Our Windows Campus is Going to Crash and Burn!!

Discussion in 'Community' started by stoid, Mar 3, 2004.

  1. stoid macrumors 601

    stoid

    Joined:
    Feb 17, 2002
    Location:
    So long, and thanks for all the fish!
    #1
    I see the end. It is coming. Being behind a 'million dollar firewall' here on our college campus, I haven't gotten many virus .pif attached E-mails. Yesterday, I got 12. This morning I got one from the campus server. The campus server had been spoofed overnight, and every school E-mail account received an E-mail following proper protocol saying that your computer was suspected to be infected and would you please download the attachment for more information. The attachment is a .pif file. It took the IT people 4 hours to realize what happens, and anyone who checked their E-mail this morning and didn't realize that they were downloading the virus now has it. Is this a new virus outbreak, or are we now finally getting the backwash from some earlier epidemic?
     
  2. Stelliform macrumors 68000

    Stelliform

    Joined:
    Oct 21, 2002
    #2
    I have been fooling with Netsky (the pif one) and Bagle (the zip file one) all day. (both relatively new. (like in the last couple of weeks. The variants for these viruses have been hitting fast a furious. So I think we are just seeing the peak of the infection. (At least I hope it is the peak. :( )

    Bagle.J variant was getting around my e-mail servers virus scan due to a delayed virus def update this morning. Luckily none of my clients opened it. (that I know of)

    But basically, unless the PC's on the campus network all have antivirus installed locally, your campus IT guys are going to have a very bad day. ;)
     
  3. stoid thread starter macrumors 601

    stoid

    Joined:
    Feb 17, 2002
    Location:
    So long, and thanks for all the fish!
    #3
    At the peak of the Blaster virus late last year, it was consuming 2/3rds of the 30MB/s bandwidth routed to the campus. The only way they managed to kill it was by reformatting every HD on campus!! I wonder if it'll come to that again?
     
  4. virividox macrumors 601

    virividox

    Joined:
    Aug 19, 2003
    Location:
    Manila - Nottingham - Philadelphia - Santa Barbar
    #4
    ouch that has gotta hurt

    wouldnt wanna reformat every single computer imagine how much time its gonna tke to get everything up and running again ick
     
  5. TEG macrumors 604

    TEG

    Joined:
    Jan 21, 2002
    Location:
    Langley, Washington
    #5
    One of the damn liberal departments (finance, sales, or accounting) at my company got Beagle/Bagle. We all recieved a nice official looking e-mail saying that we all needed to download an attached encripted .zip file. Luckily we build UNIX systems, and all but the three departments are required to use only Our systems, or Macs for critical work, so the impact was light. Just imagine if we ran windows.... Good bye *** ************, ***. (Name sanitized for security reasons, but you could figure it out if you want.)

    I can see this as the demise of Windows if entire companies fold over these viruses.

    TEG
     
  6. johnnyjibbs macrumors 68030

    johnnyjibbs

    Joined:
    Sep 18, 2003
    Location:
    London, UK
    #6
    Ouch! My mate got an email virus on the network today but luckily the anti-virus stuff on the campus network had already picked it up and replaced the offending attachment with a warning text message. He was worried though because it said that he was going to have his email account removed if he fooled around any more on it and was told to open the attachment for information how to prevent that from happening again. Of course, it was a virus writer's trick to get him to open the attachment and nothing to do with admin whatsoever.

    I've had 3 virus emails downloaded on my Mac today but, of course, I'm immune. The uni anti-virus program caught it each time though and removed the virus in each case. I guess my uni is better equipped... One day they'll realise that Macs are the way to go..
     
  7. Savage Henry macrumors 65816

    Savage Henry

    Joined:
    Feb 20, 2004
    Location:
    in a one horse, two house, three pub town.
    #7
    The techie guys at my place informed me that 3 of our users were spoofed, but they were contained. We're pretty resiliant otherwise to receiving viral mails, although the scanning software is working at such a rate it brings the server down to a grinding halt.

    So unless your guys are savvy, and it sounds they may not win awards, then you cold be seeing the echoes of this for a long time.
     
  8. Dippo macrumors 65816

    Dippo

    Joined:
    Sep 27, 2003
    Location:
    Charlotte, NC
    #8
    What's a .pif file????

    I know about .exe, .com, .bat, .vbs, etc but I have never heard of .pif being an executable!
     
  9. stoid thread starter macrumors 601

    stoid

    Joined:
    Feb 17, 2002
    Location:
    So long, and thanks for all the fish!
    #9
    Most viruses are type .pif or .zip
     
  10. MrMacMan macrumors 604

    MrMacMan

    Joined:
    Jul 4, 2001
    Location:
    1 Block away from NYC.
    #10
    Ahh really Classy AOL...

    I apparently sent myself over 124 e-mails to... myself yesterday...


    Hmm this is weird...

    All different type of Windows Virus's ...
    Blaster...Beagle...

    hmmm... thats weird.
     
  11. Dippo macrumors 65816

    Dippo

    Joined:
    Sep 27, 2003
    Location:
    Charlotte, NC
    #11

    Okay, but will Windows execute these files?

    I always use WinRar to open zip files, I never execute them...??? :confused:
     
  12. yamabushi macrumors 65816

    yamabushi

    Joined:
    Oct 6, 2003
    #12
    Yes. Simply decompressing the contents of a compressed archive can cause many viruses to execute. Others will lay dormant until executed by activating one of the contained files in some manner. This could be accomplished in a variety of ways besides clicking on the file.
     
  13. 5300cs macrumors 68000

    5300cs

    Joined:
    Nov 24, 2002
    Location:
    japan
    #13
    All these virii (?) and yet people still say Macs suck :rolleyes:

    Last week I was back home in Boston cleaning my dads 2 peecees of junk mail and virii, the whole time cursing m$'s whole empire :mad: Took a whole week to fix 2 machines
     
  14. 7on macrumors 601

    7on

    Joined:
    Nov 9, 2003
    Location:
    Dress Rosa
    #14
    Viruses

    http://www.cknow.com/ckinfo/acro_p/pif_1.shtml
     
  15. SiliconAddict macrumors 603

    SiliconAddict

    Joined:
    Jun 19, 2003
    Location:
    Chicago, IL
    #15
    Its called social engineering and it hit our company about 2 weeks ago. There were other offices that got a few nasty outbreaks because some incoming e-mail was addressed with the name of our company with the title saying: Warning about your e-mail account.

    The body:


    Dear user, the management of [insert company name here].com mailing system wants to let you know that, Your e-mail account has been temporary disabled because of unauthorized access.For more information see the attached file.
    For security reasons attached file is password protected. The password is "15520".

    Best wishes,
    The [insert company name here].com team http://www.[insert company name here].com.com


    Its a brilliant social engineering scheme since it has the company's name in the the body of the message. More accurately it has the e-mail domain in the body of the message that happens to be the company name.
    Consequently you have a bunch of morons who actually run the executable.

    For those that are pissing on windows think about this a second. A user is running a program on the machine. This is NOT the OS's fault. This is a social engineering scheme.

    Unfortunately since I'm not allowed to communicate to my customers office wide in an e-mail (At least before this outbreak.) I wasn't allowed to send out a security warning that our company does NOT distribute patches via e-mail.

    Here's the thing though. We have Norton AV Corp edition and a Norton AV parent server that updates everyone's machine on an hourly basis, or whenever Norton releases a new AV definition. So our users were set to take on Beagle a few days earlier. Consequently when the morons went to run the program, Norton caught it an alerted me on my computer. Mon-Wed of that week my Norton Command Console lite up like a Christmas tree. But I can thankfully say there was not one single infection in this office of 250. As far as I'm concerned NAV is the single most important piece of software on Windows which is sad, but until you get a user that can't be fooled by semi-official looking e-mails NAV will always be necessary and here's the kicker. These e-mail viruses are virues not worms. Infection is self-inflicted by the user because they are stupid enough to run a program on their system. This would potentially work exactly the same on a Mac.
    My concern is that Mac users have been lulled into a false sense of security. Its possible that at some point someone will take advantage of this and cause some major havoc with Apple Script. It hasn't happened yet mostly I'm guessing because Mac users aren't masochists. :p They aren't looking to take down their platform. Generally if a user is going to spend that kind of cash on a computer they are spending it because they like the platform. Windows users and Linux users have a love hate relationship with Windows. (Not all but a lot.) We use it because it’s the standard. Doesn't mean we like it. Since any teen can build a PC for a few hundred and pirate Windows from a friend it's not a good relationship going there. Also its not as if you can run a Mac emulator on Windows or Linux. Consequently getting the environment to build a virus requires a fairly substantial investment. At minimum a few hundred off of e-bay. I highly doubt the average virus writer is going to spend money on such an endeavor. *shrugs* my .02 cents.
     
  16. SiliconAddict macrumors 603

    SiliconAddict

    Joined:
    Jun 19, 2003
    Location:
    Chicago, IL
    #16
    Zip isn't an executable just as a txt file isn't an executable. Its an archive folder contains the virus executable that is usually in com, pif, exe, vbs format. The intention is to trick up the virus scanning software on the mail servers. Some software, if the zip file is password protected, can't read the contents of the file and pushes it through.

    Extracting the file typically does not run the file but zip files can contain instructions on what to do after it extracts the file so it could "possibly" run it.
     
  17. SiliconAddict macrumors 603

    SiliconAddict

    Joined:
    Jun 19, 2003
    Location:
    Chicago, IL
    #17
    This is why this format has become so popular to use in virus propagation. Its unknown. Another good method is .SCR a.k.a screen savers. This is a form of executable known to the OS that is run as a screen savers. Virus writers can embed malicious code in the screen saver that can do the same thing as what a normal exe, com, etc could do.
     
  18. tpjunkie macrumors 65816

    tpjunkie

    Joined:
    Nov 24, 2002
    Location:
    NYC
    #18
    about 5 or 6 weeks ago our campus was flooded with viral email attachments, at one point I was gettting over 10 a day to my campus email account, including the one you described, claiming it was from the "union.edu team"

    Eventually they had to take the whole network down for a while...
     
  19. Thomas Veil macrumors 68020

    Thomas Veil

    Joined:
    Feb 14, 2004
    Location:
    Reality
    #19
    Good explanation.

    I just got four of these e-mails, all in the same day. One of them purported to be from a friend of mine, so apparently they got into his e-mail account. Bummer.
     
  20. stoid thread starter macrumors 601

    stoid

    Joined:
    Feb 17, 2002
    Location:
    So long, and thanks for all the fish!
    #20
    Granted that much of it IS social engineering, however Windows IS also inherently more vulnerable. For a virus to be able to modify and damage import system files, the Unix core of Mac OS X would require the user to enter an administration password. On Windows you only have to execute the file. It is a lot easier to convince a computer newbie to launch a file than to get them to enter in an administration password. ;)
     
  21. Grimace macrumors 68040

    Grimace

    Joined:
    Feb 17, 2003
    Location:
    with Hamburglar.
    #21
    Really dumb question: If the university server were an Apple G5 server, would that have any effect? Or does it pass through to the end user no matter what - so you'd have to have all Macs to not be affected by Wintel virii?
     
  22. stoid thread starter macrumors 601

    stoid

    Joined:
    Feb 17, 2002
    Location:
    So long, and thanks for all the fish!
    #22
    A Mac will not actively participate in virus redistribution. However, a Macintosh user will recieve strange 'undeliverable' E-mail returns because a compromised server my still spoof your E-mail account even without your Mac on or connected to the internet.

    Correct me if I'm wrong here...
     
  23. SiliconAddict macrumors 603

    SiliconAddict

    Joined:
    Jun 19, 2003
    Location:
    Chicago, IL
    #23

    It wouldn't matter. If the U was running a G5 as a mail server the best you could hope for would be that it would strip the infected attachments, or e-mails altogether, off and forward the rest of the e-mail on to the user.
    That's assuming I'm understanding what you are asking. There are loads of possible e-mail and e-mail server configurations I'm reading your post as the G5 would be the "home" mail server for all the various e-mail accounts.
     
  24. SiliconAddict macrumors 603

    SiliconAddict

    Joined:
    Jun 19, 2003
    Location:
    Chicago, IL
    #24
    True. Windows core problem is that by default it has zero security. That can be fixed by giving the user power user rights only but that requires more then basic level skills and is typically above the average user. That and when set to power user you typically run into problems running programs. That where *nix and OS X shine. The default rights are strong enough to do your typical work. MS still hasn't learned this. Wait. Oops preaching to the choir. :p

    Oh on a side note. I just had someone come back to be yesterday about purchasing a new 17" iMac. (He had asked me last week what system I recommended. Sent him to the Apple store. Picked his system up Friday. I'm never seen anyone so excited about an computer\OS before. :)
     
  25. Grimace macrumors 68040

    Grimace

    Joined:
    Feb 17, 2003
    Location:
    with Hamburglar.
    #25
    I guess what I was going for was, "If ALL of the university's servers were G5s (or G4s) - would that make any difference in stopping viruses from affecting PC computers on campus.

    (Instead of replacing ALL students' computers with macs, could the servers be changed to stop the problem before it gets to the students?)
     

Share This Page