hot Windows.

*-this includes Windows 7 BTW, the RTM OEM hack has started failing with SP1 and I've had to tell a few folks the reason they are getting that WGA warning is because....surprise! That PC they bought for $100 with a $150 OS doesn't have a legit key.

Re:Windows is nothing if not backward-compatible

[vaporland]

It's difficult to figure out what's happening in your system, and it's impossible to roll back any changes

Run it in a VM that allows rollbacks. Parallels supports this - I bet VMWare does too...

Re:Windows is nothing if not backward-compatible

[Demonoid-Penguin]

Modern computers don't have any security. Yes, this includes Linux, which isolates users from each other (to some extent) but doesn't give a single user any way of isolating his processes from each other and data.

Wrong about *nix, I'm not in a position to comment on Microsoft. But feel free to weasel your way out of incorrect sweeping statements. If I have to point you at the solutions it's because you've gone to considerable trouble to ignore them.

It's difficult to figure out what's happening in your system,

for you maybe - the rest of us have no problems. Be fucking hard to debug if we couldn't.

and it's impossible to roll back any changes, besides reformatting and restoring from a backup.

More bullshit. Squashfs, unionfs, and others. Are you trying to say Restore Points© are the solution? (hint - them's backups). If you need to reformat to restore from backup it's no wonder you come up with such weaselly statements.

Even such basic functionality as letting a program change what it will, but only applying the changes only to said program's context - pretend-admin, in other words - is missing; you need to run a full virtual machine to get that.

More bullshit and gibberish. File system changes in a virtual machine are identical to those in the host. Doesn't matter whether either of them have access to a block device as a file system, or a file. And chroot?

Who said anything about resealing an acid-resistant, epoxy-lined, Pepsi can?? Pepsi cans are constructed to cope with pressure anyway.

Re:Windows is nothing if not backward-compatible

[Demonoid-Penguin]

Modern computers don't have any security. Yes, this includes Linux, which isolates users from each other (to some extent) but doesn't give a single user any way of isolating his processes from each other and data.

Almost forgot - SELinux and AppArmor can do what you asked for - separate processes from filesystem objects..

grsecurity - even finer grained control.

Re:Windows is nothing if not backward-compatible

[ultranova]

Wrong about *nix, I'm not in a position to comment on Microsoft. But feel free to weasel your way out of incorrect sweeping statements. If I have to point you at the solutions it's because you've gone to considerable trouble to ignore them.

I'm sorry, did I hit a nerve?

for you maybe - the rest of us have no problems. Be fucking hard to debug if we couldn't.

For most people.

More bullshit. Squashfs, unionfs, and others. Are you trying to say Restore Points© are the solution? (hint - them's backups). If you need to reformat to restore from backup it's no wonder you come up with such weaselly statements.

Squashfs is read-only and thus has no relevance to the topic of rolling back changes, since none can be made. Unionfs is actually pretty close to what I described, but still lacks the ability to show different versions to different execution contexts. And of course it requires specialized knowledge to set up, making it irrelevant to the average user.

Also, you keep using that word "weaselly". I do not think it means what you think it means.

More bullshit and gibberish. File system changes in a virtual machine are identical to those in the host. Doesn't matter whether either of them have access to a block device as a file system, or a file. And chroot?

Chroot is nice, if you are willing to make a copy from the whole filesystem for a suspected rogue program to play around in. Unionfs is closer, but still lacks the ability to define a different union for different execution contexts.

Re:Windows is nothing if not backward-compatible

[Demonoid-Penguin]

For most people.

You try and change what you claimed. You are consistently wrong. You deny the truth.

I do not think it means what you think it means.

Thinking is a cerebral activity. If your statements involved your brain - then your brain is damaged. Weaselly - "Devious; misleading; sneaky." - that's you all right.

XP Mode?

Sure it's not XP mode?

I don't run antivirus software in the VM because the VM almost is never up, but I wonder about people using it for significant amounts of time on a non-firewalled system. XP versions before SP1 would get root'd by simply having internet access.

Re:XP Mode?

[pandrijeczko]

Look at it another way...

If spammers suddenly discovered that sending out millions upon millions of unsolicited emails generated no revenue whatsoever because nobody ever opened them, then spam would stop overnight as the spammers would have to go and find new ways to make money.

On the basis that spam has not stopped, I think it's safe to assume that there are still lots of people out there interested in buying viagra or bigger willies from some complete stranger on the other side of the world, even though very few (if any) of those knuckle-draggers ever probably ever come here on Slashdot. (Fanbois, zealots and geeks - yes. Pedos, knuckle-draggers and estate agents, no.)

Stated in those terms, do you see now why it is perfectly feasible that there are computers out there with absolutely no virus checking on them that haven't been updated for nigh-on a decade.

Re:XP Mode?

[rhook]

Stated in those terms, do you see now why it is perfectly feasible that there are computers out there with absolutely no virus checking on them that haven't been updated for nigh-on a decade.

You wouldn't believe how many systems I have worked on that have anti-virus installed that came with the system but hasn't been updated since the free trial expired. I really wish manufacturers would stop shipping systems with anti-virus software that is only good for 60 days. Almost nobody ever pays for the subscription after the trial expires.

Re:XP Mode?

[MichaelSmith]

Computers should be safe to operate without expensive add on software.

Re:XP Mode?

[pandrijeczko]

Any time I'm asked to set up a new desktop or laptop PC for friends or family, the Norton Trialware in the first thing I remove and install free anti-virus like Microsoft Security Essentials or AVG.

I'm sick off TV ads where Symantec and other commercial security software vendors give the impression they are a one-stop solution to user ignorance with their over-rated bloated packages designed to do little more than to get you to hand over a credit card number for their subscription.

Frankly, I've had much better results installing the free stuff and then sitting down with the new PC owners for a 1/2 hour explaining the perils of downloading and running warez or opening an unknown email attachment.

Re:XP Mode?

[houghi]

I don't run antivirus software in the VM because the VM almost is never up

That is like never using a condom, because you hardly ever get laid.
The protection is not to protect the world from you. In first instance it is to protect you from the rest of the world. Only AFTER you are infected is it to protect the rest against you.

(I pull the trigger in Russian roulette, because there are almost no bullets in the pistol. What? Why should I use a revolver?)

Re:XP Mode?

[flappinbooger]

But you can't just get to xp mode and be an idiot, I doubt it is the cause of this. Also the XP mode VM that comes with win7 Pro and Ult is SP3.

There are some scenarios where it could be possible to go unpatched for that long and then suddenly get infected:

Bubba picks up "one o' dem dare computer thingies" from a garage sale. "ain't nebber been on der inter-tubes, momma!" "Plug 'er in, bubba! The tubes man was here and said it's all hooked up!"

The computer HAS been on the internet for 7 years and has gone unpatched completely, but Peggy Sue only gets emails from Grandma Jane and only plays solitaire and hearts on Yahoo. After 7 years grandma dies and she goes looking for casket polish (or some other innocent term) - bam, infection.

Jimmy learned all about "fixin computers" from uncle roy, the smelly old timer with food and tobacco spit in his beard and tinfoil stuck in his hat so the black helicopters won't read his thoughts. When Jimmy crashed ma and pa's computer by trying to look up goat sex, (but he was just curious so it's ok,) he popped in the 8 year old CD from the bottom of the drawer and "fixed it right up in a jiffy!"

Here's one I've seen many times: Johnny Ray lives in the country over by the holler, but the DSL just made it out that way. Johnny Ray had been using dialup (except when it rains since the line noise is bad then) but he switches to DSL. "Yeee HAAA! Look at all them titties pop right up!" Since he had dialup for the last 8 years he never did "any o' dem dare winders updates cuz it would take too long," but now with DSL he has a whole new world to explore. BAM, infection city.

There is an unlikely scenario, but it might just be possible for someone to blindly traipse around the internet unpatched and never catch anything serious, but that person is either exhibiting some sort of fantastic idiot savant abilities or are truly so lucky they must also tend to find winning lottery tickets in gumball machines.

Re:XP Mode?

[donaldm]

You wouldn't believe how many systems I have worked on that have anti-virus installed that came with the system but hasn't been updated since the free trial expired. I really wish manufacturers would stop shipping systems with anti-virus software that is only good for 60 days. Almost nobody ever pays for the subscription after the trial expires.

Yes I would believe since the PC's I have brought came with the wonderful 60 day virus scanner trial. My latest laptop (HP dv7 i7) came with Windows 7 however I just blew it away and installed Fedora 14 (now 15) and I use this machine for home and corporate use.

Before people say that using a private machine in a corporate environment can aid in espionage I would answer yes it can, but unless the firm you work for provides a corporate machine you have no choice but to use your own. Anyway there are so many other devices (smart phones, usb sticks, portable disk drives ...) that can better aid in corporate espionage.

Re:XP Mode?

[GIL_Dude]

Computers should be safe to operate without expensive add on software.

That's an interesting thought. How about "cars should be safe to operate without expensive add on software / hardware". Guess what? They are! It is the idiot drivers that crash the cars by going too fast in poor conditions, tailgating, and other poor decisions and unsafe usage. This is the same thing as with computers. All major operating systems ship now with security features in place that help to keep users safe. Firewalls (on by default), ASLR, DEP, etc. have become pretty standard. The thing that hasn't changed is the user. Just like the driver that makes unsafe lane changes, the computer user runs untrusted code that was sent to them by strangers. Often times they "have to install this special video codec to watch [insert celebrity name here] boobs". Not only do they install this "codec", they give it admin rights.

Computers are safe to use without add on software. It is the user who isn't safe because they don't pay any attention to the myriad of warnings they are given and continue to practice unsafe computing.

Re:XP Mode?

[Opportunist]

No problem. We'll lock the computer down to the point where you may only install approved applications from an approved source. Sure, there'll be some exploits, but they'll be closed and you'll be forced to update (you automatically get them pushed onto your machine next time you connect to the internet, before any other connections are allowed). If a problem is detected your machine is shut down to prevent it from damaging other machines, the only connection possible is to the approved source and it will stay that way until a fix has been pushed that ensures your machine is safe again.

Sounds good? I hope so, because it's the only way your goal can be accomplished.

The main reason is that computers are all purpose devices that MUST execute what the user wants them to execute. They may warn you that the operation you are trying demands elevated privileges, but they are helpless against a user that ignores that warning for the promise of dancing pigs. Unless the user does not have the final say in what should and what should not be executed, your goal cannot be accomplished.

Personally, I prefer freedom to security. Judging by the success of Apple lately, I'm a dying breed.

Re:XP Mode?

[Opportunist]

These people don't care, the 3 applications they use (internet, mail, some word processor) are working and they're happy with that. Chances are they don't even notice how much of their CPU time is already clogged with trojan work since the tasks they want to run would require at best 10% of the CPU's capacity. Whether the trojan eats 50% or not, i.e. whether the idle task runs at 90% or 40%, they don't know, care or notice.

Re:XP Mode?

[realityimpaired]

Seems to work for DHS... and it has worked for the aviation industry for more than 50 years.... Do you have any idea how many regulations exist today in aviation specifically because somebody tried doing it differently, and people died as a result?

Re:XP Mode?

[rvw]

XP versions before SP1 would get root'd by simply having internet access.

If I run a VM (XP or something else), that VM must have a different ip-address than the host, and to have internet access, there must be some kind of router or routing system. To reach the VM from the internet, port forwarding must be configured. Maybe the host IP is directly accessible from the outside, but the VM is not. Even if no firewalls are active, there is no way that the VM can be infected simply by starting it up and giving it internet access. So for an infection to occur, you need to start a browser to visit a website that infects the OS of the VM. (And of course the host could be infected, and then spread the virus to the local network, but that's something else.)

So can you explain how this VM will be infected after it started up without doing anything else on the machine?

Re:XP Mode?

[downhole]

I'm not sure if it's true, but i have heard that a lot of the spam is a result of the spammers themselves being scammed. They find some less bright guy running some sort of shady small business and convince him that spam is a legitimate form of marketing. He buys into it and pays to send some spam. Whether or not it works at all, the spammers still make money. Which means that spam will keep going as long as there are no consequences for the spammers and there are stupid people running shady businesses.

Re:XP Mode?

[ColdWetDog]

No problem. We'll lock the computer down to the point where you may only install approved applications from an approved source. Sure, there'll be some exploits, but they'll be closed and you'll be forced to update (you automatically get them pushed onto your machine next time you connect to the internet, before any other connections are allowed). If a problem is detected your machine is shut down to prevent it from damaging other machines, the only connection possible is to the approved source and it will stay that way until a fix has been pushed that ensures your machine is safe again.

Your ideas intrigue me and I would like to subscribe to your newsletter, please sign me up.

Steve
Sent from my iPhone

Re:XP Mode?

[tepples]

We'll lock the computer down to the point where you may only install approved applications from an approved source.

Are you referring to video game consoles, where only established companies are approved sources? Or are you referring to iOS, where any Mac owner with $100 a year is an approved source?

Re:XP Mode?

[jmottram08]

Tell that to the DOJ

Re:XP Mode?

[asdfghjklqwertyuiop]

All major operating systems ship now with security features in place that help to keep users safe. Firewalls (on by default), ASLR, DEP, etc. have become pretty standard.

Buffer overflows in browsers, Flash, PDF readers, media players and more have all become pretty standard too. Merely browsing to a particular web site should not cause a computer to become overrun with malware, but sometimes it can.

Re:XP Mode?

[sjames]

Not necessarily. In a car, driving too fast, running a light, tailgating, etc are never appropriate.

Clicking OK is quite often the correct answer with a computer. You can't install software without it. The computer shouldn't make opening a data file and running an executable look and feel exactly the same.

Re:XP Mode?

[Opportunist]

Pick your poison. Either is nothing I'd want in my home. I prefer to own what I buy.

Re:XP Mode?

[Opportunist]

Please don't sue for stealing your idea!

Re:Maybe people should have to register their PC

[pandrijeczko]

Yes, AND they can get off my bloody lawn as well, before I set the dogs on them.

Re:Maybe people should have to register their PC

I'll support that.
Right after we require a license to have children.

That would fix alot more stupid thanjust a computer worm problem.

Oh, I see!

[Ross+R.+Smith]

The only thing that comes to mind is 'PEBKAC'.

Re:Oh, I see!

[Opportunist]

Responsible for about 90 to 95% of all new infections.

I'm not kidding here, when you look at the current threats, you'll notice that most do not target exploits. Why should they? There is a very good reason not to target exploits but target the big layer-8 exploit sitting in front of the machine.

1. Exploits get fixed. Users don't.
2. Exploits are sometimes hard to craft. It's way easier to create a "click here to see the pig dance" executable.
3. It's easy to adapt social engineering to a new "exploit" (e.g. when a new catastrophe hits, "click here for gory details") rather than adapting an exploit to circumvent AV tools and patches.

If you're trying to break into a machine, use the biggest security hole that no software maker can ever patch: The user. Since most blanket attempts at phishing don't care whether they hit Joe Random over there or you, it wouldn't even matter if 90% of the users were smart enough not to click, it still wouldn't warrant the additional expense of writing code to exploit a security hole in the system.

Re:Maybe people should have to register their PC

[datapharmer]

nice.

The Definition of Ignorace.

[geekmux]

Is this really any surprise to anyone? People still believe that Bill Gates is going to pay you for forwarding email. Most attacks (malware, trojans, viruses, etc.) feed on the ignorance of the average person. It's sad really, but I don't expect anything different 27 years later, much less 7.

Re:The Definition of Ignorace.

[discord5]

People still believe that Bill Gates is going to pay you for forwarding email.

Well, there goes that lucrative 2nd income. I hope Santa doesn't skimp this year, I could really use some money.

Re:Win7 question

[walternate]

I hear from users and fanboys that Win7 is much more hardened than say WinXP

So my question is does this old virus still run on Win7?

If you actively run it and give it permission, yes. Since you mention fanboys, the Mac variety always claim malware doesn't count if users have to do that. Compared to XP it helps that Win7 have UAC, but the best defense against PEBKAC malware like this is running antimalware software like Security Essentials, which you also can do on XP.

If you really were interested, there is a lot of information out there about the security differences between XP and Windows 7, they are quite extensive (ASLR, DEP, UAC, improved firewall (with multiple active profiles), Windows Service Hardening, Protected Mode browser, etc.)

Re:Maybe people should have to register their PC

[donaldm]

Maybe people should have to register their PC before they connect it to the Internet?? Maybe people should have to get a license to use a PC on the Internet? It might reduce the carnage on our roads ^H^H^H^H^H^H^ Internet....

Excuse me while I press my brown uniform and shine my jackboots, the DRM people are making me work overtime again :)

Virus checker bloat

[Twinbee]

Or alternatively, not have a virus checker at all as it slows down PCs, and misdiagnoses all the time (I don't need it deleting files which I know are NOT a problem).

Just be careful what sites you visit, do backups (using SyncBack of course) and a system restore will usually solve minor problems.

Re:Virus checker bloat

[Opportunist]

And if you drive carefully, what do you need safety belts and airbags for?

Re:Virus checker bloat

[Twinbee]

Safety belts don't choke you to death though, and airbags aren't made of lead.

Re:Virus checker bloat

[Opportunist]

Ok, but I'm a safe and careful driver, so according to your theory I don't need either.

Re:Virus checker bloat

[Opportunist]

You mean like the webpage you visit regularly and that you trusted which was hijacked and seeded with an exploit?

Re:Virus checker bloat

[dotgain]

Ok, but I'm a safe and careful driver,

That may be true, but you're a careless analogy-maker. Vehicle restraint systems and anitvirus software are utterly dissimilar.

But let's play your game: How many human lives have been saved as a direct result of antivirus software?

Re:Virus checker bloat

[Celarent+Darii]

But not everyone on the highway is safe or careful. The seatbelt protects you mostly from accidents with other people, not yourself.

Re:Virus checker bloat

[Opportunist]

Human lives? Contemporize, man, the question is now the damage to the GDP.

Re:Virus checker bloat

[Opportunist]

And not every webpage you frequent is well secured.

Like in my analogy, your security does not only depend on how well you can handle your machine. You're dependent on others who you interact with. Avoiding shady, dubious pages is no longer a safeguard against infections, pages can be hijacked and they are, I've seen anything from hotel booking pages to phone registers hosting exploits. And since you do not control that page and have no control over its security, and since you won't find out whether it actually contains an exploit before it's too late, it's pretty much the same deal: Someone else being careless is putting you in jeopardy.

Re:Virus checker bloat

[randallman]

The trade-off in performance for the most common used virus-scanning packages is huge and should be taken into consideration. Lately I've used co-workers new laptops that make my 5 year old Pentium-M with Ubuntu seem very fast by comparison. In my experience with helping "friends" (people who find out I work with computers) with their computers, most of them have virus software installed that failed to detect the malicious software. And when I tried to remove it I had to try half a dozen scanners to find one that will detect and remove the virus or trojan. Virus software is not like a seat belt. It's more akin to the E.R. doctor trying to patch things up after they've gone to hell. If you run a scan and find something, your system is no longer trustworthy. There's no replacement for educating users, but the OS and program software can go a long way to help keep a system secure without the unnecessary overhead of checking each file for every signature of every piece of malware ever developed.

Re:Virus checker bloat

[dotgain]

I see what you did there!

You're bitter about capitalism, therefore any and all hairbrained analogies are valid. Truly, you have a dizzying intellect.

Build cleaners into free entertainment software

[LoudMusic]

If you really want to get people to run virus scanners (without making the scanner a virus itself) you'll have to make it beneficial to the individual. Create some really fun game and buried in the EULA mention that the program does a virus sweep each time it launches.

Either that or fight fire with fire.

Re:Build cleaners into free entertainment software

[StormReaver]

Make it like the Linux administration Doom port. Instead of showing running processes as enemies in Doom, make the malware appear as enemy combatants. You and the malware battle it out with either modern or futuristic weapons. Everytime you kill an enemy, that piece of malware gets destroyed. Everytime you lose a battle, the game deletes a random file on your filesystem...

Re:Win7 question

[Teun]

As a non-Win7 user I was interested, yes I saw reports of such an infection but your explanation it needs to get permission explains a lot.

About the users :)

civil war between different factions of the Linux?

[at_slashdot]

Now this is a ridiculous description: "infected computers as part of a civil war between different factions of the Linux community."

Re:Win7 question

[Opportunist]

Any malware that gets executed by the user and granted privileges runs on any system that the executable format it is in can run on. That's true for Windows 95, Windows 7, MacOS of any version and Linux of any flavor.

No system can defend against the stupidity of its owner. Unless the system is actually "protected" from its owner. For further reading, look up DRM and TCPA.

Re:Maybe people should have to register their PC

[Opportunist]

I'm not really happy with the idea of handing the government even MORE say of what I may do with my computer and what I may not, it's not like they already take more than enough liberties (pun intended) in this matter.

But how about a radical idea: Make people responsible for what their computers do. Make them legally liable if their machines spew out spam and participate in DDoSs, at least if a reasonable amount of precaution has been taken. I'm aware that you cannot easily defend against all threats out there, and I am willing to accept that people should not be required to get an IT degree just to be allowed to join the internet, but I think it's not asking too much to keep your system up to date and patched (especially considering how pretty much every current system does it automatically) and at least TRY to protect themselves against malware. Use whatever AV suite and I'm already happy. You took reasonable precautions, as much as could be expected from a computer illiterate, you're off the hook. You decided to click away every warning your system presented to you, then take responsibility for your stupidity.

Re:Some computers need to be shot.

[Opportunist]

Actually, if you're a multi million dollar company you might not be able to upgrade from IE6. I know of such a company. Their main application that the whole company hangs on is written for IE6, with IE7+ unable to render it sensibly.

And yes, we're talking about a friggin' HUGE company here. Think Sony. Just big.

Re:Some computers need to be shot.

[Dr_Barnowl]

Just because you're a giant, doesn't mean your brain disease isn't serious.

But the thing about software, is that it costs the same to fix no matter how many people use it. The surgeon still costs the same.

Elevation in codec installers

[tepples]

the computer user runs untrusted code that was sent to them by strangers

Then how should code become trusted?

Often times they "have to install this special video codec to watch [insert celebrity name here] boobs". Not only do they install this "codec", they give it admin rights.

As I understand it, codec installers require the user to elevate because operating systems' multimedia frameworks offer no easy way to install a codec to a single user's account. Instead, codecs must be installed to the system for all users.

Re:Elevation in codec installers

[SuperMog2002]

They claim you need to install a codec not because you actually need one, but because the vast majority of users have no idea what a codec is. They simply recognize it as some nerd term and take it as fact that they need it if they want to watch the video. The program that gets downloaded probably doesn't install a codec at all. It merely installs the virus. For that matter, the advertised video may not even exist. Sure, the user will get upset when they go though all that work and never get their video, but it doesn't matter. The damage is already done.

Re:Elevation in codec installers

[tepples]

the vast majority of users have no idea what a codec is. They simply recognize it as some nerd term and take it as fact that they need it if they want to watch the video.

Then how is a legitimate codec, such as Xiph's Ogg codec pack, supposed to distinguish itself from fake codecs like the ones the scammers push?

Flash CPU use

[tepples]

the 3 applications they use (internet, mail, some word processor) [...] require at best 10% of the CPU's capacity.

If by "internet" you mean the web, then I've seen sites using Adobe Flash or HTML5 new features use far more than 10% of a core.

Re:Flash CPU use

[Opportunist]

You're looking at someone like my dad in such a scenario. They have their set of pages they keep visiting, they have their set of people they communicate with and that's pretty much what they do with computers. If a flash app doesn't run, it does not bother them. They might even blame their "old" computer that it's not running right, but since it's nothing they're interested in, they just patiently wait for it to go away or search for the "skip" button. They're used to slow computers, chances are their machine at home is about as fast as the one at work, if not faster (yes, even if it's 3+ years old), and they won't question why it's stuttering.

Re:Don't forget "HOT" copies of WindowsXP

[jmottram08]

Security updates work fine, even if the copy of XP is pirated. Either way, anti wirus / malware software is free.

Re:Maybe people should have to register their PC

[sjames]

So, do you have a license to sell hair tonic to bald eagles in Omaha Nebraska?

Re:Maybe people should have to register their PC

[sjames]

How about we actually hunt down and prosecute the people who release these viruses and use them to spam and DDOS

It is EXTREMELY dangerous to start attaching criminal responsibility to people who had no criminal intent and took no criminal action due to their victimization by (harder to catch) criminals. Eventually, the police would just stop trying to get the actual criminals (too hard) and would focus exclusively on the easy to catch victims.

If someone buys a computer with "anti virus" software on it that turns out to be fake, should they have known better? How about if it only cost $50 for the AV in a world where it usually costs $500 because "your freedom is too valuable to risk"?

An, of course, once the principle is established, overeager DAs will be only too happy to expand it to cover practically anything you might own. How much care is 'reasonable' to make sure your kid's baseball bat isn't used to beat someone to death?

Yes, in an area where for all practical purposes there is no law enforcement, people should use more caution. No, they don't deserve criminal prosecution if criminals victimize them. I'd rather law enforcement concentrate their efforts on the actual criminals.

Re:Maybe people should have to register their PC

[Opportunist]

Unfortunately, unlike with hookers, you don't know if the one spamming is the one who wants to sell. Under your law, if I want to put you out of business, all I had to do is to send out spam advertising your product.

Re:Maybe people should have to register their PC

[Opportunist]

Because the internet is an international world where national borders mean jack, while that's not the case with law enforcement. The people writing and operating malware rarely sit in the US or France. They usually hail from a country the name of which ends in -stan, where law enforcement gets a good chuckle out of it if you ask them to prosecute someone spamming or phishing in your country. They have real crimes to prosecute, and they don't give a rat's behind about your problems. I mean, do you care about theirs?

It's also not criminalizing the victim, it's criminalizing someone who is criminally careless. I don't know about your country, but in mine it is considered "incitement to crime" if you leave your car keys in your unlocked car or your entrance ajar while you're not home, and both can be fined (not to mention that your insurance will certainly not cover any losses). Why should criminal neglect be unpunishable in the vicinity of computers? Why is every law suddenly completely different when you add "done with computers"?

It's common sense to lock your car and house when you leave it. It's common sense not to let anyone in your home. It's common sense to not believe someone who offers to give you some money for nothing. Why is everything different when it comes to computers?

Re:Some computers need to be shot.

[Opportunist]

True, but "it's working, isn't it? Then why change it?"

That was, in a nutshell, the answer I got. And that's also the reason why changes are unlikely to happen any time soon. It's working. Changing it costs at least 6, more likely 7 digits. No chance that you could get that kind of money to change something that "is working".

Is that the best you got?

[GuruBuckaroo]

2004? Pfft. My IDS is still showing probes from the Blaster Worm, that was 2003.

Re:Is that the best you got?

[Paul1969]

My IDS is still showing probes from the Blaster Worm, that was 2003.

Not bad, but I'm waiting for somebody to chime in that they just got the "I love you!" email.

clone my doom to make a warning and boot them off

[Ex-MislTech]

I think some ppl should make a mimic my doom virus that simple informs the ppl
they need to patch and until then their tcp/ip files have been removed.

Gets them off the network and educates them.

Alright then

[Thraxy]

Update once every 5 years. Got it. Cheers.

Re:Maybe people should have to register their PC

[sjames]

If the U.S. can start extradition for a college kid in the U.K. over a few LINKS to allegedly pirated material, we can find a way to get at massive crime syndicates in other countries attacking millions of citizens here. If some other country won't curb their criminals (at least to the point of keeping their crimes within their own borders), cut them off (or filter them heavily) until they change their minds.

The Senate can't seem to keep their machines secured, more than one police department has failed as well (and much more seriously than accidentally relaying some spam). The DoD and even the CIA have had their failures as well. Multi-billion dollar corporations have plenty of failures there. Why should Aunt Tilly with her much more limited resources (including access to expert advice) be expected to do any better?

Next problem is who decides what is adequate? Must run anti-virus software? Where will I get that for my Linux, *BSD, or experimental MyOS (and why should I)? How about for Minix? If you decide to make exceptions, guess what major OS vendors will spend gadzillions in lobbying dollars to get their OS exempted and make sure *BSD and Linux are not.

There is also a big difference between a misdemeanor fine for failing to adequately secure a system (presuming agreement can be reached on what is adequate and it can be expressed in reasonably simple terms) and being held responsible for whatever it does when infected.

Incredible. Truly, truly incredible

[gwslyon]

This virus has accomplished what no one else has managed on the Windows Platform. Backward Compatibility. 7 years and running!

Solution: mod MyDoom

Just create a modified MyDoom to format the machines after one month of being infected, you will find less machines getting infected after that.

Re:Maybe people should have to register their PC

[Opportunist]

Well, if there was some kind of interest, then maybe. Sadly, there is no RIAA behind the anti-spam movement.

And you're right, taking full blame for the fallout isn't necessary, a fine in the vicinity of 100-500 bucks will keep people keenly interested enough to enable some brain cells before clicking every dancing monkey.

Re:Maybe people should have to register their PC

[hairyfeet]

Well if they are in Bumfuckistan nobody is gonna care if we just kill the pricks then, are they? These guys are scum, they cause billions in damages and lost hours, as a friend in the state crime lab has told me some are even using their infections to sell CP and not have it on their personal machines. these are true scum of the earth and frankly shouldn't be treated any nicer than we treat the mob or any other criminal org.

So take them out. If the country refuses to do shit, well there are plenty of groups like Blackwater that are happy to do dirty jobs for a fee. follow the money, find these rats in their holes and take them out. I bet a few high profile "actions" on a few of these scum might make them think twice about how much protection they can get by being in bumfuckistan. Let me put it this way: Would we put up with this shit if a country was spreading this much destruction and misery using non cyber means? Hell even the worst terrorist countries don't cause as much monetary damage as a single one of these fast spreading worms!

Re:Maybe people should have to register their PC

[sjames]

If there is no real interest, the only thing a law could do is permit the police and crooks( politicians if you prefer) to "do something" about the problem by persecuting the innocent and spending less resources than ever on the actual problem. Meanwhile, a zillion PCs all around the world will make sure the spam doesn't abate even slightly.

If there is adequate interest, they should go after the criminal organizations behind the bot armies.

Re:Maybe people should have to register their PC

[__aancvu2993]

Dear friend,

stupidity cannot be made illegal unless prisons can be made the size of countries and countries the size of prisons.

As per your example: if you leave your car or your home open and you are robbed, you don't have any criminal or civil responsibility. Unless you are prepared to visit your mother in prison, don't say such stupid nonsense.

Re:Maybe people should have to register their PC

[Opportunist]

Talk for your country. In mine, leaving your car keys in your unlocked car means trouble. Usually handled by a fine. Unless the car actually gets stolen and used in a crime, then you're actually liable for facilitation

Re:clone my doom to make a warning and boot them o

[coolmadsi]

I think some ppl should make a mimic my doom virus that simple informs the ppl they need to patch and until then their tcp/ip files have been removed.

Gets them off the network and educates them.

I think most users would find it hard to patch their system if they no longer have network access to do it.