Well, my security was breached. ;)
My main email address, which generally doesn't get spam or viruses (I haven't gotten any viruses, except for like 2 a few weeks ago that may have been some, I'm not sure). Anyway, today I got 4 copies of the new W32.Netsky.D@mm (http://securityresponse.symantec.com/avcenter/venc/data/[email protected]) virus. I'm signed up for a newsletter at the local school district, and apparently these have been going around the school. And some of the phony From addresses had the school domain. So I guess I know my source.

Anyone else get this worm?

Unfortunately, the problem is that protection for this worm only came out today, the same day it was discovered. In essence this is very close to the first "zero-day" worm, and it's going to get increasingly hard to protect against things like this. :(

But since I read my mail on a Linux box, I'm invulnerable unless I copy the file over to my Windows box manually. 8)

--janak

... it's going to get increasingly hard to protect against things like this. :(
And why is that? Because users are stupid. I'm sorry if you've infected yourself with a virus and are offended at my calling you stupid, but there's simply no excuse for this crap. Yes I'm in a grumpy mood because I've spent the entire day disinfecting systems here at work while other projects had to get pushed back again to put out fires. (Thank you McAfee for Stinger (http://vil.nai.com/vil/stinger)!) The most maddening thing about all this is that well over 90% of the viruses that have come out in the last two or three months would not spread if stupid people didn't run the attachments they get in their e-mail.

After all the press that viruses have gotten recently even in mainstream media, why anyone would open a zip file named nj72dai.zip and run whatever was in it is simply beyond me. People, you don't need to open an attachment simply because it's there. The fact that it appears to come from someone you know is not enough to consider it safe to open. If you don't have a virus scanner, get one, set it to update itself automatically every day, and use the thing! It's important to keep in mind, however, that even the best, most up-to-date virus scanner will never be 100% effective. Users must take some responsibility upon themselves and simply think before they click.

Not yet, but I haven't been home yet. The network guys at work keep this stuff out pretty well.

Hope I don't take this off-topic: As I understand it, an infected email has to be "read" to launch. "Read" meaning actually opened or with some nasties, Outlook's auto-preview enabled or preview pane active. I'm hoping that's still true.

Here's why: Often my wife leaves her PPC plugged in the cradle at home. So, even with her Outlook "closed" (no window open), it is running. Her PC beeps when a message is received and her PPC is plugged in, because the PPC is synching w/ Outlook. I'm hoping that doesn't present a problem with new viruses/worms. Just thinking out loud...

Just checked my SAV client, I had two of this virus in quarantine (plus 2 of W32.Sober.C@mm). I usually get 5-10 viruses a day. With the Outlook spam detector on, I get 5-10 of every 100 e-mails sent to my account. Unfortunately, however, a lot of the viruses make it past the spam detector. Kind of annoying, but SAV is auto updated from my home server, so I never worry about it.

And why is that? Because users are stupid.
Only partially. I described a simple idea to my officemate. I predict it will happen in the next 12 months.

"Build a worm that hijacks any outbound port 25 traffic, grabs the legit attachment being sent, puts it in a zip with it as a installer or self-extractor or something, and have the worm install itself while it extracts the contents."

Now, how is the average consumer supposed to protect against that?

The real solution is a more proactive stance towards nonprivileged execution. Windows should be easier to run in non-Administrator mode, and should be leery of allowing any arbitrary .exe, .pif, .etc to run. UNIX systems already take this stance -- if you want to execute an attachment, you must save it, go to a shell prompt or a file manager, go into the file's properties, and set the executable bit. And, even then, no UNIX user ever runs as root. (Of course, other things are also hard in UNIX, which is a problem in-and-of-itself.)

If you don't have a virus scanner, get one, set it to update itself automatically every day, and use the thing!
This is no longer good enough! All the servers I manage do a virus update every morning, but Symantec only released this update to their servers after 10am or so. I had to go manually update all the servers this morning after I noticed it by chance. Now I'm going to have to go see if I can reduce the time to every 6 hours or so...

--janak

This is no longer good enough! ...
Which is why I typed the sentence which immediately followed that one. ;)

Which is why I typed the sentence which immediately followed that one. ;)
Yup, and I was reiterating. ;) Unfortunately, the situation's going to get worse in the short-term, not better. :|

--janak

Buy a Mac. :lol:


No, but in all seriousness..... buy one.


OK, OK.... But since I'm not a computer expert or anything can I ask a question? Why wouldn't this work...

When you get a Windowz PC and set it up for the first time it asks you for a user name. You give it let's say "PPCs_rock" and from then on anything on that machine's path is C:PPCs_rock/windowz/mydocuments or something like that. That way a virus can't be programed to automatically install itself in C:windows/startup or something.

Also I'm using OS X.3.x at home and any time I go to install something it asks for a password. Why don't Windowz machines do this? At least that way if some stoopid user thinks they're opening an .swf file to play a lame game and it tries to install on and wipe out their HD it might stop them.

Don't know. Maybe I'm being dense here. But it seems like one of these would at least help.

Buy a Mac. :lol: No, but in all seriousness..... buy one.
That's partly helpful, actually. Between UNIX and that the Mac OS is a smaller marketshare, it's more secure for now.

When you get a Windowz PC and set it up for the first time it asks you for a user name. You give it let's say "PPCs_rock" and from then on anything on that machine's path is C:PPCs_rock/windowz/mydocuments or something like that. That way a virus can't be programed to automatically install itself in C:windows/startup or something.
Why wouldn't the worm be able to find C:\PPCs_rock?

Also I'm using OS X.3.x at home and any time I go to install something it asks for a password. Why don't Windowz machines do this?
Actually, XP does this if you're a nonprivileged user. The problem is that most XP users are privileged by default. :|

--janak

Well, since I've never written a virus I don't know if a path has to be programmed in or if it can read it. Oh well.

Re: XP Privileged by default...

That Suxizzle. I guess Mac X sets you up to where you need a password to install anything by default. Which is fine with me. Though I've never gotten a virus on any of my Macs since I've owned them (about 5 years) better safe than sorry.