Is Sobig really that big?

Discussion in 'NZ Computing' started by Rupert, Aug 22, 2003.

  1. Rupert

    Rupert Guest

    While I know any additional emails that are not wanted is a burden on the
    internet infrastructure and a right pain in the ass, I was wondering how
    significant a loading is the sobig virus?

    http://www.computerweekly.com/Article123133.htm reports that the ratio of
    spam to legitimate e-mail in the UK rocketed from 24.5% in January to 36.3%
    by March, and it is likely to exceed 50% this month [july] so taking the
    March figures of 36% for every 100 emails, 36 are spam.

    Now http://edition.cnn.com/2003/TECH/internet/08/21/sobig.virus/index.html
    reports that at the worst being experienced from sobig is 1 in 17 or as a
    percentage 5.9% so the sobig virus is at it's worst adding just an
    additional 6 emails per 100? - so hardly a cause for significant concern?

    I know of course that we should not condone the writing of viruses, nor
    should we go easy of MS - for despite their best efforts, and I am sure they
    do not do it deliberately - for not providing secure systems, maybe we are
    spending too much time panicing over viruses and spending more effort
    fighting spam?
     
    Rupert, Aug 22, 2003
    #1
    1. Advertising

  2. While the difference may be statistically significant, the infrastructure
    can easily cope with it. Where it can't, it is simply a case of failing to
    keep up with the times (Just like Telecom).

    The finger can't be pointed at Microsoft for the Sobig virus as it does not
    exploit a weakness in the OS (Like Blaster), only the stupidity of people.
    The same would apply to Linux if it were as widely used as some would like.
    The fact that e-mailing people randomly will most likely result in the
    receiving system being Windows shows nothing more than Microsoft has done
    things right to get in to the position they are in.

    The Other Guy

    "Rupert" <> wrote in message
    news:bi48qn$qvk$...
    > While I know any additional emails that are not wanted is a burden on the
    > internet infrastructure and a right pain in the ass, I was wondering how
    > significant a loading is the sobig virus?
    >
    > http://www.computerweekly.com/Article123133.htm reports that the ratio of
    > spam to legitimate e-mail in the UK rocketed from 24.5% in January to

    36.3%
    > by March, and it is likely to exceed 50% this month [july] so taking the
    > March figures of 36% for every 100 emails, 36 are spam.
    >
    > Now http://edition.cnn.com/2003/TECH/internet/08/21/sobig.virus/index.html
    > reports that at the worst being experienced from sobig is 1 in 17 or as a
    > percentage 5.9% so the sobig virus is at it's worst adding just an
    > additional 6 emails per 100? - so hardly a cause for significant concern?
    >
    > I know of course that we should not condone the writing of viruses, nor
    > should we go easy of MS - for despite their best efforts, and I am sure

    they
    > do not do it deliberately - for not providing secure systems, maybe we are
    > spending too much time panicing over viruses and spending more effort
    > fighting spam?
    >
    >
    >
    >
     
    The Other Guy, Aug 22, 2003
    #2
    1. Advertising

  3. Rupert

    Joy Guest

    "The Other Guy" <> wrote in message news:3f45c1a6$1@slave...
    > While the difference may be statistically significant, the infrastructure
    > can easily cope with it. Where it can't, it is simply a case of failing to
    > keep up with the times (Just like Telecom).
    >
    > The finger can't be pointed at Microsoft for the Sobig virus as it does

    not
    > exploit a weakness in the OS (Like Blaster), only the stupidity of people.
    > The same would apply to Linux if it were as widely used as some would

    like.
    > The fact that e-mailing people randomly will most likely result in the
    > receiving system being Windows shows nothing more than Microsoft has done
    > things right to get in to the position they are in.


    Well, yes, they've virtually cornered the market. It's the cost of
    antivirus software which is the difficulty, it's not ignorance. I know two
    people who don't have it because of cost and they both know they should have
    it. Firewalls are catching on, we've told heaps of people to get zone alarm.
    At the moment, many people are too scared to turn on their pc's. They are
    not pc savy and fear they will be victims and then the only recourse they
    have is to head off to the nearest service shop and pay for the fix. They
    feel very unconfident.
    There should be a fail-safe system for them. It takes a long time and a big
    investment of time for average people to become confident with pc's.
    Joy
     
    Joy, Aug 22, 2003
    #3
  4. The Sobig.F network propagation code is faulty, the primary propagation
    mechanism is by users executing the attachment and infecting their machine.
    Root access is largely irrelevant, and not required for this sort of
    propagation. Root access would assist in harvesting e-mail addresses, but
    that is all.

    All that is required is to be able to save the attachment and execute it.
    Users can save to their own directories where they have permissions, and
    execute the code there.

    The only way to prevent this type of propagation would be to prevent all
    outgoing IP communication by default, not just those ports above 1024. All
    popular Linux distributions allow outgoing IP by default, and making it easy
    enough for the pleb to use Linux would require this to be the case.
    Therefore, in this case PEBKAC errors will apply equally well to Linux and
    to Windows, assuming equal usage of both platforms.

    Sobig does not exploit a bug in either Windows or any e-mail clients. I have
    quite happily being using my work PC running an old version of Outlook
    Express, without a virus checker installed, and have no fears of getting
    this virus.

    Sure, a few small defautl configuration changes may help, but there is
    nothing specific to Windows about it.

    The Other Guy

    "Howard Johnson" <> wrote in message
    news:b6k1b.13163$...
    >
    > "The Other Guy" <> wrote in message news:3f45c1a6$1@slave...
    > > While the difference may be statistically significant, the

    infrastructure
    > > can easily cope with it. Where it can't, it is simply a case of failing

    to
    > > keep up with the times (Just like Telecom).
    > >
    > > The finger can't be pointed at Microsoft for the Sobig virus as it does

    > not
    > > exploit a weakness in the OS (Like Blaster), only the stupidity of

    people.
    > > The same would apply to Linux if it were as widely used as some would

    > like.
    >
    > We hear this claim here a lot, holding Microsoft blameless for the

    unfenced
    > pool and blaming the toddler, and claiming that an unfenced Linux pool

    would
    > be just as bad.
    > Linux is just an operating system kernel, the servers compiled and

    installed
    > to run on Linux are quite flexible, but distributions of Linux is are not
    > default installed to share the root directory read write with a couple of
    > clicks, likewise the execution of attachments to email with root

    privileges
    > is not impossible to configure, but unlikely. Maybe possible on Lindows, I
    > don't know
    > I use both, and I can see how the Sobig virus variants work as executable
    > attachments, and infect open Windows directory shares. This situation did
    > not happen by random chance, it happened because of Microsoft policy
    > unfortunately.
    >
    > > The fact that e-mailing people randomly will most likely result in the
    > > receiving system being Windows shows nothing more than Microsoft has

    done
    > > things right to get in to the position they are in.

    >
    > The fact that the receiving system is likely to become infected and
    > propagate the virus shows that they have done something wrong.
    >
    >
     
    The Other Guy, Aug 22, 2003
    #4
  5. Correction -

    The reference to restricted ports should indicate 1024 and lower, not "above
    1024".

    The Other Guy


    "The Other Guy" <> wrote in message news:3f45d99e$1@slave...
    > The Sobig.F network propagation code is faulty, the primary propagation
    > mechanism is by users executing the attachment and infecting their

    machine.
    > Root access is largely irrelevant, and not required for this sort of
    > propagation. Root access would assist in harvesting e-mail addresses, but
    > that is all.
    >
    > All that is required is to be able to save the attachment and execute it.
    > Users can save to their own directories where they have permissions, and
    > execute the code there.
    >
    > The only way to prevent this type of propagation would be to prevent all
    > outgoing IP communication by default, not just those ports above 1024. All
    > popular Linux distributions allow outgoing IP by default, and making it

    easy
    > enough for the pleb to use Linux would require this to be the case.
    > Therefore, in this case PEBKAC errors will apply equally well to Linux and
    > to Windows, assuming equal usage of both platforms.
    >
    > Sobig does not exploit a bug in either Windows or any e-mail clients. I

    have
    > quite happily being using my work PC running an old version of Outlook
    > Express, without a virus checker installed, and have no fears of getting
    > this virus.
    >
    > Sure, a few small defautl configuration changes may help, but there is
    > nothing specific to Windows about it.
    >
    > The Other Guy
    >
    > "Howard Johnson" <> wrote in message
    > news:b6k1b.13163$...
    > >
    > > "The Other Guy" <> wrote in message

    news:3f45c1a6$1@slave...
    > > > While the difference may be statistically significant, the

    > infrastructure
    > > > can easily cope with it. Where it can't, it is simply a case of

    failing
    > to
    > > > keep up with the times (Just like Telecom).
    > > >
    > > > The finger can't be pointed at Microsoft for the Sobig virus as it

    does
    > > not
    > > > exploit a weakness in the OS (Like Blaster), only the stupidity of

    > people.
    > > > The same would apply to Linux if it were as widely used as some would

    > > like.
    > >
    > > We hear this claim here a lot, holding Microsoft blameless for the

    > unfenced
    > > pool and blaming the toddler, and claiming that an unfenced Linux pool

    > would
    > > be just as bad.
    > > Linux is just an operating system kernel, the servers compiled and

    > installed
    > > to run on Linux are quite flexible, but distributions of Linux is are

    not
    > > default installed to share the root directory read write with a couple

    of
    > > clicks, likewise the execution of attachments to email with root

    > privileges
    > > is not impossible to configure, but unlikely. Maybe possible on Lindows,

    I
    > > don't know
    > > I use both, and I can see how the Sobig virus variants work as

    executable
    > > attachments, and infect open Windows directory shares. This situation

    did
    > > not happen by random chance, it happened because of Microsoft policy
    > > unfortunately.
    > >
    > > > The fact that e-mailing people randomly will most likely result in the
    > > > receiving system being Windows shows nothing more than Microsoft has

    > done
    > > > things right to get in to the position they are in.

    > >
    > > The fact that the receiving system is likely to become infected and
    > > propagate the virus shows that they have done something wrong.
    > >
    > >

    >
    >
     
    The Other Guy, Aug 22, 2003
    #5
  6. Rupert

    Mainlander Guest

    In article <>, says...
    >
    > "The Other Guy" <> wrote in message news:3f45c1a6$1@slave...
    > > While the difference may be statistically significant, the infrastructure
    > > can easily cope with it. Where it can't, it is simply a case of failing to
    > > keep up with the times (Just like Telecom).
    > >
    > > The finger can't be pointed at Microsoft for the Sobig virus as it does

    > not
    > > exploit a weakness in the OS (Like Blaster), only the stupidity of people.
    > > The same would apply to Linux if it were as widely used as some would

    > like.
    > > The fact that e-mailing people randomly will most likely result in the
    > > receiving system being Windows shows nothing more than Microsoft has done
    > > things right to get in to the position they are in.

    >
    > Well, yes, they've virtually cornered the market. It's the cost of
    > antivirus software which is the difficulty, it's not ignorance. I know two
    > people who don't have it because of cost and they both know they should have
    > it.


    What???

    It costs about $100 to buy NAV, and then there are also free antivirus
    packages, $100 is cheap for software.

    If people are not going to get AV software, there are still other things
    they can and should do if they have any brains, like tell their mail
    program to cut off the attachments.

    > Firewalls are catching on, we've told heaps of people to get zone alarm.
    > At the moment, many people are too scared to turn on their pc's. They are
    > not pc savy and fear they will be victims and then the only recourse they
    > have is to head off to the nearest service shop and pay for the fix. They
    > feel very unconfident.
    > There should be a fail-safe system for them. It takes a long time and a big
    > investment of time for average people to become confident with pc's.
    > Joy


    There is a fail safe, it is to unplug the computer from the internet.

    If people aren't PC savvy and don't know how to protect their computer
    against viruse etc they should be using a web tv or a fax machine
    instead.
     
    Mainlander, Aug 24, 2003
    #6
  7. Rupert

    Joy Guest

    "Mainlander" <*@*.*> wrote in message
    news:...
    > In article <>, says...
    > >
    > > "The Other Guy" <> wrote in message

    news:3f45c1a6$1@slave...
    > There is a fail safe, it is to unplug the computer from the internet.
    >
    > If people aren't PC savvy and don't know how to protect their computer
    > against viruse etc they should be using a web tv or a fax machine
    > instead.


    Pardon me, I don't agree. You don't need to spend hours and hours learning
    how to use a microwave oven. Some pc's should be just as simple and even
    then people will need help. They deserve to surf just like everyone else.
    Joy
     
    Joy, Aug 24, 2003
    #7
  8. "Howhard" <> wrote in message
    news:A0j1b.123519$...
    > But I agree with your point. Its spam that going to be the death of email

    as
    > we know it now.


    Hopefully not for not too much longer. Maybe another 2-3 years?
     
    Nathan Mercer, Aug 24, 2003
    #8
  9. Rupert

    Mainlander Guest

    In article <3f4850e2$>, says...
    >
    > "Mainlander" <*@*.*> wrote in message
    > news:...
    > > In article <>, says...
    > > >
    > > > "The Other Guy" <> wrote in message

    > news:3f45c1a6$1@slave...
    > > There is a fail safe, it is to unplug the computer from the internet.
    > >
    > > If people aren't PC savvy and don't know how to protect their computer
    > > against viruse etc they should be using a web tv or a fax machine
    > > instead.

    >
    > Pardon me, I don't agree. You don't need to spend hours and hours learning
    > how to use a microwave oven. Some pc's should be just as simple and even
    > then people will need help. They deserve to surf just like everyone else.
    > Joy


    A microwave oven is no comparison. It has the hardware encoded with no
    ability to run user programs or be reprogrammed. A computer is user
    programmable which is what makes it vulnerable to intrusion. If your
    microwave oven had a floppy disk drive and could run programs off a disk
    you put into it then it would be just as vulnerable to a virus.

    The PC is a complex learning curve simply by virtue of its versatility.
    An apt comparison would be the difference between learning to ride a
    bicycle and learning to drive a car. The cost of the PC hardware and the
    rate at which it depreciates are further issues. Why spend big money on a
    PC when you can get a fax machine that does all you ever want for
    communication in NZ for a couple of hundred dollars.
     
    Mainlander, Aug 25, 2003
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Boomer

    [Alert] SoBig Worm Spreading Online

    Boomer, Aug 20, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    443
    Boomer
    Aug 20, 2003
  2. Trent

    Sobig, can it infect WITHOUT opening

    Trent, Aug 21, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    523
    Trent
    Aug 21, 2003
  3. William Poaster

    Re: SOBIG-F SECOND WAVE ATTACK - M$ Windows

    William Poaster, Aug 22, 2003, in forum: Computer Support
    Replies:
    24
    Views:
    914
    William Poaster
    Aug 24, 2003
  4. Plato

    Sobig worm - Second Wave

    Plato, Aug 22, 2003, in forum: Computer Support
    Replies:
    23
    Views:
    837
    Kraftee
    Aug 24, 2003
  5. Lord Shaolin

    New Sobig variation on the loose W32/Sobig.F-mm

    Lord Shaolin, Aug 19, 2003, in forum: Computer Security
    Replies:
    7
    Views:
    519
    Jim Watt
    Aug 22, 2003
Loading...

Share This Page