did anyone else receive about 30 or 40 virus emails today?
Aug 26, 2003, 5:17 pm
#1
FlyerTalk Evangelist
Original Poster
Join Date: Sep 1999
Location: source of weird and eccentric ideas
Posts: 38,692
did anyone else receive about 30 or 40 virus emails today?
Still getting them, about 1 every 10 minutes 
This is travel technology related as they are coming apparently from all over the world, and a contact in Hongkong couldn't get email to me because mine bounced and I think it is due to this cock-up caused by 1) terrible MS software and security practices and 2) people's lapses.
This is travel technology related as they are coming apparently from all over the world, and a contact in Hongkong couldn't get email to me because mine bounced and I think it is due to this cock-up caused by 1) terrible MS software and security practices and 2) people's lapses.
Aug 26, 2003, 7:40 pm
#3
FlyerTalk Evangelist
Original Poster
Join Date: Sep 1999
Location: source of weird and eccentric ideas
Posts: 38,692
<font face="Verdana, Arial, Helvetica, sans-serif" size="2">Originally posted by ScottC:
Where have you been the past week
Our server park has alreay blocked over 100k of the suckers... Thankfully the title and contents make it very easy to block on a server level...</font>
Where have you been the past week
Our server park has alreay blocked over 100k of the suckers... Thankfully the title and contents make it very easy to block on a server level...</font>
Aug 26, 2003, 7:42 pm
#4
FlyerTalk Evangelist
Original Poster
Join Date: Sep 1999
Location: source of weird and eccentric ideas
Posts: 38,692
And I love the emails from all parts of the world telling you that you are infected 
And the bounce messages from emails I never sent and that my machine most assuredly never sent.
Okay, now is the paragraph where I blast MS. But they deserve it. Apparently they leave things like Messenger in the lowest security setting by default when they ship their OS. Making it very easy for worms and viruses to move around.
Fewer support headaches that way I'm sure. That is one of many examples I read but am not smart enough to regurgitate here.
And the bounce messages from emails I never sent and that my machine most assuredly never sent.
Okay, now is the paragraph where I blast MS. But they deserve it. Apparently they leave things like Messenger in the lowest security setting by default when they ship their OS. Making it very easy for worms and viruses to move around.
Fewer support headaches that way I'm sure. That is one of many examples I read but am not smart enough to regurgitate here.
Aug 27, 2003, 3:21 am
#5
Join Date: Sep 2002
Location: BNE, Australia...not too far from the nearest Qantas Pub err Club
Posts: 3,636
Mine started about 2 days ago - just streaming in. I use a web-based free service for FT, and that's its sole use.
Most attachments are around the 100k mark, and I'm getting around 20-30 per day.
Most attachments are around the 100k mark, and I'm getting around 20-30 per day.
Aug 27, 2003, 8:05 am
#6
FlyerTalk Evangelist
Join Date: Sep 2000
Posts: 37,486
<font face="Verdana, Arial, Helvetica, sans-serif" size="2">Originally posted by richard:
I've gotten them a few a day, but today was every 10 minutes throughout the day, a giant increase in volume...</font>
I've gotten them a few a day, but today was every 10 minutes throughout the day, a giant increase in volume...</font>
Depending on their connection it could yield up to 200 emails a minute...
Aug 27, 2003, 8:31 am
#7
Moderator, Argentina and FlyerTalk Evangelist
Join Date: Aug 2000
Location: MIA / EZE
Programs: Lord of Malbec & all Wines Argentine. AA EXP / Marriott Lifetime Silver / Hertz Presidents Circle
Posts: 35,681
My Norton AntiVirus has been working overtime... I keep on getting this Britney_Spears game thingy (I think its in EXE format), but luckily Norton seems to catch it and delete it all the time. The weird thing is that it does not seem to come in through email...??? Im not quite sure how else I could be getting it.
Should I worry..?? Ive run a full system scan and found nothing... any ideas?
Thanks.
Should I worry..?? Ive run a full system scan and found nothing... any ideas?
Thanks.
Aug 27, 2003, 8:58 am
#8
FlyerTalk Evangelist
Original Poster
Join Date: Sep 1999
Location: source of weird and eccentric ideas
Posts: 38,692
http://www.pbs.org/cringely/pulpit/pulpit20030821.html
great column excerpt by Robert Cringely on a discussion in 1991 of the security issues that MS never addressed:
great column excerpt by Robert Cringely on a discussion in 1991 of the security issues that MS never addressed:
<font face="Verdana, Arial, Helvetica, sans-serif" size="2">""one of the basic functions of an operating system is to run programs. There is a RUN API and the command line interpreter is simply an interface to the RUN API. Many viruses are sent through e-mail because it is easy to access the RUN API from an e-mail attachment. Our first suggestion was within e-mail to restrict the ability to run applications and interact with the e-mail system (post office, address book, etc). Only the e-mail client should be able to interact with the e-mail system. Only programs that have registered and authenticated user IDs [ought to be able to] independently interact with the e-mail system. There should be a way to manage and control the RUN API's control by e-mail attachments.”
"While this in itself would not have prevented the MSBLAST worm, the extension of the idea would have. At that point (1991), Microsoft was thinking about their e-mail strategy, the product that became Exchange. To create an e-mail product you need to have a directory. In time, the logical step (even to Microsoft) was to extend the concept of the user directory to cover other security uses, like file and print access.”
"Our second suggestion was at that point to improve the security of the RUN API. The operating system internals would also be registered as users. Legitimate OS functions could use the RUN API. The user could use the RUN API. Any registered and authenticated applications (no longer limited to e-mail) could use the RUN API. Anything else that attempted to use the RUN API would have to ask the user for permission, or would be prevented from working altogether.”
"In this scenario MSBLAST would have gotten past the RPC flaw. It might have been able to download its payload code. But that code would have had a hard time running.”
"Some of the worst IIS bugs involved the ability to basically access the command interpreter from the Internet. If there had been a security interface to the command interpreter (via the RUN API), IIS would have been a lot easier to protect.”
"These were well understood computer concepts in 1991. We realized in 1991 that an operating system with wide-open e-mail and network connectivity would provide a very easy conduit for viruses. At the time, there were virtually no viruses in the PC/DOS/Windows world, but viruses were a big problem in the Macintosh world. We knew e-mail and networks would make PCs a big virus risk. Our suggestions focused on interfering with the means viruses could and would be spread. This approach works BEFORE the code is even recognized as a virus. Prevention is a much more effective way to deal with a problem.”
"Imagine how easy software licensing would have been if you could register applications in a security database and that would permit them to run on one's PC.”
"We also asked for a standard API to give a virus scan application the ability to intercept and scan all e-mail attachments. Basically, you should not be able to touch an attachment until your virus scan checks it.”
"We asked that attachments be stored separately on the e-mail server (post office) so that a virus scanning application could access them. If an attachment was sent to several people, a single copy of that attachment should be kept on the server. If the attachment was infected, its deletion should remove it from everyone's e-mail account.”
"We discussed how we intercepted the Windows password system so that we could track password age and verify one's password followed our security rules (min 6 characters, mix of letters and numbers, etc). Microsoft needed to provide this service. We also brought to their attention they were sending passwords in plain text, over the LAN."
At least that last part has improved, though the rest seems as it was 12 years ago. Despite specific suggestions from a big customer, Microsoft did almost nothing, and here we are, wormier than ever.
Worms and viruses will always be with us in some form, but these are transitory problems. Something else happened last week that is far more serious and is going to create a major disruption in the fabric of cyberspace, yet nobody seems to have noticed. I'll present the evidence and let you decide.
</font>
"While this in itself would not have prevented the MSBLAST worm, the extension of the idea would have. At that point (1991), Microsoft was thinking about their e-mail strategy, the product that became Exchange. To create an e-mail product you need to have a directory. In time, the logical step (even to Microsoft) was to extend the concept of the user directory to cover other security uses, like file and print access.”
"Our second suggestion was at that point to improve the security of the RUN API. The operating system internals would also be registered as users. Legitimate OS functions could use the RUN API. The user could use the RUN API. Any registered and authenticated applications (no longer limited to e-mail) could use the RUN API. Anything else that attempted to use the RUN API would have to ask the user for permission, or would be prevented from working altogether.”
"In this scenario MSBLAST would have gotten past the RPC flaw. It might have been able to download its payload code. But that code would have had a hard time running.”
"Some of the worst IIS bugs involved the ability to basically access the command interpreter from the Internet. If there had been a security interface to the command interpreter (via the RUN API), IIS would have been a lot easier to protect.”
"These were well understood computer concepts in 1991. We realized in 1991 that an operating system with wide-open e-mail and network connectivity would provide a very easy conduit for viruses. At the time, there were virtually no viruses in the PC/DOS/Windows world, but viruses were a big problem in the Macintosh world. We knew e-mail and networks would make PCs a big virus risk. Our suggestions focused on interfering with the means viruses could and would be spread. This approach works BEFORE the code is even recognized as a virus. Prevention is a much more effective way to deal with a problem.”
"Imagine how easy software licensing would have been if you could register applications in a security database and that would permit them to run on one's PC.”
"We also asked for a standard API to give a virus scan application the ability to intercept and scan all e-mail attachments. Basically, you should not be able to touch an attachment until your virus scan checks it.”
"We asked that attachments be stored separately on the e-mail server (post office) so that a virus scanning application could access them. If an attachment was sent to several people, a single copy of that attachment should be kept on the server. If the attachment was infected, its deletion should remove it from everyone's e-mail account.”
"We discussed how we intercepted the Windows password system so that we could track password age and verify one's password followed our security rules (min 6 characters, mix of letters and numbers, etc). Microsoft needed to provide this service. We also brought to their attention they were sending passwords in plain text, over the LAN."
At least that last part has improved, though the rest seems as it was 12 years ago. Despite specific suggestions from a big customer, Microsoft did almost nothing, and here we are, wormier than ever.
Worms and viruses will always be with us in some form, but these are transitory problems. Something else happened last week that is far more serious and is going to create a major disruption in the fabric of cyberspace, yet nobody seems to have noticed. I'll present the evidence and let you decide.
</font>
Aug 27, 2003, 9:02 am
#9
Moderator, Argentina and FlyerTalk Evangelist
Join Date: Aug 2000
Location: MIA / EZE
Programs: Lord of Malbec & all Wines Argentine. AA EXP / Marriott Lifetime Silver / Hertz Presidents Circle
Posts: 35,681
Thanks for the info, Richard. A little too much on the Technical side if you ask me...
Scotty.... paging Scotty!!!
[This message has been edited by Gaucho100K (edited 08-27-2003).]
Scotty.... paging Scotty!!!
[This message has been edited by Gaucho100K (edited 08-27-2003).]
Aug 27, 2003, 9:03 am
#10
FlyerTalk Evangelist
Original Poster
Join Date: Sep 1999
Location: source of weird and eccentric ideas
Posts: 38,692
<font face="Verdana, Arial, Helvetica, sans-serif" size="2">Originally posted by ScottC:
All it takes is one ....... that is unprotected and has your name in his/her addressbook and you are screwed...
Depending on their connection it could yield up to 200 emails a minute...</font>
All it takes is one ....... that is unprotected and has your name in his/her addressbook and you are screwed...
Depending on their connection it could yield up to 200 emails a minute...
</font>
Aug 27, 2003, 2:43 pm
#11
Join Date: Jul 2001
Location: Austin TX
Programs: Mr Swise: AAdvantage LifetimePlt/3MM, HH Dmnd, SPG Plt
Posts: 1,451
I have yet to receive one of these virus messages.
'Don't know if it's because the mail servers are screening them all out or what.
Haven't gotten any bounces, spoofs, nothing. I haven't checked my junk mail heap that mail.app automatically filters out in a couple of days, but last time I did, no sign of any of the worm messages.
This is one party that I'm happy to have not received an invitation to.
[This message has been edited by swise (edited 08-27-2003).]
'Don't know if it's because the mail servers are screening them all out or what.
Haven't gotten any bounces, spoofs, nothing. I haven't checked my junk mail heap that mail.app automatically filters out in a couple of days, but last time I did, no sign of any of the worm messages.
This is one party that I'm happy to have not received an invitation to.
[This message has been edited by swise (edited 08-27-2003).]
Aug 27, 2003, 3:21 pm
#12
FlyerTalk Evangelist
Join Date: Aug 2001
Programs: DL GM, AA Gold, Hilton Diamond, Bonvoy Plat
Posts: 12,171
Spot on on the second point, but way off on the first. The fix has been available for more than a month before the attacks came.
No operating system is invulnerable.
No operating system is invulnerable.
Aug 27, 2003, 4:48 pm
#13
FlyerTalk Evangelist
Join Date: Sep 2000
Posts: 37,486
<font face="Verdana, Arial, Helvetica, sans-serif" size="2">Originally posted by skofarrell:
Spot on on the second point, but way off on the first. The fix has been available for more than a month before the attacks came.
No operating system is invulnerable. </font>
Spot on on the second point, but way off on the first. The fix has been available for more than a month before the attacks came.
No operating system is invulnerable. </font>
Here are the most recent vulnerabilities I've had in Redhat:
RHN Errata Alert: Updated pam_smb packages fix remote buffer overflow.
RHN Errata Alert: GDM allows local user to read any file.
RHN Errata Alert: Updated unzip packages fix trojan vulnerability
RHN Errata Alert: Updated nfs-utils packages fix denial of service vulnerability
RHN Errata Alert: New postfix packages fix security issues.RHN Errata Alert: Updated ypserv packages fix a denial of service vulnerability
And these are ALL just within the past month. That's MORE extreme vulnerabilities than Microsoft has, the only reason they don't cause damage is because most Redhat users know what they are doing. I've said it before and I'll say it again, it's impossible to make bug free software, Microsoft had fixes for this available right away and had it all over the media, and STILL there are people that choose not to listen, not run virus scanners and open any attatchment they receive. Microsoft can be blamed for bugs, but not for stupid users.
Aug 27, 2003, 4:59 pm
#14
FlyerTalk Evangelist
Original Poster
Join Date: Sep 1999
Location: source of weird and eccentric ideas
Posts: 38,692
<font face="Verdana, Arial, Helvetica, sans-serif" size="2">Originally posted by ScottC:
Exactly.
Here are the most recent vulnerabilities I've had in Redhat:
RHN Errata Alert: Updated pam_smb packages fix remote buffer overflow.
RHN Errata Alert: GDM allows local user to read any file.
RHN Errata Alert: Updated unzip packages fix trojan vulnerability
RHN Errata Alert: Updated nfs-utils packages fix denial of service vulnerability
RHN Errata Alert: New postfix packages fix security issues.RHN Errata Alert: Updated ypserv packages fix a denial of service vulnerability
And these are ALL just within the past month. That's MORE extreme vulnerabilities than Microsoft has, the only reason they don't cause damage is because most Redhat users know what they are doing. I've said it before and I'll say it again, it's impossible to make bug free software, Microsoft had fixes for this available right away and had it all over the media, and STILL there are people that choose not to listen, not run virus scanners and open any attatchment they receive. Microsoft can be blamed for bugs, but not for stupid users.</font>
Exactly.
Here are the most recent vulnerabilities I've had in Redhat:
RHN Errata Alert: Updated pam_smb packages fix remote buffer overflow.
RHN Errata Alert: GDM allows local user to read any file.
RHN Errata Alert: Updated unzip packages fix trojan vulnerability
RHN Errata Alert: Updated nfs-utils packages fix denial of service vulnerability
RHN Errata Alert: New postfix packages fix security issues.RHN Errata Alert: Updated ypserv packages fix a denial of service vulnerability
And these are ALL just within the past month. That's MORE extreme vulnerabilities than Microsoft has, the only reason they don't cause damage is because most Redhat users know what they are doing. I've said it before and I'll say it again, it's impossible to make bug free software, Microsoft had fixes for this available right away and had it all over the media, and STILL there are people that choose not to listen, not run virus scanners and open any attatchment they receive. Microsoft can be blamed for bugs, but not for stupid users.</font>
1. MS markets Windows to novice users. Redhat is marketed more to advanced users.
2. MS created huge flaws in their basic OS (see my post above), that were easily visible to someone in 1991. Unix and later Linux were built on a robust model with security taken into account from the get-go.
Aug 27, 2003, 6:15 pm
#15
FlyerTalk Evangelist
Join Date: Sep 2000
Posts: 37,486
<font face="Verdana, Arial, Helvetica, sans-serif" size="2">Originally posted by richard:
There are two differences:
1. MS markets Windows to novice users. Redhat is marketed more to advanced users.
2. MS created huge flaws in their basic OS (see my post above), that were easily visible to someone in 1991. Unix and later Linux were built on a robust model with security taken into account from the get-go.</font>
There are two differences:
1. MS markets Windows to novice users. Redhat is marketed more to advanced users.
2. MS created huge flaws in their basic OS (see my post above), that were easily visible to someone in 1991. Unix and later Linux were built on a robust model with security taken into account from the get-go.</font>
2) The opinion of some crackpot whizzkid TV show writer hiding behind an alias doesn't mean much to me, if he were any good at what he does he'd be in Redmond working for Microsoft... It was a bug, bugs happen. Unix/Linux was never intended to be for mom and pop PC user, Microsoft as you say has to cater for everyone and can't include the same low-level security as Unix does.
FWIW, as early as Office2000 it wasn't possible to just go ahead and run/autorun stuff from within Outlook. I can't even open a .pif or .exe without overruling stuff by installing hack/tweak programs, heck, I can't even SAVE a .exe attatchement, you can't say Microsoft hasn't learned from it's past.
[This message has been edited by ScottC (edited 08-27-2003).]