OT: SWEN worm



Status
Not open for further replies.
Captain's log. On StarDate Sun, 21 Sep 2003 14:01:42 -0500 received comm from "Tim McNamara
<[email protected]> on channel rec.bicycles.tech ":

: In article <[email protected]>, Martin Törnsten
: <[email protected]> wrote:
:
: > Captain's log. On StarDate Sat, 20 Sep 2003 21:33:05 -0500 received comm from "Tim McNamara
: > <[email protected]> on channel rec.bicycles.tech ":
: >
: > : In article <[email protected]>,
: > : -= ®atzofratzo =- <[email protected]> wrote:
: > :
: > : > On Sat, 20 Sep 2003 11:08:03 -0500, Tim McNamara <[email protected]> wrote:
: > : >
: > : > >Thank you Microsoft for creating so *many* opportunities for creative software writers.
: > : >
: > : > If the tables were turned and the predominant OS and computer was made by Apple for the last
: > : > several years, you'd be blaming them instead of MS. The dickheads that write bugs write them
: > : > to infect the greatest number of computers at one time, hence Windows attacks.
: > : >
: > : > Blame the dickheads that write the bugs, not the dickheads at Microsoft.
: > :
: > : Unfortunately it is a team effort between the various dickheads. Microsoft creates the climate
: > : in which the vermin can flourish.
: >
: > Don't be that foolish Tim. Apple also creates a lot of such opportunities (and even free
: > software like Linux), but just like with most applications and software in general, also virus
: > and worm makers has less interest and support for platforms who isn't used by that many people.
:
: While there is some truth to what you say, Windows is far more rife with security holes than the
: Mac OS (either OS 9 and earlier or OS X)

See further down in my comments.

: or any flavor of Unix. It's simply easier to write worms, viruses and

I quote this (from Paul Thurrott wininfo short takes):

Linux Still Less Secure Than Windows On the flip side of the coin, I should point out that Linux
still suffers from far more security bugs and other vulnerabilities than Windows does. Researchers
at mi2g Intelligence Unit, which has been tracking and verifying computer-based vulnerabilities
since 1995, say that in August 67 percent of all successful and verifiable attacks against servers
targeted Linux, compared with just 23.2 percent that targeted Windows--and August was the month
during which SoBig.F and MSBlaster hit. Furthermore, 12,892 e-business sites running Linux were
successfully breached during that month, compared with just 4626 sites running Windows. Windows
vulnerabilities get more press because more people run Windows on the desktop, so any Windows-based
worms or viruses will generally affect a far larger group of individuals. But anyone who thinks that
jumping to Linux is a cure-all should think again. Even if you don't consider the usage numbers,
everyone's favorite open-source poster boy is still a huge target for attackers.

: Trojan horses for Windows. It's not merely a matter of installued user base, it's also a matter of
: ease and accessibility.

I thin your deluded my dear Tim.

The Open SSH bug didn't hit you? I hope you patched that one (I think Apple has a big fix out for
that one, which I can strongly recommend).

http://security.itworld.com/4343/030917certssh/page_1.html

: Apple has been far better at identifying vulnerabilities and fixing them than has Microsoft. A fix
: is usually available within 24 hours of a vulnerability being identified, installable with one
: click of the mouse. Like you, in the 17 years I have been using Macs I have never

It was quite amusing (as you claim that Apple is, and always has been better than Microsoft) to see
a common bug hit a lot of different operating systems in 1998 I think it was. It was an old bug in
the TCP/IP code from BSD, which most systems was derived from. If you sent a ping with a non
standard packet size you could cause a buffer overflow and crash the stack. How fast did the
different operating systems get a fix for this common bug? Well, the Linux community had a fix 1-2
days after the known problem. Microsoft provided a fix for Windows NT after 4-5 days. After 45 days
they bothered to provide one for Windows 95 (which they didn't think was as mission critical as it
was mostly targeted for home users, which I can agree with). How did Apple manage? Well IIRC it took
them over half a *year* to provide a fix for Mac OS.

Lesson learnt? Well I fully agree Microsoft can do better with security (just like I think the Linux
community can), but Apple is far from the gods like you seems to hold them.

: had problems with a virus infection- the basic OS is quite secure, the virus protection software
: is effective, and Apple has proven to be quite vigilant (as befits a company with a small fraction
: of the market).

And my basic systems are quite secure as well (even if their under much more attack from virus
makers and others, than your much less commonly used system).

Your point? I really don't think you have any.

My point? I have in fact two points I try to make here:

1. Windows with it's extremely big market share is in deed the target for most software developers,
both the good and also the bad ones.

2. Regardless of which operating system you chooses to run (I'm actually quite found of Mac OS X and
like it a lot, if I had a Mac myself I would love to use it more) you should be paranoid about
security and not take a too relaxed view about it (whatever reason you have that you try to talk
yourself into that you somehow is not a possible victim).

Best regards,

martin törnsten

--
http://194.236.153.211/
 
I am getting killed with hundreds and hundreds of Microsoft mailings.

Check this out: My Server,Optonline, states I should OPEN each e-mail and forward them to
[email protected]. What a bunch of morons!!!!

DO NOT OPEN THESE MAILINGS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Anyway, go to the McAfee site and download STINGER. Also Norton has a removal tool. I do not have
the virus IN my computer, as I scanned with two different AV programs. However, I am on the
mailing list.

ALSO, simply use your filter located in the OUTLOOK TOOLS and enter the word MICROSOFT and its
variants being used in the SUBJECT and TO/FROM box. The mailings are no longer being forwarded to my
OUTLOOK EXPRESS but are piling up at my servers webmail access page.

Luigi Bruno
 
On 21 Sep 2003 15:47:45 -0700, [email protected] (GoCycle) may have said:

>I am getting killed with hundreds and hundreds of Microsoft mailings.
>
>Check this out: My Server,Optonline, states I should OPEN each e-mail and forward them to
>[email protected]. What a bunch of morons!!!!

Cablevision, the owner and/or host of optonline, is sufficiently clueless about a lot of things that
some of their address space has landed in some anti-spam blocklists.

One of the observed effects of the propagation of the Swen worm is the installation of a proxy
server on the infected machine, which provides a means for spammers to hijack the resources of the
machine (among other things.)

There has been speculation that one or more professional spam organizations are actually behind
the recent worms that install spammer-abusable proxies. It has also been posited that certain ISPs
are spammer-friendly. Draw your own conclusions about the effects and implications of the advice
you received.

>DO NOT OPEN THESE MAILINGS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Globally: *never* open an attachment with any of the following extensions:

.scr .pif .exe .com .vbs

Treat files with the following extensions as taboo unless verified with the source explicitly
*before* opening:

.doc .xls .wks .zip .rar

There are other data file types which could also include scripts that can perform malicious acts on
your system. The safest approach to attachments is to ignore them, but if you're using Outlook
Express in its default configuration (and you don't have the very latest security patches
installed), then you may end up opening some of these attachments by default *without doing anything
more than looking at the message itself.* This is yet another reason why experienced users tend to
avoid Outlook Express if there is any alternative available.

>ALSO, simply use your filter located in the OUTLOOK TOOLS and enter the word MICROSOFT and its
>variants being used in the SUBJECT and TO/FROM box. The mailings are no longer being forwarded to
>my OUTLOOK EXPRESS but are piling up at my servers webmail access page.

If you have a mailbox size limit, you will quickly stop receiving mail altogether. Those attachments
are over 100K in size. 100 of them is over 10 Mb of mail. An active Usenet user may get 100 of the
current worm emails in an hour or less. It's important, therefore, to *delete* them from the server
rather than just ignoring them.

--
My email address is antispammed; pull WEEDS if replying via e-mail. Yes, I have a killfile. If I
don't respond to something, it's also possible that I'm busy.
 
Werehatrack wrote:
> On Sun, 21 Sep 2003 12:47:47 GMT, richard <[email protected]> may have said:
>
>
>>That's the snag (for me, anyway)! Need to wait around for all those worms to download, then
>>acknowledge all the virus detection pop-ups. Oh yeah, then go clean out my quarantine. Then blow
>>away a real message because it was tucked in between a couple of the worm carriers...
>
>
> First, change the settings on your virus scanner to "silently quarantine" the virus files, and you
> won't have to deal with all th popups.
>
> Second, add a filter in your email client that will spot the line that's changed relating to the
> deleted attachment, and use that as an indicator to delete the message itself (or move it to a
> different folder).
>
> Then, if you're not on a dialup, leave the email clinet running 24/7, set to grab mail every 60
> minutes, and the overflow problem is handled.
>
> I had to do this for my S.O.; she's getting 20 to 30 per hour, and that results in a mailbox
> overflow in about 4 hours.
>
> --
>

I'm getting ~200/day either the M$ fake update or the returned mail ****.

I don't use my AV program to filter my email, but have nothing auto-executing and I am not mouse
click crazy.

I have the email setup to check every 120 sec for new messages and to automatically download them.

I use the latest Mozilla Mail with the spam blocking turned on and after a few learning runs it is
now identifying the rejected mail and fake updates as spam and automatically putting them in the
"junk" folder without my intervention.

My (W2K) home machine is updated with current M$ critical patches (real ones), all current Trend AV
updates and located behind a router/firewall with the offending ports blocked.

Lots of traffic but not much hassle.

Marcus
 
In article <[email protected]>, Martin Törnsten
<[email protected]> wrote:

> The Open SSH bug didn't hit you? I hope you patched that one (I think Apple has a big fix out for
> that one, which I can strongly recommend).

Thank you for your concern. That bug never hit me, for several reasons.
 
In article <[email protected]>, Martin Törnsten
<[email protected]> wrote:

> I thin your deluded my dear Tim.
>
> The Open SSH bug didn't hit you? I hope you patched that one (I think Apple has a big fix out for
> that one, which I can strongly recommend).

Not a problem, thanks for asking.

> It was quite amusing (as you claim that Apple is, and always has been better than Microsoft) to
> see a common bug hit a lot of different operating systems in 1998 I think it was. It was an old
> bug in the TCP/IP code from BSD, which most systems was derived from. <snip> How did Apple manage?
> Well IIRC it took them over half a *year* to provide a fix for Mac OS.

Hmmm. 1998, eh? Don't recall that episode at all. Must not have affected me. Let's see, prior to
December 1998 I was running OS 7.5.5 and after that I was running 8.5.1/8.6 when I replaced my
computer. Maybe I just lucked out and skipped that problem? Man, OS 8 sucked rocks. OS 9 was barely
any better. I almost gave up on the Mac and started using NetBSD/m68k. OS X is the only reason I
still use a Mac. Windows was never an option to consider. Resistance may be futile but I don't care
to be assimilated all the same.

> Lesson learnt? Well I fully agree Microsoft can do better with security (just like I think the
> Linux community can), but Apple is far from the gods like you seems to hold them.

Gods? Certainly not. Just better than Microsoft in this area. Not that it's all that hard. After
all, Microsoft announced the existence of, what, 5 significant or critical security holes in Windows
just in the first 10 days of September. Not to mention a couple of nifty new worms, too. The
Computer and Communications Industry Association has recommended that the US government avoid
Microsoft products because of abysmal security:

http://www.ccianet.org/letters/dhs_030827.pdf

> : had problems with a virus infection- the basic OS is quite secure, the virus protection software
> : is effective, and Apple has proven to be quite vigilant (as befits a company with a small
> : fraction of the market).
>
> And my basic systems are quite secure as well (even if their under much more attack from virus
> makers and others, than your much less commonly used system).

Yours might be; unfortunately that is not the case for millions of other users.

> Your point? I really don't think you have any.

Cheers to you, too. Nice to see that condescension isn't a lost art.

> My point? I have in fact two points I try to make here:
>
> 1. Windows with it's extremely big market share is in deed the target for most software
> developers, both the good and also the bad ones.

Windows is a cyber-petri dish, as has been shown time and time and time again- whether you like to
admit it or not. Every OS has vulnerabilities, but Windows leads the way in sloppy workmanship.

http://www.washingtonpost.com/wp-dyn/articles/A34978-2003Aug23.html

In addition, a Windows exec publicly admitted at an Australian industry conference that one-half of
all Windows crashes are caused by Microsoft's own code and not the code of developers. This was
only about two weeks before Bill Gates told the NYT about how proud he was of Microsoft's
improvements in security (in the midst of the Sobig.F and MSBlaster outbreak. I guess Bill doesn't
actually *read* the NYT).

And just for fun:

http://www.economist.com/business/displayStory.cfm?story_id=2054746

> 2. Regardless of which operating system you chooses to run (I'm actually quite found of Mac OS X
> and like it a lot, if I had a Mac myself I would love to use it more) you should be paranoid
> about security and not take a too relaxed view about it (whatever reason you have that you try
> to talk yourself into that you somehow is not a possible victim).

I am not at the level of paranoia, but on the other hand I do know how to do pretty good security
with my computer. 'tain't at all hard to do with ipfw and a couple o' NIDS.
 
Tim McNamara <[email protected]> wrote:
: In article <[email protected]>, Martin Tornsten
: <[email protected]> wrote:
:
:> The Open SSH bug didn't hit you? I hope you patched that one (I think Apple has a big fix out for
:> that one, which I can strongly recommend).
:
: Thank you for your concern. That bug never hit me, for several reasons.

not the least of which is because there has been no demonstrable remote exploit for that bug yet --
just a lot of talk. second of which ssh is not on by default in Mac OS X. openbsd is a different
matter (it is) so if someone comes up with an exploit that pre-existed the exposure (tick-tock) theo
may have to count++.

now please don't mention sendmail which probably accounts for 50% of unix security bugs and just had
a new remote exploit of its own last wednesday.

2 nice words, tho: full disclosure. microsoft ain't so good about that. they'd undoubtedly sue over
it if they could.
--
david reuteler [email protected]
 
In article <[email protected]>, David Reuteler
<[email protected]> wrote:

> Tim McNamara <[email protected]> wrote:
> : In article <[email protected]>, Martin Tornsten <[email protected]>
> : wrote:
> :
> :> The Open SSH bug didn't hit you? I hope you patched that one (I think Apple has a big fix out
> :> for that one, which I can strongly recommend).
> :
> : Thank you for your concern. That bug never hit me, for several reasons.
>
> not the least of which is because there has been no demonstrable remote exploit for that bug yet
> -- just a lot of talk. second of which ssh is not on by default in Mac OS X.

Yup.

> now please don't mention sendmail which probably accounts for 50% of unix security bugs and just
> had a new remote exploit of its own last wednesday.

Also not on by default in OS X.
 
Status
Not open for further replies.