View Full Version : Pain in the butt virus

09-21-2003, 10:06 PM
I have been getting swamped for the past 4 days with email infected with WORM_SWEN.A. Some messages pose as Microsoft security bullentins, and some as returned messages. Any one else getting hit by these? I would guess that someone who has me in their address book is infected.

09-21-2003, 10:52 PM
Been getting them for weeks... especially the "Microsoft - Use this patch immediately" one.

09-21-2003, 11:02 PM
I've been getting over a HUNDRED such posts each day -- many of them having to deal with "patches" and "Microsoft".

This has become a much more nuisance than the "Blaster" virus that we dealt with earlier.

09-21-2003, 11:53 PM
Or Sobig.F, don't forget.

09-22-2003, 01:11 AM
This is another good reason that the makers of these should simply be taken out and shot.

09-22-2003, 01:49 AM
I had three Klez attachments on Friday as well.
Norton caught them but this is rediculous.

09-22-2003, 01:59 AM
I seem to get hit with both the MS buliten and the unable to send error a couple times a day. Arrrgh

09-22-2003, 04:12 PM
As soon as M$ fixes Outlook so Virus and worm writers cannot just use the address book, the problem with lessen. Until then, well were stuck.

09-22-2003, 05:29 PM
This is the primary reason I'm considering buying an iMac. Any Mac users out there that are having virus problems?

09-22-2003, 05:53 PM
</font><blockquote><font class="small">In reply to:</font><hr />
This is the primary reason I'm considering buying an iMac

[/ QUOTE ]

That will only help to prevent your computer from sending these viruses, it won't do anything to stop you from getting them.

Too many people who use computers these days are too stupid to keep their antivirus systems up to date and use them or keep Windows up to date (which Microsoft's pretty much made that idiot-proof). They are the reasons why these viruses spread so rapidly and so often.

Of course, many of these people don't even use antivirus software or even know what it's for; despite the massive amounts of publicity that computer viruses have received in the news over the last several years.

09-22-2003, 06:06 PM
</font><blockquote><font class="small">In reply to:</font><hr />
many of these people don't even use antivirus software

[/ QUOTE ]

I don't use any, am I an idiot? 15 years using computers and not one infection yet. /forums/images/graemlins/laugh.gif

The viruses are spreading fast because of a couple of reasons, one of those is the newbie user who happily clicks on any incoming attachment. The other reason is the exploitable nature of Windows makes it pretty easy and as the virus/worms gets better the quicker they propogate over the public network.

As for the Mac question, you would be pretty safe from getting infected (especially with the new OSX being BSD based), but you will still get the viruses in email from the infected Windows systems. Unlesss that is you use an ISP smart enough to filter all that crap out for you.

09-22-2003, 06:14 PM
</font><blockquote><font class="small">In reply to:</font><hr />
That will only help to prevent your computer from sending these viruses, it won't do anything to stop you from getting them.

[/ QUOTE ]

Who cares if you still get them.
If you can't spread them and they don't infect your system then why worry.
They turn into just another form of spam at that point.
Just delete and it's gone.

09-22-2003, 06:16 PM
Viruses are written for any OS. There are viruses for Mac or Linux. The reason M$ is picked on are -

Many security holes. Many holes don't have patches after a year.

People not applying patches when they do come out. This could be for various reaons such as to hard or no guarentee that the patch won't screw up your system. Or not wanting to agree to M$ doing what they want with their computers.

Outlook. What an easy way to get a list of new addresses to send to. And it is automatic, how easy.

Majority of people use Windows.

Look at some of the links in M$ conspiricy (http://www.canadian-tv.com/forums/showflat.php?Cat=&amp;Board=Offtopic&amp;Number=122286&amp;pag e=0&amp;view=collapsed&amp;sb=5&amp;o=7&amp;fpart=1) thread.

My wife uses Mac at work. I use Linux at work. We use Linux at home.

I was trying to convince my wife to go to an iMac at home but she wants to stick with Linux.

09-22-2003, 08:03 PM
</font><blockquote><font class="small">In reply to:</font><hr />
Who cares if you still get them.
If you can't spread them and they don't infect your system then why worry.
They turn into just another form of spam at that point.

[/ QUOTE ]
My point is that when it comes to viruses like Blaster, where people are getting hundreds of these things clogging their inbox and wasting bandwidth, using a different operating system won't help you. In this case, getting the emails gets worse than actually being infected with the virus.

09-22-2003, 08:19 PM
</font><blockquote><font class="small">In reply to:</font><hr />

I don't use any, am I an idiot? 15 years using computers and not one infection yet

[/ QUOTE ]
Maybe not an idiot, but just lucky.

Face it, nobody will ever be 100% protected from viruses. Don't kid yourself in thinking you'll never get infected; that's just a false sense of security. No matter how many steps you take to ensure that you don't get infected, like not opening attachments, not anything from the internet, there's always a chance of infection.

It's possible you could a virus on your computer and not know it because you don't have any virus protection. It could be simple as a virus that is embeded into a single file you've had for a long time that's been benign.

My point is that everyone should have virus protection, no matter how careful they think they are. Having such a false sense of security could come back to bite you in the ass someday.

09-22-2003, 08:21 PM
</font><blockquote><font class="small">In reply to:</font><hr />
I don't use any, am I an idiot? 15 years using computers and not one infection yet.

[/ QUOTE ]

How do you know? I loaded up NAV on my machine (which was working fine) and it found a half dozen.

09-22-2003, 08:27 PM
today is really really bad ... must have received at least three of those nasty microsoft aka Swen virus today in my email account.. keep coming and coming and each time McFee has to flash up it's red screen "a virus has been deteched an cleaned".. Right now I can't get my email account to finish it's download of mail...err I mean ":spam" as I sense there are two back to back spam virus and the system can't clear it before the next one plugged the download.. This is the worse day for this I have ever experienced as I only hope server Telus can get on to it in some capacity. So, even if you are protected, your screwed in the end ..and being on dial up it;s slow enough without this crap.

09-22-2003, 08:41 PM
</font><blockquote><font class="small">In reply to:</font><hr />
My point is that everyone should have virus protection, no matter how careful they think they are. Having such a false sense of security could come back to bite you in the ass someday.

[/ QUOTE ]

Luck my ass, it's called proper use of your computer, knowing what does what, learning how to use the thing. The best start to remaining virus free is to ditch Outlook Express/Outlook in favour of a more secure email client, ditto for IE, I rarely use IE and usually it's just for testing out pages.

Yes there is a slight chance I could get infected, but I help fight that chance by using Mozilla, OpenOffice and other apps that are just not as exploitable like MS apps are. I don't use the P2P apps, I don't download pirated software, I don't accept dancing Santa Claus apps from friends and relatives, I generally know what I'm running and installing. Add to that my firewall notifies me if any app attempts an external connection, which then I mostly block since no apps need to notify home base every time I open it as far as I'm concerned.

As for everyone running an anti-virus app, you've been listening to the anti-virus app vendors a little too much. Over my time using these things I've had two occasions where I've trialed the latest McAffee/Norton/Etc. apps and frankly I didn't enjoy my system slowing down a measurable amount because of them. And let's not forget the McAffee Win2k bug where it would just randomly delete entire mail folders with no chance of recovering them at all.

The latest viruses that swept the net had propogated long before the anti-virus companies even had time to issue an new definition to catch them. I'd say there was a glaring false sense of security right there.

At most I may make the occasional visit to housecall.antivirus.com and do the online freebie scan, but that's about it. Oh, and I do have a DOS version of F-Prot that can do it from a floppy boot.

I do recommend that newbie/clueless computer users run anti-virus apps as you are correct that they need as much protection as possible, but more often than not you can't protect them from themselves anyway. This latest Swen virus for example propogates by relying on the dumber users to truely believe that Microsoft would email the latest patches directly to them. BTW, I saw this virus in the wild about a week before the anti-virus apps had protection against it.

09-22-2003, 09:14 PM
</font><blockquote><font class="small">In reply to:</font><hr />
How do you know? I loaded up NAV on my machine (which was working fine) and it found a half dozen.

[/ QUOTE ]

See my post above this one, I know my computer and take user precautions. I actually just scanned using Housecall today and it is clean as a whistle.

How many of those NAV warnings where false alarms? Unusual for a virus to be causing no ill-effects on your system, kinda makes it a pointless virus. I have an old copy of Quake2 on a partition that always triggers a false alarm on McAffee and Norton.

My wife doesn't even use a AV suite on her Win98 machine, she's just been taught not to go opening unknown attachments.

If your surfing habits are mostly visits to reputable websites you have little to worry about. If you lean towards porn and pirated software/music/movies sites then you are at a higher risk.

09-22-2003, 10:36 PM
Sorry BCT, but I think you're being a little naive on this one. I know you are an experienced computer user. So am I. I've been using PC's since the early 80's, and I've been a professional software designer for 15 years. I run a virus checker because I know how easy it is to write these things.

OpenOffice and Mozilla are just as exploitable as Office and IE, they're just not as commonly used, so they aren't attacked as much. Same can be said for Linux (which is my primary OS), MacOS, FreeBSD, Solaris/SunOS, HPUX, OSF, or any other OS you want to name.

Do you enable Java or JavaScript on your browser? Well, there is a hole for a virus to slip through. Do you download open source / shareware / freeware applications (I think we've already determined that you do). How can you be sure the files you download aren't infected? Viruses have even been found on commercial software CD's (not common, but it has happened).

Sure, being careful has helped you, but I think there is a certain amount of luck involved. It's probably just a matter of time before you get your first.

09-22-2003, 11:17 PM
I don't run a full time virus scanner on the systems, I will occasionally have them scanned though.

Let's see, in general I stick to certain apps that work well for me, first company that ships me a virus infected CD I'll sue for damages or at least the price of the CD back /forums/images/graemlins/smile.gif

We both know that any freeware or OSS app with a virus/trojan is quickly discovered by the community anyway. As a rule I generally download direct from authors site as well.

I don't even know if I installed JAVA in Mozilla, I think I did but I don't use it much at all anyway as I steer clear of JAVA sites normally. It is useful in some places though but those are trusted sites.

I'm not claiming I'm invulnerable, it could happen but so far it hasn't. I keep Windows up to date, don't go to underground sites, steer clear of IRC, etc. and use alternative apps that aren't as exploitable.

</font><blockquote><font class="small">In reply to:</font><hr />
OpenOffice and Mozilla are just as exploitable as Office and IE

[/ QUOTE ]

Back that up with some facts please. Both apps have full source code available for you to peruse and find these exploitable holes, I'd like to hear your findings as they can be forwarded to the respective coders and be plugged by nightfall.

Social engineering flaws don't count /forums/images/graemlins/smile.gif

Mozilla's mail client won't let an attachment auto-execute, read the address book and mail itself off to everyone in it. That was the biggest major exploit in Outlook, it would even do it in the preview pane.

I don't think OpenOffice runs Office macros, less chance of a virus getting in that way, if it does they likely are only semi-supported.

Granted there may be less people using these apps therefore less crackers writing code aimed at attacking them, but couldn't it also be that there are more eyes on the actual building blocks that have helped stamp out these holes to begin with?

This is an old argument that is mostly MS FUD, when Nimda appeared Apache was the most used web server on the internet and yet Nimda was aimed at an exploitable IIS flaw. It wasn't because more people used it, it was because it was exploitable to begin with.

09-22-2003, 11:49 PM
Sorry, but I have neither the time nor the inclination to pour through thousands of lines of source code looking for bugs which can be exploited. That's what I do at work, and I am well paid for it. And even if the code is bug free, is the compiler? How about the libraries? Highly doubt it.

Any software beyond "Hello World" has bugs, and it is these bugs that allow crackers to create their viruses. Don't fool yourself into believing that just because the code is available that it is free of bugs which can be exploited.

09-23-2003, 01:10 AM
I am up to over 30 a day now. This has been going on since Thursday, but I cannot believe that the person with the infection doesn't know he (or she) has a problem.

09-23-2003, 03:14 AM
I'm still stuck as each time I try my email all I get it the virus and pile behind it is building in numbers.. then the server terminates my downlad..I have setup a hot mail account and notified my small group of the change coming. I anticipate that I may have to dump this telus. outlook express account real soon. I fought the battle with the spam, but this virus thing is taking its tole and I'm ready to admit defeat. I would think your contacts are all in the same boat..

09-23-2003, 03:22 AM
</font><blockquote><font class="small">In reply to:</font><hr />
Any software beyond "Hello World" has bugs

[/ QUOTE ]
I have seen simpler code that has bugs. /forums/images/graemlins/shocked.gif

09-23-2003, 03:29 AM
If Telus is your ISP, you can go to the webmail page to view your email before you download it to Outlook Express. It is easy to distinquish the virus infected messages from the legitmate ones, and you can delete the bad ones before you open Outlook Express.


I have a suspicion that there are new variants of this virus spreading now. I just received 2 new emails that have suspicious attachments, but PC-cillin did not detect the attachments as viruses.

09-23-2003, 03:58 AM
thanks, I had forgot about this as only used this once in awhile when at someelse's system. yes had about three of them back to back.

09-23-2003, 12:14 PM
Is there anything common about the messages, other than the virus? Do they all have a similar subject, or is the text of the message the same? If so, why not setup a rule in Outlook Express to delete it. You can even tell it to delete it from the server, so it won't even download it to your PC.

09-23-2003, 12:21 PM
While my record doing without AV software is not so good as BCTripster's, I agree with his assessment. AV software is, quite frankly, a time comsuming nuisance. I was getting only false detections and gave up on it years ago.

If you know what you're doing there is minimal risk from these things. Protecting yourself from the effects of infected machines is a different matter . . . mail from Sobig F infected machines drove me nuts although I never was infected.

I am no fan of AV software. I will admit to one infection over the past 7 years. Maybe AV software would have stopped it . . . maybe it wouldn't. The trick is to know what you are doing. If you don't perhaps you do need AV software. I don't need it. So I'm an idiot.

09-23-2003, 06:41 PM
If someone is infected with these viruses, does it leave a copy in the Sent folders? , if they have that option checked that is. I"m also getting 20 a day now and am trying to figure out a way to find out who there coming from.

09-23-2003, 06:43 PM
Hey Mowitch, cant you set up Mcafee to auto delete or quarantine the files without notifying you? This is an option in Norton, it used to pop up a window with each file, but now I have it set to silently quarantine. Then I can go into Norton and look at the files and delete them.

09-23-2003, 06:54 PM
Depends on the virus, but most don't.

09-23-2003, 08:19 PM
McAfee 6 auto deletes everything without you knowledge or consent. POS software, got 40 bucks for it from NAV when I switched. NAV 2003 works like a charm and won't slow down your PC like previous versions did.

09-24-2003, 04:32 PM
</font><blockquote><font class="small">In reply to:</font><hr />
I"m also getting 20 a day now and am trying to figure out a way to find out who there coming from.

[/ QUOTE ]
Look at all the header information. You should see something like
Message ID: &lt;RFG_2003-09-22-1606905-20030906590@listserv.vertmarkets.com&gt;
which will include the default mail server where the message was created.
Other detail can be seen that may give you a clue in who sent it. I have read that some of these viruses and worms use their own mail program which will forge false headers but there still may be some details in the header.

I have my filters setup on my Mozilla mail program to eliminate most spam and junk to my trash folder. Any message in the Trash folder not marked as read is tagged. I can then quickly scan for unread messages and see if I should delete them.

I use the same technique at home and at work. The firewall at work catches most junk but my spam filters catch even more.

09-25-2003, 06:05 PM
The tools to stop spam attacks are going to get fewer due to attacks against that anti-spammers.

Spam Attacks Claim Two More Victims (http://www.cbronline.com/latestnews/00eaa46e5d9bb5da80256dac0018ce87)

The spammers are doing what they can to continue their practice.

09-25-2003, 08:59 PM
Of course, if people were smart enough to keep Windows updated and have a firewall in place, these computers wouldn't be infected with zombies and wouldn't be used for these DoS attacks.

Maybe all computer users should have to have proof of competency before being allowed to put their computer on the internet. That should help out society a lot by helping to keep the technologically stunned people from being able to make their machines become controlled by viruses, trojans or zombies just because they installed something they didn't even know what it was for or opened that attachment from a complete stranger.

09-26-2003, 01:40 AM
"Criminal Spam Act of 2003" (http://story.news.yahoo.com/news?tmpl=story&amp;cid=582&amp;ncid=582&amp;e=1&amp;u=/nm/20030925/wr_nm/tech_spam_dc)

Maybe jail time would cut down on spammers ambitions. Then again, it would likely just drive them to jurisdictions where no such laws exist. Like I said previously, in order to be effective, all countries must enact antispam legislation.

On a positive note, my virus flood suddenly stopped as fast as it started. Whoever had the infection apparently finally figured it out.

09-26-2003, 03:58 PM
The problem still lies in M$ not providing a secure product in the first place. In the UK the cost of broadband is high and updates used to be supplied with magazines. Not now so people in the UK won't be doing the update when it is in the hundreds of Mbyte size. True dial-up users are not the biggest problem but when the patches are almost the size of the original installation disk, there are problems.

Here is a link on this issue of updates, patches and M$ woes. Behind Microsoft's latest PR blitz (http://news.com.com/2010-1002-5081234.html?tag=nl)

Money won’t win this war. Nor will additional security tools or yet another PR blitz. People are already voting with their pocketbooks buying more and more Linux--and security is a big reason why. The only way Microsoft can hold its own is to fundamentally change the way it writes, tests and packages its code. The company must think security first, integration second and abundant features a distant third. To do this, Microsoft must separate its code base, test and retest code for security, and then guarantee some level of quality for its products.

In the above quote from the article,the point of testing is made quite clear.

09-26-2003, 04:12 PM
More info on DDoS attacks shutting down anti-spam lists and filters.

Attacks prompt shutdown of antispam lists (http://news.com.com/2100-1032_3-5082728.html)

Sobig linked to DDoS attacks on anti-spam sites (http://www.theregister.co.uk/content/56/33059.html)

I was also reading usenet list and one of the things about this virus is that it forges return address headers so if the message gets bounced, many people get responses and thus helps spread the virus.

09-29-2003, 04:23 PM
And there are more warnings about holes in Windows and related programs.

IE holes lead to AIM, dial-up attacks (http://news.com.com/2100-7349_3-5083234.html)

Worms sent via IM pose serious, growing threat (http://www.infoworld.com/article/03/09/26/HNimworms_1.html)


New Windows holes, dangerous music (http://www.computerworld.com/securitytopics/security/holes/story/0,10801,85291,00.html?f=x584)

The problem with integration is that it creates many ways for hackers to exploit the system to cause nothing but headaches and stress for users. M$ is making it easier for hackers to hit you.

10-03-2003, 06:34 PM
Viruses are going to get harder and nastier in the future. Of course the time line between a hole being discovered and an exploit being used is getting less and less.
The Blaster worm, for example, appeared only 26 days after the vulnerability it exploited was announced.

Worms spread faster, blended threats grow. (http://www.theregister.co.uk/content/56/33151.html)

10-03-2003, 07:28 PM

back in court for Micro$oft /forums/images/graemlins/smirk.gif

10-04-2003, 04:14 PM
I completey agree with BCTripster. I've never been infected by a virus ever since I've been using computers. I'm not lucky either. like BCTripster I just use the computers properly.

10-04-2003, 04:36 PM
I use computers properly too but I am not so smug. I have not had my home PC infected with a virus but I have discovered emails with viruses that I was unaware of. Outlook hid the infected attachments from me and they showed up after I scanned my email file one day. I performed regular scans of my system but for some reason the email file was not scanned. If I were aware of the attachments, I most likely would not have opened them but would have deleted them and alerted the senders. It shows that you may not always know what is on your system even if you are careful.

I had a work computer infected by a time sheet macro that was distributed by someone in the company. The macro had bugs that I had to fix too. They call that progress. Go figure. /forums/images/graemlins/confused.gif

10-04-2003, 05:17 PM
I don't have an antivirus either...

Never needed one and probably never will.
I ditched IE and used Opera, not because of the holes, it is just easier and better than IE to surf the web.
I do use Outlook express for my email along with Spampal, which detects most spam and any email with attachments are ditched right away without even looking at them...

I got caught on the blaster virus though, because of the Winxp hole, so it was not my fault directly because I didn't cause the virus to be installed in my computer but rather me forgetting to check Microsoft update site for new patches.

I noticed right away that there was a problem with my computer and within the hour it was fixed.

Virus are a big pain, but they are a huge business for the antivirus software.
If I need one I use one of those online ones just to make sure my computer is clean.

As for having an antivirus installed in my computer??
For what? To slow down my already slow computer? /forums/images/graemlins/smile.gif
And like Bc said virus usually show up before new definitions file are out, so waste of money there.

10-04-2003, 06:02 PM
Virus scanners only slow the system down if real time scan is enabled. I leave that off if a slow down is encowntered. It happens but is rare.

How do you know that the online scanner is up to date and that it is catching everything? Like I said, my system scan did not catch everything, including old viruses. I have had scanners trap malicious scripts on web sites before they infected my computer. The online scanners will not do that. I hope you have ActiveX disabled. /forums/images/graemlins/crazy.gif

10-06-2003, 06:16 PM
My first Virus was on a brand new computer. I was trying to install Linux (Slackware) but it couldn't write to the MBR which had a virus on it. The computer shop blamed me except none of my floppies (before CD's) had a virus.

While my wife was in UofGuelph, I was looking at getting a notebook for her. I went into a brandname store (I cannot remember the name and I think they have been purchased by someone else) to look at their packages. The next day I went in for more details and none of their computers were working. They installed the updates from the manufacturer and it had a virus. All computers comming off of the production line had a virus.

At work when I used Windows, I ran an antivirus program and it caught the KLEZ virus trying to be installed on my system over the network. One other person became infected and it was trying to install on one of my shared folders. The computer people were trying to trace where the virus was coming from. This is one good place for honeypot systems to find a computer that was trying to spread viruses.

10-06-2003, 06:31 PM
For those looking for a free antivirus solution, visit www.grisoft.com (http://www.grisoft.com).

10-06-2003, 11:25 PM
Software and hardware companies have sometimes unknowingly distributed viruses. One company even released a major CD-ROM software package with a virus. One of the most common sources of worms and viruses is business. This is due to their reluctance to install software updates in a timely manner. Many businesses wait weeks or months before allowing their IS employees to install updates and patches plus they prevent other employees from doing so.

AVG from Grisoft seems to be a decent package now. There was a time when it was updated only once a month and it allowed many worms and viruses to go undetected between updates. I would keep track of how often updates occur. Once or twice a week is a minimum these days.

10-07-2003, 04:37 PM
</font><blockquote><font class="small">In reply to:</font><hr />
Many businesses wait weeks or months before allowing their IS employees to install updates and patches plus they prevent other employees from doing so.

[/ QUOTE ]
Or get swamped by the number of updates and patches and the problems created by some patches and some software. Many businesses want to ensure that the patch/upgrade won't affect their day-to-day operations.

What many businesses don't relize is one hole in the restrictions for access to teh outside world and the whole internal network is dealt a virus.

10-07-2003, 10:10 PM
I have seen businesses running software that was years out of date with obsolutely no security in place. Security was so bad you could mount internal shares from the internet. Many employees routinely ran software with accounts that had the highest privileges. Worms and viruses often showed up in emails and office files. Security on network shares was so low that anyone could delete or change any an entire disk of data, and sometimes did. This was a "hi-tech" company, for Canada anyway. Go figure. No wonder we are losing jobs to India.

12-04-2003, 07:53 PM
Now the spammers are using viruses to get their message out and to attack the "antispam" sites.

Virus deploys sinister trick against anti-spammers. (http://www.newscientist.com/news/news.jsp?id=ns99994448)

A computer virus, thought to have been created by computer spammers, uses a sinister new trick to harass anti-spam organisations via email.

12-08-2003, 08:50 PM
I got one of those emails Saturday for the first time.

It said:

Good afternoon,

We are going to bill your credit card for an amount of $22.95 on a weekly basis. Free pack of child porn CDs is already on the way to to your billing address.

Here's the best part:

I you want to cancel membership and your CD pack please email order and credit card details to security (at) europe.spamhaus.org

Then they list a series of websites including Disney. I must admit, this one threw me for a loop at first. Now that I've read the article linked above, I understand.

They're really stepping it up. By the way, I use Cloudmark for spam. The only reason I even saw it was that it had the subject: "We're Going to Bill Your Credit Card"