ILOVEYOU - Mutation Question

When the “virus” mutates, is that a result of information contained in its original code or does it require updated instructions? If updated instructions are required, where do they come from?

A lot of mutations are people lifting the code and using it for their own evil purposes. Virii/Worms/Trojans sometimes are programmed to change features about themselves like the Subject of the email or what they do to your system.

In many cases it’s ridiculously simple. Many of the tech sites out there snagged “ILOVEYOU,” isolated it, and read the script. All said the same thing: it is not ingenious, it is not elegant, but it is simple. Expect to see many, many more variations based on this theme. Society as a whole will change slightly as a result.

Why? You can edit a worm in a text program. One does not need understand the program itself to simply rename it and ship it out as something else. The evil of this particular program is that it seeks out your address book and fires off copies of itself in your name. Your friends trust you, and are more susceptible to running the attached script.

I should add that if you do try this, you will be caught, will be sued for every penny you have and wish you had, and will be punished to the fullest extent of the law. People are out for blood over this one. There’s one scared s**tless guy out there worth [pinky]negative ONE BILLION DOLLARS.*[/pinky] His ass is gonna swing from the highest yardarn, with a flowerpot full of fire ants tied to is ankle.

his ankle”

I agree with Sofa King - the companies affected should forget about the criminal justice system - just all sue the guy (newsreports suggest it’s another 15 year old), get scads of default judgments, and register them with the credit rating systems.

“Sorry, young man, we’re turning you down for a Visa card with a $300 limit, becuase you apparently owe $793 million. Please feel free to reapply once you have paid off that debt.”

sooner or later, word will get around to the bright young 15 year olds that this sort of thing has nasty consequences, even if they never spend a day in criminal court.

Of course, it’s pretty easy to steal a credit card, too. I’m still an advocate of the fire ants.

Pretty pathetic to aim your hate towards some kid when MS walks away completely unscathed and people still use their unsecure products for critical applications. We freely admit a child could write this and looking at the source code its unbelievably simple.

Maybe when people aren’t afraid of corporations like MS and direct their hate/lawsuits towards their shoddy products we might get to the point where a kid with a book on Visual Basic can’t topple 80% of Western businesses.

In the end its about liability, the kid (or whoever it is) definatly is liable for a lot, but not so much as MS. There’s a great article at salon about this at:

http://www.salon.com/tech/log/2000/05/04/love_virus/index.html

Also a great thread at slashdot.org:

http://slashdot.org/comments.pl?sid=00/05/04/0938227&threshold=1&commentsort=3&mode=thread&pid=0

Of course, the obvious reaction is to blame the big guy… which happens to be Microsoft…

Saying that “a kid can do it!” is a terrible basis for an argument… kids can do a lot of things, a lot of things a 40-year-old can’t do. That just goes to show how incredibly simple it is to write a virus… and even if Outlook or any other MS-based program had the strongest, Pentagon-level security systems, some 15-year-old delinquent will manage to write a virus.

Wanna end viruses? You’re not going to. I’m sure it makes you feel a whole lot better using the Big Guy as a scapegoat, but ultimately, that’s not where responsibility lies.

And fortunately for us, it happens to be the correct reaction. Malicious active content is a solved problem! All the tools necessary for an ILOVEYOU variant exist on any Unix system - a scripting host, a mail transport agent, and an address book. But you didn’t see ILOVEYOU for Unix, because the active content problem doesn’t exist there. No Unix mailer, by default, immediately passes executable code straight to the system to do whatever the hell it desires. We’ve known this since the 1980s! Twenty years.

Oh, and if you are under the illusion that black hats don’t go after Unix because everybody uses Windows, and that’s why there’s no email viruses for Unix, a quick visit to http://www.securityfocus.com/ will fix that error. There are many people who work on finding holes in Unix. Some of them even succeed and can cause email software to execute arbitrary code, thanks to a programming bug. The difference is that under Unix, running any random code someone throws at you is a bug, caused by programming errors. In Outlook, running any random code someone throws at you is correct behavior.

Which explains why there have been hundreds of thousands of MacOS and Linux users stricken by email viruses, right? Well, thousands? Dozens? One?

Yes, anyone can write an email virus - hell, give me two hours and I’ll give you one for Unix. But they won’t spread if the system defaults (which most users never change) will not allow them to execute. It’s not like this is a new problem. It’s not like this is a puzzling problem. This is a solved problem and it has been solved for two decades. You do not ship software with insecure defaults, because they don’t get changed. You do not make the default behavior, when presented with any random piece of software that can do whatever the hell it wants to your entire system, to run that software blindly.

Unless you’re Microsoft.

Wrong.

Mutates? Just rename iloveyou.vbs to iloveyoutoo.vbs ?

[/quote]
**
I just want to agree resoundingly here. Yay! :slight_smile:

The reaction of blaming M$ is not about blaming the big guy vs. the underdog. You don’t see people blaming Intel for having a monopoly-of-sorts - well, not all the time anyway. The problem is that M$'s products STINK! They ship with NO security, the defaults leave the system wide open to even the most inexperienced idiot, and they don’t show new users how to make it better.

I installed RedHat as my first Linux/unix flavor. It’s commercial, it’s simple, it’s nice. It’s pretty, and easy to use, including for those who have used only Windows before. And it defaults to ‘secure’ - maybe not ‘paranoid’, but at least ‘secure’. Not to mention that the people who will help you with it (RedHat’s support is something I don’t have exp with, but people who use/abuse linux is) are so much nicer about it (in my experience). Blaming Microsoft for putting out bad products is not the wrong thing to do, in any sense.

**

That always bugged me, if you’ll excuse the pun. Why would they do that? Am I missing something important? Is there some ease-of-use thing that they did that would make it seem worthwhile to cripple Windows this way? And I’m looking for a balanced answer - instant M$blame doesn’t work on me, despite my bias. I really don’t get this one.

**

This is an important distinction, which I don’t see made often enough. A lot of people will simply denounce it outright as totally lost, without trying to configure it properly. On the other side, however, claiming that ‘if configured properly, it’s safe’ (whether it is or not) is pointless if you don’t account for the fact that users frequently don’t even know HOW to configure it properly. My mother-in-law certainly doesn’t know what to do with her new computer, she’s downright (literally) afraid to touch it. She’s not changing the defaults, that’s for sure. So who’s to blame for her computer being open to every attack in the book (it isn’t, now, but that’s because we got to it, not because it wasn’t to begin with)? The people who made the OS and apps, of course.

Sure, the kids who write the crap are to blame for their actions. But the programmers/company who wrote the holes into the software in the first place have a great deal of that responsibility too.

-Elthia

I don’t wear a helmet and flotation pads when I swim in the pool; but I don’t dive into the shallow end either. Sure, Microsoft is to blame for this, perhaps as much as the kiddie who wrote the script is. But what we’re talking about here is an individual who intentionally designed a malicious program that damages other peoples property. That’s a crime in most places. Whether or not Microsoft is criminally negligent for John Holmesing their OS down the world’s throat with gaping security holes as a “feature” is another matter entirely, in my opinion.

And before this thread gets yanked to the Barbecue Pit, I’ll answer handy’s question: yes, it is disturbingly easy to change all of the script and filenames to something else which may or may not be recognizable to anti-virus software. In less than fory-eight hours, the worm was rewritten to appear under the names “fwd: Joke” and “mothersdaygift,” and a lithuanian subject. From what I can discern, it requires just about as much work as you would put into writing a form letter. I think it is possible to write in a “mutation script” as well, which would slightly change the filenames so that they escape detection from e-mail filters. I’m not sure about anti-virus software.

The Internet is a place where everyone carries a gun; only those who pull the trigger get hanged. Sueing Microsoft for making a bad, wide-open product is about as sensible as suing Colt for making the handguns that kill people. Keep that nonsense up, and the last lawyer on earth will finally discover that he can’t sue a vine for being made into a cudgel.

Sure. Remember the gnu/emacs bug?

You should do more research before demonstrating your anti-Microsoft bias. Neither Outlook nor Outlook Express default to running executables or script files. They must be double-clicked by the user as an indication of their desire to run it. This guy simply tricked a lot of people into running his vbs script.

The only thing Microsoft is guilty of is providing a lot of power in their scripting host, and getting a lot of people to buy their software. Power and ease of use are good things, even if a few anti-social types misuse it.

It is most certainly ease-of-use. Microsoft, like many businesses, tries to expand it’s market. Since it already has a vast majority of the PC users buying it’s products, it has to target current non-PC users to do this. This is why we have Windows 2000 and not DOS 9.0. Now, since these newbie users don’t have a clue what an e-mail attachment or macro is, Microsoft enables them to run automatically so they won’t call tech support and complain about how they can’t see their attached e-mail picture of their new grandchild (or how to run the Word macro someone gave them). The downside to this has already been demonstrated.

Scott Adams put it well in The Dilbert Principle… In marketing, there are four market segments: the dumb rich, the smart rich, the dumb poor, and the smart poor. The dumb poor won’t be able to buy your product, the smart poor will figure out a way to get it for free, and the smart rich will just buy your company and fire you to make it more efficient. Therefore, marketing is always directed toward selling your product to the dumb rich…

Of course, another lovely thing this script does is add itself to the Windows registry - which means it gets to run on startup. This doesn’t take effect until after the script is run for the first time and the machine is rebooted.

Too bad the usual uptime on a Windows machine is about 24 hours before you get the BSOD. =)

(OBMSGoofup - In Windows NT, Microsoft recommends that you disable the screensaver on any machine you’re using as a server. Why? Because NT gives CPU priority to whatever is running in the foreground, even if it’s something trivial. Your nice 3d rendered swirly screensaver would reduce the speed of your IIS webserver to a crawl… and you can’t tell the machine that the webserver is more important than a screensaver.)

Let’s try it again…

As I said above, email attachments do NOT run automatically, except for pictures. No one as of yet has found a vulnerability in the picture decoding and exploited it. So just viewing the email won’t activate the virus. It might be possible to create an email that would do this thru the html encoding, but I don’t want to give ideas to any would-be troublemakers.

Word macros, exe and vbs files all must be opened by the user and do NOT run automatically from email. You can blame Microsoft for writing a popular, powerful, easy-to-use operating system, but they shouldn’t be responsible for destructive code by others.

harcore, your statement is incorrect. Please verify your statements before posting, because with computer viruses, giving false information can have unintended consequences.
From an article in Computerworld, “Love” virus includes password-stealing Trojan Horse, By Ann Harrison, 05/04/2000:

Arnold, perhaps you should do some research before implying that I haven’t. I have various flavors of Outlook and Outlook Express installed on multiple machines with Windows Scripting Host, and I have tested them all. None of them run vbs files automatically in any preview pane, regardless of what ComputerWorld suggests. Maybe there is some combination of product configuration and software version that does run vbs script files automatically, but I have yet to find it and I do this for a living.

Have you found any version of Outlook/Outlook Express that runs vbs files automatically?

I too was under the impression that Outlook/Outlook Express might possibly run a vbs script from either the preview pane or opening the e-mail without having to run the attachment, as this is the word that’s going around. I apologize if I was indeed in error for believing a little of the paranoia. But I was certainly willing to believe it when I know most versions Word and Excel can run VB macros by default when opening a document. (Which is a really bad idea, given the things Excel/Word will let you do with a VB script.)

An interesting question, though, is whether or not Microsoft has a duty to protect novice users (from these kind of clever tricks) if that is who they want to buy their products?