Slashdot Mirror
After 7 Years, MyDoom Worm Is Still Spreading
An anonymous reader writes "Researchers at Sophos have revealed that the MyDoom worm, which spread via email and launched denial-of-service attacks against websites belonging to SCO and Microsoft, is still spreading on the internet after more than seven years in existence. The firm suggests, tongue-in-cheek, that it would be nice if computer users updated their anti-virus software at least once every 5 years to combat the malware threat."
Hello dear christian friend,
In the year of 2004 it is with great pleasure that I leave to you the sum ...
I'll support that.
Right after we require a license to have children.
That would fix alot more stupid thanjust a computer worm problem.
The only thing that comes to mind is 'PEBKAC'.
Look at it another way...
If spammers suddenly discovered that sending out millions upon millions of unsolicited emails generated no revenue whatsoever because nobody ever opened them, then spam would stop overnight as the spammers would have to go and find new ways to make money.
On the basis that spam has not stopped, I think it's safe to assume that there are still lots of people out there interested in buying viagra or bigger willies from some complete stranger on the other side of the world, even though very few (if any) of those knuckle-draggers ever probably ever come here on Slashdot. (Fanbois, zealots and geeks - yes. Pedos, knuckle-draggers and estate agents, no.)
Stated in those terms, do you see now why it is perfectly feasible that there are computers out there with absolutely no virus checking on them that haven't been updated for nigh-on a decade.
Gentoo Linux - another day, another USE flag.
Yes, because there's never a legitimate reason to send/receive executables. My university does this stripping crap and it's annoying as hell. They even yank out archive files. I eventually had to switch to Gmail from the university system, because I would send a colleague a zip file and they would email me back that I forgot to send an attachment (or vice-versa).
A better option than blindly modifying emails is to look for virus signatures in the files. At least that way, you're only eliminating the things that are known to be harmful.
One shot windows executables are pretty much a standard espionage tool these days. Used only once a virus checker will never recognise them.
http://michaelsmith.id.au
Stated in those terms, do you see now why it is perfectly feasible that there are computers out there with absolutely no virus checking on them that haven't been updated for nigh-on a decade.
You wouldn't believe how many systems I have worked on that have anti-virus installed that came with the system but hasn't been updated since the free trial expired. I really wish manufacturers would stop shipping systems with anti-virus software that is only good for 60 days. Almost nobody ever pays for the subscription after the trial expires.
Computers should be safe to operate without expensive add on software.
http://michaelsmith.id.au
Is this really any surprise to anyone? People still believe that Bill Gates is going to pay you for forwarding email. Most attacks (malware, trojans, viruses, etc.) feed on the ignorance of the average person. It's sad really, but I don't expect anything different 27 years later, much less 7.
And your university is broadly doing the right thing. (Though it's wholly unnecessary to yank archives unless they contain executables, any self-respecting mail scanner will be able to read more-or-less any archival format).
Scanning for "known-bad" things stopped being a good idea years ago. Frankly, unless you take a very hard line to block everything even remotely risky you are more-or-less guaranteeing a lot of clean-up work dealing with exploits. Every time something gets through, your staff can look forward to several hours of clearing up the resulting mess - and that's with a relatively small organisation.
Google have the resources to effectively crowdsource much of this, and they don't have to deal with the fallout of anything that slips the net.
What you should be doing is working with the system rather than against it - and the system should be set up to make it easy for you to do this. Services like yousendit.com are a rather more satisfactory solution for most endusers than an FTP server; I daresay a university should be able to put something similar together inhouse.
You are on /., so I assume you have access to at least a website and the ability to upload files there. Copy and paste the URL.
As you are using email to send those files, security should not be an issue. If you want some minimal security, you could link to a page with a login and/or password. Several more methods are available to make it secure.
Don't fight for your country, if your country does not fight for you.
Any time I'm asked to set up a new desktop or laptop PC for friends or family, the Norton Trialware in the first thing I remove and install free anti-virus like Microsoft Security Essentials or AVG.
I'm sick off TV ads where Symantec and other commercial security software vendors give the impression they are a one-stop solution to user ignorance with their over-rated bloated packages designed to do little more than to get you to hand over a credit card number for their subscription.
Frankly, I've had much better results installing the free stuff and then sitting down with the new PC owners for a 1/2 hour explaining the perils of downloading and running warez or opening an unknown email attachment.
Gentoo Linux - another day, another USE flag.
Yes, because there's never a legitimate reason to send/receive executables. My university does this stripping crap and it's annoying as hell. They even yank out archive files. I eventually had to switch to Gmail from the university system, because I would send a colleague a zip file and they would email me back that I forgot to send an attachment (or vice-versa).
A better option than blindly modifying emails is to look for virus signatures in the files. At least that way, you're only eliminating the things that are known to be harmful.
Yes we do know that is a a problem but "think of the children" :)
.exe or .zip or .whatever and send the binary as a simple file or even enclose the binaries in an compressed archive and take off the extension so you can send it. The problem is the person who is going to receive the binary must know how to put it into a format that is usable and it is amazing the number of people who have no idea how to do this even when you explicitly tell them in the email.
On a more serious note. The best way is to take off the
Actually I use Gmail as my main mailer and can easily operate in Corporate environments. The only issue I have in the particular place I working at the moment is the firewall stops my Kmail client so I just use Web Gmail during the day and when I get home i transfer all mail to my local folders.
There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
Or alternatively, not have a virus checker at all as it slows down PCs, and misdiagnoses all the time (I don't need it deleting files which I know are NOT a problem).
Just be careful what sites you visit, do backups (using SyncBack of course) and a system restore will usually solve minor problems.
Why OpalCalc is the best Windows calc
If you really want to get people to run virus scanners (without making the scanner a virus itself) you'll have to make it beneficial to the individual. Create some really fun game and buried in the EULA mention that the program does a virus sweep each time it launches.
Either that or fight fire with fire.
No sig for you. YOU GET NO SIG!
Computers should be safe to operate without expensive add on software.
That's an interesting thought. How about "cars should be safe to operate without expensive add on software / hardware". Guess what? They are! It is the idiot drivers that crash the cars by going too fast in poor conditions, tailgating, and other poor decisions and unsafe usage. This is the same thing as with computers. All major operating systems ship now with security features in place that help to keep users safe. Firewalls (on by default), ASLR, DEP, etc. have become pretty standard. The thing that hasn't changed is the user. Just like the driver that makes unsafe lane changes, the computer user runs untrusted code that was sent to them by strangers. Often times they "have to install this special video codec to watch [insert celebrity name here] boobs". Not only do they install this "codec", they give it admin rights.
Computers are safe to use without add on software. It is the user who isn't safe because they don't pay any attention to the myriad of warnings they are given and continue to practice unsafe computing.
No problem. We'll lock the computer down to the point where you may only install approved applications from an approved source. Sure, there'll be some exploits, but they'll be closed and you'll be forced to update (you automatically get them pushed onto your machine next time you connect to the internet, before any other connections are allowed). If a problem is detected your machine is shut down to prevent it from damaging other machines, the only connection possible is to the approved source and it will stay that way until a fix has been pushed that ensures your machine is safe again.
Sounds good? I hope so, because it's the only way your goal can be accomplished.
The main reason is that computers are all purpose devices that MUST execute what the user wants them to execute. They may warn you that the operation you are trying demands elevated privileges, but they are helpless against a user that ignores that warning for the promise of dancing pigs. Unless the user does not have the final say in what should and what should not be executed, your goal cannot be accomplished.
Personally, I prefer freedom to security. Judging by the success of Apple lately, I'm a dying breed.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Actually, if you're a multi million dollar company you might not be able to upgrade from IE6. I know of such a company. Their main application that the whole company hangs on is written for IE6, with IE7+ unable to render it sensibly.
And yes, we're talking about a friggin' HUGE company here. Think Sony. Just big.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Like the infamous UAC messages of Windows Vista, which popped up whenever any application tried to do anything, and did nothing but annoyed people and conditioned them to click allow on any message that pops up?
Modern computers don't have any security. Yes, this includes Linux, which isolates users from each other (to some extent) but doesn't give a single user any way of isolating his processes from each other and data. It's difficult to figure out what's happening in your system, and it's impossible to roll back any changes, besides reformatting and restoring from a backup. Even such basic functionality as letting a program change what it will, but only applying the changes only to said program's context - pretend-admin, in other words - is missing; you need to run a full virtual machine to get that.
Why can't you just create a context, and run programs in that context, letting them do what they will while preventing any effect outside the context? We do that with memory, and everyone agrees that memory protection is a good thing - yet when it comes to the filesystem, it's no can do?
The fact that computers operated by professionals for pay keep on getting pwned is irrefutable evidence for these facts.
Since a Pepsi can is made of aluminium, it would simply dissolve in HCl (and blow up if it was closed due to the build-up of hydrogen). And the rest of your statement is just as nonsensical - what, transferring files through FTP is somehow more dangerous than through HTTP?
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
XP versions before SP1 would get root'd by simply having internet access.
If I run a VM (XP or something else), that VM must have a different ip-address than the host, and to have internet access, there must be some kind of router or routing system. To reach the VM from the internet, port forwarding must be configured. Maybe the host IP is directly accessible from the outside, but the VM is not. Even if no firewalls are active, there is no way that the VM can be infected simply by starting it up and giving it internet access. So for an infection to occur, you need to start a browser to visit a website that infects the OS of the VM. (And of course the host could be infected, and then spread the virus to the local network, but that's something else.)
So can you explain how this VM will be infected after it started up without doing anything else on the machine?
I'm not sure if it's true, but i have heard that a lot of the spam is a result of the spammers themselves being scammed. They find some less bright guy running some sort of shady small business and convince him that spam is a legitimate form of marketing. He buys into it and pays to send some spam. Whether or not it works at all, the spammers still make money. Which means that spam will keep going as long as there are no consequences for the spammers and there are stupid people running shady businesses.
I don't reply to ACs
Just because you're a giant, doesn't mean your brain disease isn't serious.
But the thing about software, is that it costs the same to fix no matter how many people use it. The surgeon still costs the same.
Btrfs snapshots. Fedora already has support for automatic snapshotting with yum so that you can yum install or yum remove something and, hey, unintended change? Rollback.
Google for cgroups and isolation... there's a more specific term that will get you there immediately, but I can't think of it at the moment, as I've never used it, only read about it. It's basically a better, Linux-only chroot capability.
What the grandparent is trying to say about FTP vs. email is that FTP clients won't automatically execute the viruses they download (unlike Outlook.)
Not necessarily. In a car, driving too fast, running a light, tailgating, etc are never appropriate.
Clicking OK is quite often the correct answer with a computer. You can't install software without it. The computer shouldn't make opening a data file and running an executable look and feel exactly the same.
2004? Pfft. My IDS is still showing probes from the Blaster Worm, that was 2003.
Poor means hoping the toothache goes away.
Update once every 5 years. Got it. Cheers.
This virus has accomplished what no one else has managed on the Windows Platform. Backward Compatibility. 7 years and running!
Absolutely. By blocking anything potentially dangerous, you end up with a safe organisation that isn't able to function well.
Obviously, the I.T. guys see their own pain. But, the pain that excess security causes is widely distributed across space and time, and no one counts it all.
So, in this case, yeah, a virus is bad news. But, the question is, is a virus more lost productivity than 1000 people who are unable to send zip files?
But everyone here seems to be missing the forest for the large green things in the way. As a PC repairman that does this 6 days a week when you see an old worm that has been patched still running loose? Piracy, pure and simple.
You'd be amazed at how many machines I've seen with "XP SP2 Corporate Razr1911 Edition" or one of the variants. Hell more than half the machines on Craigslist are probably running pirated Windows, it is everywhere. Now since WGA will bite the person they sell the box to in the ass* the pirates turn off Windows Update. So what happens? The machine runs for years with NO patches and becomes a haven for malware like MyDoom. Hell I've seen XP Sp1 machines cross my desk as late as earlier this year, and most of the Razr1911 boxes are SP2. That leaves....what? Something like 1800+ patches missing the script kiddie can use against them?
Despite many here thinking I'm "pro MSFT" I actually lay the blame for this squarely at the feet of MSFT. Frankly killing the $50 Win 7 HP plan was stupid and caused increased piracy, because that $50 plan had many pirates going legit. I would have taken it one further and released Win 7 Starter as a $25 OEM disc for those whose machines can't handle Aero. This would have wiped out piracy overnight, while giving them a platform for the latest IE and WMP as well as giving them a chance to upsell to HP or Pro. The fact Ballmer killed it is just one more proof in my mind that he is incompetent and needs a good firing. When one has the dominant market switching the pirates over equals a HUGE gain and throwing away that chance was fucking dumb.
So no matter what some here say about "educating users" (never works) or hardening the OS, I'd say the vast majority of myDoom and its friends are running on hot Windows.
*-this includes Windows 7 BTW, the RTM OEM hack has started failing with SP1 and I've had to tell a few folks the reason they are getting that WGA warning is because....surprise! That PC they bought for $100 with a $150 OS doesn't have a legit key.
ACs don't waste your time replying, your posts are never seen by me.