Two new low-threat worms are making the rounds on the Internet Thursday, continuing the plague of malware that began in January and has shown no signs whatsoever of abating. Of the two worms, known as Mywife and Snapper, the former appears to be the more worrisome and have the greater potential for spreading widely, security services said. Mywife arrives in an e-mail with a spoofed sending address and any one of several vaguely pornographic subject lines, including, "very hot XXX" and "FW:RE: Hot Erotic." The body of the e-mail also varies and some of the messages are quite graphic.
The e-mail contains two attachments, one of which is simply a graphic file that displays a fake Norton AntiVirus 2004 logo, supposedly certifying that the other attachment is virus-free. The second attached file is compressed and can have any one of several names, including: Aprilgoostree, Parishilton, Rickymartin or a handful of profanities. The compressed file contains a third file with either an .exe or .scr extension, according to an analysis of the worm done by Panda Software Inc.
News source: eWeek
The e-mail contains two attachments, one of which is simply a graphic file that displays a fake Norton AntiVirus 2004 logo, supposedly certifying that the other attachment is virus-free. The second attached file is compressed and can have any one of several names, including: Aprilgoostree, Parishilton, Rickymartin or a handful of profanities. The compressed file contains a third file with either an .exe or .scr extension, according to an analysis of the worm done by Panda Software Inc.
News source: eWeek
- Changelog
- made MP4 AAC the new default ripping encoder
- fixed a crash bug when playing some AVI files in in_dshow
- added multimedia keyboard keys in global hotkeys default configuration
- added "Manual playlist advance" in Repeat button popup menu in Classic mode
- improvements in MP3 encoder configuration (added --alt-preset standard, etc...)
- made the tabs in the preferences XP correctly themed under Windows XP
- revamped the Media Library preferences a bit
- new experimental WMA9 input plugin
- gen_jumpex updates from DrO
- added "Nuke library" action in Media Library
- more upside down videos fixes
- fixed crash if a plugin generated a pledit wm_windowposchanged on shutdown
- fixed crash exploit in in_mod (thanks Peter Winter-Smith)
- fixed various crashes in in_midi when playing invalid files
- made in_midi store its settings in winamp.ini instead of the registry
- fixed error during installation on computers with chinese/oriental regional settings
- removed AOD from installer
- added Shift-R to toggle manual playlist advance
- updated VP6 video decoder to latest VP6.2 code
- fixed crash when launching winamp with very long filenames from explorer
- made registration dialog to appear in Explorer's taskbar when installing pro verion
- fixed pledit/video windows showing up at startup when minimized
- modern skins updates:
- winamp modern skin now uses a 3 state repeat button: no repeat/repeat all/repeat track
- added appplication desktop toolbars capabilities for layouts, add
appbar="left|top|right|bottom" to use them
- upped maki binary version, improved stack protection
- current skin version number is 1.2 (this should not change for a long while now, and of course we continue to support 0.8 to 1.1)
- (very) limited maki debugger (for now you can bring it up with invokeDebugger(); in a script then use 'x' to continue and 'i' to trace into)
- fixed obscure capture problem with dragging windows
- fixed rectrgn being forced to 1 in xml xuiobject buttons that are originally imageless
- fixed hilited state not on after clicking on buttons while the mouse stays in area
- fixed scripted onEnterArea/onLeaveArea not being always correctly called while mouse button stays down
- fixed getToken being passed NULL throwing guru
- fixed clipping of painting within the background's region of a group rather than
within the composed region (the one you can change with sysregion)
- fixed image cache problem when using the same bitmap as a map and a button image parameter
- winamp modern skin now uses a 3 state repeat button: no repeat/repeat all/repeat track
fjv.
My networks contain no virus scanning apps on the workstations. Exchange and Sharepoint servers scan all files that go through them, but workstation security is enforced through preventative measures, firewalls, patching, and group policy. For instance, group policy on our network where I am today is setup to prevent execution of WINUPD.EXE and other variants used by recent e-mail attachment viruses.
Guy at work - "I got an email from an AOL address"
Me - "delete it"
GAW - "Should I open it?"
Me - "do you know who it's from?"
GAW - "Uh...no."
Me - "delete it"
GAW - "But there is an attachment..."
Me - "*sigh* please delete it"
GAW - "I shouldn't see what it is first..?"
Me - "for the love of god, will you just delete it?"
GAW - "Hey...you think it could be a virus..?"
Me - "Um, YES, now delete it"
GAW - "Ok...wonder who sent me a virus?"
Me - "shut up"
***20 minutes later***
Guy at work 2 - (returns from lunch) "Did you guys get my email?"
Me - "what email?"
GAW2 - "I emailed you from home, just some pics and funny stuff"
Me - "do you have an AOL account, by any chance?"
GAW2 - "Yeah, I was at home, emailing you guys"
Me - "never do that again. ever"
Bear in mind, GAW is a fairly computer-saavy sorta guy. But getting him to not open an attachment, from an address he didnt' recognize, was worse than pulling teeth. I find it sad that, at best, he is probably an average, typical computer user, and it was still that much of a chore for him to hit 'delete'. But it sure as hell explains how these damn worms get around so quick.
Also if you have an in-house e-mail server, set up a filter to block messages matching the characteristics of these e-mails.
Now I have to explain this to them… It’s not easy trying to explain that this is a virus affecting the whole infrastructure of the Internet and is a global problem… Some customers think they send their email and it goes across one mail server…
Mupperts
Thanks for the article...
Example:
A client of ours is looking at their new site. It has a calendar that shows / hides on click (they asked for that before anyone jumps in). This doesn't work on one of the clients multiple computers. In addition, the browser erroneously loads up the home page on click. Which is more likely: 1) The copy of IE on that machine is borked, or 2) We cocked up and we're useless at coding.
Now, having established the answer is 1), which do you think the client believes?
Security should never be placed in the hands of the user, it CANT be their job, when people realise this, things may get better.
However, the user still doesn't feel that it is anything to do with them that their stupidity buggers up the net on a regular basis, and they blame others for their own shortcomings. And you applaud this. Tosser.
Why on earth should a user be expected to know how to configure a personal firewall, or stay on top of recent virus alerts? That's not why they use a PC. My experience has taught me loads, but one thing is obvious, some people just don't want to know. It's their life style choice. Either some form of 'driving license' is introduced, which isn't very likely IMO, at least not on this Internet, or transparency (not freedom of responsibility) is required.
Transparent solutions exist, and are proven to work well (look at corporate mail systems). The sooner solutions such as this are made main stream for typical home users the better. It can be done, and has been done. Antispam / Spoofing systems are becoming very advanced, and very reliable.
(Personal insults? Way to go.)
And btw this isn't why the problem exists with worms, it exists because the Internet wasn't designed for this usage. All it would take is a more securty version of SMTP and we'd be free of most virus related problems. Blaiming the users is such a "l33t kiddy who thinks he knows about IT" POV.
Last edited by 1061 on 26 Mar 2004 - 17:53
I strongly suspect the answer is no. My degree project (thesis) was about exactly this subject, and the same thoughts as I've suggested here. My degree tutors gave me a First. They don't hand out firsts for bullsh*t and incorrect theories.
I'm right, you're wrong. Deal with it.
carrier pigons all the way man worked great until that chicken flu thing hit
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.