Clearing Out From Under MyDoom
from the okay,-okay dept
I’ve been avoiding posting about the whole MyDoom virus/worm thing – since just about everyone knows about it. However, everyone also keeps submitting it, so just to get it out of the way, let’s do a big MyDoom post that seems to hit on some of the less-well-covered aspects of the latest virus considered to be one of the biggest ever and likely to continue causing problems for months, if not years. By now, you’ve probably heard that it’s designed to hit SCO’s server with a denial of service attack, but what’s much more interesting is how people have reacted to this news. Because the virus will attack SCO, some actually think it’s a good thing, which is absolutely ridiculous. Slowing down the entire internet to make a stupid point about a lawsuit (where the company has been shooting itself in the foot all along) doesn’t do much to help. Though, there is the amusing suggestion that maybe SCO released this themselves to generate sympathy and give them more excuses for not unveiling the disputed code. Still, the most interesting thing to me (which hasn’t received much attention), is that this virus also was programmed to avoid being sent to federal agencies, military addresses, or security software companies. It sounds like they were hoping to stay a bit under the radar for a while – and somehow believed that this might allow it to spread further without getting recognized and stopped. In the meantime, I’m still wondering who the hell clicks on these attachments?
Comments on “Clearing Out From Under MyDoom”
It's a good thing ...
Begin Rant:
As an email administrator, I have witnessed firsthand how email became such an indispensable tool in every corporation. I have also witnessed how it has become virtually useless …. primarily because of two things that email allows: automatic sending of mail and the corruption of mail headers.
Email’s usefullness will continue to erode. Bill Gates’ statement that “spam will be gone in two years” was laughable. If Bill Gates thinks he has two years to solve this problem, he is sadly mistaken. This problem needs to be solved two years AGO.
The first solution is to DITCH the SMTP protocol. Re-write it from the ground up. As soon as something better is written, something that doesn’t allow “spoofing” it will be implemented by just about every corporation in the first two weeks. Won’t eliminate spam overnight, but will cut it down to size within a month.
Secondly, Standard email clients should not be written such that they have the ability to “automatically” send out anything. The only conceiveable usefullness of this feature is the Out of Office reply. Come on, be honest, is this “feature” really all that indispensible. When’s the last time you got an out of office reply that you didn’t immediately delete (or write a rule to automatically delete!!!)
Other “fully automatable” email clients can be written for those who need them, but Outlook’s (and Notes, and Groupwise) biggest achilles’ heel is that it will automatically send a message to someone.
Get rid of it. Don’t need it. Don’t want it.
End Rant
Tricky
I’m still wondering who the hell clicks on these attachments?
This one is really tricky. The bounced email message looks real, very legitimate. I know two intelligent computer people who managed to get infected.
I was almost infected too. For some reason my McAfee automatic update Sunday night didn’t protect me, I had to go do a manual update. Same for a friend of mine.
Re: Tricky
This one is really tricky. The bounced email message looks real, very legitimate. I know two intelligent computer people who managed to get infected.
What is so tricky about it? I am sorry, I just don’t see how you could miss a .pif, .scr, .bat, or .exe (or even .doc or .dot) extension on a file attachment. If one of your legitimate users sends you one of these files, send a message back to them asking for it in a different, non-executable format. What happened if it was your friend who sent you the virus, would that somehow make it any different then a virus stealing a name out of the victims phone-book and attaching that to the email containing the virus?
If you are using a mail browser (i.e. Outlook Express or Outlook) that hides file extensions, get rid of it and go with one that doesn’t (Mozilla works fine.) There is a point where Microsoft should take responsibility to prevent these files from being executed via email (rather than just open up a stupid dialog box that everyone ignores.)
The reason viruses spread is because most users aren’t patient enough to think about what they are doing. If people took the time to think about what they were doing, we’d definately have a lot less viruses. Unfortunately, Microsoft shares a lot of the blame because they make it so darn easy to do things without thinking…