Another Windows worm on the way: Mimail.q

Discussion in 'NZ Computing' started by steve, Jan 27, 2004.

  1. steve

    steve Guest

    This one looks pretty bad.

    Details here:

    http://www.kaspersky.com/news.html?id=3614506

    It uses a polymorphic encrupted key so that each time it starts up it looks
    different.

    This makes it hard for AV programs to detect and remove. They effectively
    need to de-crypt the virus each time.
    steve, Jan 27, 2004
    #1
    1. Advertising

  2. steve

    Lennier Guest

    On Tue, 27 Jan 2004 17:40:18 +1300, steve wrote:

    > This one looks pretty bad.
    >
    > Details here:
    >
    > http://www.kaspersky.com/news.html?id=3614506
    >
    > It uses a polymorphic encrupted key so that each time it starts up it looks
    > different.
    >
    > This makes it hard for AV programs to detect and remove. They effectively
    > need to de-crypt the virus each time.


    Before long they will have created a virus that really does live up to
    it's name - no antidote just like a real virus, and one can only wait
    until it's completed it's infection.

    Perhaps they should invent Anti virus software which functions just like
    the body's natural immune system - detecting, removing viruses and healing
    automatically.

    But wait - they'd be out of business - damn!


    Lennier

    --
    Brian Valentine - Microsoft's SVP for Windows development: "We
    really haven't done everything we could to protect our customers. Our
    products just aren't engineered for security."
    Lennier, Jan 27, 2004
    #2
    1. Advertising

  3. steve

    Gavin Tunney Guest

    On Tue, 27 Jan 2004 17:40:18 +1300, steve <>
    wrote:

    >This one looks pretty bad.
    >
    >Details here:
    >
    >http://www.kaspersky.com/news.html?id=3614506
    >
    >It uses a polymorphic encrupted key so that each time it starts up it looks
    >different.
    >
    >This makes it hard for AV programs to detect and remove. They effectively
    >need to de-crypt the virus each time.
    >

    This illustrates why the existing setup that ISPs have of scanning
    viruses/worms is fallible. It got thru Xtra for some time before
    updated definitions were available, and since Xtra don't scan
    *outgoing* email, or at least don't inform senders they've sent a
    virus, all of those infected will be passing it on without knowing
    they're doing so. IMO there is an urgent need for worms also to be
    blocked at the source & the sender notified, rather than just blocked
    at the destination as is the present custom. You'd nip most worms in
    the bud pretty quick that way.....

    This one spreads as an attachment rather than exploiting any
    vulnerability in Windows. In theory everyone knows by now not to run
    attachments they're not sure of..... in theory. It does get
    frustrating when simple worms like this get around, users just seem to
    have a block when it comes to understanding file extensions & what
    they mean.

    Gavin
    Gavin Tunney, Jan 27, 2004
    #3
  4. steve

    Lennier Guest

    On Tue, 27 Jan 2004 05:21:55 +0000, Gavin Tunney wrote:

    > IMO there is an urgent need for worms also to be
    > blocked at the source & the sender notified, rather than just blocked
    > at the destination as is the present custom. You'd nip most worms in
    > the bud pretty quick that way.....


    No!

    There is, however, an urgent need to develop software which simply is not
    susceptible to those sorts of malicious tricks.


    But wait - there are - and they're called Linux, Open Office, Mozilla and
    Evolution.

    Virus infection? What infection?

    Not my problem! And my one remaining Windows box does not have OE
    installed, and I do not read my email on it and I do not use IE for
    connecting to the WWW.

    Those dumb enough to use OE, IE, and Windows deserve the Virus/Worm
    nightmare that they've given themselves for not having demanded better!


    Lennier

    --
    Newsman - on CD piracy: "Entertainment meets Geekery meets Vengeance. It's
    unstoppable. A match made in Heaven."
    Lennier, Jan 27, 2004
    #4
  5. steve

    steve Guest

    Lennier wrote:

    > But wait - there are - and they're called Linux, Open Office, Mozilla and
    > Evolution.
    >
    > Virus infection? What infection?
    >
    > Not my problem! And my one remaining Windows box does not have OE
    > installed, and I do not read my email on it and I do not use IE for
    > connecting to the WWW.
    >
    > Those dumb enough to use OE, IE, and Windows deserve the Virus/Worm
    > nightmare that they've given themselves for not having demanded better!


    I know how you feel. I just had a panicked call form a Windows-using friend
    who received one of these...and opened the attachment in the belief that if
    there was a virus there, the work e-mail server would have filtered it out.

    Ooops.
    steve, Jan 27, 2004
    #5
  6. steve

    steve Guest

    Lennier wrote:

    > Perhaps they should invent Anti virus software which functions just like
    > the body's natural immune system - detecting, removing viruses and healing
    > automatically.
    >
    > But wait - they'd be out of business - damn!


    I've been using PCs daily since 1986.

    I have never been infected by any virus. By the time the Windows "worms"
    emerged, I had already dumped Windows and moved to Linux anyway.....

    I've had 17 virus-free years.......and I don't even use an AV program.

    On my work laptop - which has to be Windows sinced they started using the
    Nortel Extranet client - I do use Norton AV....but have stayed on Win98SE
    rather than move to the corproate standard of Win2k....again to avoid the
    additional risk one is exposed to on the more recent versions of Windows.

    In many ways, Win98SE was the last relatively secure Windows.
    steve, Jan 27, 2004
    #6
  7. So far, have received two emails containing this virus.
    Both sent to this email address and both from NZ.
    One from xtra, had been 'cleaned'.
    The other from gobal-gateway.net.nz had not.

    Cath
    texan@texas..removethisbit.usa.com, Jan 27, 2004
    #7
  8. steve

    Peter Guest

    Gavin Tunney wrote:
    <snip>
    > It does get frustrating when simple worms like this get around, users
    > just seem to have a block when it comes to understanding file
    > extensions & what they mean.


    Yes, and it doesn't help that Windows hides extensions by default. The
    people who don't know enough to keep themselves safe are usually the same
    people who don't know to unhide extensions (or even that this is possible).


    Peter
    Peter, Jan 27, 2004
    #8
  9. In article <pan.2004.01.27.05.45.59.715550@TRACKER>,
    Lennier <> wrote:

    >But wait - there are - and they're called Linux, Open Office, Mozilla and
    >Evolution.
    >
    >Virus infection? What infection?


    Remember Ramen? Or Slapper?

    Yes, there have been viruses and worms that infected Linux systems. It
    is possible to write them, I just think Linux hasn't been that tempting
    a target up to now.
    Lawrence D’Oliveiro, Jan 27, 2004
    #9
  10. steve

    EMB Guest

    <texan@texas..removethisbit.usa.com> wrote in message
    news:...
    > So far, have received two emails containing this virus.
    > Both sent to this email address and both from NZ.
    > One from xtra, had been 'cleaned'.
    > The other from gobal-gateway.net.nz had not.
    >

    Unitec's mail server is sending the things out like crazy - I've had 20 or
    so from there. One of their staff (the only ones there that have my email
    addy) must have opened an attachment!

    EMB
    EMB, Jan 27, 2004
    #10
  11. Lennier wrote:
    > Those dumb enough to use OE, IE, and Windows deserve the Virus/Worm
    > nightmare that they've given themselves for not having demanded better!


    I have sofar received 30 odd of them, and Im not infected... am I
    getting what I deserve?

    --
    Http://www.Dave.net.nz
    Play Hangman
    Register, and play Space Invaders or Pacman.
    T.N.O. - Dave.net.nz, Jan 27, 2004
    #11
  12. steve wrote:
    > I've had 17 virus-free years.......and I don't even use an AV program.


    How can you be sure without having scanned your machine?

    --
    Http://www.Dave.net.nz
    Play Hangman
    Register, and play Space Invaders or Pacman.
    T.N.O. - Dave.net.nz, Jan 27, 2004
    #12
  13. steve

    Steven H Guest

    On Tue, 27 Jan 2004 18:46:00 +1300, Lennier wrote:

    > Virus infection? What infection?


    exactly what i say, sitting here running Windows XP, Office 2003, Connected
    24/7 to the net you would think i would get "lucky".

    espically with all these linux ppl going on about how "insecure" windows is
    you would think iam missing out on something.

    --
    -----------------------------------------------------------
    Steven H - Dunedin, New Zealand
    ..net Geek
    Steven H, Jan 27, 2004
    #13
  14. steve

    Steven H Guest

    On Tue, 27 Jan 2004 00:15:40 -0600, texan@texas..removethisbit.usa.com
    wrote:

    > So far, have received two emails containing this virus.


    i havent recieved any - and i get ~ 200 LEGIT emails a day so my address is
    out there, i wonder why.



    --
    -----------------------------------------------------------
    Steven H - Dunedin, New Zealand
    ..net Geek
    Steven H, Jan 27, 2004
    #14
  15. "Steven H" <> wrote in message
    news:ipfsofhe4whf$...
    > On Tue, 27 Jan 2004 18:46:00 +1300, Lennier wrote:
    >
    > > Virus infection? What infection?

    >
    > exactly what i say, sitting here running Windows XP, Office 2003,

    Connected
    > 24/7 to the net you would think i would get "lucky".
    >
    > espically with all these linux ppl going on about how "insecure" windows

    is
    > you would think iam missing out on something.
    >
    > --
    > -----------------------------------------------------------
    > Steven H - Dunedin, New Zealand
    > .net Geek


    Same here. Never had any problems whatsoever. My machine runs XP 24/7
    without any glitches, and never a virus problem in my life. It's nice and
    quick too! Guess i'm forgetting something all these other "stupid" windows
    users have over me :( I'm even typing this from Outlook Express! Would you
    believe it's not causing my computer to catch fire?

    Steve
    Stephen Williams, Jan 27, 2004
    #15
  16. steve

    Gavin Tunney Guest

    On Tue, 27 Jan 2004 18:46:00 +1300, Lennier
    <> wrote:

    >On Tue, 27 Jan 2004 05:21:55 +0000, Gavin Tunney wrote:
    >
    >> IMO there is an urgent need for worms also to be
    >> blocked at the source & the sender notified, rather than just blocked
    >> at the destination as is the present custom. You'd nip most worms in
    >> the bud pretty quick that way.....

    >
    >No!
    >
    >There is, however, an urgent need to develop software which simply is not
    >susceptible to those sorts of malicious tricks.
    >


    Well hello dumbo! Was it the software that ran the attachment... or
    was it the user?

    >
    >But wait - there are - and they're called Linux, Open Office, Mozilla and
    >Evolution.
    >
    >Virus infection? What infection?
    >
    >Not my problem! And my one remaining Windows box does not have OE
    >installed, and I do not read my email on it and I do not use IE for
    >connecting to the WWW.
    >
    >Those dumb enough to use OE, IE, and Windows deserve the Virus/Worm
    >nightmare that they've given themselves for not having demanded better!
    >
    >


    Were you dropped on the head as a baby David, or is it a more recent
    injury?

    One of the magics of the human brain is a thing called memory David.
    You don't need to keep showing your ignorance & irrationality in front
    of everyone here, we already know.

    Get some help David, that obsessive/compulsive disorder you're
    displaying gets a little tedious after a while. Go & see a shrink, get
    laid, get pissed, get a life, do something deep & meaningful for a
    change.

    Gavin
    Gavin Tunney, Jan 27, 2004
    #16
  17. steve

    Gavin Tunney Guest

    On Tue, 27 Jan 2004 19:18:12 +1300, Peter <>
    wrote:

    >Gavin Tunney wrote:
    ><snip>
    >> It does get frustrating when simple worms like this get around, users
    >> just seem to have a block when it comes to understanding file
    >> extensions & what they mean.

    >
    >Yes, and it doesn't help that Windows hides extensions by default. The
    >people who don't know enough to keep themselves safe are usually the same
    >people who don't know to unhide extensions (or even that this is possible).
    >
    >


    I agree with you there Peter, it is very poor practice & which I find
    annoying as it inhibits people's learning about file extensions and
    the difference between executables and data files.

    It is possible to unhide extensions, is part of Explorer settings.

    GT
    Gavin Tunney, Jan 27, 2004
    #17
  18. steve

    Gavin Tunney Guest

    On Tue, 27 Jan 2004 07:26:02 GMT, (Gavin Tunney)
    wrote:

    >
    >Get some help David........snip<
    >


    David I've broken one of my one rules here, that rule is to not get
    personal no matter how provoked I feel. If I've hurt you with my
    comments then I apologise, no excuses there.

    That said you've got to stop these constant interjections about
    Windows David. It serves no useful purpose except to provoke and
    antagonise people who merely wish to be left alone to their own
    devices & to make their own informed decisions. I don't slag off your
    choices, stop bagging mine (and others)

    Gavin
    Gavin Tunney, Jan 27, 2004
    #18
  19. steve

    Enkidu Guest

    On Tue, 27 Jan 2004 19:50:31 +1300, "EMB" <> wrote:

    >
    ><texan@texas..removethisbit.usa.com> wrote in message
    >news:...
    >> So far, have received two emails containing this virus.
    >> Both sent to this email address and both from NZ.
    >> One from xtra, had been 'cleaned'.
    >> The other from gobal-gateway.net.nz had not.
    >>

    >Unitec's mail server is sending the things out like crazy - I've had 20 or
    >so from there. One of their staff (the only ones there that have my email
    >addy) must have opened an attachment!
    >

    What makes you think that they are being sent from Unitec? Did you
    check the headers? The sender address is almost certainly forged.

    Cheers,

    Cliff
    --

    The complete lack of evidence is the surest sign
    that the conspiracy is working.
    Enkidu, Jan 27, 2004
    #19
  20. steve

    Lennier Guest

    On Tue, 27 Jan 2004 19:47:06 +1300, Lawrence D’Oliveiro wrote:

    >>Virus infection? What infection?

    >
    > Remember Ramen? Or Slapper?
    >
    > Yes, there have been viruses and worms that infected Linux systems. It
    > is possible to write them, I just think Linux hasn't been that tempting
    > a target up to now.


    And the worst thing that can happen is that a person's home directory can
    be deleted.

    That is all. The system is safe.


    Lennier

    --
    Newsman - on CD piracy: "Entertainment meets Geekery meets Vengeance. It's
    unstoppable. A match made in Heaven."
    Lennier, Jan 27, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Larry Samuels

    New MiMail threat

    Larry Samuels, Jan 29, 2004, in forum: Microsoft Certification
    Replies:
    18
    Views:
    662
    Rowdy Yates
    Jan 29, 2004
  2. Larry Samuels

    New MiMail threat

    Larry Samuels, Jan 29, 2004, in forum: MCSE
    Replies:
    21
    Views:
    949
    Rowdy Yates
    Jan 29, 2004
  3. totojepast
    Replies:
    0
    Views:
    1,070
    totojepast
    Aug 6, 2003
  4. Imhotep
    Replies:
    4
    Views:
    605
    Edw. Peach
    Jan 30, 2006
  5. steve
    Replies:
    6
    Views:
    329
    steve
    Jan 27, 2004
Loading...

Share This Page