Ive just this moment got one filtered into my junkmail folder on Yahoo Mail. From 'Karen' regarding an error in some binary crap. Got rid of it straight away.
It DOES NOT and SHOULD NOT require any level of expertise to say "I don't know what this file is, I was not expecting it, so I'm not going to open it." My mother is damn near 60 years old and wishes she could have her typewriter back, but for some reason nobody ever had to explain that to her. She says "I don't know what this file is; I'm just gonna X it out."
How is that possible? How could the computer know what the file is supposed to do as opposed to what the user thinks it's supposed to do? Is the computer supposed to know that the user believes that boobies.jpg.exe is a porn pic?
Believe you me, there is a whole discipline of study called "human-computer interaction" and it is full of people from all different backgrounds from psychology to engineering who research ways to improve the way computers work with users.
You say this shouldn't be too hard, but can you propose a solution? I'm not asking for a technical solution. Just in a few paragraphs, explain how you think it would be possible for the computer to inherently know that the program is not what the user expects it to be.
The bottom line is that a conventional computer will never (I use never loosely in this case) be able to think and reason the way a person can. The user will always have to provide the actual intelligence.
LOL, no comment on that oneThey'd rather build things like Media player 9, which browse the internet every time I want to hear a *.wav file, or an auto-fill feature in IE to complete web pages I'm typing in the address bar, that accesses my Diablo 2 CD, everytime, looking for matches !
, but don't think for a second that these products are designed in a vacuum. They created these features because someone lead them to believe that users wanted them."You say this shouldn't be too hard, but can you propose a solution? "
Yea sure, I can propose lots of solutions. Here is one for free, go back to not letting a filename have two periods in it.
Or how about an operating system that requires all executable code have a routine that self-checks it's own filename, any sign of an attempt at trickery, or the routine being missing, and the operating system doesn't execute the rest of the code.
Or how about an operating system that categorizes certain actions, opening ports, formatting hard drives, as operations that can only be performed using a certain class of programs that are supplied by the operating system vendor ?
These may or may not be workable, but the point of my post isn't that I'm the smartest guy in the universe, my point is the smart guys tend to not try to design things for the dumb people, they just expect everybody to be smart.
And the marketing people dominate the usability people, the more crap they can stuff in an operating system the more they can sell it for.
Plus make computers difficult enough to deal with and you can sell education classes.
Yea sure, I can propose lots of solutions. Here is one for free, go back to not letting a filename have two periods in it.
Or how about an operating system that requires all executable code have a routine that self-checks it's own filename, any sign of an attempt at trickery, or the routine being missing, and the operating system doesn't execute the rest of the code.
Or how about an operating system that categorizes certain actions, opening ports, formatting hard drives, as operations that can only be performed using a certain class of programs that are supplied by the operating system vendor ?
These may or may not be workable, but the point of my post isn't that I'm the smartest guy in the universe, my point is the smart guys tend to not try to design things for the dumb people, they just expect everybody to be smart.
And the marketing people dominate the usability people, the more crap they can stuff in an operating system the more they can sell it for.
Plus make computers difficult enough to deal with and you can sell education classes.
Why? If you want to see the really file name, you can have it be shown (Windows 2000/XP). So what is the point. The program only cares about the last extension.
If a system is using a pattern, it can ALWAYS be tricked. The example you just suggested is a pattern, the only difference would be the virus's attack method.
Certain class of programs that are supplied by the operating vendor? Why couldn't someone create a virus that masquerades as one of those "certain class of programs?"
Like I said, the computer world is nothing but patterns. The ONLY thing that is not is the user, and that is what is ultimately needed to stop a virus from attacking. No "if," "ands" or "buts."
"Like I said, the computer world is nothing but patterns. The ONLY thing that is not is the user, and that is what is ultimately needed to stop a virus from attacking. No "if," "ands" or "buts.""
LOL, I wish I was as smart as you, then I would know everything that is possible or impossible.
"Why? If you want to see the really file name, you can have it be shown (Windows 2000/XP). So what is the point. The program only cares about the last extension."
Because there isn't any reason to have a filename that looks like an extension when it isn't the real extension. Eliminating the ability to use a period as part of the filename, coupled with no longer hiding file extensions as a default, which is another retarded design idea, and you eliminate a lot of the confusion about misidentifying file types.
LOL, I wish I was as smart as you, then I would know everything that is possible or impossible.
"Why? If you want to see the really file name, you can have it be shown (Windows 2000/XP). So what is the point. The program only cares about the last extension."
Because there isn't any reason to have a filename that looks like an extension when it isn't the real extension. Eliminating the ability to use a period as part of the filename, coupled with no longer hiding file extensions as a default, which is another retarded design idea, and you eliminate a lot of the confusion about misidentifying file types.
Now that is definitely impossible.
The reason is because Windows gives the user more flexibility to name files (ex: first name. last name). I want as little restrictions when I'm trying to name a file. Secondly, most of these users running these infected files don't even know what an extension is, let alone which ones are executable and which are not. Taking away the ability to add an extra dot in a file name will do exactly jack squat in preventing virus outbreaks.
Its completely shut VT's POP server down. Like no email since Monday night. Needless to say, there are some very, very, very angry people (admissions, particularly) on campus.....
1st - Set your email server's attachment filtering to remove attachments with .pif, .scr, .bat, .exe
2nd - Inform your users about viruses and to not open emails from people they do not know. Also inform your users to zip the attachment files if they match your attachment filter list before emailing them.
3rd - Update AV def on your email server(s) AND on your corp. AV server(s).
4th - Keep an eye on your AV logs. Enable notifications on your AV server(s) and keep it enabled until everything blows over. Create a rule to move notifications to a special folder if you don't want your inbox to be flooded with notifications.
My network has gotten roughly 500 copies of this virus in various incarnations since it was released yesterday afternoon.
2nd - Inform your users about viruses and to not open emails from people they do not know. Also inform your users to zip the attachment files if they match your attachment filter list before emailing them.
3rd - Update AV def on your email server(s) AND on your corp. AV server(s).
4th - Keep an eye on your AV logs. Enable notifications on your AV server(s) and keep it enabled until everything blows over. Create a rule to move notifications to a special folder if you don't want your inbox to be flooded with notifications.
My network has gotten roughly 500 copies of this virus in various incarnations since it was released yesterday afternoon.
Wolfsraider
Diamond Member
- Jan 27, 2002
- 8,305
- 0
- 76
I got an e-mail today calling me by name...I did not recognize the name,but never had an email sent to that box with my name..
anyway there was an attachment named text.zip lol
DELETE
be careful
mike
anyway there was an attachment named text.zip lol
DELETE
be careful
mike
This virus sucks. My email server is getting hammered with spoofed receiver names and spoofed sender names. I have traced some of them and the sender never matches the sent address. My users are convinced it's the servers problem but it's the damn virus. It generates usernames that don't exist and adds my domain to them.
I have had to set all of my unrouted emails to be sent to :blackhole: instead of receiving them to the default account.
I hope the geek who wrote this virus gets caught and does time in a "pound me in the a$$" federal pen. :|
I have had to set all of my unrouted emails to be sent to :blackhole: instead of receiving them to the default account.
I hope the geek who wrote this virus gets caught and does time in a "pound me in the a$$" federal pen. :|
That's what I read this thread to find out. I keep getting emails from people, and autoresponses, saying, "You sent me an email with a virus attached, thanks alot!" The email has my email address as the sender, but I checked my sent folder and there's nothing there. I ran a full system scan, and no viruses. So I assume someone got my email address, and is using it as the sender address.
i got a mailer-daemon return message saying that my account tried sending this virus out, does that mean i have it? i haven't opened any attachments on this account.
No, it does not mean you have it. It most likely means that someone with your email address in their system is now infected and spoofing emails with your address.
Viruses like this are Darwin's Theory of Natural Selection for computers.
If you're stupid enough to open these files, you don't deserve a computer. It kills off the stupid.
If you're stupid enough to open these files, you don't deserve a computer. It kills off the stupid.
Interesting read:
When I disassembled the virus I found new information that haven't came up anywhere else to this time.
Here is the information that is beleived...
1. use restricted usernames to send email to and from
2. encode strings with ROT13 method
3. create a mutex called 'SwebSipcSmtxSO' when ran
4. transform in taskmon.exe and
4.1 add [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskMon" = %sysdir%\taskmon.exe
4.2 add [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskMon" = %sysdir%\taskmon.exe
5. add %sysdir%\shimgapi.dll
open ports 3127/tcp - 3198/tcp
6. stops spreading febuary 12
7. spreads through KaZaA and Electronic Mail System
8. and more very technical fact i will not describe here
What I found...
Even if the virus (Mydoom) is programmed in assembler and compiled using masm it is made to look like it has been programmed in C++ when disassembling. It is a fact that many more information are hidden and undiscovered to this date such as the fact that it will stop spreading on febuary 12 which is not true. Mydoom will pass in a new phase upon febuary 12 and it will be very much more serious as it will be updated and will mutate in Mydoom.C. The backdoor (shimgapi.dll) is open a port but this is used to obscur the real intention of Mydoom.B as well as Outlook express.
It was also unknown that the virus infects the BIOS of the computer it infects by injecting a 624bytes backdoor written in FORTH which will open port tcp when Mydoom will be executed AFTER febuary 12.
It is a conclusion that the viral professionals that published diagnosis of the Mydoom.A virus are trying to hide something or are very incompetent.
Also there are no way to fix the virus that is injected in the BIOS after it has been infected except from flashing it AFTER disinfecting the workstation that was infected.
Juari Bosnikovich
When I disassembled the virus I found new information that haven't came up anywhere else to this time.
Here is the information that is beleived...
1. use restricted usernames to send email to and from
2. encode strings with ROT13 method
3. create a mutex called 'SwebSipcSmtxSO' when ran
4. transform in taskmon.exe and
4.1 add [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskMon" = %sysdir%\taskmon.exe
4.2 add [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskMon" = %sysdir%\taskmon.exe
5. add %sysdir%\shimgapi.dll
open ports 3127/tcp - 3198/tcp
6. stops spreading febuary 12
7. spreads through KaZaA and Electronic Mail System
8. and more very technical fact i will not describe here
What I found...
Even if the virus (Mydoom) is programmed in assembler and compiled using masm it is made to look like it has been programmed in C++ when disassembling. It is a fact that many more information are hidden and undiscovered to this date such as the fact that it will stop spreading on febuary 12 which is not true. Mydoom will pass in a new phase upon febuary 12 and it will be very much more serious as it will be updated and will mutate in Mydoom.C. The backdoor (shimgapi.dll) is open a port but this is used to obscur the real intention of Mydoom.B as well as Outlook express.
It was also unknown that the virus infects the BIOS of the computer it infects by injecting a 624bytes backdoor written in FORTH which will open port tcp when Mydoom will be executed AFTER febuary 12.
It is a conclusion that the viral professionals that published diagnosis of the Mydoom.A virus are trying to hide something or are very incompetent.
Also there are no way to fix the virus that is injected in the BIOS after it has been infected except from flashing it AFTER disinfecting the workstation that was infected.
Juari Bosnikovich
I haven't seen any of these yet, but I got quite a few instances of sobig and one other one - the one that looked like an official message from M$. Or were they the same?
..bh.
..bh.
I'm getting punched in the mouth by klez every freakin' day! My anti-virus is picking up everything that comes through my email, but damn, I get at least 3-6 a day! WTF? :| I've yet to get mydoom at home though.
Thank God for my Norton. But others are right, if you don't download any attachments, you should be fine, right? My cousin won't buy any AV software, yet he's constantly having virus trouble. IS there any way to get a virus other than running an attachment? Would the preview pane in Outlook execute a virus? Can hackers install one without you knowing it?
can anybody recommend me a anti virus since mine just expired, i don't know what to choose between NAV 2004 pro of MCF 8.0 pro
also how do you know if you have SP1 for windows xp pro?
thanks in advance
also how do you know if you have SP1 for windows xp pro?
thanks in advance
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter