×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

789 comments

Wow (5, Funny)

HanzoSan (251665) | more than 10 years ago | (#7013766)



Thats one hell of a virus.

I suggest all Windows users go to http://www.knoppix.net/ [knoppix.net] and burn the CD.

Re:Wow (-1, Flamebait)

cscx (541332) | more than 10 years ago | (#7013799)

I suggest all Windows users go to http://www.knoppix.net/ and burn the CD

I suggest all Linux zealots such as yourself go place plastic bags over their heads and seal carefully, but that's just as stupid an idea.

Or is it?

Huh? (0, Troll)

HanzoSan (251665) | more than 10 years ago | (#7013817)



Whats wrong with Linux? Linux isnt the operating system with a new worm coming out for it every week.

I feel pretty damn safe under Linux, how do you feel worrying about when the next worm will take over your entire machine? How do you feel about viruses, hows that Zone Alarm treating you?

Re:Huh? (2, Insightful)

cscx (541332) | more than 10 years ago | (#7013851)

Please don't get me started....

I feel pretty damn safe under Linux, how do you feel worrying about when the next worm will take over your entire machine?

Gee, since I've never been infected by a virus or worm, and I've been using Windows since forever (both client and server side), I don't feel I have that much to worry about. Since I'm pretty confident I know how to use a computer and all its associated software properly, I don't think that Linux is that "magic snake oil" that will solve all my problems.

BTW, I don't use Zone Alarm.

Re:Huh? (0)

HanzoSan (251665) | more than 10 years ago | (#7013865)



If you were using XP and you didnt get infected by the RPC worm you were lucky. The only way you could defend against it is Zone Alarm.

This means your only defense is Zone Alarm.

Re:Huh? (0)

Anonymous Coward | more than 10 years ago | (#7013883)

Why use crap like Zone Alarm?

Of course, that might be the only software title for Windows that you have gotten into your head. Go back to reading grc.com....

Re:Huh? (2, Insightful)

revmoo (652952) | more than 10 years ago | (#7013887)

Or he patched it when the vulnerability was originally released, OR he is behind NAT, or any other way the worm wouldn't have a clear shot at 135.

Zone Alarm is not the be all and end all of worm prevention :)

Re:Huh? (4, Informative)

WhiteBandit (185659) | more than 10 years ago | (#7013902)

Um no. You could defend against the RPC worm a variety of ways.

1.) Applying the patch
2.) Using *any* software firewall. Even WinXP's own firewall. ZoneAlarm is trash in my opinion. But it isn't your only protection.
3.) Using a hardware firewall which blocks the RPC port anyway.

The only defense is to stay vigilant and be smart about computers. Just because someone is using linux doesn't make it secure. No matter what Operating System you are on, you have to be somewhat proactive in protecting your computer.

Learn First, Post Second (3, Insightful)

DonnarsHmr (230149) | more than 10 years ago | (#7013919)

The only way you could defend against it is Zone Alarm.

There are several reasons what you said was just plain wrong. There were a lot of ways to avoid the RPC (MSBlast) worm. First, you could have patched when the patch was first released. It pre-dated the worm by several weeks. Second, you could have been running the built-in XP firewall. Third, you could have been running a 3rd party software firewall such as ZoneAlarm. Fourth, you could have been behind a firewall on another box or behind a hardware firewall. Fith, you could be behind a NAT box that is set not to pass incoming connect attempts to LAN side (which is the default setting for the 3 home routers I have owned). Doing any one of these would have dropped the likelyhood of getting the RPC worm to zero or near to it (e.g. it's perfect until and infected machine is hooked up behind the firewall). How are people who took one or several of these steps lucky? I have 3 Win boxen among the computers on my home network, none got infected. Though my router was catching about 5-8 infection attempts a second.

Re:Wow (4, Insightful)

gl4ss (559668) | more than 10 years ago | (#7013858)

dude, that knoppix cd will be useful when the windows installation gets kicked up a notch, it's really handy to have a cd like that to retrieve the really imporant data out there.

it's also good enough to keep you on 'net while you're trying to figure out wtf went wrong.

unless you got an as good a windows running livecd system?

Re:Wow (0, Troll)

HanzoSan (251665) | more than 10 years ago | (#7013881)



And why would I help you get Windows running? I dont use Windows.

Use Knoppix or call Microsoft.

When you are ready to graduate to Linux let me know.

insightful my ass (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7013842)

this karma whoring jackass wouldn't know insight if it crawled up his asshole.

Re:Wow (0)

Anonymous Coward | more than 10 years ago | (#7013864)

It's ignorant mindless dorks like you that keep me from switching off Windows. I'd rather be associated with a greedy power-hungry bastard than with a bunch of holier-than-thou cultist dweebs.

Re:Wow (0)

Anonymous Coward | more than 10 years ago | (#7013934)

Before you get high and mighty on Knoppix you should realize that when you boot it the default iptables rules are all accept, is that your idea of secure? Don't believe me, run iptables -v -L and check it out. Granted only Xserver and Bootpd are the only services enabled by default me thinks.

first! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7013767)

yeeeeee hawwwwww

Drew84

I hate this virus (3, Interesting)

Free Bird (160885) | more than 10 years ago | (#7013769)

It's been flooding my mailbox for more than a day now. Grr...

Re:I hate this virus (0)

Anonymous Coward | more than 10 years ago | (#7013921)

My, that's interesting. I wish to subscribe to your newsletter.

It has began (0)

Anonymous Coward | more than 10 years ago | (#7013770)

Swen, more like a swan am i rite?

Re:It has began (0)

Anonymous Coward | more than 10 years ago | (#7013927)

Swen like "Swen and Ole"?

Swen "Hey Ole whatcha doing donw dere?"
Ole "I dropped my pen eh"

I am Hans (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7013771)

And this is Franz... and we are here... to infact yor computah! Vote Ahnuld!

First Post (0, Offtopic)

AlphaSys (613947) | more than 10 years ago | (#7013773)

Only took two days toi make it to slashdot? You guys are going soft.

YOU FAIL IT (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7013931)

How does it feel ? BEATCH !

FP (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7013776)

FP

Fascinating isn't it? (5, Insightful)

Afrosheen (42464) | more than 10 years ago | (#7013780)

After all these worms and virii are hitting MS boxen from every angle, there still aren't mentions of alternatives from major news sources. The Dallas Morning News, last week, had at least a causal glance by saying in one line "Macintosh users are unaffected".

Why isn't Linux and Macintosh turning this into a big propaganda opportunity? Both OS's can hold up the 'come to us, we've had our shots, we'll never get worms' flags and pray that the big media mentions it.

Re:Fascinating isn't it? (0, Flamebait)

cscx (541332) | more than 10 years ago | (#7013810)

Because the only people who are susceptible to this worm are stupid people... none of which are candidates for another OS as they shouldn't be using a computer in the first place.

Re:Fascinating isn't it? (1)

mhlandrydotnet (677863) | more than 10 years ago | (#7013925)

Because the only people who are susceptible to this worm are stupid people... none of which are candidates for another OS as they shouldn't be using a computer in the first place.

Do you know how to change the oil in your vehicle? Change the break pads? Change an alternator? Transmission?

Can you fix an air conditioner? How about plumbing problem?

You're elitist I-know-about-computers-so-everyone-should-or-they- are-idiots mentality means that you don't understand that to an end user, a computer is just another appliance.

When is the last time your car mechanic told you that you couldn't drive your vehicle because you are an idiot? Does your plumber forbid you from using your faucets?

Instead of yelling at end users for not knowing enough, why don't we worry about solving the real problem: what kind of design works best of an average user. Easy and secure. Microsoft and Linux each excel in one of these categories. So lets worry about finding or working on something that excels in both categories.

Re:Fascinating isn't it? (2)

Anonymous Coward | more than 10 years ago | (#7013822)

> After all these worms and virii ...

VIRUSES!

(Score:-1, Perpetuating Imaginary "Latin")

Re:Fascinating isn't it? (0)

Anonymous Coward | more than 10 years ago | (#7013922)

You forgot...

BOXEN!

Re:Fascinating isn't it? (0)

Anonymous Coward | more than 10 years ago | (#7013938)

Goddamnit! I fucked that up. It should say...

BOXES!

Re:Fascinating isn't it? (1)

MushMouth (5650) | more than 10 years ago | (#7013933)

If it were latin the plural would be viri, where does that second i come from?

...Not a Good Idea (R) (5, Insightful)

thermopile (571680) | more than 10 years ago | (#7013826)

I should think it would be exceedingly hard for a marketing community to market its 'immunity' to virii -- even a marketing staff as highly trained as whatever Apple hires -- without setting itself up as the next target.

Hypothetical advertisement: "Hey, we're Macs, and we don't have viruses."

I guarantee you that every virus writer and his(/her?) grandmother would flock to OS X and start writing viruses with reckless abandon. Apple, Linux, Amiga, Commodore 64, and whatever other less-used operating system is probably perfectly happy to have its users sitting fat, dumb, and happy and not bragging about it.

Re:Fascinating isn't it? (1)

archonon (662612) | more than 10 years ago | (#7013831)

You know that windows has n^99 other email clients that are unaffected by swan? I'll prefer Mozilla Mail & News.

Re:Fascinating isn't it? (0)

Anonymous Coward | more than 10 years ago | (#7013833)

Perhaps the same reason people go to war when they are told to, without any mention of what the situation *REALLY* is.

Yeah because Microsoft IS the computer. (1)

HanzoSan (251665) | more than 10 years ago | (#7013837)



Microsoft has such a marketshare and such control over the media that to most average people, Windows IS the PC. There is nothing else, if you tell them about Linux they will say "Whats that?"

Kinda like how Apple was the PC in the 80s and no one knew about anything else.

Re:Fascinating isn't it? (0)

Anonymous Coward | more than 10 years ago | (#7013857)

There are a couple reasons why they may not want to do this.

First, there is nothing inherent in either system that prevents it from being infected by viruses. Worms propagate on Windows systems because people launch attachments that they should know better than to open. Most Windows viruses, aside from an occasional remotely exploitable worm-hole, spread due to direct human intervention. There is little reason to think Mac and Linux users wouldn't also spread email worms.

Second, if Linux or Mac advocates then go on to point out that even if someone did run one of these attachments it probably wouldn't result in effective widespread propagation because there are so few Mac and Linux systems relative Windows, it would mostly server to remind people how small a minority of computer Macs and Linux machines really are.

In other words, it would be saying that Macs and Linux don't get viruses because nobody uses those systems, but if they did, then there would be viruses for them. Not a great advertisement really.

Re:Fascinating isn't it? (2, Interesting)

ramzak2k (596734) | more than 10 years ago | (#7013888)

and say what ?
"Use Mac have no viruses affect you " ?

The users will sue apple to glory when they do come across Mac worms. Lets face it, worms will exist as long as there are worm writers. Unless ofcourse Mac and Linux blocks all incoming attachments (which is what my outlook express coincidentally did after a patch) you can't guarantee anyone against worms and ignorant people that will open them. Now security flaws in windows - thats an entirely different subject.

What's the plural of "Officious Dickhead?" (0)

Anonymous Coward | more than 10 years ago | (#7013892)

Boxen. Virii. Jeez -- go back to class.

Re:What's the plural of "Officious Dickhead?" (0)

Anonymous Coward | more than 10 years ago | (#7013943)

Capiti penii officiosae?

Heh (3, Funny)

autopr0n (534291) | more than 10 years ago | (#7013782)

That's kind of funny, although it seems that this virus requires user interaction in order to spread, so we can't really blame M$ for this one :P

Re:Heh (4, Funny)

ctid (449118) | more than 10 years ago | (#7013820)

That's kind of funny, although it seems that this virus requires user interaction in order to spread, so we can't really blame M$ for this one :P

Why not? Why make an email system that allows an unskilled user to run an untrusted executable? Seems bizarre to me.

Re: Heh (1)

Black Parrot (19622) | more than 10 years ago | (#7013823)


> That's kind of funny, although it seems that this virus requires user interaction in order to spread, so we can't really blame M$ for this one :P

You can blame M$ for designing an e-mail client that executes anonymous attachments at a click.

Re:Heh (1)

ummit (248909) | more than 10 years ago | (#7013830)

...this virus requires user interaction in order to spread, so we can't really blame M$...

That's about the same as saying, of a car without seat belts or air bags, that it requires the driver to get into an accident in order to maim himself, so we can't really blame the manufacturer for omitting those features.

Re:Heh (1, Informative)

Anonymous Coward | more than 10 years ago | (#7013832)

"Users whose PCs are not patched against the Microsoft flaw this worm exploits will be infected just by viewing the message, as will protected users who click on the e-mail attachment."

--> http://www.mozilla.org

Re:Heh (1)

michrech (468134) | more than 10 years ago | (#7013912)

That isn't fully true. The virus also exploits unpatched versions of Outlook Express so it can spread itself. See this page [symantec.com] for information. It's pretty close to the top of the page.

I've had about 4 or 5 copies come in to my computer today (I use MozillaThunderbird). All together, I've received about 3 that look like failure notices from a qmail server and probably a dozen that look like that stupid fake MS security patch.

Oh yeah... (5, Interesting)

JoeLinux (20366) | more than 10 years ago | (#7013784)

At work, they have duped over 5 of my collegues...even AFTER the email went out saying that it was going around. Well, Make an OS that any idiot can use, and only idiots will use it, I guess...

My problem with all these worms is that it doesn't do anything after it propogates, so no one will really care except bandwidth-concious IT people. It should send itself out, then erase all the FAT tables on a hard drive.

Or deltree the c:\winnt or c:\windows directory (or both).

That would REALLY piss people off, who would demand that they do something to make sure that not happen again...like...I dunno...Linux or OSX?

Just a thought...

Re:Oh yeah... (1)

CGP314 (672613) | more than 10 years ago | (#7013868)

My problem with all these worms is that it doesn't do anything after it propogates, so no one will really care except bandwidth-concious IT people.

I don't know, the file it came with was pretty large, I bet it filled up many 'normal' people's inboxes and prevented getting further mail.

Vicious worms don't survive (4, Interesting)

IncohereD (513627) | more than 10 years ago | (#7013870)

....because they're noticed too quickly. If you destroy your host immediately you're not going to propogate too far, now are you?

Yes, you could make it a little more complex with time-outs or a way to select certain targets as hosts for more sending and others to destroy, but it wouldn't last and last like some of the recent worms, because it's effects would be so noticeable.

Re:Oh yeah... (1)

scsinutz (318981) | more than 10 years ago | (#7013871)

"Well, Make an OS that any idiot can use, and only idiots will use it, I guess..."

I can't tell. Is this more hoity, shit-don't-stink conversion rhetoric? Doesn't OSX pride itself on being simple to use too?

Re:Oh yeah... (1)

Enonu (129798) | more than 10 years ago | (#7013882)

The problem with virii that harm the system is that the regular Joe will be more likely to notice the virus and get it cleaned ASAP. This implies that they aren't as efficient in spreading. This is why, for example, you don't live in fear of getting e-bola while something like AIDS should give you some pause.

Whew! (5, Funny)

dupper (470576) | more than 10 years ago | (#7013785)

That's one good looking worm. Great UI and user friendly, too! There goes the whole 'Linux advocates create these worms to embarass MS' arguments.

/troll

Re:Whew! (0)

Anonymous Coward | more than 10 years ago | (#7013839)

Heh! My hat's off to you, Sir.

(Put down the crack pipes, moron zealot moderators. +1, Funny!)

Re:Whew! (0)

Anonymous Coward | more than 10 years ago | (#7013901)

Go fuck yourself.

Weird (2, Interesting)

Tidal Flame (658452) | more than 10 years ago | (#7013787)

All of the big internet 'epidemics' so to speak (I Love You, WBlast, and so forth) have completly missed my system. I've been a Windows user for a long, long time and I don't think I've ever received an email containing a virus. Maybe my ISP just has really good filtering... or maybe the viruses only go after American domains... Weird.

Re:Weird (0)

Anonymous Coward | more than 10 years ago | (#7013849)

Or maybe your just a loser and no one has your e-mail in their address book...

Re:Weird (1)

Mesaeus (692570) | more than 10 years ago | (#7013872)

You're not alone. Windows user since '90, always fully patched up, firewalled and with a half day automatic check for new virus updates. And nobody ever sends me damn virus ! Now there are at least twenty of my friends who have my email address, and the bastards singularly fail to get infected and send me a nice virus. I didn't see a single sobig.f, and now I haven't seen one instance of this new one. I feel left out. Luckily there's still Welchia pinging away at my firewall every minute, or I would get the idea that maybe my connection was down. I didn't even get a sniff of msBlaster, since port 135 was already blocked by my ISP ages ago. I'm so loooooooooooooonely, somebody please send me a virus ! snif, snif...

Re:Weird (0)

Anonymous Coward | more than 10 years ago | (#7013929)

Just set up an up-to-date Apache server and log all the IIS-borne worms that are still propogating.

I get numerous daily requests for default.ida, /var/www/C, /var/www/scripts/..%5c../winnt/system32/cmd.exe and more!

Don't feel left out, just open your eyes. These are all old worms. I wonder why they aren't stamped out.

Re:Weird (1)

michrech (468134) | more than 10 years ago | (#7013932)

What was your email address again? I've got about half a dozen of these messages sitting in my trash box right now that I can send you.. =]

This goes for all the other "redundant" posts of the same nature.. Just send me your addresses and I'll take good care of 'ya.. =]

Don't want you to feel left out, you know.. =]

Virus Warning (5, Funny)

Henry V .009 (518000) | more than 10 years ago | (#7013789)

The fake update has made it to Windows Update itself. Here is the name: "Recommended Update for Windows Rights Management client 1.0."

Do not download, it's only there to own your system.

It's not a worm, it's a virus (4, Insightful)

Telcontar (819) | more than 10 years ago | (#7013790)

The virus needs user interaction to propagate. Hence it is an e-mail virus. Only programs that propagate automatically are worms. One cannot necessarily expect the Washington Post to get such technicalities right. However, it would be nice if at least /. used proper terminology.

Then again, if it did, it wouldn't be the /. we known anymore, would it...

Re:It's not a worm, it's a virus (1)

zackeller (653801) | more than 10 years ago | (#7013807)

It does not need user interaction, it needs Windows User interaction. Users will have gotten the memo going around and deleted it, Windows Users will have recieved the memo, ignored it, and bugged tech support after their "magic boxes" stop working.

Re:It's not a worm, it's a virus (3, Informative)

prandal (87280) | more than 10 years ago | (#7013911)

It uses the exploit described in MS01-020 [microsoft.com]. Reading it or viewing in in Outlook's "Preview Pane" will execute it on vulnerable systems. I've had about 20 copies reach my home email address - that's the worst I've ever seen.

Worm Load (4, Interesting)

m.dillon (147925) | more than 10 years ago | (#7013797)

There were over 4500 attempted deliveries of this 150K+ worm through my mail server overnight, and they are still coming. Easy to filter, but this is by far the worst worm load I've seen to date on my little server.

On the bright side, deliveries of unrelated spam seem to have fallen due to the worm's load on the internet :-)

Sweet! (5, Funny)

endeitzslash (570374) | more than 10 years ago | (#7013800)

I was happy to get this e-mail from Microsoft so I could apply a cumulative patch. I'm usually so bad about patching my system in time, but this time they took the trouble to remind me personally!

No more worries for me!

hmmm ... (1)

Vilim (615798) | more than 10 years ago | (#7013802)

I was wondering why Microsoft would send an update to me, a Linux user :p This has been crowding my inbox for the last few days

NIMBA! (Not In My Buisness AGAIN!) (1)

JVert (578547) | more than 10 years ago | (#7013805)

Nobody at my work saw a single sobig email. However we dont run our mail server (not that anybody else did either actually). So now I can Imagine yet another 2 weeks of sending and receiving only have of what is actually being transfered...

In fact just friday I received the tail end of email bounces from a week and a half before.

it also mines usenet (4, Informative)

poptones (653660) | more than 10 years ago | (#7013816)

I have never had a virus sent to my home machine because I jealously protect my email domain (every individual gets an email address and if it leaks they never hear from me again). Most commercial sites even seem to respect this. But I made a "junk" address for groups.google.com and, although I have only posted through there a couple of times many months ago, the virus found this address. Apparently it is also crawling usenet, or at least the groups served by google.

Five of'em in one day. Of course, the rest will go into the trash automatically, but it was an interesting experience finally catching a taste of the "commoner" internet.

Accepted as the norm now? (5, Insightful)

thenextpresident (559469) | more than 10 years ago | (#7013827)

I can't help but feel that people have accepted the fact that Computers in general get Viruses. People complain about Windows, but Windows, to most people, is the only solution. So for them, the concept that Windows gets hit with so many viruses means that users in general get hit. No matter the OS.

I was explaining the other day to one of my business partners not to install this virus, and to delete it right away if he gets it.

He asked me if my computer was infected, whereby I had to explain once again that running Linux, I generally don't have to worry about things like this.

But the point is, for him, computers just get viruses. And because of that, I believe that most people are thinking: "Hrm, my computer got a virus.", not "Windows let another Virus through."

So the majority of the people that aren't really computer illeterate (the majority), don't really know what to think when people tell them Linux is more secure.

Because for them, it's still running on their computer, and their 'computer' got a virus. It's just their mentality. Of course, this is simply my opinion.

Skynet is here (4, Insightful)

JonnyRo88 (639703) | more than 10 years ago | (#7013828)

You know that if the situation in Terminator 3 (virus spreads over majority of systems) were to ever happen, it would happen as a result of having a massively homogenous computing environment. I really think that we should stop teaching kids how to use Word and Excel in middle school, and start teaching them how to install their own linux systems. We could create an army of informed computer users, something that Microsoft fears the most.

Finally (2, Funny)

CGP314 (672613) | more than 10 years ago | (#7013835)

I was waiting for a slashdot story to tell my why I found 500 'patch' emails in my inbox over the weekend.

Micor$oft makes the finest Virus propagators! (0)

Anonymous Coward | more than 10 years ago | (#7013836)

There is one thing that Micro$oft is great at!!!

Virus propagators!

Yep, MicroSoft has NO EQUAL in the
virus propagation market.

There is NO competetor, Micro$oft
has the very finest virus propagators.

hmm (1)

some_god (614082) | more than 10 years ago | (#7013841)

well as long as you know that msare greedy, you should notice that it's a fake mail, would a greedy company offer a patch or even a virus for two versions that it no longer suports (win 95 & 98) ;)

Don't forget to patch your boxen! (0)

Anonymous Coward | more than 10 years ago | (#7013844)

Latest Linux Vunerablities, from the DSA security alert system

[20 Sep 2003] DSA-389 gnome-vfs - several vulnerabillities
[19 Sep 2003] DSA-388 kdebase - several vulnerabilities
[18 Sep 2003] DSA-387 gopher - buffer overflows
[18 Sep 2003] DSA-386 libmailtools-perl - input validation bug
[18 Sep 2003] DSA-385 hztty - buffer overflows
[17 Sep 2003] DSA-384 sendmail - buffer overflows
[17 Sep 2003] DSA-383 ssh-krb5 - possible remote vulnerability
[17 Sep 2003] DSA-382 ssh - possible remote vulnerability (new revision)
[16 Sep 2003] DSA-382 ssh - possible remote vulnerability
[13 Sep 2003] DSA-381 mysql - buffer overflow
[12 Sep 2003] DSA-380 xfree86 - buffer overflows, denial of service
[11 Sep 2003] DSA-379 sane-backends - several vulnerabilities
[07 Sep 2003] DSA-378 mah-jong - buffer overflows, denial of service

Just because Linux hasn't been hit hard yet, dosen't mean it will be, after all, theres a lot of old linux 2.2 boxes out there that have hundreds of holes, but just haven[t been penetrated yet.

Oples and Fiats (1)

RevSmiley (226151) | more than 10 years ago | (#7013898)

Remember this as well most people don't run all that stuff. Also lots on that list are subject to "local" exploits not remote exploits. The ssh exploits are the current baddies. Servers that run console only don't usually install xfree at all certainly not Mahjong and kdebase. It's not like Microsoft where the kitchen sink is installed and it's all enabled.

html (4, Interesting)

BWJones (18351) | more than 10 years ago | (#7013846)


So, I have recieved a number of these (thank goodness I am running OS X) and it appears that the "notification" also contains html. So, examining the html, it appears that it actually references microsoft.com.

If I were microsoft, it appears there is a simple way to defeat this by inserting html in the referenced source that warns recipients of this sort of thing.

LOL (1)

RevSmiley (226151) | more than 10 years ago | (#7013853)

I got a copy last night from 2 diffent senders both were caught by my wonderful ISP who filters for viri and removed the attachments. Seeing how it couldn't affect me since I run Linux I was quite happy anyway they do that. The Microsoft email does look quite good BTW I took a look before it hit the bit bucket. Both Emails were from California (The Bay area.)

Sobig (2, Interesting)

dr ttol (674155) | more than 10 years ago | (#7013861)

This is from the creators of Sobig. They are trying to get as many venues to send spam as possible. Once the login/password + smtp info is gathered, it is sent to them and they now have a massive list of credentials to bombard the rest of the world with.

Re:Sobig (1)

Jibber (83396) | more than 10 years ago | (#7013940)

Interesting idea although I doubt it. But it would be a sure fire way of getting access to 100's or even 100,000's of email servers that support smtp auth.

I'm just glad that ClamAV was updated before any of the other major virus utils and all my users are happily oblivious to this and other viruses.

From my reading, it seems that there are 200 or so IP's that it does try to contact, so it might be passing that information along. I'll keep that in mind next time one of our users apparently starts spamming.

Jib

The SPAM Connection (2, Interesting)

CedgeS (159076) | more than 10 years ago | (#7013873)

This worm looks like a clever attempt at developing a new spam system.

It asks for the infected users name and email address. Great information for sending spam to.

It also asks for the users SMTP server, login name, and password. The spammer who developed this worm is looking for a way to used closed relays.

This worm is missing only 3 features, currently unreported, to be perfect. First, it should log this information and forward it in some anonymous manner (such as sending it to a few thousand people, one of whom is the desired recipient), second, second it should develop not only a list of email addresses, but also a map of who opens email sent to them by whom (so you can be sure the spam gets through), and third it should turn the comprimised computer into a distributed SPAM network relay.

Why Is Everyone Worried (0)

Anonymous Coward | more than 10 years ago | (#7013874)

The majority of windows users dont even patch their systems,theyll just ignore it.

Old idea new spin (3, Informative)

Stonent1 (594886) | more than 10 years ago | (#7013875)

This type of trojan has been around for a while. I've been getting fake MS e-mails for almost a year now. Official Microsoft statement that we give people on the phone "Microsoft never sends you files via e-mail unless you are on the phone with support personel and they specifically say they are e-mailing you something" 99.99999999% of the time, if MS e-mails you it will only direct you to their site to READ about the purpose of the patch and then download it. Also all MS security bulletins are digitally signed.

80+ (2, Informative)

craig2787 (533589) | more than 10 years ago | (#7013876)

I've gotten this over 80 times now. It has a few typos though, so falling for it would be dumb, to the point where if you did, you deserve it.

Re:80+ (0)

Anonymous Coward | more than 10 years ago | (#7013906)

Does blame never land on the people who write these viruses? I guess not.

Worse than the MSRPC Exploit worms? (1)

darkstar949 (697933) | more than 10 years ago | (#7013877)

Does anyone think that this is going to be worse than the MSRPC exploits, on one hand the worm must be executed by the user, on the other hand most users will execute any "offical" looking email attachments without second thought.
However, this is bad, because it is bogging down the mail servers and the 'net in general, as well as filling up the mailbox and posibly causing ligitimit emails to be kicked back because of a full mailbox.

On a lighter note though, I'm using this as a means to judge how smart my relitives are.

Reject Executable Attachements (5, Informative)

KidSock (150684) | more than 10 years ago | (#7013891)

It's a very good idea these days to just reject all executable attachments at "the gates" so to speak. I use postfix 1.1 so I added:

body_checks = pcre:/etc/postfix/mime_header_checks

to /etc/main.cf where the file referenced came from here:

http://www.securitysage.com/files/mime_header_chec ks [securitysage.com]

but there are many regular expression filters like this one. Note, with 2.x you need to use the 'mime_header_checks' directive rather than 'body_checks'.

If you want to send someone an executable, send it to them in a zip or tar.gz.

Professional? You must be joking! (0)

Anonymous Coward | more than 10 years ago | (#7013897)



Professional? You must be joking! No punctuation after the salutation, and the first sentence starts uncapitalized. Obviously bogus after the first 2 words plus 1 letter.

well, (1)

infonick (679715) | more than 10 years ago | (#7013900)

off to microsoft update. i sure hope there's a... oh.

"There are no critical updates available at this time. However, Windows Update has found other updates for your computer. To browse through these updates and select the ones you want to install, click a category title in the list."

well, lets see here. "Microsoft Windows Journal Viewer", "Microsoft .NET Framework version 1.1", "Root Certificates Update", "Windows Media Player 9 Series*", "Update for Windows Rights Management client 1.0" and some update for "IPSec and L2TP/IPSec."

Well, as it turns out, i am either already patched against this new threat, or i'm hopelessly open to losing it all. yippy!

Dear lord... (1)

WWWWolf (2428) | more than 10 years ago | (#7013914)

The worm's file is a Windows PE executable 106496 bytes long. It is not compressed by any file compressor. (From F-Secure)

...Excusemeee? HellLOOO? Virus author guys? Remember the golden glory days of Jerusalem and Eddie/Dark Avenger? Back when the motto was "The smaller the better"? Back when anti-virus makers unceremoniously categorized everything above 8 kilobytes "huge and technically uninteresting"?

Me, here just went over severe headaches of Sobig with its interesting effects on my 50M quota on the mail server... It wasn't nice to delete 20 megabytes of virus spam twice a day. Sheesh.

*sigh* There it goes again. Let's see how many terabytes of this crap I find from my box this time and how many zillions of bogus bounces and "thoughtful" anti-virus failure notes this will generate.

Its not just an email worm! (3, Insightful)

timelady (566419) | more than 10 years ago | (#7013917)

Oh no, this multi talented worm is:

  • Mailing itself to recipients extracted from the victim's machine
  • Copying itself over network shares (mapped drives)
  • Sharing itself over the KaZaa P2P network
  • Sending itself via IRC

But wait! Theres MORE! It has its own SMTP engine. It attempts to halt anti-virus processes. It alters the registry AND THEN it even disables the ability to edit the registry!

Quite a nasty beasty really. And even for us nice safe Linux/BSD users there are issues. Clogged mailboxes are at least, a nuisance, at worse, a huge bandwidth cost. Those on dialup or liimited broadband access where you pay for d/ls and uploads will notice it!

So even those of us cheerfully NOT patching frantically have consequences. The celebrations of yet another MS problem are a bit premature it seems to me. I'd rather see more outrage that such an inherently insecure and easily manipulated OS is costing ALL of us online.

Don't allow dangerous attachments (3, Informative)

rossz (67331) | more than 10 years ago | (#7013923)

If you are running Exim 4.x, get the Exiscan patch and configure it to refuse (at the connection) dangerous attachments. Here's what to add to your acl_smtp_data section:
# First unpack MIME containers and reject serious errors.
deny message = This message contains a MIME error ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}

# Reject typically wormish file extensions. There is almost no
# sense in sending such files by email.
deny message = This message contains an unwanted file extension ($found_extension) that is commonly used to send viruses and worms. If this file is expected and desired by the receipient, you must put it in a zip or other standard archive format.
demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:exe:hlp\
:hta :inf:ins:isp:js:jse:lnk:mdb:mde:msc:msi:msp:mst\
:pcd:pif:reg:scr:sct:shs:shb:url:vb:vbe:vbs:wsc:ws f:wsh
The advantage to refusing attachments here is you won't generate a bounce message that will almost always end up going to an innocent third party since the viruses/worms usually forge the headers.

I'm sure there is an equilvent fix for sendmail. If you are running MS Exchange, the best way to fix your server is by taking a knife to its network cable.

Huh? (1)

Dave2 Wickham (600202) | more than 10 years ago | (#7013935)

The W32.Swen's claim to fame is its professional looking email advertisement that pretends to be a fake Microsoft patch.

So..if it pretends to be a fake MS patch, does that make it a real MS patch? Or does it pretend to be an MS patch which doesn't do what it's supposed to? Or...

Sorry, we have had to stop this live edition of talking crap, as Dave's head has exploded

That's the motherfucker (1)

vandan (151516) | more than 10 years ago | (#7013936)

Man, my email box is FULL of this shit. I feel like charging Billy Gates for the next excess bandwidth costs. Seriously, I've received HUNDRES of these fucking things. The only consolation I can take is that it must be fucking SPAMMERS that are getting the virus, because I simply don't have this many friends :)

This has prompted me to uninstall exim, and install sendmail / mimedefang / spamassassin. Lets see the fuckers get through THAT!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...