Hmm – can anyone confirm this? It looks to me like mydoom.b can only run if your computer is already infected with mydoom.a; and Symantec’s page on it doesn’t even suggest this capability. I’m not sure how such a program could work, anyway.
Daniel
Larry,
To turn off the preview pane in Outlook Express, click “view” on the menu bar, select “layout” and uncheck the “show preview pane” box.
Voila!
Nope, the authors just put their executable files in zip archives, in order to get in under the noses of more filters. After all, someone who would be incautious enough to open an attached executable file is just as likely to open an archive and then run the executable it contains.
One of the advantages of Thunderbird is that, being freeware, they felt comfortable enough in totally ripping off the “Look and Feel” (heh) of Outlook. Take a peek at this screenshot. Look familiar? Everything is exactly where an Outlook user would expect to find it – except that it has the added bonus of decent security, and junk mail controls that actually work.
[/zealot]
Nope, it’s a stand-alone-- but the author of that Yahoo article was most likely confused. Email infections by mydoom.b still depend on incautious users.
Guy Incognito– By golly, look at that. 
This is not true. B uses a backdoor from the first one, which you don’t get if you don’t open random attachments.
I’ve always thought you have to be on the denser side to get a virus from opening an email attachment. It’s a pretty straight forward proposition, I’m amazed people still fall for it.
I know that more needs to be said than “Don’t open attachments”. And that viruses might be capable of infecting in other ways.
The thing that annoys me is that opening attachments is the MAIN way that these viruses are a worldwide problem. It’s the main reason that they make the news. It is partly the fact that they make the news, and the back-to-front way the news covers them that bugs me…
The make out that virus writers are mysterious scary intelligent shadowy figures and that they can infect any computer they want, that the ‘problem’ is not related to the user’s activity.
The truth is - virus writers are mostly just geeks with the ability to program, and the ability to follow instructions from other virus writers, and who RELY on idiots who will open their attachments. There may be some ‘clever’ ones out there, but the majority of these viruses being e-mail attachments, despite the negative hype about e-mail attachments being potential viruses, suggest to me that the writers are/were not clever enough to use other methods.
The news should state that the problem is not that there exist malicious people who can write programs, the problem is that there are uninformed people who continue to open attachments.
This is possibly the Outlook Express security hole that Mr. Hyppoenen was thinking of. (Mydoom.b does not attempt to exploit it, as far as I know.)
I would hope that most users have patched that by now. (Of course, I hope for World Peace, too.)
Hey, I never said I opened attachments did I? I NEVER open an attachment via OE, even from someone I know. I’ll go to my Yahoo account for that, and I certainly won’t download anything without scanning it at the very least, and then only from people I know, and files like pictures from Dad for instance. In fact, Dad almost never forgets and sends me attachments via OE in the first place. It is important to keep your virus scan engines updated, and TO RUN THEM! It IS possible to create a virus that does not need an attachment to activate, (click a “card” or “fun page” link for instance, and it goes from there) is it not? That being said, where is the ignorance in my statements?
Did you even look at the article as others have done, World Eater? I wonder if you didn’t misquote me, when you meant to quote Larry Mudd? He said
Screw that, most of them are so called “script kiddies” who have very limited programming knowledge. They use programs to generate code, or cannibalize existing code.
I think World Eater did read the article, Zabali.
The article contains misinformation:
Not true.
Mydoom would be a total non-issue if common sense was, well, common. In short, “Don’t fucking open (suspicious) attachments!” And, to a lesser degree, “Don’t run fucking files you find on P2P networks that are obviously worms!”
Really.
I suppose you could get fucked by a malicious Active X or Javascript, but 95% of viruses come in your email as attachments. If people weren’t so stupid, the virus problem wouldn’t be anything compared to what it is today.
Sarc does make it sound like a standalone, but I got the impression that folks infected with mydoom.a could get automatically infected with mydoom.b, through a backdoor the first one installed. However, I read the article as I was leaving work, so I may not have been paying as close attention as I shoulda.
Daniel
Don’t do this. You are performing the same actions as the worm does, adding more worthless traffic to the Internet and alarming more people. The only diff between your manual worm and the automatic one is one of speed and volume.
Most worms running in infected computers now look for email addrs from a variety of sources, including names on web pages visited by the infected person at times in the past (from archive & deleted files, URLs found almost anywhere). They make a list of all the email addrs they can find, then randomly select two. One becomes the To addr, the other the FROM addr. So you can see how poorly related they may be. Only a “Kevin Bacon game” fanatic would see the connection.
I cannot agree with someone who says, “never open attachments.” There are very good times and places to do that. I was helping a friend diagnose a problem with his computer the other day, and had to send him a msconfig.exe file. Another time I had to send a sysmon.exe file, both legitimate utility files that come with Windows. Since I was on the phone with them at the time, it would be quite logical to open them. Unfortunately, my ISP has decided to block all EXE files by type thru email, so I had to rename them, and the recipient had to rename them back.
My ISP’s wisdom is to block all EXE files, but not ZIP, PIF and SCRs. And he blocks them for all clients even tho I’ve asked him to not block mine – he says he can’t discriminate. Since recent worms use ALL of these file type extensions, this is really stupid, but that’s his policy.
Not quite. Read again how I use aliases to determine the point of contact. Also know that I go off like a little Hitler to anyone who includes an email address of mine in a public CC:, so it basically never happens. I’m obsessively careful with my e-mail addresses that I get absolutely no spam in my inbox – if one of my aliases were compromised, I’d kill it.
My response is not a “manual worm” – it’s very specifically targeted, not some “HEY EVERYBODY THERE’S A NEW WORM OUT THERE! PASS IT ON!” Apart from that, it usually finds the (or possibly an) infected person within a day or so.
As far as I can tell, I’m doing everything right (from the perspective of a general public type, not a high-level computer geek), and I’m still getting infected with viruses. I got rid of all the spyware on my computer (including Kazaa/Gator, that bitch), I downloaded internet security programs from my ISP, I’m running on Windows 98 (which is lower than most viruses are written for, from what I’ve read), I don’t open attachments unless I absolutely have to, yet every time I run my virus cleaning software, there’s always something there, and I keep getting weird emails in my personal email address on Netscape.
I’m trying very hard to do the right things, but I’m running out of ideas for how to protect my pc better.
Dare I suggest people consider why I don’t want Outlook or Outlook Express in this thread?
So with hundreds of emails, one reaches a person who is infected with a virus. What are the odds? And how do you know that that person is the one sending YOU the baddies? You don’t. If your target is (anyone) who is infected, why don’t you set up a server to continuously send these kind of advisories 24/7 as a public service?
Meanwhile, non-infected people are being bothered by your (to them) useless messages. Pretty much what worms do – send out useless messages, usually with incorrect advice.
Unless your ISP blocks certain kinds of messages or scans for viruses, these cannot be totally stopped, and they certainly are not your fault. I get 300 worthless ones a day, 600 when a virus peaks. Dunno why you are getting infected, tho – are all your virus databases up to date? And just because AdAware finds a dozen cookies doesn’t mean you are infected with anything. Just delete them and move on. It’s part of computing in the ought-ought’s.
I am constantly amazed at how fucking stupid people are. Individually, I’ve never actually met these people, who don’t seem intelligent enough to get around on their own two feet, but somehow when you look at the overall picture, there are hundreds of them! Thousands! Possibly millions!
Slightly off subject, I used to play on online RPG where people would send in game email messages, supposedly from the administrators of the game, trying to get people to send them their password–a sort of lesser version of the Nigerian scam, or the Pen Pal fraud emails you sometimes see. People fell for this in droves. These messages were mispelled, incompetently written, and from people with in-game names like “DBZSSJGOKUKEWLKID.” And still–still!–it got so bad that the admins actually started filtering the word password: you couldn’t say it in game, or send it via the in-game email system. If you said your personal password out loud, the game would automatically crash. They made every single in-game letter sent contain a mandatory header, saying basically “[COMPANY NAME] WILL NEVER, EVER ASK FOR YOUR PASSWORD. Don’t give it to them, for Christ’s sake. You stupid fucks.” And yet people still managed to get “hacked” by freely giving their passwords out to strangers.
Unbelievable. People are just stupid.
I download the updated virus profiles before I do a virus sweep, and I switched from Ad-Aware to Spybot because AdAware couldn’t get rid of Gator (hockphoooey). It’s not the cookies I’m worried about; it’s the actual viruses that my anti-virus program is finding that worry me.
I have been advised to use both (adaware and spybot). They work with each other (not directly, what I mean is together they get rid of more stuff than alone)
Neither seem to be able to get rid of whatever is causing the ‘ad-serve’ popups I get occasionally (at random times, not when I do anything specific)
My advice to all newbies to the Internet:
If They Say It’s Free, It’s Not.
I really try to hammer the point home. Mr. Nobody is offering to make your downloads faster? Wrong, he’s trying to screw you. They wanna give you ten thousand dollars? Wrong, they’re trying to screw you. Setting up this crap costs money, and they’re out to MAKE money, so their goal is to confuse you, then scare you, then offer you a solution to a problem that you didn’t know exists until you opened that piece of Spam.
Helped keep my mother from downloading the likes of Cometcursor and anything Gator-related…