Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Windows Operating Systems Software Security

Yet Another Windows Worm 726

Posted by CowboyNeal from the bugbear-back-but-better dept.
kraksmoka writes "MSNBC is reporting that yet another active worm is taking over computers in 115 countries today. 'Antivirus companies were on high alert Thursday after the rapid spread of a new computer worm that includes particularly malicious snooping techniques. Bugbear.B, a variant of a worm released last year, installs keylogging software, back-door software, and in some cases even attempts to control infected computersâ(TM) modems. Some of the wormâ(TM)s functions are designed to specially target financial institutions.' Yummy!"
This discussion has been archived. No new comments can be posted.

Yet Another Windows Worm More

Yet Another Windows Worm

Comments Filter:

  • Alreay run into this... (Score:5, Interesting)

    by Anonymous Coward on Thursday June 05, 2003 @09:43PM (#6128764)
    I've already run into this with one of our banking customers... now if they'd only bought the firewall solution from us that stripped email attatchments based on mime type and/or file extension (why the hell any half-way reasonable person would double-click on a .pif file in their email is beyond me). If I'd only known 10 years ago (before I was legally an adult) the kind of security that existed at some of the small to medium sized banks, I probably I've already run into this with one of our banking customers... now if they'd only bought the firewall solution from us that stripped email attatchments based on mime type and/or file extension. If I'd only known 10 years ago (before I was legally an adult) the kind of security that existed at some of the small to medium sized banks, I probably would have made some very different career choices--I suppose it's better this way... (Posted anonymously for obvious reasons)
    • (why the hell any half-way reasonable person would double-click on a .pif file in their email is beyond me)

      You don't have to double-click it. It open automatically when you preview.

      • Re:Alreay run into this... (Score:5, Informative)

        by Anonymous Coward on Thursday June 05, 2003 @10:08PM (#6128903)
        Only if you are 2 years behind in your patches.

        http://www.microsoft.com/technet/security/bullet in /MS01-020.asp
      • "You don't have to double-click it. It open automatically when you preview."

        We close the preview pane option on all of our computer repair customer's mail applications to keep the viruses from coming in this way.

        Then, we explain this beautiful "preview" feature works with viruses like poking holes in your son's condoms. None of them are too keen on viruses in their computers or in becoming grandparents.

      • Re:Alreay run into this... (Score:5, Informative)

        by Thing 1 ( 178996 ) on Thursday June 05, 2003 @11:10PM (#6129220) Journal
        Here's [zdnet.com] an article on disabling windows script hosting.

        Pretty simple really; for Windows 2000:

        * Open "My Computer"

        * Select "Tools/Folder Options"
        * Click on File Types tab
        * Find VBScript Script File
        * Select Delete
        * Click OK
        For other versions of Windows, click on the link (it has instructions for 95, 98, NT and 2K; I'd imagine XP is similar to 2K but it was written in 2001 prior to XP's existence).

        I'm trying to find instructions for modifying the security in Outlook 2000 as well, so it doesn't do anything automatically without a) my approval at the very least, or b) me asking it to run an attachment.

        If anyone has pointers/links to articles on Outlook security, please post. Thanks!

        • Good sources instead of product placement (Score:5, Informative)

          by SgtChaireBourne ( 457691 ) on Friday June 06, 2003 @02:54AM (#6130055) Homepage
          I realize the editors are obligated to plug MS, including MSNBC, in any way, shape, or form that they can, but that only lends them credibility. Most of the articles are edited from wire feeds like Reuters, API, UP, AFP (usch), BBC, and so on. Please use those.

          In this case, other sites that covered this week's pair of Microsoft worms first -- and they'll cover next week's first, and so on. ZDNet, eWeek, Infoworld, Reuters, the Register and others covered it first. ZDNet has the bad habit however of sliding stories that reflect badly on MS quickly off the top pages and into obscurity.

          Worms like sobig [zdnet.co.uk] and bugbear [zdnet.co.uk] only affect products with design flaws. Brian Valentine, senior vice president in charge of Microsoft's Windows development, said it best:

          Our products just aren't engineered for security.
          In short, there's nothing you can do to improve your security except upgrade to a different client: Mozilla [mozilla.org] or Opera [opera.com] instead of MSIE, Eudora [eudora.com] or others instead of OutLook, OpenOffice.org [openoffice.org] or WordPerfect instead of MS-Office. Usually by upgrading you get better functionality, ease of use in addition to stability.

    • Note: Not a flame to parent post...

      now if they'd only bought the firewall solution from us that stripped email attatchments based on mime type and/or file extension

      I have had it up to here (pointing to head) with all this BS with email worms/virii and the media. They are not email worms, they are Outlook worms. I could sell someone an attachment stripping solution but that is irritating. For every bug it strips out it will strip out a legitmite file as well.

      I just don't know what to do with people...
      • This particular wrom knows how to use other e-mail clients as well. However, suppose that suddenly everyone switched to Mozilla. Same stuff would happen. Why? Because if you send someone an executable and they run it, it will infect them regardless of the e-mail client they use. IF a different client was the most popular, it would simply be the most popular target. When something like a worm relies primarly on user stupidity to spread, it will hit stupid people, regardless of what software they use.

        • Re:Changing e-mail clients won't do anything. (Score:5, Informative)

          by Christianfreak ( 100697 ) on Friday June 06, 2003 @09:34AM (#6131193) Homepage Journal
          How is this insightful? Last I checked Mozilla's mail client (and many others) don't have any kind of scripting enabled by default. You have to click attachments to get them to do anything, and by default it asks you to Save rather than open. So even if someone clicks on it and then Clicks OK, they just saved it somewhere.

          Even cookies are off by default in the mail client. And you can turn off images.

          So yeah I suppose people could "try" and target mozilla but I honestly don't think there is a whole lot of damage they could be allowed to do. The stuff that could potentially cause harm is off by default and the and people smart enough to turn it on are smart enough not to execute worms and viruses!

      • Re:LookOut, end users, and mad cash. (Score:5, Insightful)

        by dcmeserve ( 615081 ) on Friday June 06, 2003 @01:29AM (#6129821) Homepage Journal
        It's always so entertaining to me when one of these things starts spreading around. I use a text-only email client (mutt) on a linux system. True, I do have to explicitly save attachments to files and then go view them with the appropriate separate program, but that's actually a rare occurence. 99% of the time it's bare text anyways, and mutt is a really fast way to scan through them all -- no slogging around with a mouse. And I don't have to worry about looking at an email that might be spam either.

        Of course, I know the majority of people will never want to do this. Which means I can maintain my air of smug superiority indefinitely. Ha!

      • Actachments (Score:5, Informative)

        by 0xA ( 71424 ) on Friday June 06, 2003 @03:33AM (#6130143)
        For every bug it strips out it will strip out a legitmite file as well.

        That's bullshit. You'll notice these things don't just use any old extension, they use executable extensions. If you setup your mailserver to strip .pif, .scr, .vbs etc you'll be in a much better world.

        When was the last time you got a legitimate email with a .pif attachment? Never, that's when. I setup this on all of my clients networks and have yet to have grabbed a single legit email.

        • Re:Actachments (Score:5, Insightful)

          by walt-sjc ( 145127 ) on Friday June 06, 2003 @08:40AM (#6130906)
          Why is this modded as a troll? It's the truth.

          I've been running a filter on email for about 5 years. Not ONCE has any of the email transmitted viruses / worms made it through, even to unpatched outlook and OE users.

          See John Hardin's procmail filter [impsec.org] for a Very good example of how to do this.

          If you are running a corporate meail server and are not filtering for known executable extensions, you are a fucking idiot. Period. There is just no excuse to EVER allow unfiltered mail through. Would you put your corporate LAN on the internet with no firewall at all? Of course not, but by not filtering email, you have a hole the size of Yankee Stadium in your protection. It's like wearing a condom with the end cut off.

          The problem with anti-virus software is that it relies on the vendor to create and distribute filter definitions. It can take DAYS or WEEKS for vendors to identify a new virus, and create a definition, and for people to download the new rule set. This lag time is deadly. Antivirus software is a LAYER of security on email, but to rely on it alone is not enough.

          Security is a process, and a mindset. Everyone who knows anything at all about software knows that every program has bugs. All you can do is minimize exposure, and you do that with many layers of security. These layers don't have to be intrusive, but you need them to reduce your vunerabilities.

          Hey, if you want to bury your head in the sand and refuse to participate in security, that's fine with me. I charge by the hour.

  • Blah, blah... (Score:3, Informative)

    by NetJunkie ( 56134 ) <jason.nash@CHICAGOgmail.com minus city> on Thursday June 05, 2003 @09:45PM (#6128772)
    The patch for this was out 2 years ago. No excuse.

    The virus comes in as a .exe file. You should block that. No excuse.

    AV dat files have been updated already. No excuse.

    We've been filtering this all day.... It's not that hard to protect yourself.

  • Frustratingly typical day in the life of Microsoft (Score:5, Insightful)

    by dtolton ( 162216 ) * on Thursday June 05, 2003 @09:45PM (#6128773) Homepage
    It's frustrating how many viruses Windows keeps getting slammed with.
    There are some people that will point to a Linux worm or virus here
    or there, but I run both Windows and Linux servers and there is
    simply no comparison with the amount of worms Windows based machines
    receive. Some people say it's because Windows is much more prevalent
    than the Linux, but there are a lot of servers running Linux now.

    The amount of work required to keep up with just doing updates has
    finally gotten to me. Last night I noticed my Windows server was
    sending packets like mad, suspicious I did a netstat -an, it was
    making connections to hundreds of other machines. Tired of this
    dance, I decided to just shut the windows server down. Maybe one day
    I'll patch it...then again, maybe I'll just leave it shut down for
    good.

    Interestingly, my GNU\Debian Linux box is happily sitting right next
    to it serving up pages. I haven't had to reboot it in ages, I imagine
    it will be running until a nifty new kernel comes out that I just
    have to have.

    See ya Microsoft.
    • Give it time. As Linux permeates industry and business it will start getting more attention from the virus writers. It's all a matter of ROI. Right now, attacking windows has a very high ROI.

      • Re:Frustratingly typical day in the life of Micros (Score:4, Insightful)

        by a_timid_mouse ( 607237 ) on Thursday June 05, 2003 @09:58PM (#6128841)
        Yes, but as with any *NIX, the damage Joe Luser can cause is significantly curtailed to their own userspace. The virus would need to take advantage of a root-level vulnerability to infect an entire machine. Not so with most Windows default configs.

        • Re:Frustratingly typical day in the life of Micros (Score:5, Insightful)

          by SN74S181 ( 581549 ) on Thursday June 05, 2003 @11:15PM (#6129258)
          Here's a secret you might not know:

          On Unix/Linux Desktop systems there is nothing on the system as important as the user's data in his home directory.

          So the whole notion that trojans/worms etc. can't hurt the systems that 'mere users' will be using as there is more and more of a push to Linux desktop systems is just plain nonsense. If it wipes out an employee's whole writeable diskspace, it's done all the damage it could possibly do. Nobody cares that everything that rolled off the Install CD is still there and might even be pristine.

          • Re:Frustratingly typical day in the life of Micros (Score:5, Insightful)

            by Blkdeath ( 530393 ) on Friday June 06, 2003 @12:00AM (#6129474) Homepage
            On Unix/Linux Desktop systems there is nothing on the system as important as the user's data in his home directory.

            I don't know about you, but I administer systems with hundreds or thousands of users. It's *their* data I wish to protect, not that of the irresponsible schmoe who ran untrusted binary code.

            <OBSIMOM>
            But if they ask me nicely, maybe I'll keep that backup tape away from the degausser.
            </OBSIMON>

        • Windows is the same way. IF people run with user rights (not admin) they are prevented from hitting anyone else. They can even be prevented from running software the admin didn't install for that matter. Problem is, most people run as admin. IT is their box after all, they'll do as they please.

          YOu'd have the same problem with Linux. First you have brilliant distros like Lindows that run as root by default. Then you'll have tons of people who log in as root all the time for dumb reasons like "I get sick of

      • Re:Frustratingly typical day in the life of Micros (Score:5, Insightful)

        by Blkdeath ( 530393 ) on Thursday June 05, 2003 @11:55PM (#6129453) Homepage
        Give it time. As Linux permeates industry and business it will start getting more attention from the virus writers. It's all a matter of ROI. Right now, attacking windows has a very high ROI.

        Which is exactly why so many worms target Apache rather than IIS.

        Batting down strawmen for 12 years and counting ...

  • it's a good one! (Score:5, Interesting)

    by thomasmd ( 677167 ) on Thursday June 05, 2003 @09:45PM (#6128775)
    This one spread through my university like wildfire today! It even seems to fake Norton virus definition updating, such that the computer appears to be updating it's virus definitions but isn't. It seemed to spread via hijacked messages that it attached itself to.

    • Re:it's a good one! (Score:3, Interesting)

      by Cruciform ( 42896 )
      It hit us with email showing a fake error response from our Wiki. Only a couple of people got infected, which is typical for our office. Most people have learned not to open attachments they don't recognize.

      The scary thing is how much it looked like a valid bug report, combining an infected users previous submission with falsified info that fit the context.

      Freakish.

      The antivirus software accompanying MDaemon (Win32) didn't catch it, so if you're running that try doing an independent scan with something e

      • Re:it's a good one! (Score:3, Interesting)

        by Megane ( 129182 )
        I got a bunch of these today too. Looks like it goes through the victim's stored e-mail, picks a message at random, using the headers and a couple hundred bytes of the body, then spits it out with a copy of the worm attached. One of them that I got used the "Welcome to Outlook Express" message that appears in a fresh install of Outhouse.

        This is a great way for the worm to get likely seeming messages to fool move victims.

  • New M$ initiative (Score:4, Funny)

    by Strudelkugel ( 594414 ) on Thursday June 05, 2003 @09:46PM (#6128777)

    I never have a problem with these worms. I downloaded Windows Robin(TM) a long time ago!

  • It's a fun one. (Score:5, Interesting)

    by offpath3 ( 604739 ) <offpath4@ya h o o . c o .jp> on Thursday June 05, 2003 @09:46PM (#6128780)
    This virus has been hitting a bunch of people over here at Stanford since sometime yesterday. It takes random messages from your inbox and forwards them to random people in your contact list and spoofs the sender. I've recieved a lot of weird emails lately, but some of my neighbors have seen some pretty personal emails sent or recieved by their friends and acquaintences. People hitting on people, people asking their parents for money, rejection letters from companies... the whole works. Our SMTP server has been completely shut down to stop the spread!

    • Re:It's a fun one. (Score:5, Informative)

      by ejaw5 ( 570071 ) on Thursday June 05, 2003 @10:14PM (#6128946)
      This is precisely the reason why I PGP digitally sign all my email. Almost a year ago, someone on a mailing list for one of my University groups got a virus on their computer sending out spoofed email and/or virus. One of them happened to have my name (email address only) on it. I was lucky to not lose any face from it, but it was very unsettling for me. Now I can say if it doesn't have a signature, it aint mine

  • Tell me about it. (Score:5, Informative)

    by Alcimedes ( 398213 ) on Thursday June 05, 2003 @09:46PM (#6128782)
    This sucker ripped through our campus like nothing. Heuristics missed it, and the definitions weren't updated until a few hours after a few hundred machines got nailed.

    the annoying part is that as complex as you can make software, you can't fix the people who are morons, which is where the real problem lies.

    oh well.

  • Poor Windows.... (Score:5, Funny)

    by Dr. Photo ( 640363 ) on Thursday June 05, 2003 @09:46PM (#6128783) Journal
    It's time to face the facts: Windows just isn't ready for the desktop.

  • How to Fix MS Software (Score:5, Interesting)

    by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Thursday June 05, 2003 @09:47PM (#6128786) Homepage
    ... and in some cases even attempts to control infected computersâ(TM) modems.

    Seems to me that would be the way to get these things fixed permanantly. Make a worm that would call MS tech support on peoples modems. Or any other MS 800 number. Untill something costs them a LOT of money, these will continue to show up.

  • Modem.. (Score:3, Insightful)

    by JohnFluxx ( 413620 ) on Thursday June 05, 2003 @09:49PM (#6128793)
    Can anyone tell me why it bothers to try connecting to the internet so hard?

    The article says that an infected machine will try to get on to the internet, and will try dialing the modem if it has to.

    Surely the most interesting machines are those with fast good connections - not people on crappy slow modems...

    This is from the assumption that the computers would be used for a DDoS.
    Has a worm ever been used for anything other than a DDoS?

    • Re:Modem.. (Score:3, Informative)

      by CausticWindow ( 632215 )

      If some program tries to open a socket through the Windows TCP/IP stack, and you have configured it (in Internet Options) to dial when needed, Winsock will do so.

      This has got nothing to do with this particular worm. It doesn't know wether the line is a t1 or a 33.6 modem line.

      • Re:Modem.. (Score:5, Interesting)

        by dorko ( 89725 ) * on Thursday June 05, 2003 @10:13PM (#6128941) Homepage
        Bzzt. Wrong. Thanks for playing.

        This worm does try hard to get on the 'net. Copied from Symantec [symantec.com].

        If W32.Bugbear.B determines that the default e-mail address for the local system belongs to a banking company, it enables auto-dialing through the registry.
        This is accomplished by setting the following value:
        "EnableAutodial"="0000001"
        in the registry key

        HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings
        The worm contains a large list (over one thousand) of targeted bank domain names from around the world. This is likely in an attempt to steal passwords more effectively. Therefore, banking institutions may be considered to be more at at risk.
        Looks like they're trying to obtain passwords to bank specific systems.

    • Re:Modem.. (Score:3, Interesting)

      by bhtooefr ( 649901 )
      They said that it attacked banks (it appears to be a backdoor bank heist worm). Someone said that US banks would probably not be affected, but a lot of third-world banks that do have a 56K could get hit.

    • For some value of "interesting," maybe (Score:5, Insightful)

      by Motherfucking Shit ( 636021 ) on Thursday June 05, 2003 @10:06PM (#6128886) Journal
      The article says that an infected machine will try to get on to the internet, and will try dialing the modem if it has to. Surely the most interesting machines are those with fast good connections - not people on crappy slow modems...
      No, the most interesting machines are those which aren't connected to the public network at all. The servers at your bank which track your balance, those mysterious "power grid" servers that HomeSec keeps spreading cyberterror FUD about, military computers with Top Secret documents, etc.

      These machines are unlikely to be interfaced with a public net at all, especially not sitting on a fat pipe; but many of them have to network _somehow_. Regular modems, ISDN, etc. aren't quite dead yet.

  • Patch Available (Score:5, Funny)

    by Eberlin ( 570874 ) on Thursday June 05, 2003 @09:53PM (#6128812) Homepage

    Quick, get your patch here [redhat.com]

  • Conflict of intrest... (Score:3, Insightful)

    by c0dedude ( 587568 ) on Thursday June 05, 2003 @09:53PM (#6128815)
    You know, we should get our information from a reputable and IT source like symantec [symantec.com] who provides details on how to remove it rather than a news source owned by the people who make windows, the vulnerable software.

  • Commercial Idea (Score:5, Insightful)

    by div_2n ( 525075 ) on Thursday June 05, 2003 @09:57PM (#6128837)
    I am surprised Red Hat or some other company doesn't take advantage of heavy Windows worm activity.

    "Did you get hit by that new worm?"

    "No, I run Linux."

  • It's a nasty one (Score:5, Interesting)

    by jdreed1024 ( 443938 ) on Thursday June 05, 2003 @10:03PM (#6128867)
    This hit MIT starting this morning. It's quite clever about where it gets the addresses and e-mails from. It knows how to scan the mailbox formats of many common e-mail clients, not just Outlook. It sends itself as an attachment to actual messages from the infected user's inbox. So the body is not something obvious ("I send you this file to have your advice"). I actually thought several of the messages I received were real, since they pertained to recent business around campus. (I didn't open the attachments, of course seeing the .scr extension - not that it does much to an OS X box). It's backdoor runs on a fairly standard port (1080) that's used for plenty of legitimate apps (proxy servers) so scanning your network for open ports won't necessarily find it for you. (as opposed to scanning and seeing that port 31337 is open, or something like that, which obviously "wrong"). The keylogger component is quite scary too. It's one of the more advanced viruses I've seen recently...

    On a related note, anti-virus programs is one place where I can actually see a potential useful application of "trusted computing" (no, not necessarily Palladium). If there could be some way to to tell the OS "Look, I don't care if you're the administrator or not: the only programs that are allowed to terminate the anti-virus scanner process are the scanner itself, and, say, Task Manager". By using keys to prove their identity, it _might_ make it a lot harder for virii to terminate anti-virus programs. (Note to slashbots: I'm not saying Palladium is good because it will do this (I don't even know if it does). I'm saying this is one potential application of some as-yet-undeveloped implemenation of "trusted computing".

    • Re:It's a nasty one (Score:5, Informative)

      by karlm ( 158591 ) on Thursday June 05, 2003 @11:32PM (#6129355) Homepage
      Your proposal is doable on any standard hardware that offers memory protection, no cryptographic keys needed.

      If a program was able to tell the OS that it could be shut down by programs signed by keys A, B, and C, that would suffice. You modify the PE or Elf format to include signatures. Mandatory Acess Controls can also prevent one program run by user D from killing another program run by user D.

      Making users non-administrators and running virus checkers as seperate users would also prevent some potential problems. Mail clients could use IPC to pass emails to the virus checkers and get a thumbs-up or thumbs-down.

      Now, as far as Palladium goes, I think there's a pretty simple alternative.

      Really what I'd like to see is L4 or another nanokernel and a few low-level drivers in the frimware along with a Forth interpreter for OpenFirmware. Your firmware would be a viable but minimalist OS, where before booting you could edit the fingerprintsof PKs allowed to sign kernels. Booting would simply be playing two-kernel-monte with the firmware kernel and a signed kernel off the HD. 1 MB and 2 MB EEPROMs are cheap enough that putting a viable OS in the firmware is looking quite attractive. Imagine having a rescue floppy built into your mobo. The QNX demo floppy shows you can do a hell of a lot in 1,440 KB.

      My SGI Indy firmware loads the Linux kernel directly off the HD and directly executes it. The firmware doesn't have a fully functional kernel like LinuxBIOS, but it suffices for a bootloader in firmware. It would be easy to add signature checking to the process, along with a small menu for entering/deleting PK fingerprints. If you ship with the fingerprints from the dozen most common OS vendors, 99.99% of people will not touch the settings or know they're even there, but you still get all of the integrity guarantees of Palladium. You would of course make NVRAM locked out at a hardware level durring the boot process, wich could only be undone by triggering a POST. This solution requires no new harware besides the NVRAM lockout, and the NVRAM lockout really isn't that important if you can assume the OS will prevent writing to NVRAM. The NVRAM lockout could be skipped in the first generation for the sake of easing adoption.

      Like I said earlier, my SGI firmware already does most of what's needed, as does LinuxBIOS. Apple and Sun firmware is already quite advanced and I don't imagine adding the required functionality would be that hard. Really the only advantage Palladium adds over current hardware with a BIOS upgrade is DRM. Palldium also carries a lot of baggage. I would love to see AMD come out with an improved x86-64 BIOS that includes most of the bootloader along with signature checking, if not a full nanokernel OS in firmware. Hardware NVRAM locking would also be nice.

  • Fools! (Score:5, Interesting)

    by displaced80 ( 660282 ) on Thursday June 05, 2003 @10:03PM (#6128869)
    Any readers in the UK with Sky Digital, switch to channel 268.

    Overnight, the channel plays a Flash-based word game, where viewers SMS in answers. It's running on a Windows PC, and the screen currently being broadcast to 7 million homes is....

    McAfee dialog box: 'bugbear.b High Virus Advisory....'

    Hmmm.

    (wandering OT - the channel, 'Friendly TV' is apparently being run by students on work experience. A nightly live-broadcast show is 'Girl Talk', where... girls... talk... about... things. Whatever comes into their heads. Oh, and they get progressively more drunk as the evening progresses, which no doubt helps.)

  • ugh (Score:3, Insightful)

    by JanusFury ( 452699 ) <kevin.gadd@gmail.COBOLcom minus language> on Thursday June 05, 2003 @10:04PM (#6128874) Homepage Journal
    Am I the only person who's tired of hearing about the latest way for idiots to screw up their computer and infect dozens of other computers used by similarly idiotic people? I mean, come on... Haven't there been patches and security measures around for years that prevent viruses like this one from infecting your PC?

    I guess it is helpful for admins to see virus warnings on slashdot though.

  • this is why.. (Score:3, Interesting)

    by cfscript ( 654864 ) on Thursday June 05, 2003 @10:04PM (#6128877)
    you know..

    for the longest time, i've been attempting to defend windows ever since 2k stopped being the 'absolute junk' syndrome. i read about this earlier in the day, and started ranting in irc.

    well, since it's easier to bitch than act, i decided to act. i went directly to the local apple store and bought an ibook.

    i have -never- been happier. this is literally the best of breed machine i have ever used. all the benefits of unix without the hassle of windows.

    so, this is totally offtopic, but as a govt. employee who deals with this sort of thing every day, my old home pc is now strictly a local lan CF/oracle development box, and every damn machine i buy from now on will be apple.

  • And again.... (Score:3, Insightful)

    by NetJunkie ( 56134 ) <jason.nash@CHICAGOgmail.com minus city> on Thursday June 05, 2003 @10:06PM (#6128885)
    If your ocmpany got hit go ask your network admin why they aren't blocking ANY executable email attachment. Then go ask their boss.

    IT'S NOT HARD PEOPLE.

  • Educate the user (Score:5, Insightful)

    by Anonymous Coward on Thursday June 05, 2003 @10:06PM (#6128889)
    The people that open these attachments aren't system admins. They aren't network programmers. They aren't even computer literate half the time. Most of the time they treat the computer like a magical device that mysteriously allows them to type and send mail very fast. My mom doesn't even know what a zip/exe/jpg file is. I think it is hard for us to imagine not knowing what we know about computers, but the fact is, that most people using computers don't know a fraction as much as anyone reading slashdot. In fact, most of these "virus" are technically trojans. They are all exploiting the ignorance of the user to mass infect others. There is nothing any operating system can do to stop this. If we were all running Linux, more people would be tricked into running as a SuperUser or Root or some other exploit virus programmers would find. In the end, it's not which is it the right operating system, but have we educated the person behind the machine.
    • I work at a local school district, where most of the teachers are appropriately computer literate. (By that I mean that they know how to do the things they need to do, but they don't have any burning need to spend a significant portion of their lives learning the inner workings of their computers.)

      Most of them are using Windows, but there are a few who are still using their old Macs. When the ILOVEYOU virus was making the rounds, the email servers were crushed by the volume of mail generated by people who

  • JDBGMGR!!!!! (Score:3, Funny)

    by simetra ( 155655 ) on Thursday June 05, 2003 @10:12PM (#6128932) Homepage Journal
    I knew that damn little teddy bear icon in my windows directory was up to no good!!!!!

  • You can fix the OS, but you can't fix the users. People who get hit by this have nobody to blame but themselves (or their Windows administrator).

    Microsoft fixed this vulnerability more then 2 years ago. Why do people not update their software?

    According to Symantec [symantec.com], Bugbear.B "uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment [microsoft.com] vulnerability".

  • Just in time... (Score:3, Interesting)

    by gmuslera ( 3436 ) on Thursday June 05, 2003 @10:23PM (#6129002) Homepage Journal
    ... to reply to mi2g claims that Linux is more hacked than Windows [vnunet.com]. Now you have hundreds of windows computers in your near vicinity waiting to be hacked thru port 1080. I think that at the rate of infection of this last worm, in very few days (sunday?) will be the most widely distributed computer worm ever.

  • The Fun Of Reading Other People's E-Mail (Score:5, Funny)

    by KU_Fletch ( 678324 ) <bthomas1 @ k u .edu> on Thursday June 05, 2003 @10:47PM (#6129125)
    Our University is being hit hard, especially because almost all classes and departments have these massive listservs and the listserv software is so archaic that it doesn't have viral replication blocking. Oh well, at least I get the personal enjoyment of reading other people's e-mails that get cloned. So far I've got 2 that involve people talking about me behind my back. There's always a golden lining people.

  • This is amazing (Score:5, Interesting)

    by nihilogos ( 87025 ) on Thursday June 05, 2003 @10:54PM (#6129161)
    The entire physics department here got an email with the subject line "Re: hep-lat 020711 daily received" with the pif attachement.

    hep-lat is the Los Alamos eprint Archive [lanl.gov] subject code for high energy physics on lattice models. The email refers to a paper on "A new proposal for the fermion doubling problem" which is supposedly attached (instead you get the .pif file)

    The subject line is matched amazingly well to the recipient list. I thought "that looks interesting, I might have a look even though I probably wasn't supposed to get it."

  • An Idea? (Score:3, Funny)

    by eonblueye ( 627191 ) * on Thursday June 05, 2003 @11:06PM (#6129202) Homepage
    handy little solution that has been around for a while.. (jpeg image file) [evileon.com]

  • BugBear then goes searching for a modem (Score:4, Interesting)

    by t0qer ( 230538 ) on Friday June 06, 2003 @01:13AM (#6129765) Homepage Journal
    I disagreed with one point the article made.

    BugBear then goes searching for a modem, enables it, then tries to get the computer to dial out, probably to reach the virus author. âoeHe really wanted to get into those machines,â Kuo said. U.S. financial institutions probably arenâ(TM)t at risk from this technique, Kuo said, because most donâ(TM)t have modems attached to their critical computers any more.

    Today I was at fry's electronics, and I saw a Quickbooks POS (point of sale, not peice of shit) system on display for small to medium business. This started getting me thinking back to my earlier days of consulting.

    One of the companies I did work for had a retail chain of mall stores. At night the registers would dump their management reports to our AS/400 machine and someone would make neat reports out of them. It wasn't a huge amount of data, so each store would just phone home on those really nice $300 courier modems.

    Most of our store managers kept in touch with us via outlook/exchange server.

    Now another interesting side note is veriphone uses POTS lines for nearly %100 of their credit card processing. Tons of small stores have networks in them now, managers reading e-mail and such.

    So which of these financial institutions has its shit so well together that they don't need modems? I just wanted to point out the author of the article is a stupidhead. Boo!

Slashdot Top Deals

"Engineering without management is art." -- Jeff Johnson

Close