×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

547 comments

What Operating System? (5, Funny)

Anonymous Coward | more than 10 years ago | (#6309286)

just kidding.

Re:What Operating System? (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#6309288)

HAHAHAHAHAHAHAH :) You're one funny joker ;)

Re:What Operating System? (0)

Anonymous Coward | more than 10 years ago | (#6309362)

see the pretty w32?

Re:What Operating System? (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#6309385)

Ha ha... I notice /. didn't post anything about Stumbler [theregister.co.uk] seeing as it is a Unix worm.

Re:What Operating System? (0)

Anonymous Coward | more than 10 years ago | (#6309419)

If you want news on every friggin virus that's out, you can check anti-virus websites, or start at www.infosyssec.org

Re:What Operating System? (4, Funny)

tarquin_fim_bim (649994) | more than 10 years ago | (#6309440)

From cited article:
" The code is filed with errors which make it incapable of propagating automatically"
Obviously another Redmond product.

Re:What Operating System? (4, Funny)

Anonymous Coward | more than 10 years ago | (#6309400)

I've set my Microsoft system to code yellow-elevated. It responded with a popup message "What does this mean?" I respond, "I don't know, i guess you should look out or something."

2nd post (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6309287)

dsfsdf

They don't make em like they used to (5, Funny)

Raindance (680694) | more than 10 years ago | (#6309293)

"This worm appears to primarily affect Microsoft systems, has an expiration date of July 14th,"

Yuck. The only thing worse than worms are rotten worms.

Re:They don't make em like they used to (5, Funny)

PovRayMan (31900) | more than 10 years ago | (#6309349)

"This worm appears to primarily affect Microsoft systems, has an expiration date of July 14th,"
Yuck. The only thing worse than worms are rotten worms.


Hey now, worms taste good for a while after they expi--. Errr, nevermind..

Re:They don't make em like they used to (5, Funny)

questamor (653018) | more than 10 years ago | (#6309350)

This worm appears to primarily affect Microsoft systems.

Is this a subtle way of trying to say "Yes it's another fucking windows virus" without sounding like we're anti windows?

Sometimes it's so hard just describing windows 'features' without sounding like I'm bashing it.

Re:They don't make em like they used to (5, Interesting)

Peer (137534) | more than 10 years ago | (#6309463)

Is this a subtle way of trying to say "Yes it's another fucking windows virus" without sounding like we're anti windows?

The register [theregister.co.uk] is less subtle (almost advertising other platforms);
As usual, the worm affects only Windows PCs. Linux and Mac users are immune.

Expiration date (1)

Advocadus Diaboli (323784) | more than 10 years ago | (#6309435)

This worm appears to primarily affect Microsoft systems, has an expiration date of July 14th,

Damn. In the first moment I read "Microsoft systems have an expiration date of July 14th". Well, I guess that's what I would like to read one day. :-)

Dear Pudge O'Day (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6309294)

Dear Father O'Day:

Thanks for your letter. Being Catholic myself, I know exactly what you're talking about! It has always been our plan here at Apple Computer Inc to revolutionize personal computing with our high-quality and highly gay products.

I'm happy to answer your letter by letting you know that YES we will be releasing an entire hLife ("homo-life") software line. You'll be able to recognize it in stores by the small stylized logo depicting a large cock entering a tight anus with an Apple logo on it. ("Suddenly it all comes together" indeed!).

Anyway, I hope you and other members of our community will join us on our mission, and purchase the exciting new hLife boxed set. Only the boxed set comes with translucent cock rings!

Sincerely,

Harry Rodman
Vice-president
Homosexual Liaison Services
Apple Computer, Inc.

Fortunately... (5, Interesting)

Hadlock (143607) | more than 10 years ago | (#6309295)

I have an "early slashdot worm story alert system" built in to my DSL connection. I found out about this around midnight last night, when my DSL connection proceeded to crawl to a slow, and even google was returning results with considerable lag.

Anyone else so lucky to have a system such as mine? This works well on the UTA campus network, also. At least, a worm story has been reported w/in 24 hours of every noticable long slowdown of the net for me...

Re:Fortunately... (1)

Micro$will (592938) | more than 10 years ago | (#6309373)

I get that on Verizon DSL too, except my alert system is for Verizon's mail server. Last night every BF1942 server I tried was unplayable, and sure enough tonight the mail server is going down for "routine maintenance".

Re:Fortunately... (1)

SmoothTom (455688) | more than 10 years ago | (#6309449)

Yup!

I have an Early Warning System for detecting those, also.

It's when my 2.6Mb/S cable broadband connection starts to take 20 - 30 seconds (or more!) to download a page of text from Google or any other reasonably quick set of servers.

The past 24 hours was a total miserable crawl at times.

--
Tomas

I need advice (-1, Troll)

Anonymous Coward | more than 10 years ago | (#6309296)

I finally got a date after months of trying.
Well, things didn't turn out like I had hoped they would.

When I tried to kiss her good night I got
nervous and defecated in my pants.
She was disgusted and slammed her door, all the while yelling
you sick freak.
What is wrong with me?
Barry

YOU DO IT WRONG! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6309306)

No, no, no. You should have defecated in the girl's mouth, not your pants!

Re:YOU DO IT WRONG! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6309321)

I want her to like me. How can stop getting so nervous?
Should I ask her out again?
Barry

Re:I need advice (-1, Troll)

Anonymous Coward | more than 10 years ago | (#6309364)

Sounds like somethings wrong with her, Barry. Do a quick search on the Internet and I'm sure you'll find girls who want you to poop your pants.

That way, when you go to poop your pants, you'll get so nervous that you'll kiss her instead. Everybody wins.

Ahem... (-1, Offtopic)

holgie (588031) | more than 10 years ago | (#6309297)

DO NO CLICK THE FRIGGIN BINARY ATTACHMENTS! I mean come on poeple, this is NOT intresting. Artificial Intelligence is the study of how to make real computers act like the ones in movies.

Re:Ahem... (1)

Thaidog (235587) | more than 10 years ago | (#6309323)

I'm going to have to use that last line as my new quote... I hope you don't mind, but it's damn true and damn funny at the same time. Which puts it in the "sad but true" catagory. This catagory, of course, is to live and die by.

The Mysterious Third Force (1, Interesting)

heironymouscoward (683461) | more than 10 years ago | (#6309303)

1. Virus writers
2. Spam merchants
3. ???

Is there an organized group involved in
trying to take control of the Internet
through the nefarious means of planting
virus and trojan software on a critical
mass of systems from which they can launch
deadly attacks to take over the entire
Internet?

Ahem. No MSN, Kazaa or AOL jokes please.
This is a serious question.

Re:The Mysterious Third Force (0)

Anonymous Coward | more than 10 years ago | (#6309310)

3. The Sith, duh.

Re:The Mysterious Third Force (0)

Anonymous Coward | more than 10 years ago | (#6309316)

Hmm... Spyware (mainly Gator)?

Re:The Mysterious Third Force (3, Funny)

gasgesgos (603192) | more than 10 years ago | (#6309355)

1. Virus writers
2. Spam merchants
3. ???


I know what 3 really is!


3. PROFIT!!!

Re:The Mysterious Third Force (1)

munter (619803) | more than 10 years ago | (#6309411)

The same sort of thought occured to me recently. Who is to benefit from people's email clients behaving spuriously and spewing the contents of their address book to The Internet?

Spammers.

..Bastards.

Re:The Mysterious Third Force (0, Offtopic)

janda (572221) | more than 10 years ago | (#6309455)

Let's see, there's the CIA, FBI, Department of Homeland Security (or whatever they're called this week), the NSA, and pretty much every other "agency" under Czar Bush.

Then throw in what's left of the KGB, the Chinese KGB, the Kinesset and the rest of our "allies", who caught Czar Bush spying on them during the vote for the Iraqi War For Oil^H^H^H^H^H^Hn Terrorism, "US Threat O' The Week", and everybody else.

Oh, and let's not forget the writers of spam protection software, who now get to do the "Buy Our Product[tm] And Protect Your System" speil.

Is that enough? If not, consider the insane antics of SCO. I can just imagine them trying to claim they're only protecting their IP or something.

With a system like the internet you can't really "take it over". However, there are times and places where strikes can be very effective in allowing you to take over specific systems. For an interesting (in my opinion) story on this, see the sci-fi story "Marooned in RealTime" by none other than Vernor Vinge. I prefer the duology, "Across RealTime", which has both "The Peace War", and "Marooned in RealTime" in it.

Since you said you were asking a serious question, I won't do the obligitory "beowoulf" joke here, but think about it. If you're trying to keep mail services, network traffic, and all the related things (AUTH? INFO?) up during one of these things, the odds of you detecting a small attack against one or two servers using a new vulnerability in something like FTP (or God[d][ess][ess] forbid, SSH or something) goes way down.

Which leads me to another thing, calling it "Secure Shell". Zimmerman had the right idea in calling it "Pretty Good Privacy", not "Unbroken Privacy" or something similar. The social engineering mechanics between the two products are very interesting.

Just recieved (1, Redundant)

TinoMNYY24 (569172) | more than 10 years ago | (#6309304)

I actually just got this virus and was coming onto /. to post about it when I saw that it had already made the front page. /. keeps up its tradition of reporting news before it happens. Anyway, I got this virus as an attachcment (didn't open it of course), and I noticed that it had spoofed its return address. Something else to think about.

I opened it (2, Interesting)

Barbarian (9467) | more than 10 years ago | (#6309326)

Fortunately my virus scanner DAT was up to date, although it did misidentify it and the info page said that it was supposed to expire June 6.

Somebody angry at France? (5, Funny)

mscheid (318333) | more than 10 years ago | (#6309308)

expiration date of July 14th

Well isn't this the french national holiday. Maybe somebody is angry because they didn't join the war against weapons of mass.. er, what was that war about again?

Re:Somebody angry at France? (4, Funny)

danamania (540950) | more than 10 years ago | (#6309318)

No, it's my birthday. a virus in my honour.

cool.

viva la windows, or something.

Re:Somebody angry at France? (0)

Anonymous Coward | more than 10 years ago | (#6309374)

hey, its my birthday too!

but I really think the virus is in your honor, not mine.

Re:Somebody angry at France? (0)

Anonymous Coward | more than 10 years ago | (#6309448)

No, it's my birthday. a virus in my honour.

My office neighbor was born on 9/11. He too felt very honored two years ago... (Posting anonymously, because we are playing a game trying to find out each other's Slashdot nicks...)

So BIG? (0, Redundant)

carm$y$ (532675) | more than 10 years ago | (#6309309)

"So BIG" and "spreading"?
This will be flagged as pR0n browsing by our bofh. Oh shit.

What goes through the mind of slashdotters (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6309319)

I haven't got anything useful to say so I'd better think up some witty quip to get my karma.

ONE MILLION OPEN SORES HIPPIES REJOICE (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6309322)

Supreme Court Strikes Down Gay Sex Ban

By ANNE GEARAN, Associated Press Writer

WASHINGTON - The Supreme Court struck down a ban on gay sex Thursday, ruling that the law was an unconstitutional violation of privacy.

The 6-3 ruling reverses course from a ruling 17 years ago that states could punish homosexuals for what such laws historically called deviant sex.

Laws forbidding homosexual sex, once universal, now are rare. Those on the books are rarely enforced but underpin other kinds of discrimination, lawyers for two Texas men had argued to the court.

The men "are entitled to respect for their private lives," Justice Anthony M. Kennedy wrote.

"The state cannot demean their existence or control their destiny by making their private sexual conduct a crime," he said.

Justices John Paul Stevens (news - web sites), David Souter (news - web sites), Ruth Bader Ginsburg (news - web sites) and Stephen Breyer (news - web sites) agreed with Kennedy in full. Justice Sandra Day O'Connor (news - web sites) agreed with the outcome of the case but not all of Kennedy's rationale.

Chief Justice William H. Rehnquist and Justices Antonin Scalia (news - web sites) and Clarence Thomas (news - web sites) dissented.

The court "has largely signed on to the so-called homosexual agenda," Scalia wrote for the three. He took the unusual step of reading his dissent from the bench.

"The court has taken sides in the culture war," Scalia said, adding that he has "nothing against homosexuals."

Although the majority opinion said the case did not "involve whether the government must give formal recognition to any relationship that homosexual persons seek to enter," Scalia said the ruling invites laws allowing gay marriage.

"This reasoning leaves on shaky, pretty shaky grounds, state laws limiting marriage to opposite-sex couples," Scalia wrote.

Thomas wrote separately to say that while he considers the Texas law at issue "uncommonly silly," he cannot agree to strike it down because he finds no general right to privacy in the Constitution.

Thomas calls himself a strict adherent to the actual words of the Constitution as opposed to modern-day interpretations. If he were a Texas legislator and not a judge, Thomas said, he would vote to repeal the law.

"Punishing someone for expressing his sexual preference through noncommercial consensual conduct with another adult does not appear to be a worthy way to expend valuable law enforcement resources," Thomas wrote.

The two men at the heart of the case, John Geddes Lawrence and Tyron Garner were each fined $200 and spent a night in jail for the misdemeanor sex charge in 1998.

The case began when a neighbor with a grudge faked a distress call to police, telling them that a man was "going crazy" in Lawrence's apartment. Police went to the apartment, pushed open the door and found the two men having anal sex.

"This ruling lets us get on with our lives and it opens the door for gay people all over the country," Lawrence said Thursday.

Ruth Harlow, one of Lawrence's lawyers, called the ruling historic.

"The court had the courage to reverse one of its gravest mistakes and to replace that with a resounding statement," of gay civil rights, Harlow said.

"This is a giant leap forward to a day where we are no longer branded as criminals."

As recently as 1960, every state had an anti-sodomy law. In 37 states, the statutes have been repealed by lawmakers or blocked by state courts.

Of the 13 states with sodomy laws, four â" Texas, Kansas, Oklahoma and Missouri â" prohibit oral and anal sex between same-sex couples. The other nine ban consensual sodomy for everyone: Alabama, Florida, Idaho, Louisiana, Mississippi, North Carolina, South Carolina, Utah and Virginia.

Thursday's ruling apparently invalidates those laws as well.

The Supreme Court was widely criticized 17 years ago when it upheld an antisodomy law similar to Texas'. The ruling became a rallying point for gay activists.

Of the nine justices who ruled on the 1986 case, only three remain on the court. Rehnquist was in the majority in that case â" Bowers v. Hardwick â" as was O'Connor. Stevens dissented.

"Bowers was not correct when it was decided, and it is not correct today," Kennedy wrote for the majority Thursday.

Kennedy noted that the current case does not involve minors or anyone who might be unable or reluctant to refuse a homosexual advance.

"The case does involve two adults who, with full and mutual consent from each other, engaged in sexual practices common to a homosexual lifestyle. Their right to liberty under (the Constitution) gives them the full right to engage in their conduct without intervention of the government."

A long list of legal and medical groups joined gay rights and human rights supporters in backing the Texas men. Many friend-of-the-court briefs argued that times have changed since 1986, and that the court should catch up.

At the time of the court's earlier ruling, 24 states criminalized such behavior. States that have since repealed the laws include Georgia, where the 1986 case arose.

Texas defended its sodomy law as in keeping with the state's interest in protecting marriage and child-rearing. Homosexual sodomy, the state argued in legal papers, "has nothing to do with marriage or conception or parenthood and it is not on a par with these sacred choices."

The state had urged the court to draw a constitutional line "at the threshold of the marital bedroom."

Although Texas itself did not make the argument, some of the state's supporters told the justices in friend-of-the-court filings that invalidating sodomy laws could take the court down the path of allowing same-sex marriage.

The case is Lawrence v. Texas, 02-102.

All it takes... (4, Funny)

GC (19160) | more than 10 years ago | (#6309325)

All it takes is for one of those spammers with 15 million email addresses to get infected...

Virused spammers? (1)

intermodal (534361) | more than 10 years ago | (#6309466)

sure enough, I got it today in my spam-catching email. linux system, didn't open it. And it's not always from support@yahoo.com as stated in the article. Mine came from University of Delaware, with whom I have no connection. So it seems to be stripping addresses from the pool of other addresses it's sending to.

I knew it! (1)

andi75 (84413) | more than 10 years ago | (#6309328)

has an expiration date of July 14th

Unfortunately, all the suckers that set their system time back to get 'extended' shareware use periods will be spreading the worm/virus (true slashdotters never read the article) for years to come.

- Andreas

IF I EVER MEET YOU I WILL KICK YOUR ASS!!! (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#6309336)

Re:I knew it! (1)

Stuart Gibson (544632) | more than 10 years ago | (#6309439)

Yes, but only to the other suckers who have set their system time back. So that would affect none of us since we're all either honest of OSS zealots.

Goblin

Bugbear is my bane (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#6309331)

1_Opazanje kakvoce zraka 01_09 04 2003.xls.scr - Win32.Bugbear.B worm. Deleted.

20030131-005-i32.exe.exe - Win32.Bugbear.B worm. Deleted.

"Primarily affect" (5, Insightful)

Anonymous Coward | more than 10 years ago | (#6309338)

"This worm appears to primarily affect Microsoft systems..."

What's this "primarily affect" business? It only affects Microsoft systems, just like every other friggin' virus on the face of the planet.

Re:"Primarily affect" (5, Insightful)

Gorfman (643341) | more than 10 years ago | (#6309352)

If enough systems are infected, it affects us all in the slow down of the network as a whole.

Re:"Primarily affect" (5, Funny)

barcodez (580516) | more than 10 years ago | (#6309370)

Might be able to get it to run under wine (yes I am joking).

Re:"Primarily affect" (0)

Anonymous Coward | more than 10 years ago | (#6309460)

Well I guess maybe as MS Outlook Express can run under WINE. Maybe the executable will also? :-)

Re:"Primarily affect" (2, Insightful)

interstellar_donkey (200782) | more than 10 years ago | (#6309387)

It only affects Microsoft systems

So mail servers running on *nix are compleatly uneffected by an increase in mail traffic? Wow, unix and its varients are more magical then I thought. Perhaps when my mail server starts getting bogged down, I can ask all my users to attach a large virus to every one of their emails, so it will run more smoothy.

Re:"Primarily affect" (0)

Anonymous Coward | more than 10 years ago | (#6309445)

I think he was using the word "affects" as in "works on", Mr. Smartpants.

Re:"Primarily affect" (0)

Anonymous Coward | more than 10 years ago | (#6309407)

There are viruses for almost any operating system, not just Windows, and affects != infects.

Re:"Primarily affect" (0)

Anonymous Coward | more than 10 years ago | (#6309459)

As usual, the worm affects only Windows PCs. Linux and Mac users are immune.

whoopie!

Re:"Primarily affect" (5, Funny)

TheMidget (512188) | more than 10 years ago | (#6309471)

It only affects Microsoft systems, just like every other friggin' virus on the face of the planet.

Nope, there are also viruses affecting Macs. And worms affecting Apples. For example, yesterday at the cafeteria, I had an apple whose security had been breached by a worm.

Ok so this might be a weird request..... (5, Funny)

scoobywan (313363) | more than 10 years ago | (#6309339)

but can someone please write a good virus for once.
I mean back in the day virii actually did stuff,
now they just email over and over. Remember when
your computer used to get "Stoned" :P. So, instead
of bitching about virii, I just ask, if you're
gonna write one at least make it do something fun.

Re:Ok so this might be a weird request..... (4, Interesting)

gad_zuki! (70830) | more than 10 years ago | (#6309398)

I think virus writers' priorities have changed since. With everyone on the net now, the bragging points have to do with how quickly and how many machines you can infect. [caida.org] Its quantity over quality. Payload? What payload?

Ah yes, the halcyon days of the wazoo virus [pdxtc.com] or when getting a virus meant your disk partitions were officially destroyed.

Re:Ok so this might be a weird request..... (1)

pe1chl (90186) | more than 10 years ago | (#6309416)

With every next worm, I wonder why there does not appear one that first propagates and then erases all data it can touch.
You know, like the good old days when there was supposed to be a data in the near future when all PCs in the universe would crash because of a virus.
(quickly purchase a virus scanner or you will be doomed)

Re:Ok so this might be a weird request..... (0)

Anonymous Coward | more than 10 years ago | (#6309424)

Argh, it's "viruses", not "virii"

Re:Ok so this might be a weird request..... (0)

Anonymous Coward | more than 10 years ago | (#6309434)

Actually doing something beside saturating third party infrastructure would create more awareness and alert users that worms are a real problem and security risk, not just an annoyance. Therefore harming the users just for the sake of it isn't in the interest of most worm authors. Worms are about mass-infection-bragging or power for the author: Massive zombie networks. Neither would benefit from an obvious malfunction.

"Primarily affecting..." (4, Insightful)

C A S S I E L (16009) | more than 10 years ago | (#6309340)

This worm appears to primarily affect Microsoft systems [...]
Translation: this worm only compromises and damages Microsoft systems, and only propagates on Microsoft systems; its effect on the rest of us is basically the shrapnel (as always).

Re:"Primarily affecting..." (0)

Anonymous Coward | more than 10 years ago | (#6309432)

If Linux was the mainstream OS, we would be in the possition MS is today.. all worms would hit Linux. Linux isnt the cure for worms, OpenSource programs contains as much securityholes as MS products. It might be eayer to fix and all, but Linux has the same problem as MS when it comes to that users should actualy _update_ there machines.

Re: Your Mail (4, Funny)

paja (610441) | more than 10 years ago | (#6309346)

From: Cowboy Neal
To: Cowboy Neal
Subject: Re: Your Mail

Click the attached link - it's great...

Attached file:
www.yahoo.com
[application/octet-stream]

Re: Your Mail (1)

Jugalator (259273) | more than 10 years ago | (#6309472)

<average worm spreader>

I tried to click on the black www but nothing happened. Doesn't it have to be blue?

<average worm spreader>

Natural Selection (0)

Anonymous Coward | more than 10 years ago | (#6309351)

I wish we had some Darwinism happening on the internet, could you imagine the bandwidth freed up from your local cable node?

Who clicks Attachments? (2, Interesting)

struppi (576767) | more than 10 years ago | (#6309354)

Now, honestly. Imagine you are using a Windooze PC -- you should know that there is a new email worm approximately every 1 1/2 months.
You receive an email from support@yahoo.com with the subject "Re: Documents". You know you never have written an email to this adress with this subject.
Would you really click on this attachment??

I guess there are still people who do.

They are a dying race. We should let them pass.
-- Ambassador Kosh, Vorlon Empire

Re:Who clicks Attachments? (2, Interesting)

Tet (2721) | more than 10 years ago | (#6309414)

You know you never have written an email to this adress with this subject. Would you really click on this attachment??

It goes like this. The mail hits our company yesterday morning at 10:58. By 11:00 I've sent a company wide mail out telling people that it's a virus that's slipped past our scanner, and not to open it. At 11:02 I get apologetic messages from those who had already done so -- "I thought it was someone sending me something", "It was just a zip file", "I didn't know". Yes you did, you morons! I've told you enough times! You will never teach people not to do this. People are stupid.

linux support? (1)

Extrymas (588771) | more than 10 years ago | (#6309356)

Does anyone tested it with wine ?..

You know, linux lacks of choice in good software.. We shouldn't let them win.

The servers seem slow, here's a mirror (4, Funny)

Anonymous Coward | more than 10 years ago | (#6309358)

Yahoo! variant! of! Microsoft! support! worm! spreading! rapidly!
By John Leyden
Posted: 26/06/2003 at 10:22 GMT

Stop us if you've heard this before, but there's another prolific email worm loose on the Internet today.

Sobig-E differs from its predecessors, the Sobig-B (aka 'support@microsoft.com') and Sobig-C (aka 'bill@microsoft.com') worms, by spreading itself in the form of a ZIP file. This time around infectious emails sent out by Sobig-E pretend to come from support@yahoo.com or another spoofed email address.

The worm is spreading rapidly, with many vendors upgrading the severity ratings they attach to the worm this morning. At the time of writing, managed services firm MessageLabs has blocked 22,156 copies of the worm over the last 24 hours.

Sobig-E normally spreads via emails with randomised subject lines (such as Re: Documents and Re: Re: Movie) and . zip attachments containing infectious .scr and .pif files. Like its predecessors, Sobig-E has a built-in expiry date - in this case 14 July. Click on the infectious attachments and you catch the pox.

As usual, the worm affects only Windows PCs. Linux and Mac users are immune.

On infected PCs Sobig-E sends email to addresses collected from files with the following extensions: .wab, .dbx, .htm, .html, .eml, .txt. This trick is the likely reason behind the worm's rapid rise to prominence.

Sobig-E appears to also have the ability to spread via
network shares and uses its own SMTP mail engine for sending email to further propagate.

So what to do?

Don't run suspicious email attachments and update your AV signature files. Don't allow Rob Malda to have write access to your box. He *will* put illegal gay porn on it, trust me.

It's as simple as that really.

A write-ups of the varmint by Symantec provides more detailed information. ®

Micro-cr4p (-1, Flamebait)

1s44c (552956) | more than 10 years ago | (#6309367)


When will all the Linux, UNIX, OS/390, VMS and Novell people realise that microsoft systems simply can't be trusted. They should not be allowed to connect to an open network such as the internet if they are so open to abuse. Can't we just cut their connections and drop every network packet from them?

Oh, and BEos too.

And QNX.

Re:Micro-cr4p (3, Insightful)

Yuioup (452151) | more than 10 years ago | (#6309443)

You mustn't forget that the reason why Microsoft systems get hacked so much is because hackers go for Microsoft systems first. Microsoft dominates the market and the hackers want to affect as many systems as they can and embarass the Big Mighty Microsoft - all for pure ego reasons.

I think if - say - Linux dominated the world, then we'll see many more worms/virsuses written for the Linux platform. Let's not forget it's open source, so it should make writing viruses and worms a hell of a lot easier.

my favorite episode of Mister Bumpy (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6309368)

is where a frozen turkey comes to life, escapes from the refrigerator freezer, and terrorizes Mister Bumpy and his friends

A quick FAQ for Joe ServicePack... (4, Funny)

jkrise (535370) | more than 10 years ago | (#6309371)

Q: Is this alert severe?
A: Yes, it is. Systems that connect to the internet using any Microsoft OS are vulnerable.

Q: When can I get a Service Pack for this?
A: When we include this bug..er, fix in the next Service Pack. We released SP4 yesterday. Six months more, atleast.

Q: Are there any mitigating factors?
A: Yes.. if you run Linux or GNU/Linux or NetBSD, you need not worry.
This bug will disappear by July 14th, and the replacement bug will be announced in Dec 22.
Contrary to Gartner reports, we know that millions of people use Linux on the desktop without much trouble. If you want a permanent solution, install Linux.

Q: How can I protect myself from further attacks?
A: Learn to use a Linux system. Contrary to what Aberdeen says, there are fewer bugs in Linux.

Q: What if I never connect my system to the Internet?
A: Then tell us your address, so we can send you the ServicePack and an invoice for $50.

Q: Are pirated copies of Windows more vulnerable?
A: We like you to think so, yes.

It sends itself as a zip file. (2, Insightful)

mikeophile (647318) | more than 10 years ago | (#6309375)

I can see people being duped by a worm that exploits Outlook to launch by just being viewed but this worm sends itself in a zip file.

How dumb do you have to be to first open a mysterious zip file, then run the payload?

Re:It sends itself as a zip file. (1)

pe1chl (90186) | more than 10 years ago | (#6309406)

For that, you only need to be a Windows user.

The message seems to be coming from a friend, has an attachment that promises to be a document, when you unzip it it contains a file named like a document, so the normal next step would be to doubleclick on it, expecting it to be opened.

That this means "run it" in this case is a distinction that has been blurred by Windows.

Re:It sends itself as a zip file. (0)

Anonymous Coward | more than 10 years ago | (#6309462)

Since when would support@yahoo.com be a friend?

Microsoft -- obligatory Simsons... (5, Funny)

dcmeserve (615081) | more than 10 years ago | (#6309377)

> This worm appears to primarily affect Microsoft systems

<Nelson>

Ha - Haah!

</Nelson>

And now...

<Hanz&Franz>

Once again, ha haa! I lauugh at you silly foolz, with your flabby Windowz and your buuggy virus-baiiting Outlook email reader. I sit here with my puuumped-up Linux system, and my maanly Mutt text-only mail reader, and I open up my spam and virus emails and lauugh again because they cannot haarm me!

Ha Haaaah!

</Hanz&Franz>

Re:Microsoft -- obligatory Simsons... (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6309399)

I didn't think it was possible, but you just fagged up mutt for me. Thanks (you fucking cunt).

email will soon be rendered useless ? (4, Insightful)

bushboy (112290) | more than 10 years ago | (#6309380)

This is just another nail in the coffin for email.

It will inevitably lead to email with .zip attachments being declined by many mail server admins, just as it did with .exe files.

It will soon be impossible to guarantee that any attachment you put on an email will be received, which so many of us rely on.

Just as your average users are finally starting to understand .zip files too...

Re:email will soon be rendered useless ? (3, Informative)

pe1chl (90186) | more than 10 years ago | (#6309395)

My filter declines .zip files that contain executable files, but it passes .zip files that contain only documents.

Are you trying to say that not all filters would be capable of doing that?

Re:email will soon be rendered useless ? (1)

Pogue Mahone (265053) | more than 10 years ago | (#6309428)

It will inevitably lead to email with .zip attachments being declined by many mail server admins,

And a good thing too, IMHO. ;-)

Real people can always use .tar.Z or .tar.gz or .tar.bz2

There you have it! (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#6309381)

Trustworthy Computing (tm)

Interestingly.. (2, Funny)

T40 Dude (668317) | more than 10 years ago | (#6309382)

I am running OS X on my Powerbook G4, and I have never had a worm. Am I missing something ?

Re:Interestingly.. (0)

Anonymous Coward | more than 10 years ago | (#6309412)

[URL=http://www.macssuck.com]Click Me[/URL]

Re:Interestingly.. (-1, Troll)

Anonymous Coward | more than 10 years ago | (#6309413)

An actual computer?

Why Never Apple? (5, Interesting)

Bloodmoon1 (604793) | more than 10 years ago | (#6309401)

Ok, this is a serious question, not an attempt to start a flame war or anything, but why does this always happen to MS systems? I use a Mac and have only had to work with Windows at my college and a few other times here and there. I've NEVER seen a live Mac trojan or worm and have only ever encountered one virus (the 666 one) that wasn't really malicious and only added some extra resources labeled "(Box thingy)666" in an application's resource fork that caused an application to run a little slower. And that was 4 or 5 years ago in OS 7.5 or 8.

Now, I understand the "security through obscurity" theory that basically says Mac's have far fewer virii problems than PCs because not nearly as many people use Macs, but that's sort of a dead idea nowadays. While we don't have nearly the numbers of any MS OS, by Apple's numbers, there are 7 million users [apple.com] of OS X, which makes the current number of users in the OS X community about as large as the populations of Hong Kong (7,303,334) or Switzerland (7,301,994), and about 1 million more people than the pop. of Israel (6,029,529). (Go on, check my numbers [cia.gov] .) And just for good measure, add to that the fact we now have a more or less Unix based OS and therefore must have some common ground with numerous other OSes. It's not like we're a tiny little niche to go after, or one that no one knows how to program for. Hell, Apple even gives away developer tools to write out and compile programs. So why don't we ever see any worm, trojan, or virus outbreaks for OS X?

Re:Why Never Apple? (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#6309467)

So why don't we ever see any worm, trojan, or virus outbreaks for OS X?

We figure you've got enough problems with your rampant homosexuality to have to deal with worms as well

News for Nerds? Stuff that matters? (0, Troll)

mcp33p4n75 (684632) | more than 10 years ago | (#6309410)

This is news? Men should be able to synchronize their calendar by a) their woman's period or b) the latest windows worm.
Stuff that matters? The only people that this really affects are sysadmins who have to deal with tons of wormspam in their users' mailboxes. Maybe also those poor souls who maintain large networks of windows boxen. But really, those people would already be on top of this...

AntiVirus Companies not doing enough? (2, Interesting)

zeekiorage (545864) | more than 10 years ago | (#6309418)

Every time a new mass mailing worm comes out all the antivirus vendors issue updates to their virus definitions. This stops _that_ particular virus from infecting a machine or spreading further. A better approch would be to monitor socket connections on port 25, I think Norton antivirus already does that, aren't the other AVs already doing this or the people getting infected simply not running a antivirus scanner at all? In any case the anuvirus vendors need to figure out a different way of dealing with these pests.

To be honest... (5, Insightful)

traskjd (580657) | more than 10 years ago | (#6309425)

I can't really see how it's microsofts fault. Reading about it, it comes in a zip file, the user has to get the zip, extract it and then execute the payload.

Is it just me or is this more like social engineering than a real problem with the system?

In other news (5, Insightful)

Eric(b0mb)Dennis (629047) | more than 10 years ago | (#6309437)

"Linux and Mac users are immune."

If you were writing a virus and wanted to do some harm, why would you even bother trying to infect mac and linux users?

I mean, people make a big deal on "windows is so insecure that's why this happens blah blah".. but in reality it's just because it's so much more popular...

Not that windows isn't insecure and not that microsoft isn't an evilbad company et cetera.. just wanted to make that point..

"Mac and Linux users are immune"

I want to see a really intuitive and effective worm for OS X... all these mac users thinking they are immune.. it could be a problem.. (More likely to click on attatchments) Not that it would make a big impact :)

Another story dupe? (5, Funny)

Anonymous Coward | more than 10 years ago | (#6309452)

Wasn't there just a Windows worm story last week?

Worms? Shouldn't be a problem. (1)

jabbadabbadoo (599681) | more than 10 years ago | (#6309453)

Microsoft should at least implement the following algorithm:

1) Generate a hash of all scripts/executables received through mail client.

2) Upon access to contacts (which is always done through an API which Microsoft can change): Generate hash of calling script/executable, check against table of hashes of received scripts.

3) If match, prevent execution and notify user of potential virus (to execute, user must do it manually.)

Should reduce the problem dramatically...

A (very) nice virus again (4, Insightful)

JPS (58437) | more than 10 years ago | (#6309461)

So, this virus has no payload. It does basically nothing except spreading, and, how sweeet of him, it will stop spreading on July 14th.

Am I the only one to think that the only people getting benefits from such a virus are people selling anti-virus ?

I mean, why would all virus writers suddenly become so nice ? Most of the virus nowadays are doing almost no damage. I can hardly remember a virus back in the 90 that would not at least erase a little file here or there from your system.

address spoofing (1)

MiTEG (234467) | more than 10 years ago | (#6309465)

Apparently my email (slashdot@miteg.hn.org) was used in the from field in at least one message from an infected computer that ended up being bounced.

It's interesting that the only place this email address appears is on Slashdot, and I don't even post all that frequently. Looks like someone here isn't using Linux. ;)

I'm pretty sure Pine won't be affected ;) I'd post the base64 but it's big (~114KB).
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...