|  |
|
| |
By: Da Sissop
Date: 5/4/00 10:27:07 AM
# Replies: 41
So? Did anyone here *not* get a copy of the "ILOVEYOU" worm today?
Response #1
By: The Sorcerer
Date: 5/4/00 10:30:03 AM
We had a few isolated cases. I didn't get one though.
Sorc'(Rev)
Response #2
By: Ralf
Date: 5/4/00 2:12:40 PM
What's cool about THIS worm is thast you also get the source code.
:-)
Response #3
By: Gowan McGland
Date: 5/4/00 5:54:02 PM
I didn't get it personally or at work. As a matter of fact, only one person at work got it and we stopped her from running the attachment in the nick of time.
HOWEVER, one of my vendors got it and it destroyed them. A friend of mine who works at a development company said he'd been getting it all day and had already created a rule in his email to automatically delete it. A former co-worker who works at BCOM said it hit them pretty hard, too.
Now I understand that it has mutated to be ttled "FW:Joke" with the attachment "Very Funny Joke". Apparently, some of the virus scanning
updates that were put out today where name based, and so they may not
catch it. Of course, if someone is dumb enough to open an attachment
like that after today, they may deserve what they get.
Response #4
By: Da Sissop
Date: 5/4/00 6:59:51 PM
Anybody here read Yugoslavian?
http://www.deja.com/getdoc.xp?AN=574334357&fmt=text
This guy seems to be making reference to some of spyder's earlier handiwork... in fact, this sounds like the win-bugsfix.exe component that the worm tries to download. Dunno if this guy is the author or just another victim, though.
I've emailed this message to KHOU-TV, MSNBC, and a Yugoslavian translator I found via a websearch. So far I haven't heard anything back.
Response #5
By: Da Sissop
Date: 5/4/00 7:16:40 PM
I want my fifteen minutes of fame, dammit!
Response #6
By: Zane T. Dark
Date: 5/5/00 7:32:53 PM
"Go Fang, Go Fang!"
Zane does washtub...
It showed up twice in my email today...from some dude in China no less, never heard of the loser. Besides, I tend to be suspicious of any email contianing the words 'I love you' from any person with a male email handle..
..except for that stuff from Format.
Response #7
By: Ralf
Date: 5/6/00 6:57:11 AM
Well THAT explains why you never answered my letters.
Response #8
By: sooz
Date: 5/6/00 7:14:06 AM
Apparently there's a couple dozen mutations of it now - one is called "Mother's Day GIft Receipt" - of course you wanna open it, to see what some bozo is charging you for, ya know?
Anyway, nope, I didn't get it, not even once. Wow.
Response #9
By: Ralf
Date: 5/6/00 2:32:51 PM
The mutations are because idjits look at the vbscript sourcecode for ILOVEYOU, go "HAYYYY!!!!1! EYE KAN MAEK MIE OWN VYRUZ!!!" change a few lines and forward it onto the world again.
Once the current crop of virus scanners wise up it'll be pretty harmless.
Response #10
By: Homer The Brave
Date: 5/8/00 3:10:29 PM
Finally, after a half-dozen or so of these email viruses have done a bunch of damage, I heard a guy on NPR offering the opinion that: Microsoft email client systems are as much to blame as the virus authors. Like it took this long for tech reporters to figure out that there are email systems that *aren't* vulnerable to such attacks.
Sigh.
Response #11
By: Da Sissop
Date: 5/8/00 5:56:28 PM
Umm, in this case there may be *operating systems* that aren't vulnerable to Visual Basic Scripting attacks... but the email client was irrelevant if the user launched the attachment.
Response #12
By: Gowan McGland
Date: 5/8/00 10:44:12 PM
Why aren't there more viruses on Apple computers, you say? Is it because Apple's OS and systems are so much more virus-proof and better than PCs?
Or is it because there's a much larger installed base of PCs and thus the virus and its author are likely to get more attention when attacking them?
Response #13
By: Ralf
Date: 5/9/00 6:05:20 AM
The users who got infected with ILOVEYOU were foolish.
Heck, Outlook even WARNS you about opening attachments. It's not like ILOVEYOU exploited some undocumented back door in Windows, climbed in thru the printer port and strangled the hard drive.
Let's see... I have unprotected sex with a bunch of strangers, and I catch a horrible disease that makes my dick fall off. I know! I'll blame Ford Motor Company for allowing me to drive around town to get laid.
Sheesh!
Response #14
By: sooz
Date: 5/9/00 6:22:41 AM
Kinda like "There are fewer murders by in the Arabic community of Austin." That's because there's fewere Arabs. Like that?
Response #15
By: Seventh of Seven
Date: 5/9/00 6:54:25 AM
i sort of agree with ralf. users should be smart enough to keep away e-mail bombs.
but! i myself have been a victim of a "i love you" type virus named "pretty park." The message was from a friend and said something to the effect of "this is pretty cool :)" and had an executable attachment. if this came for me from a complete stranger, i'd have chunked it, but it's deceptive when you get something from someone you trust.
Response #16
By: Gowan McGland
Date: 5/9/00 7:06:36 AM
Luckily, Pretty Park isn't particularly damaging, it's just annoying.
The thing is, though, that virii are being written craftier and craftier. These days they go through your entire address book and email themselves so they look like an email from you to a friend. They disguise themselves as receipts for mother's day gifts. However, the payload themselves aren't the things that are being better written, it's the hooks to get you to run whatever it is that launches the virus.
If we could just get rid of users, my job would be a lot easier.
Really, though, the only recourse is to always have updated virus definitions and keep informed. I update the virus scanner at work on the email servers weekly. Sometimes more than that if there's a particular nasty out there. That way my users don't generally have to worry about it. However, we still run a virus scanner on their desktops, too, in case they bring something from home or on a disk or whatever. I don't understand why ISPs don't have a virus scanner running on their servers. I mean, people are still getting virii from years back (Class? NATAS? Michelangelo? Anti-CMOS?) that should have been filtered out and killed long ago.
Oops. I went on a rant.
Response #17
By: Da Sissop
Date: 5/9/00 7:41:19 AM
Helpful hints for the day: Never open any attachment that isn't a .jpg, .gif or .txt file.
If it's an extension you don't recognize, don't open it.
If it's an .exe file, don't open it. No animated greeting card is *that* funny.
If it's a Microsoft Office document, don't open it, and if for some reason you feel you *must*, hold your SHIFT key down as you launch it... Little-documented feature that prevents macros from running.
Response #18
By: Homer The Brave
Date: 5/9/00 11:06:15 AM
I read today that if you told Windows to show you the whole filename, the iloveyou file would be something like iloveyou.txt.vbsomething, so a file could conceivably be called iamavirus.jpg.vbsomething and you'd see iamavirus.jpg.
And Gowan, I wasn't boasting that Apples are better than Wintel (even though they are... {g}). I was saying that the media has been covering these email viruses as though they were part and parcel of being online, when in fact they hadn't really been around like this (a new one every week it seems) before a certain large software company decided that they invented the internet.
Response #19
By: Da Sissop
Date: 5/9/00 11:21:47 AM
Oooh... I dunno if it applies to email attachments, but yeah, the *default* behavior of Windows 9x is to hide file extensions of "known" file types. So, if your system "knows" .vbs files, you wouldn't see the extension in Windows Explorer.
Response #20
By: Ralf
Date: 5/10/00 5:36:32 AM
But even without an extension, you can still tell by looking at the icon. A little picture you don't recognize, or the "Windows System Component" icon should be a clue.
People who lock their doors, lock their cars, buy home security systems & car alarms and walk only in well-lighted areas will happily open a virus sent to them via email.
What's wrong with this picture?
Response #21
By: Roxanne
Date: 5/10/00 6:10:03 PM
Computer=cyber=not real. Nothing real happens=nothing bad can happen. It's just a bunch of 1's and 0's.
I think most people still regard the computer as a "toy".
Response #22
By: Homer The Brave
Date: 5/10/00 8:50:38 PM
They ARE toys. Just on a different level.
Response #23
By: Ralf
Date: 5/11/00 5:35:16 AM
I beg to differ. They WERE toys, at least in a lot of people's minds.
Now that PC they bought to play games is tracking their finances with Quicken, buying/selling stocks on Ameritrade, storing digital baby pictures and email from grandma.
ILOVEYOU forced a lot of people to re-evaluate their feelings about the family computer.
Response #24
By: sooz
Date: 5/11/00 6:29:04 AM
Lots of us make our living online. Our computers crashing are akin to telephones going down for people that do telemarketing.
Response #25
By: Zane T. Dark
Date: 5/11/00 9:36:08 PM
Too bad nobody could write a virus that actually fixes Windows.
Response #26
By: Homer The Brave
Date: 5/12/00 12:47:34 AM
Viruses are part of the innovation that Bill Gates wants to protect by letting the free market determine the fate of Microsoft.
Response #27
By: Ralf
Date: 5/12/00 6:07:09 AM
Oh, bullshit.
Neither Microsoft nor Bill Gates wants to protect viruses.
And you DON'T want a free market for innovation? What's the alternative? Government approval for everything?
Response #28
By: Homer The Brave
Date: 5/12/00 7:26:34 PM
Sometimes I yank your chain because it is so easy. :-)
Response #29
By: Ralf
Date: 5/13/00 5:29:46 AM
Back atcha, sweetums. We are SO predictable.
Response #30
By: rorschach
Date: 5/15/00 11:09:44 AM
actally no.... no copy here (mind you my home system has been down during the move and i haven't set it back up yet so I MAY have a few million copies awaitin it's return....) we run Lotus Notes which of course is immune.....Halliburton's mail server was taken offline (while halliburton's MIS department swore nothing was offline mind you...)
Halliburton is just embarrassed that every mail worm that comes down the pike hits them but not us..... but they want us to convert to THIER system..... fuck THAT!
Response #31
By: Ralf
Date: 5/16/00 5:29:30 AM
Notes is immune from this one, but Notes has its own scripting language that could be abused to create a worm. Nobody's done it yet because there aren't enough interconnected Notes installations to warrant the effort.
And no email system is immune from being mailbombed by 20 zillion copies of ILOVEYOU.
Response #32
By: rorschach
Date: 5/17/00 9:45:14 AM
True, and there was some of that here... because we have a shared address list with big red, there were a few people that got a couple hundred copies each. But we didn't replicate it so as far as reproductivity goes we were a black hole, shit came in and vanished from sight. and you are right as well about the scripting language. in fact we have a contractor in right now doing a whole website in notes script. this guy rocks too. our resident notes "expert" learned the hard way (throw him in a locked room with a machine and a manual and not let him out until he does something useful...)and he is pretty good, our ecn system and our engineering document management system is being moved to a notes based system that he wrote but this guy codes circles around him. but diversity is my point. diversity prevents shit like this. thats what scares me about java, if everything can run java as a native app, a java worm can hit anybody then.
Response #33
By: Fierce Pancake
Date: 6/13/00 8:41:32 PM
Or even worse, the Mahir virus.
IKISSYOU!
IKISSYOU!
Response #34
By: The Professor
Date: 6/20/00 8:40:29 PM
We are still getting copies of this every now and then. The annoying part is that everytime this virus is ran, it overwrites the jpeg files on the shared network drives.
Response #35
By: The Sorcerer
Date: 6/20/00 9:54:57 PM
That's why all of our jpeg & mp3 files are global read-only. The spreadsheets, documents, datafiles...well who care about that stuff anyway. :)
Sorc'(Rev)
Response #36
By: The Professor
Date: 6/21/00 8:23:23 PM
It's a wonder that the author didn't include all MS Office documents -that would have been devastating to a lot of companies.
Response #37
By: The Sorcerer
Date: 6/21/00 10:03:45 PM
That's a feature in Rev 2.0 :)
Talking to a friend who's office was nailed pretty hard, if they had targeted .DWG and such CAD file extentions they would have been in worse shape than one that eats .DOCs and .XLS
Sorc'(Rev)
Response #38
By: The Professor
Date: 6/22/00 7:31:43 AM
Did Microsoft ever patch their scripting host? It seems that they took the trouble to warn you if you open a Office document that contains macros, but I didn't think it does anything by clicking on a .VBS file
Response #39
By: Da Sissop
Date: 6/22/00 8:32:17 AM
Well I dunno if this is true, but I heard that the *patch* to Outlook was to not let you execute attachments. Like, you'd *have* to save them first.
Response #40
By: Ralf
Date: 6/22/00 11:56:42 AM
That's LAST month's patch.
The current patch (available now) is pretty ridiculous: it simply won't let you open ANY attachments, except for a few "known safe" extensions, like .GIF, .JPG, and .DOC files. Seriously.
Which is pretty silly, since .DOC files can contain Word macro viruses.
So in one fell stroke, Microsoft has made Outlook incapable of receiving most attachments. Way to go, Redmond.
Oh, and it *also* monkeys with all sorts of other semi-related Office settings, which can disable your non-email related macros and VBA routines. Bottom line, use some common sense and DON'T install the Outlook upgrade from Microsoft.
Response #41
By: The Professor
Date: 6/23/00 7:50:41 AM
Does it also disable ANSI bombs?