The rise of the recent MyDoom variants show that OE/IE vulnerabilies are not the only issue here. When someone will willingly open a password-protected zip archive and run the virus, we have far bigger problems than vulnerabilities in unpatched software.
That's why I use {random-string}@mailinator.com for signup confirmations. As soon as I've been able to confirm my membership I'm done with that mailbox. The chances of anyone guessing the address and reading the mail would be minimal.
It goes without saying that I wouldn't use Mailinator for anything remotely private, of course.
I'll give out email addresses to companies in the form theircompanyname@mydomain - this way, I can tell instantly who has been selling the address on.
I've never had spam to 'random' addresses via my catch-all. I've had a few to addresses I don't use (e.g. sales@) but I then simply turn off those addresses on a case-by-case basis.
Every time I see this kind of thing (particularly the holding pages), I'll report them to Google. I've no idea how effective this is, but hopefully Google want to keep their site the search engine of choice and will listen.
If worms and viruses actually did real damage, I would suspect that future attacks would be less successful because of the real shock value associated with it - people might start to be more proactive in securing their machines, or not letting potentially insecure machines on their network.
However, I suspect that viruses/worms are never going to be that destructive given that a nonfunctional computer cannot spread the infection further - there would be little incentive to release such a virus/worm.
All Sasser-infected boxes (at least the original variant) have a FTP server running on port 5554 (see Symantec's information on Sasser for the full details). This might explain it...
According to Symantec, the worm code can run on Windows 95/98/ME machines, but not be infected. As far as I'm aware LSASS isn't included with these versions of Windows, but the code used to spread the worm would still work.
It's logical for virus/worm writers to target the most popular vulnerable systems, and Windows 2000 and XP are now in use more than earlier versions.
You buy a lock. When you have it fitted, you are asked if you would like to receive recall information if any problems are discovered. If a recall is issued, a locksmith will visit and upgrade/fix your lock for you.
A few weeks ago, such a recall went out. Some people either didn't want to know about the recalls, and others ignored them - so their locks never got fixed. Those who did get their locks fixed weren't vulnerable to the particular tools that this neighborhood thief used.
If Microsoft hadn't issued a patch via Windows Update, I might be more on your side on this one, but they did release a patch. Even on a dialup, it doesn't take more than 10-15 minutes to download almost every patch that comes along. Service packs of course are the exception, but these can be obtained for a nominal charge on CD if necessary.
Absolutely. However, the retailer can then feel free to not sell you your TV:-)
In practice, as long as you don't call yourself Mickey Mouse, they'll probably believe you. They may well have address verification systems available to weed out false addresses, though.
All retailers must obtain your details if you're buying a TV. Most retailers will also take your details for a video recorder as well (as it implies that you have a TV).
I couldn't resist digging up the EULA to look at this one. I assume that the offending passage is 3.1(b):
If you use the Redistributables, or any portion thereof (referred to in this paragraph as the "Licensed Software"), then in addition to your compliance with the applicable distribution requirements described for the Licensed Software, the following also applies. Your license rights to the Redistributables are conditioned upon your not (i) creating derivative works of the Redistributables in any manner that would cause the Redistributables in whole or in part to become subject to any of the terms of an Excluded License; or (ii) distributing the Redistributables (or derivative works thereof) in any manner that would cause the Redistributables to become subject to any of the terms of an Excluded License. An "Excluded License" is any license that requires as a condition of use, modification and/or distribution of software subject to the Excluded License, that such software or other software combined and/or distributed with such software be (x) disclosed or distributed in source code form; (y) licensed for the purpose of making derivative works; or (z) redistributable at no charge.
So, it definitely looks like this only applies to redistributables (essentially the.NET Framework), and anyone is free to write and distribute OSS applications using VS.NET as long as the redistributables wouldn't come under the terms of the GPL, etc. Requiring users to download the redistributables separately would probably be safe enough.
Have a look at the following graph showing the statistic of spam per day during the last year
Very interesting indeed, but perhaps it means that SpamCop simply has more subscribers now, particularly given their recent acquisition by IronPort, increasing their exposure.
In their default configuration, neither Outlook or Outlook Express will now allow you to open an executable attachment at all. Even with a hack in place to allow you to access the attachment, Outlook XP requires you to save to disk first.
Some users will go the extra mile to open an attachment - no matter how dodgy it seems to us enlightened users - hence the current crop of viruses appearing in password-protected zip and rar archives.
I've got an original XP CD as well, no SP1 included.
It may be that the Intel chipset on my motherboard is supported while some others aren't. It's a Intel ICH5R southbridge, fairly standard on a 875P-based board, so quite common.
I'm sure that there are (or will be) vulnerabilities that allow viruses to be executed in the future. People can be infected even if they're careful.
However, most of the really major worms over the last few years have either relied on social engineering or have taken advantage of an already-patched exploit. I can't think of any off the top of my head that exploited a vulnerability that hadn't already patched.
The bottom line always appears to be education. Aunt Tillie needs to know that she needs to keep her AV up to date (or even install AV software), and run Windows Update regularly.
Slashdot Mirror
The rise of the recent MyDoom variants show that OE/IE vulnerabilies are not the only issue here. When someone will willingly open a password-protected zip archive and run the virus, we have far bigger problems than vulnerabilities in unpatched software.
That's why I use {random-string}@mailinator.com for signup confirmations. As soon as I've been able to confirm my membership I'm done with that mailbox. The chances of anyone guessing the address and reading the mail would be minimal.
It goes without saying that I wouldn't use Mailinator for anything remotely private, of course.
A catch-all does have its uses.
I'll give out email addresses to companies in the form theircompanyname@mydomain - this way, I can tell instantly who has been selling the address on.
I've never had spam to 'random' addresses via my catch-all. I've had a few to addresses I don't use (e.g. sales@) but I then simply turn off those addresses on a case-by-case basis.
...and then only if you enable the advanced features (i.e. 'show pagerank').
Out of the box, the Google Toolbar is clean. There's a good description here (scroll down) which goes into more detail.
It annoys me too.
Every time I see this kind of thing (particularly the holding pages), I'll report them to Google. I've no idea how effective this is, but hopefully Google want to keep their site the search engine of choice and will listen.
The organisations who were taken down should have taken more precautions, then.
If worms and viruses actually did real damage, I would suspect that future attacks would be less successful because of the real shock value associated with it - people might start to be more proactive in securing their machines, or not letting potentially insecure machines on their network.
However, I suspect that viruses/worms are never going to be that destructive given that a nonfunctional computer cannot spread the infection further - there would be little incentive to release such a virus/worm.
How about:
'Soviet Russia' joke
All Sasser-infected boxes (at least the original variant) have a FTP server running on port 5554 (see Symantec's information on Sasser for the full details). This might explain it...
According to Symantec, the worm code can run on Windows 95/98/ME machines, but not be infected. As far as I'm aware LSASS isn't included with these versions of Windows, but the code used to spread the worm would still work.
It's logical for virus/worm writers to target the most popular vulnerable systems, and Windows 2000 and XP are now in use more than earlier versions.
Let's take this analogy a little further...
You buy a lock. When you have it fitted, you are asked if you would like to receive recall information if any problems are discovered. If a recall is issued, a locksmith will visit and upgrade/fix your lock for you.
A few weeks ago, such a recall went out. Some people either didn't want to know about the recalls, and others ignored them - so their locks never got fixed. Those who did get their locks fixed weren't vulnerable to the particular tools that this neighborhood thief used.
If Microsoft hadn't issued a patch via Windows Update, I might be more on your side on this one, but they did release a patch. Even on a dialup, it doesn't take more than 10-15 minutes to download almost every patch that comes along. Service packs of course are the exception, but these can be obtained for a nominal charge on CD if necessary.
Given the amount of spam that comes from Comcast already, I think it's already time to blacklist them.
No, it's like the argument "Well, if you don't make sure you check your tire pressures regularly and they go flat, you might end up with a blowout".
It's not hard to install patches (perhaps by using SUS or similar), or to get a firewall.
Absolutely. However, the retailer can then feel free to not sell you your TV :-)
In practice, as long as you don't call yourself Mickey Mouse, they'll probably believe you. They may well have address verification systems available to weed out false addresses, though.
All retailers must obtain your details if you're buying a TV. Most retailers will also take your details for a video recorder as well (as it implies that you have a TV).
Most critical updates are a couple of hundred Kb - it's only the service packs (perhaps every year or so) that are tens of megabytes.
Somehow, I still managed to keep up with critical updates when I was still using dialup.
It's completely legal to telemarket in Europe. In the UK, we have had a Do Not Call list (the Telephone Preference Service) for quite some time.
It's only illegal for a telemarketer to call a number on the list.
I couldn't resist digging up the EULA to look at this one. I assume that the offending passage is 3.1(b):
If you use the Redistributables, or any portion thereof (referred to in this paragraph as the "Licensed Software"), then in addition to your compliance with the applicable distribution requirements described for the Licensed Software, the following also applies. Your license rights to the Redistributables are conditioned upon your not (i) creating derivative works of the Redistributables in any manner that would cause the Redistributables in whole or in part to become subject to any of the terms of an Excluded License; or (ii) distributing the Redistributables (or derivative works thereof) in any manner that would cause the Redistributables to become subject to any of the terms of an Excluded License. An "Excluded License" is any license that requires as a condition of use, modification and/or distribution of software subject to the Excluded License, that such software or other software combined and/or distributed with such software be (x) disclosed or distributed in source code form; (y) licensed for the purpose of making derivative works; or (z) redistributable at no charge.
So, it definitely looks like this only applies to redistributables (essentially the .NET Framework), and anyone is free to write and distribute OSS applications using VS.NET as long as the redistributables wouldn't come under the terms of the GPL, etc. Requiring users to download the redistributables separately would probably be safe enough.
In the UK, prescription sedatives used to have the warning 'May cause drowsiness'. This has now been changed to 'Causes drowsiness'.
In a similar vein, some children's medicine still states 'May cause drowsiness. If affected, do not drive or operate heavy machinery'.
Have a look at the following graph showing the statistic of spam per day during the last year
Very interesting indeed, but perhaps it means that SpamCop simply has more subscribers now, particularly given their recent acquisition by IronPort, increasing their exposure.
In their default configuration, neither Outlook or Outlook Express will now allow you to open an executable attachment at all. Even with a hack in place to allow you to access the attachment, Outlook XP requires you to save to disk first.
Some users will go the extra mile to open an attachment - no matter how dodgy it seems to us enlightened users - hence the current crop of viruses appearing in password-protected zip and rar archives.
Much of the media seems to refer to cookies as 'small programs'. However, they also refer to newsgroups and forums as 'chat rooms'.
It's not just Gator users we need to educate...
it once found spy software that Norton Antivirus did not see at all
That might be because Norton sell antivirus software, not anti-spyware software :-)
I've got an original XP CD as well, no SP1 included.
It may be that the Intel chipset on my motherboard is supported while some others aren't. It's a Intel ICH5R southbridge, fairly standard on a 875P-based board, so quite common.
I'm sure that there are (or will be) vulnerabilities that allow viruses to be executed in the future. People can be infected even if they're careful.
However, most of the really major worms over the last few years have either relied on social engineering or have taken advantage of an already-patched exploit. I can't think of any off the top of my head that exploited a vulnerability that hadn't already patched.
The bottom line always appears to be education. Aunt Tillie needs to know that she needs to keep her AV up to date (or even install AV software), and run Windows Update regularly.
Also you find virus infecting just by previewiing it in the outlook/express email program
That problem was fixed back in 2001. most current worms propagate through user stupidity and social engineering, Blaster being one of the exceptions.
Most current worms don't even try and take advantage of the IFRAME exploit.