Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another Windows Macro Virus Wreaks Havoc

Posted by CmdrTaco on from the excuse-me-while-I-laugh-my-ass-off dept.

mbruns wrote in to send us a CNN Story and a Symantic Bit about a new Melissa-esque virus that alters users win.ini and deletes files. Of course, only people who use that "Other" OS are at risk.

4 of 381 comments (clear)

  1. Uninformed Linux attack dogs by Anonymous Coward · · Score: 4

    I work for Microsoft. I work on Microsoft Outlook. I work on security in Microsoft Outlook. Do you all genuinely think that we dismiss fiascos like this with an airy wave of the hand? That simply is insulting. We are hard working people, and we do give a damn no matter what the guy at the terminal next to you says around bites of his twinkie. Hell, some of our own servers were down today as a precaution against this - you think we take that kind of productivity hit lightly?

    I read slashdot because I have immense respect for the geek community and I'm a part of that community. But how do you suppose it feels to know that most of you despise me purely for the name of my company? There are 20,000+ geeks who work for Microsoft. All evil clones?

    Let's establish a few hard facts about the "security holes" that allowed Melissa and this worm.

    1) In both cases the attack was made through Outlook. In the case of Melissa, the attack was *entirely independent* of the OS. If Outlook were ported to Linux (assuming it could supply our browser needs, which judging from Netscape's half-@$$ attempt at S/MIME I sorely doubt) the e-mail servers would have been just as clogged. In the case of today's worm, the executable could very easily have deleted the user's *.c, etc files outright rather than installing itself somewhere. Why? Because...

    2) In both cases the user had to voluntarily *choose* to run the virus with their own permissions. For goodness sake, the email says, "take a look at these zip files" but the attachment is an exe! Only a clod would fall for such as obvious imposture. And if you are such a novice as to run the "zips" we alert you that running unsigned exe's is dangerous as they "may include viruses or scripts". There's a similar warning when Melissa starts its mailings. You have to click OK to proceed. Microsoft can do a lot in the way of security, but we can't cure willful dumbness. The user doesn't read the caution and it's our fault? What do you want us to do? Say it twice?

    3) The exploited aspects our our program were not "holes" in the sense that locking up when you receive a malformed packet would be a "hole". Every aspect of these viruses can be and is used in a positive way by people in the field. Face it, some businesses want more out of their e-mail client than plain text and remote calls to vi. Power can always be abused. The power to cut down a fifty-foot oak is the power to conduct the Texas Chainsaw Massacre as well. If somebody you don't know hands you a chainsaw and tells you to hold the blade while you turn it on, and if you do it despite the warning labels, then don't blame the manufacturer when you lose your frickin hand!

    It makes me tired to read posts from people who obviously have never even seen Outlook's splash screen let alone written a VBA scriptlet. If you want to use elm, well whatever. But don't pretend you know what you're talking about when you so obviously do not.

  2. Re:Virii and platforms by Brian+Kendig · · Score: 4

    Sure, viruses can be (and are) written for Unix systems; just like Windows viruses, they prey on weaknesses in the system caused by software bugs or poor administration. The difference is that the typical owner of a Unix box tends to be more knowledgeable about security than the typical owner of a Windows system, and Unix tends to have fewer security holes than Windows by virtue of having a better-developed permissions system and by having been around longer.

    It's not fair to say that a ten-line script can infect a Unix system -- the mere fact that there is such a wide range of flavors of Unix available is enough to guarantee that a single ten-line script won't work on more than a small percentage of Unix systems out there. Besides, with Linux, holes are patched and patches are distributed as quickly as they're found -- often within hours of the dicovery of a security hole.

    If there were as many flavors of Windows as there were of Unix, if Windows vendors had to continually compete to make their systems faster and leaner and more stable and more secure, I guarantee you that you wouldn't see viruses and trojan horses such as this one proliferate nearly as much.

  3. Unix isn't invulerable by roystgnr · · Score: 4

    Unix users seem to have a sense of invincibility based on Unix's invulerability to boot sector viruses, floppy viruses, and similar things that require a simple OS kernel and an "every user is root" security model.

    That invulnerability doesn't apply to worms (like this, like Melissa). All you need for a worm to work is a homogenous network environment to infect and an exploit to use for the infection. Maybe Unix users are really more savvy and won't fall for trojan horses (the easy "exploit"), but there was a worm created that spread via the imapd hole last year, and any similar exploit allowing so much as a "nobody" shell to be opened on your system could be used for the same purposes.

    Do you know what services are running on your Linux box, and have you shut down the ones you don't need? Do you subscribe to bugtraq, redhat-watch-list, or whatever security mailing list is kept up for your distribution?

    These were good ideas before, to prevent single crack attempts when exploits were found. Now they're much more important good ideas, as any cracker above the "script kiddie" level is going to be using self-propagating code to start forest fires of attacks.

    Maybe the majority of those attacks will be stupid "email attachment" worms like those currently plaguing Windows, and thus incapable of harming system files... but if someone exploits the backticks in /etc/mailcap to delete $HOME, how much better are you going to feel because /usr was untouchable?

    For school & work Linux systems I created a preconfigured freshrpms package which includes a cron job to regularly check the redhat errata, download any updated packages, and mail root when something new appears. It's a step in the right direction - Linux is a secure system because bugs are so quickly found and fixed, but it won't be publically perceived as a secure system if security-unconscious newbies never see or apply those fixes.

  4. elitists? by aphr0 · · Score: 5

    Why do so many of you feel the need to laugh at the ms office users and defend the virus writer? Most people in an office environment have no computer experience beyond doing normal office work. They're not educated by their IT department on the dangers of opening attachments. They just want to do their work so they can feed and clothe their kids. I don't think it's funny or cool that some guy wrote a virus that will destroy the work of others. Would you like it if mechanics started kicking your windows in and slashing your tires because you don't know how to overhaul your engine? Afterall, you're not elite and smart in the ways of cars, so you have no right to be driving.

    Just because someone doesn't know what you consider to be common sense isn't a reason to hurt them. New users need to be educated and computer security policies need to be implimented. It's not the users' fault that they use MS Office. It's what they were told to use, so they happily use it, unaware of the bugs in it. And they don't care. They just want to finish up a presentation or a word document and get on with their lives. Not everyone's life revolves around computers. Some people work away from monitors for long periods of time.