As many of you know, the Straight Dope Message Board today revoked the posting privileges of the (now former) member known as Jack Dean Tyler.
A few minutes ago, the message board staff received an email from an address associated with that former member which we believe contained a virus of some sort.
We’re still trying to sort things out to figure out exactly what is going on, but for now, please exercise caution in opening emails from sources not familiar to you. As we are able to share more, we will update you.
Please bump this thread from time to time to keep it near the top of the page until we can get the “announcement” function working for us. Thank you.
Can you say something about the nature of the virus? Is it an attachment with an .exe, .vb, .doc or other known extension which you would normally exercise caution about opening anyway? Or is it sneakier?
I’m sorry, I just don’t know the answer to that, yabob. I’m not even sure it was a virus. All I know is that it set both ActiveX and Norton Anti-virus off. It message I got from my Norton was “The virus WScript.KakWorm was detected in an Internet transmission using the BINARY protocol.” And that ActiveX said "“An ActiveX control on this page is unsafe.”
Aside from viruses, while we’re on the discussion of e-mail perils.
I can feel fairly smug that I’m running linux, and therefore fairly immune to the usual slew of viruses. However, when using HTML parsing browsers, you can still give away information you may not want to provide. An e-mail can contain cookies, evil javascript, or even applets with stuff like Brown Orifice built in (Netscape 4.72 java security hole).
I use a cookie filter (JunkBuster) as well as turning off java and javascript in my mail client.
This still leaves the possibility of associating an IP address with my e-mail address through the use of 1x1 invisible gifs.
Ah well, use Pine for suspicious e-mails.
I’m still curious exactly what was meant by “virus” though.
Before someone corrects me.
Netscape 4.x security hole.
and by 1x1 gifs I mean <img> tags which point to a CGI (web bug).
Hm. actual content in here while I’m bumping the thread…
Are the admins planning on nailing this guy?
Me I’d reply to the address (if it is a valid one) and insert one of the aforementioned security compromisers in an e-mail just to get more information (a legal security compromiser, a cookie or web bug). Hey manhattan, give me an e-mail address and I’ll start the hunt.
:shrug: This week. DOS/Windows used to be immune to viruses, too. So did Palm OS. If Linux really catches on, then I can guarantee you that someone will start writing viruses for it. It’s entirely possible that someone has but it hasn’t spread enough to make the news or The Wild List. (I’m not Linux-bashing, just making sure that no one gets the impression that any OS is invulnerable to viruses by design.)
I’ll third (fourth?) the recommendation that everyone treat all emails from unknown sources with any kind of attachments as suspicious. If your mail client contains a setting for automatically running ActiveX controls or opening attachments, then for the love of God turn it OFF.
If they caught it through Norton, Symantec’s knowledge base has a pretty good info on this one, which I’m sure the SDMB techs are utilizing. For anybody else that was curious, like I was:
Agreed. Linux users tend to have a few advantages though:
We are usually fairly paranoid about binaries.
No linux mail software that I know of runs scripts or binaries outside of a “sandbox” (javascript or java fashion).
3a) Users in linux have traditionally very limited access, viruses can only harm their files, which are generally a small set of system files.
3b) Gaining greater access is generally more difficult, and security holes are often quickly found.
Sendmail is easily configured to drop files matching certain patterns.
Virus: Piece of executable code that makes and sends copies of itself. It may or may not have a payload, a destructive section of code that specifically causes problems. But even if it does not, it still ties up so much of your machine in its own self-replication as to crash it. Technically, little of what you get are viruses in this sense.
Trojan horse: A malicious piece of code disguised as something else. Most, if not all, of the malicious pieces of code you get by email are in trojan form. Trojans require special activation, meaning you can read the email and be safe as long as you do not view or execute attachments (Executable code can be hidden by giving it a name like ‘foo.jpg.exe’. All you see is ‘foo.jpg’, making you think it’s an image file.)
Worm: Made famous by Robert Morris, Jr., worms are programs which reproduce by copying themselves over and over, system to system, using up resources and sometimes slowing down the systems. They are self contained and use the networks to spread, in much the same way viruses use files to spread. Some people say the solution to viruses and worms is to just not have any files or networks. They are probably correct. We would include computers.
Logic Bomb: Code which will trigger a particular form of ‘attack’ when a designated condition is met. For instance, a logic bomb could delete all files on Dec. 5th. Unlike a virus, a logic bomb does not make copies of itself.
