There appears to be an actual email worm in circulation right now, using the tried-and-true infection method of sending malicious emails to all of the names in a user’s email address book.
As of Friday afternoon, the malicious files had been deleted from the remote server in the UK that was serving as the download site for the malware. This move should effectively limit new infections, although machines that are infected already will continue to send out the emails until they’re cleaned.
The worm arrives via emails with the subject line “Here You Have” or something similar, and the messages contain a link to a site that will download a malicious file to the victim’s PC. The malware then drops itself into the Windows directory with a file name of CSRSS.EXE, which is identical to a legitimate Windows file, according to an analysis by McAfee researchers.
“The URL does not actually lead to a PDF document, but rather an
executable in disguise, such as PDF_Document21_025542010_pdf.scr served
from a different domain, such as members.multimania.co.uk,” the analysis says.
From there, it’s 2001 all over again, as the worm attempts to mail itself to all of the contacts in the victim’s Outlook address book. The malware also tries to stop any security software or anti-malware programs running on the machine. McAfee’s researchers found that the worm also can spread via network shares and AutoRun.
The SANS Internet Storm Center analysis of the worm says that the original malicious file that was being downloaded during the infection routine looks to have been removed from the remote site involved in the attack. Also, the malware at first was trying to contact a remote server to download other content. That domain has been blackholed, SANS analyst Marcus Sachs said.
This infection routine was made famous and perfected by malware authors in the early part of the 2000s, most notably with mass-mailing viruses such as ILoveYou. The difference with those earlier attacks is that the emails typically carried the malicious file itself and didn’t rely on a link to a downloading site. But the technique used to entice users to click on the attachment or malicious link is the same: Offer the user something he wants to see.
In the case of older viruses, they typically promised pictures of Anna Kournikova or Britney Spears. Now, it’s down to mundane things like “the document I told you about.” There appear to be several variants of the new worm making the rounds already.
I got one of those emails today at work. Moused over the link in Outlook 12, saw that it was really a .scr file, and deleted it.
This hit one of our affiliated corporate networks today around 12pm eastern. It was a mess.
hah hah hah hah! I’m so happy I’m now using Ubuntu as my main OS! hehehehehe!
This hit us too, over 300 users fell to the re-format axe. It shares out C:Windowssystem as an SMB share “updates” and drops a file named updates.exe, as well as an autorun.ini file pointing to it. It does the same to any writable file share it finds.
Using Linux has nothing to do with it, shut up.
Were your users administrators?
administrators users = stupid
non-windows machines have plenty to do with it
An Outlook address book? ha ha ha ha ha ha ha ha
No Microsoft, no problem.
Poor grumpy Windows users, you have my sympathy! (wipes away tear)
Interestingly the McAfee server we have is starting to report malicious files on our Linux workstations more and more. I believe MS users will be laughing in the face of Linux users who think they are impermiable to virus attacks and have no protection
impermiable is not a word. I think you mean impervious or impenetrable maybe?
It is a word, it was just the wrong one and was spelled incorrectly….
im·per·me·a·ble/imˈpərmēəbəl/Adjective
Actually, it is a word and it means non-passable.
I saw this hit the news last night. They claimed it was hitting everyone hard. I’ve yet to see a single instance of it at either place I work or at any of my personal e-mail addresses.
LINUX can be a host to infected files. It is possible to receive these emails carrying the link, and it is possible to click the link while in LINUX and initiate a download of the malware. It is less likely that the malware will be able to penetrate the OS and then be able to spread itself unless the LINUX user is running Outlook via Crossover or Wine.
This is still a security issue on networks that share files between different operating systems. Just like a mosquito can carry malaria, not be affected by the virus, but can still transmit the virus to humans.
From this standpoint it is still a good idea to verify that your files are not malware even on a LINUX system, especially if those files may be transferred to a Windows OS.
I’ve been able to do everything using Linux Mint I ever did using Windows.
I like using IBM Lotus Symphony which is free. It’s more refined imo than OpenOffice which it’s based on.
Glad to be using thunderbird on Linux.
I’m Glad to be using Tbird on Linux but running it as a different user than my login
You guys aren’t exactly covering yourselves in glory here.
The issue is some criminals doing serious damage to expensive installations, not abuse of the English language. If you worked together to do something constructive instead of trying to score preening points off each other then the rest of us could probably get more productive work done.
This should be marked as a troll.
Nothing to see here . . . move along . . .
We’re MS users but had no problems with any of these emails coming through. Our email traffic is filtered in the cloud with MessageLabs before it hits our exchange servers, so no issues here.
As usual, you windows guys miss the point. Linux is unaffected by this, even if you download it to a Linux box, you would have to transfer it to a Windows box and some numpty would have to execute it there, deliberately. The problem for Windows is the naïveté/gullibility/stupidity of users coupled with an OS that is far too easy to abuse (that and a truly horrible mail app in M$ Outbreak).
And as usual, most *Nix users miss the biggest point while trying the pat themselves on the back. It’s not a Windows versus *Nix issue on how easy it is to infect an OS. It’s about usability. When any flavor of *Nix becomes the predominant desktop flavor, the vast majority of the virii/worms writen will be targeted that direction. In short, those that write this crap are looking to cause the maximum amount of damage, and where’s the biggest market share? Oh yeah, Windows… Side note: how many *Nix users have taught their Grandparents sucessfully how to use Ubuntu/Fedora/etc?
Computer “viruses” have been around longer than windows.
I remember hearing about viruses when i was a kid (pre-windows days), so I did a quick search and…. From Wikipedia:
“1988
* ………………………………………..
* November 2: The Morris worm, created by Robert Tappan Morris, infects DEC VAX and Sun machines running BSD UNIX connected to the Internet, and becomes the first worm to spread extensively “in the wild”, and one of the first well-known programs exploiting buffer overrun vulnerabilities.”
I’m a *nix fan myself. I use Linux for a variety of things, and use FreeBSD as my Desktop. But those, especially in the Linux camp, have enjoyed both not being the “low hanging fruit” and being low enough in numbers not to be attractive targets to your average script kiddie. But that is changing.
The number of LInux users is growing, and not only that, but thanks to distros like Ubuntu that require very little learning to install and use, the number of users that know NOTHING about their systems is growing. Many of these people running Ubuntu would have no idea whether thier system was infected if it was, or even how to find out!
One thing I have learned in my years as a computer/network technician is that you CANNOT stop people from infecting their computers. Idiots moving from windows to linux will only create a generation of people infecting their linux computers. Once that happens, those virus/worm/trojan etc… writers will be more than happy to start helping them accomplish that by writing the code, and finding ways to help them get it on their machines.
Compile that with the fact that microsoft has been “borrowing” security practices from the *nix camp to prevent another security fiasco like we had with XP, and I think we are getting ripe for the time when people start going after our *nix boxes more and more.
Take a look around, there are already Trojans, keyloggers, IRC bots, etc that run on linux if you look hard enough.
Outlook blocks .scr files so not a problem with outlook.
Right on the money. *N?x is actually easier to hack than windows. Most who master the OS seriously lack security skills. Those that master it and have security skills have never been expressly targeted before.
My workplace Loblaws has been hit hard by it big time. I’ve gotten close to a hundred emails yesterday. With all employees contact list numbering in the thousands, everyone is getting hit with it across the country.
I’m happy you use ubuntu too, teabagger.
Is my coumputer safe if I use a condom?
Seems that comp buffs, are v.arrogant…calling peole idiots etc.Sad
I believe Symantec wasn’t blocking this until late Thursday, right? We installed an update Friday morning. Seems we lucked out and were not infected as the staff who received the emails didn’t click on the link. If they had, could any existing anti-virus protection have stopped it prior to late Thursday when Symantec issued their Rapid Release update?
1st email address in my list is a fake (not that I use any M$ email software), this helps to stop some of these type of viruses.
I have even seen car computers with viruses (infected on purpose) which could switch off the engine or even effect braking systems. These viruses needed the user to gain physical access to the car to upload the virus but more cars now are coming out with BlueTooth.
There are also a lot of mobile phone viruses too. So no matter what OS you may run it still relies on the end user to know their system to help reduce the risk of infection (that said, most users tend to be idiots, and the interfaces tend to treat them like idiots)
In the real world, no OS is secure. It is just simple numbers. Bigger user of OS makes the OS an easy target. Its like a buck shot gun, just shot and you will hit something coz too many of the users around. Trust me, its soo easy with windows a blind man could do it (a hacker is blind in terms of network awareness).
Some may not agree that Linux is safer but in general Linux was built from a different angle than windows. Unfortunately that angle is where hackers usually comes in. Fear not, all hope is not lost as I said no OS is secure. Linux is a bit harder but it is possible to hack it.
To all you here fighthing which is better just stop it. If you are on a windows just keep quiet and use it. Be happy with it, after all you paid for it. Its a good OS btw, Im using it also.
As for Linux user, dont be too happy and act like you are invincible to virus/worm. Its not. Spend like 12 years with it and you will understand it. What you understand can be dangerous to others.
Most of the time, its not the OS that is vulnerable. The best hacker in the world dont go brute force attack. What did they use? Go figure
This is pretty scary…. oh well I’m on a mac.
I’ve received none of these emails as yet, so must conclude that either
So we can conclude the discussion with the statement, that its more important to educate users than to argue on which OS to use.
P.S. -(But still Windows is horribly stupid…)
no one is completely immune to viruses I don’t care how secutre you think your system is it only takes one to really do damage. while windows machines will still be the most vunerable as they are being the most widely used, as Linux consinues to grow,writers will take notice of this and find ways to infect them too. I have played with Linux but I am not that familiar with it just yet. I have had Ubuntu,Xubuntu and mint installed on a virtual machine briefly but didn’t deal with it too much. it all boils down to the user in many cases. if you click on everything you see, you will get infected no matter what you run. but the idea that because you run a certain system you won’t get infected isn’t true. (and if you noticed even antivirus software is becoming avaiable for macs that alone should tell you something)
That’s correct. Using Linux has nothing to do with it. Hahaha. This is a Windows only worm and will not execute on Linux.
It’s the autorun capability that’s stupid. What kind of idiot engineer puts that sort of capability into an OS these days? We learned nearly 25 years ago that it was dumb, with the Amiga.
As for using Linux, well, that’s helping with the problem in a different way — avoiding monocultures. It may not prevent the spread of such worms (after all, you probably know someone who uses the same OS as you, and have their email address in your address book), but it significantly lessens the impact on society as a whole.
It’s probably a good idea to keep at least two different systems at home and work, so that if one system is compromised by this sort of exploit, the other can still be used. Alas, there’s really only 4 options these days: MSWindows, OSX, Linux, {open/net/free}-BSD.
Of course, if we can’t fix user-behavior (oh, an attachment, I shall click on it!), we’re doomed anyway. That being said, it’s Just Not Right to expect a normal user to know that .scr is one of the dangerous suffixes. Both Microsoft and Apple ship their systems with “hide extensions” *enabled*, acknowledging the fact that users don’t know / don’t care what a suffix is.
Linux advocates should shut up, as it’s a bad idea to lure *those* sorts of users.
You’re confusing *NIX users with *NIX advocates.
You’re also confusing market share with usability, and equating it with vulnerability.
There have been worms written for non-CISCO smart switches. That’s a tiny, tiny fraction of the machines out there, with a miniscule fraction of the market… and yet, malware exists there, as well.
It’s all about vulnerability. It’s EASY to write a virus for MSWindows, because the OS encourages the users to be idiots. These people writing worms and viruses are all about opportunity, and Microsoft has been a traditionally rich place for such opportunities. Thus, Microsoft has the majority of the malware.
Other OSes aren’t exempt. Put an unpatched and misconfigured RedHat 4.2 box on the ‘Net, and it’ll be compromised in short order. (If you expected otherwise, the Linux community will mock your stupidity. This is typical of *NIX users. They’ll tell you that you’ve been stupid, and *expect* *you* *to* *improve*.) There are some pretty cool forensic tools for determining when and how an intruder compromised a *NIX machine, which indicates that it happens with some regularity. But rarely to the same user in the same way.
But that might be the key difference — a *NIX user who allows their machine to be compromised will be told “Wipe it and restore from backups, you idiot.”, while the MS user will be told “it’s not your fault, it’s the evil people out there, let’s see if we can disinfect the machine.” .
As for Grandparents using Linux…. I know several Linux users who have their non-technical parents and grandparents using Linux. I personally can’t stand Gnome or KDE (I hate MS’s UI, and both Gnome and KDE ape it), so I got my parents a Mac running OS X. The biggest threat to the machine? The Grandkids, who grew up on MS machines, and have absolutely *lousy* personal computing habits.
Due to, I’m sure, not being told they’re an idiot when they do something stupid.