The virus only takes advantage of one primary security flaw - THE USER! The virus targets Win32 because that's the biggest "market." Do you realize that if BSD were the "everyday" operating system, this would still happen becuase all the idiot users would be using it?
Are you really that clueless? While some viruses actually do take advantage of imperfections in the operating system, the two viruses that went bonkers today rely solely on foolish users who will execute any file that comes to them. It does not matter what MUA you use. Outlook? Outlook Express? Pegasus? Eudora? Makes no difference. People will open the attachment.
This could also just as easily be a shell script or an executable compiled for linux. There is no such thing as an idiot-proof system.
Wow executable email attachments always used to be safe
If people haven't learned to not open email attachments from people they don't know, then I dunno.
If people haven't learned to not open email attachments from people they don't know, then I dunno.
DrPizza
Administrator Elite Member Goat Whisperer
I just wish someone would write a virus that simply makes a message pop-up on the victim's screen that says: "You are obviously too stupid to use a computer safely. You are getting a 1 month time-out from using your computer, at which point it will be fully functional again. Didn't anyone ever tell you not to open unsolicited attachments in email? Don't you know that a file with the name "this is cool stuff.jpg.exe" is not a picture?"
With those people out of the way, the spread of viruses would slow to a crawl.
With those people out of the way, the spread of viruses would slow to a crawl.
DT4K
Diamond Member
- Jan 21, 2002
- 6,944
- 3
- 81
Yeah, we had a great day on Monday.
First our ERP system went down. Not all of a sudden mind you. It was more of a slow disintegration.
Then our primary circuit from our location to corporate went out and we were on a backup ISDN handling traffic for several hundred users for about 6 hours.
Then we get hammered with this virus and end up with multiple infected machines, so they shut down the email servers until they can get new virus defs pushed to all the user machines.
Sometimes I'm really really really glad I'm just a developer and not the network admin.
And the really sad part is that the one machine at our plant that got infected belonged to one of the PC support technicians.
First our ERP system went down. Not all of a sudden mind you. It was more of a slow disintegration.
Then our primary circuit from our location to corporate went out and we were on a backup ISDN handling traffic for several hundred users for about 6 hours.
Then we get hammered with this virus and end up with multiple infected machines, so they shut down the email servers until they can get new virus defs pushed to all the user machines.
Sometimes I'm really really really glad I'm just a developer and not the network admin.
And the really sad part is that the one machine at our plant that got infected belonged to one of the PC support technicians.
I LOVE EPO
Best thing ever..
I update all the computers corp wide to the newest dat files with a click of a button.
Then kick off a scan corp wide..
Life is good..
Best thing ever..
I update all the computers corp wide to the newest dat files with a click of a button.
Then kick off a scan corp wide..
Life is good..
I know who's infected then. One of my parents friends probably has me in her address book and she also did some work with WVIZ. But I'm not touching her infected computer with a 10.5 ft pole..
I dont get why people freak out when a virus comes out. don't open attachments that you dont know. how hard is that?? apparently very hard....
Just got an email from mcafeesecurity@1stmail.com
EDIT....this IS actually a mail from Mcafee, and the links go to their site. But its not coming from their domain! They're spamming to promote their own software! In addition, the links are broken.
January 27, 2004
"The Mydoom worm surfaced Monday and has been given several names by anti-virus software vendors, including Mydoom, Novarg and Mimail.R. Experts don't all agree on the worm's payload, but they do agree that it is spreading faster than Sobig-F, the worm that topped the charts for the most widespread e-mail worm last year."
(IDG News Service, a Network World affiliate, 1/27/04)
"Network Associates' Vincent Gullotto, vice president of the Anti-Virus Emergency Response Team (AVERT) expects the worm to keep causing headaches for a while."...It has a full head of steam, there are hundreds of thousands of e-mails, and we may see well into the millions (of e-mails), and possibly hundreds of thousands of machines infected."
(IDG News Service, a Network World affiliate, 1/27/04)
HOW DOES THE MYDOOM THREAT AFFECT ME?
-- Mydoom is a destructive worm that propagates through generating SMTP email as an attachment within an email. It disrupts business by:
-- Creating a flood of email traffic
-- Overloading email servers
-- Degrading network response times
-- The Mydoom worm infects Microsoft(R) Windows(R)9x/ME, NT4, 2000, 2003, and XP-based computers.
WHAT STEPS CAN I TAKE AGAINST MYDOOM?
-- If You Are Currently A McAfee Security Customer:
-- Download an immediate cure for this virus online at the Network Associates McAfee AVERT website at: <http://vil.nai.com/vil/content/v_100983.htm>
-- Click on "4319 Minimum DAT" to update your anti-virus software
-- If You Are Not Currently a McAfee Security Customer:
-- Download our FREE virus utility tool, Stinger, that detects,
cleans, and repairs systems infected by Mydoom. Go to: <https://secure.nai.com/us/forms/registration/survey.asp?code=nw131>
ATTEND OUR FREE WEBCAST--LEARN HOW TO PROTECT YOUR SYSTEMS FROM A MYDOOM ATTACK:
-- 11:00AM PST on January 28, 2004
-- Register now at: <http://inter.viewcentral.com/reg/nai_mrktng/Mydoom>
-- After you register, you will receive a confirmation email that contains the telephone number and URL to attend the webcast.
THE MCAFEE(R)SECURITY PROTECTION-IN-DEPTH(TM) STRATEGY DELIVERS SOLUTIONS TODAY THAT CAN MITIGATE THE RISKS ASSOCIATED WITH THIS WORM:
**SYSTEM PROTECTION SOLUTIONS**
McAfee Entercept
McAfee Entercept would detect the worm attempting to write itself into a system folder (%windir%). In addition, it would also detect that the worm is attempting to write entries within the 'RUN' key in the system registry and would therefore prevent infection occurring.
McAfee Desktop Firewall
To prevent possible remote access McAfee Desktop Firewall users can block incoming TCP port 3127.
McAfee ThreatScan
The latest ThreatScan signature (2004-01-27) includes detection of the Mydoom virus. This signature is available for ThreatScan v2.0, v2.1, and v2.5. ThreatScan users can also detect the backdoor portion of the virus by running a "Resource Discovery" task utilizing the port scanning options.
McAfee Anti-virus:
The 4319 DAT files are available now. EXTRA.DAT packages are also available on the VIL page.
**NETWORK PROTECTION SOLUTIONS**
Sniffer(R) Technologies
Sniffer filters are currently being investigated for Sniffer Portable, Sniffer Distributed, and Netasyst(TM) Network Analyzer. Stay tuned to the VIL page for updates.
InfiniStream (TM) Security Forensics
If you have InfiniStream in place, you can use it to reconstruct detailed network events, including: the opening of a suspicious attachment, a conversation between a client and server resulting in missing log files, database breaches, and limitless other possibilities.
McAfee IntruShield (R)
McAfee IntruShield signatures have also been updated to prevent the worm from traveling across infected networks.
Expert Services
If a customer needs help cleaning-up, Network Associates(R) Expert Services can take away the pain of dealing with the threat - and help secure your customer's network from future threats.
**THE MCAFEE PROTECTION-IN-DEPTH STRATEGY** The McAfee Protection-in-Depth Strategy delivers the industry's only complete set of system and network protection solutions differentiated by intrusion prevention technology that can detect and block attempts to exploit this worm before it can cause damage to systems and networks.
Best Regards,
Network Associates
----------------------------------
Network Associates and McAfee are registered trademarks or trademarks of Network Associates, Inc. and/or its affiliates in the US and/or other countries. Sniffer(R) brand products are made only by Network Associates, Inc. All other registered and unregistered trademarks herein are the sole property of their respective owners. (C) 2004 Networks Associates Technology, Inc. All Rights Reserved.
Network Associates, Inc. is located at 3965 Freedom Circle Santa Clara, CA 95054.
To be removed from our McAfee Network Protection Solutions mailing list, please send an e-mail to: mailto:McAfeeSecurity@1stmail.com and type REMOVE in the subject line.
Too lazy to click on the link, but anyone want to see what this installs on your pc?
EDIT....this IS actually a mail from Mcafee, and the links go to their site. But its not coming from their domain! They're spamming to promote their own software! In addition, the links are broken.
January 27, 2004
"The Mydoom worm surfaced Monday and has been given several names by anti-virus software vendors, including Mydoom, Novarg and Mimail.R. Experts don't all agree on the worm's payload, but they do agree that it is spreading faster than Sobig-F, the worm that topped the charts for the most widespread e-mail worm last year."
(IDG News Service, a Network World affiliate, 1/27/04)
"Network Associates' Vincent Gullotto, vice president of the Anti-Virus Emergency Response Team (AVERT) expects the worm to keep causing headaches for a while."...It has a full head of steam, there are hundreds of thousands of e-mails, and we may see well into the millions (of e-mails), and possibly hundreds of thousands of machines infected."
(IDG News Service, a Network World affiliate, 1/27/04)
HOW DOES THE MYDOOM THREAT AFFECT ME?
-- Mydoom is a destructive worm that propagates through generating SMTP email as an attachment within an email. It disrupts business by:
-- Creating a flood of email traffic
-- Overloading email servers
-- Degrading network response times
-- The Mydoom worm infects Microsoft(R) Windows(R)9x/ME, NT4, 2000, 2003, and XP-based computers.
WHAT STEPS CAN I TAKE AGAINST MYDOOM?
-- If You Are Currently A McAfee Security Customer:
-- Download an immediate cure for this virus online at the Network Associates McAfee AVERT website at: <http://vil.nai.com/vil/content/v_100983.htm>
-- Click on "4319 Minimum DAT" to update your anti-virus software
-- If You Are Not Currently a McAfee Security Customer:
-- Download our FREE virus utility tool, Stinger, that detects,
cleans, and repairs systems infected by Mydoom. Go to: <https://secure.nai.com/us/forms/registration/survey.asp?code=nw131>
ATTEND OUR FREE WEBCAST--LEARN HOW TO PROTECT YOUR SYSTEMS FROM A MYDOOM ATTACK:
-- 11:00AM PST on January 28, 2004
-- Register now at: <http://inter.viewcentral.com/reg/nai_mrktng/Mydoom>
-- After you register, you will receive a confirmation email that contains the telephone number and URL to attend the webcast.
THE MCAFEE(R)SECURITY PROTECTION-IN-DEPTH(TM) STRATEGY DELIVERS SOLUTIONS TODAY THAT CAN MITIGATE THE RISKS ASSOCIATED WITH THIS WORM:
**SYSTEM PROTECTION SOLUTIONS**
McAfee Entercept
McAfee Entercept would detect the worm attempting to write itself into a system folder (%windir%). In addition, it would also detect that the worm is attempting to write entries within the 'RUN' key in the system registry and would therefore prevent infection occurring.
McAfee Desktop Firewall
To prevent possible remote access McAfee Desktop Firewall users can block incoming TCP port 3127.
McAfee ThreatScan
The latest ThreatScan signature (2004-01-27) includes detection of the Mydoom virus. This signature is available for ThreatScan v2.0, v2.1, and v2.5. ThreatScan users can also detect the backdoor portion of the virus by running a "Resource Discovery" task utilizing the port scanning options.
McAfee Anti-virus:
The 4319 DAT files are available now. EXTRA.DAT packages are also available on the VIL page.
**NETWORK PROTECTION SOLUTIONS**
Sniffer(R) Technologies
Sniffer filters are currently being investigated for Sniffer Portable, Sniffer Distributed, and Netasyst(TM) Network Analyzer. Stay tuned to the VIL page for updates.
InfiniStream (TM) Security Forensics
If you have InfiniStream in place, you can use it to reconstruct detailed network events, including: the opening of a suspicious attachment, a conversation between a client and server resulting in missing log files, database breaches, and limitless other possibilities.
McAfee IntruShield (R)
McAfee IntruShield signatures have also been updated to prevent the worm from traveling across infected networks.
Expert Services
If a customer needs help cleaning-up, Network Associates(R) Expert Services can take away the pain of dealing with the threat - and help secure your customer's network from future threats.
**THE MCAFEE PROTECTION-IN-DEPTH STRATEGY** The McAfee Protection-in-Depth Strategy delivers the industry's only complete set of system and network protection solutions differentiated by intrusion prevention technology that can detect and block attempts to exploit this worm before it can cause damage to systems and networks.
Best Regards,
Network Associates
----------------------------------
Network Associates and McAfee are registered trademarks or trademarks of Network Associates, Inc. and/or its affiliates in the US and/or other countries. Sniffer(R) brand products are made only by Network Associates, Inc. All other registered and unregistered trademarks herein are the sole property of their respective owners. (C) 2004 Networks Associates Technology, Inc. All Rights Reserved.
Network Associates, Inc. is located at 3965 Freedom Circle Santa Clara, CA 95054.
To be removed from our McAfee Network Protection Solutions mailing list, please send an e-mail to: mailto:McAfeeSecurity@1stmail.com and type REMOVE in the subject line.
Too lazy to click on the link, but anyone want to see what this installs on your pc?
Why is it the end user's fault that Microsoft and/or other computer programmers/scientists can't design an operating system that doesn't allow executable code to be disguised as something it isn't ?
its actually a good thing that we can change icons of programs and have "." in files names. theres just allways ways to take advantages of good things.
it still has the .exe so people just are stupid to run it. its not like its a pic.jpg and thats is.
JB
it still has the .exe so people just are stupid to run it. its not like its a pic.jpg and thats is.
JB
You're misplacing the blame. Why can't users use the slightest bit of caution? At the end of the day, it is impossible to design an idiot-proof operating system.
At least in Windows, the file needs to have an extension in order for the OS to identify it. In Unix/Mac an executable can be named virus.jpg and the user is none the wiser.
"Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning."
--Rich Cook
"You're misplacing the blame. Why can't users use the slightest bit of caution?"
I don't think so. Why does Windows need 45 different kinds of executable file extensions? Why not just one ?
Why does a screen saver need to be executable ?
The problem is operating systems are designed by programmers who are focused on doing lots of stuff they think is cool, not stuff that makes an operating system work well for it's basic function and is safe for non-experts to use.
A person is not an idiot because they don't know that their computer's operating system is too stupidly designed to not run certain operations without some kind of validation that the code comes from an authorized source.
I don't think so. Why does Windows need 45 different kinds of executable file extensions? Why not just one ?
Why does a screen saver need to be executable ?
The problem is operating systems are designed by programmers who are focused on doing lots of stuff they think is cool, not stuff that makes an operating system work well for it's basic function and is safe for non-experts to use.
A person is not an idiot because they don't know that their computer's operating system is too stupidly designed to not run certain operations without some kind of validation that the code comes from an authorized source.
The number of extensions is irrelevant. The fact that Windows even USES extensions makes it at least SLIGHTLY easier to know what a file might do. Compared to unix - I make an executable virus called boobies.jpg. You run it expecting your browser/image viewer to display it, and instead it executes a virus.
If you are referring to the .scr file extension, suffice it to say that .scr was supposed to be short for "script." Unfortunately, the original DOS didn't allow for descriptive tags of more than 3 characters, so certain extensions became overloaded. You actually CAN blame Microsoft for that - Unix never had such a restriction.
They eventually came around and allowed multiple dots and longer extensions, but the damage is already done.
Not at all. The modern OS (think XP or Panther) was designed very much with the user in mind and to be "idiot proof." But as close as they come, perfection is unattainable. Users EXPECT to be able to double-click a file and have the operating system know what to do with it. Can you come up with a better way to handle this? If so, please contact ACM's SigCHI - I'm sure there are a bunch of professionals and researchers who would be all ears.
Who would manage such a validation? Who would pay for it?
How hard is it to call or e-mail the sender back and validate it yourself?
The bottom line is simple:
Do not open attachments that you were not expecting, regardless of the sender.
The operating systems are not perfect - I don't debate that. But in this case we are talking about a virus that takes advantage of a critical flaw that transcends technology - willingness to trust.
Blaming the operating system for the user haphazardly opening files is like blaming the gas pedal for the driver going too fast.
i would like to know which antivirus and firewall utility to get since my norton 2003 pro expired i got hit by some gaobot virus i removed it but ithink its still in i try to open norton system work and it closes automatically
by the way i am not sure if i have SP1 for XP pro how can u tell if you have it or not ?
thanks in advance
i got hit by some gaobot virus i removed it but ithink its still in i try to open norton system work and it closes automatically by the way i am not sure if i have SP1 for XP pro how can u tell if you have it or not ?
thanks in advance
Jzero-
Your points are valid if computers were only meant for computer experts. The truth is most people and/or employees are using computers as a tool to accomplish something, not to become computer experts.
From a hypothetical non-computer expert's perspective, a computer should be smart enough to know that a file is what says it is, or if it doesn't know what a file is, not to run it and kill itself.
This shouldn't be too hard to accomplish, but it isn't what programmers like to do.
They'd rather build things like Media player 9, which browse the internet every time I want to hear a *.wav file, or an auto-fill feature in IE to complete web pages I'm typing in the address bar, that accesses my Diablo 2 CD, everytime, looking for matches !
Your points are valid if computers were only meant for computer experts. The truth is most people and/or employees are using computers as a tool to accomplish something, not to become computer experts.
From a hypothetical non-computer expert's perspective, a computer should be smart enough to know that a file is what says it is, or if it doesn't know what a file is, not to run it and kill itself.
This shouldn't be too hard to accomplish, but it isn't what programmers like to do.
They'd rather build things like Media player 9, which browse the internet every time I want to hear a *.wav file, or an auto-fill feature in IE to complete web pages I'm typing in the address bar, that accesses my Diablo 2 CD, everytime, looking for matches !
Nitemare
Lifer
- Feb 8, 2001
- 35,461
- 4
- 81
Originally posted by: Dead Parrot Sketch
Jzero-
Your points are valid if computers were only meant for computer experts. The truth is most people and/or employees are using computers as a tool to accomplish something, not to become computer experts.
From a hypothetical non-computer expert's perspective, a computer should be smart enough to know that a file is what says it is, or if it doesn't know what a file is, not to run it and kill itself.
This shouldn't be too hard to accomplish, but it isn't what programmers like to do.
They'd rather build things like Media player 9, which browse the internet every time I want to hear a *.wav file, or an auto-fill feature in IE to complete web pages I'm typing in the address bar, that accesses my Diablo 2 CD, everytime, looking for matches !
Have IQ tests become mandatory when asking for an email address. Have certificates in which you have to periodically prove you do not suck at teh int@rweb
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter