PDA

View Full Version : Massive new Windows virus attack, set to target SCO: MyDoom


MacBytes
Jan 27, 2004, 01:06 AM
Category: Microsoft
Link: Massive new Windows virus attack, set to target SCO: MyDoom (http://www.macbytes.com/link.php?sid=20040127020656)

Posted on MacBytes.com (http://www.macbytes.com)

Approved by arn

sethypoo
Jan 27, 2004, 01:12 AM
Holy Mary I have this virus sitting in my Yahoo! inbox at this very instant.

Thank God I have a Mac!



::whew::

DreaminDirector
Jan 27, 2004, 01:55 AM
My god, the windows people have been getting hammered with Viruses lately... what's up with that?

nagromme
Jan 27, 2004, 02:02 AM
I've been getting a steady 10+ copies an hour, and increasing. Worse than any previous virus--except that the file size is thankfully smaller than some.

We can't get viruses but we can still suffer when Windows folks stuff our mail with them!

Edit: this virus does something NEW, to me:

It does not JUST send to and from emails harvested from files on PCs. It ALSO sends using MADE-UP "From" addresses at real domains--just like spammers do. Emails pretending to be from John@mydomain.com, say, when there is no John.

Result: the REAL owner of mydomain.com gets back an error message when/if the detination (are some of those made up too?) fails. That error contains the virus and clogs email even WORSE than a normal virus.

I am getting a ton of "returned undeliverable" messages from ISPs, thinking my site sent the email--when in fact the From address was a pure fake. Just great.

And I know this virus fakes mail-error subjects too--that's not what I'm talking about. I'm getting REAL errors back from the virus attempting a bad address.

I don't see how this helps the virus spread that much, but it DOES clog the 'net worse than ever.

nagromme
Jan 27, 2004, 02:23 AM
This virus does more than just target SCO on Feb 1. CNN has been updated:

"When loaded, some versions of the worm launch Notepad and show random characters. At the same time it replicates itself and installs a "keystroke" program that allows a hacker to break in and record everything being typed, including passwords and credit card numbers."

Not to mention that Windows viruses can already read from files stored on the HD (which is how they harvest email addresses from documents, NOT just address book data). And then you have MS Office and Word, secretly UN-deleting erased files and cache data and embedding the data invisibly at the end of documents, where viruses--or anyone who receives your Office documents--can now easily access what you thought was gone. http://www.macintouch.com/o98security.html (This problem is NOT specific to Mac Office 98--it's in other versions and on PC too. I wish I knew if v.X was "safe" or not.)

The article mentions two other new Windows viruses out now too--so far, less serious ones.

Nermal
Jan 27, 2004, 02:25 AM
Ah, the missing piece of the puzzle.

My mum got a message today saying that the file she sent to person X contained a virus. But she hadn't sent any files to that person. It seems that person Y, who had both my mum and person X in their address book, is infected with this virus.

It gave me a bit of a fright though, mum's running Norton, which came bundled with the computer. I promptly removed Norton and installed a "real" virus scanner :)

edesignuk
Jan 27, 2004, 03:50 AM
Well, Symantec Antivirus 8.1 Corporate Edition hasn't done me wrong yet, lets hope it stays that way, it checks for updates and automatically installs them every night anyway.

Sabenth
Jan 27, 2004, 04:39 AM
So far so good nothing hit me :) PC or Mac though this one dose concernenn me a bit..

ITR 81
Jan 27, 2004, 05:31 AM
Heard some insider info.

It targets SCO, but it's moreless it's the big virus that MS said that couldn't happen.

This is first strike servo against MS from virus underground. Which is related to groups MS and the FBI recently targeted with their money for virus programmer tips.

3-4 altered ver. of this virus are now being released into the wild.

pEZ
Jan 27, 2004, 07:58 AM
I actually just got a couple of these e-mails over the past few days. The first was claiming that I had to run an attached executeable document in order for my PayPal account to not be terminated. Ha. And yesterday, I got this funky e-mail with "cgnzzqew" as the subject from uwmadison@admissions.wisc.edu (I go to school at the UW), where in the body all it said was "test" with a .pif file along with it. I love my Mac.

By the way, what exactly is a .pif file? Like what would it normally be on a Windows machine?

edesignuk
Jan 27, 2004, 08:03 AM
Originally posted by pEZ
By the way, what exactly is a .pif file? Like what would it normally be on a Windows machine?
.pif (http://www.filext.com/detaillist.php?extdetail=pif&goButton=Go) :D

Photorun
Jan 27, 2004, 08:13 AM
Phaw, if it's only affects peecee users screw 'em, it's their stupid fault to be using peecees.

Dont Hurt Me
Jan 27, 2004, 08:14 AM
Meanwhile Bill Gates is saying we have the most secure OS in the world and Blah Blah Blah. I wonder if they believe anything that comes out of their own mouths?

1macker1
Jan 27, 2004, 08:17 AM
If a person is dumb enough to open something from a total stranger, then it's their fault. All OS are vulnerable to stupidity.

billyboy
Jan 27, 2004, 10:03 AM
Originally posted by 1macker1
If a person is dumb enough to open something from a total stranger, then it's their fault. All OS are vulnerable to stupidity.

But it is sooo tempting just to have a peak at something you know instinctively you shouldn't.

I'm more annoyed that this binary attachment thing got through my junk filter into my In box - Windows users can keep their viruses, but please, leave my mailbox out of it!

mkaake
Jan 27, 2004, 10:26 AM
wowsa... that explains the urgent email that was sent down through our company telling us we weren't supposed to read any email today until we had updated our virus defs...

matt

beg_ne
Jan 27, 2004, 11:19 AM
I find it pretty ironic(or atleast damn funny) that Bill Gates was just recently(today even?) slamming Mac, linux etc. about security while PC users are getting hit by yet another windows virus. While the rest of us using our *horribly insecure* OS's get away again with no danger to our systems at all.

Rower_CPU
Jan 27, 2004, 02:00 PM
Originally posted by 1macker1
If a person is dumb enough to open something from a total stranger, then it's their fault. All OS are vulnerable to stupidity.

Not all of them are sent from strangers.

Stupid is as the OS allows you to do. ;)

shamino
Jan 27, 2004, 04:06 PM
Originally posted by pEZ
By the way, what exactly is a .pif file? Like what would it normally be on a Windows machine?
PIF stands for Program Information File. It is a file whose format dates all the way back to the days of Windows 1.0. It contains the information that Windows needs in order to launch an MS-DOS program. It contains things like the program's filename, command-line arguments, and parameters for the DOS box (virtual memory, video settings, etc.) that may be needed to launch it.

When you double-click a PIF file, the associated DOS program is launched with all the parameters contained in the PIF.

Since the introduction of Win95, PIF files are seen by Explorer (that is, the desktop) as shortcuts that point to applications. They are effectively the same as the .lnk files that are created today when you create shortcuts to console applications.

They are popular for virus-writers because a PIF file contains no executable content (and therefore no virus code), but they can contain command-lines that can direct Windows to do real damage. For instance, one may contain the "FORMAT" command with appropriate options to erase your hard drive, or it may contain an "OPEN" command that launches Internet Explorer with a malicious web page. :eek:

Qunchuy
Jan 28, 2004, 11:53 AM
Originally posted by shamino
PIF stands for Program Information File...They are popular for virus-writers because a PIF file contains no executable content (and therefore no virus code), but they can contain command-lines that can direct Windows to do real damage.
MS Internet Explorer used to have a malfeature where it would recognize and run an executable file even if it had a non-.EXE extension. Combined with MS Outlook's original behavior of passing attached .PIFs and .SCRs etc. to IE without so much as an eyeblink, Windows viruses and trojan horses were easy.

It's evident that there are plenty of old Windows systems out there that still do this.