is a full description about just what MS is fixing with MS04-009, and how it might be expolited, by its discoverer, Jouko Pynnonen. Please note that he knew that "Outlook Today" didn't have to be your Outlook startpage before MS's revision. Does MS not run their patches by the discoverers of the exploits to see if the patch actually fixes the reported probelm?
He reported the exploit to MS on July 21, 2003, for those who are keeping track.
And he says some prior versions of Outlook are vulnerable, just not supported by MS. Office2000 had a patch released for it in like November '03. Thanks for running the meter out, Mr. Bill.
There's always some wannabes at work who insist on using Outlook, though it's not our supported mail client. Since it's included with Office, the customer-oriented chiefs say they can have it. Shudder.
Symantec has wavered on the tightness of their definition of "virus" in the past.
NAV/SAV recognize "Trojan.Bootconf" AKA QHosts. It's an annoying little DNS-redirector which auto-installed via a drive-by download embedded in a multply-resold banner-ad. It was actually DDOSing the nameserver of an antispam ISP in Australia -- and really screwed with any app that required name resolution, as it reset the default domain, too. And it is no different than a zillion other pieces of pestware.
And NAV/SAV recognizes W32.FriendGreetings despite its EULA. It arrives as an e-mail saying "$Name has sent you a greeting card, install the viewer here (link)" The viewer has an EULA that says it's going to mail a greeting card in your name to everyone in your Outlook contacts list. Dunno if it mentions the porno popups you also receive after installing. And auto-self-updating itself and phoning home were included in the EULA too, IIRC.
Symantec states that the FriendGreetings detection was added due to demands from its corporate customers -- if it acts enough like a virus, and the big cu$stomers are annoyed *suddenly and en masse* about it, Symantec can be persuaded to call it a virus despite the thing requiring a luser to 1. believe their business contacts are sending them electronic greeting cards and 2. click the "I Agree" button.
And yes, I've seen both of these, live, at work. As well as a porno-dialers, browser hijackers, and detected and undetected CPU-cycle-stealers.
If SAV DOES add adware/spyware to its scans in the corporate antivirus editions, the adoption period will be PAINFUL for anyone in a support role. I'd appreciate advance warning so I can take vacation that month, someplace without a phone.
P.S. Hope this helps someone: Orbitz DealDetector grabbed every cycle available and made a 2.2GHz PC crawl unusably as it phoned home every N minutes. O-D-D had rudely installed itself to start automatically at bootup. Because it didn't phone home constantly, the regular techs had never caught it in the act. After I demonstrated O-D-D maxing the TaskManager's CPU graph, it suddenly wasn't so important that he have it on his PC. SpyBot S&D didn't blink at it, so maybe O-D-D is just an amazingly poorly written bit of software.
Slashdot Mirror
http://www.ntbugtraq.com/default.asp?pid=36&sid=1& A2=ind0403&L=ntbugtraq&O=D&F=P&P=1 313
is a full description about just what MS is fixing with MS04-009, and how it might be expolited, by its discoverer, Jouko Pynnonen. Please note that he knew that "Outlook Today" didn't have to be your Outlook startpage before MS's revision. Does MS not run their patches by the discoverers of the exploits to see if the patch actually fixes the reported probelm?
He reported the exploit to MS on July 21, 2003, for those who are keeping track.
And he says some prior versions of Outlook are vulnerable, just not supported by MS. Office2000 had a patch released for it in like November '03. Thanks for running the meter out, Mr. Bill.
There's always some wannabes at work who insist on using Outlook, though it's not our supported mail client. Since it's included with Office, the customer-oriented chiefs say they can have it. Shudder.
Symantec has wavered on the tightness of their definition of "virus" in the past.
NAV/SAV recognize "Trojan.Bootconf" AKA QHosts. It's an annoying little DNS-redirector which auto-installed via a drive-by download embedded in a multply-resold banner-ad. It was actually DDOSing the nameserver of an antispam ISP in Australia -- and really screwed with any app that required name resolution, as it reset the default domain, too. And it is no different than a zillion other pieces of pestware.
And NAV/SAV recognizes W32.FriendGreetings despite its EULA. It arrives as an e-mail saying "$Name has sent you a greeting card, install the viewer here (link)" The viewer has an EULA that says it's going to mail a greeting card in your name to everyone in your Outlook contacts list. Dunno if it mentions the porno popups you also receive after installing. And auto-self-updating itself and phoning home were included in the EULA too, IIRC.
Symantec states that the FriendGreetings detection was added due to demands from its corporate customers -- if it acts enough like a virus, and the big cu$stomers are annoyed *suddenly and en masse* about it, Symantec can be persuaded to call it a virus despite the thing requiring a luser to 1. believe their business contacts are sending them electronic greeting cards and 2. click the "I Agree" button.
And yes, I've seen both of these, live, at work. As well as a porno-dialers, browser hijackers, and detected and undetected CPU-cycle-stealers.
If SAV DOES add adware/spyware to its scans in the corporate antivirus editions, the adoption period will be PAINFUL for anyone in a support role. I'd appreciate advance warning so I can take vacation that month, someplace without a phone.
P.S. Hope this helps someone: Orbitz DealDetector grabbed every cycle available and made a 2.2GHz PC crawl unusably as it phoned home every N minutes. O-D-D had rudely installed itself to start automatically at bootup. Because it didn't phone home constantly, the regular techs had never caught it in the act. After I demonstrated O-D-D maxing the TaskManager's CPU graph, it suddenly wasn't so important that he have it on his PC. SpyBot S&D didn't blink at it, so maybe O-D-D is just an amazingly poorly written bit of software.