Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft

Discussion in 'Computer Security' started by Lord Shaolin, Sep 19, 2003.

  1. Lord Shaolin

    Lord Shaolin Guest

    Lord Shaolin, Sep 19, 2003
    #1
    1. Advertisements

  2. Lord Shaolin

    Moonlit Guest

    Yes,

    Got one too. Looks almost genuine (except for the fact microsoft never sends
    out patches). I wonder what the 'patch' does?

    Regards, Ron AF Greve
     
    Moonlit, Sep 19, 2003
    #2
    1. Advertisements

  3. Lord Shaolin

    John Guest

    John, Sep 19, 2003
    #3
  4. Lord Shaolin

    kyra Guest

    kyra, Sep 19, 2003
    #4
  5. Lord Shaolin

    Mimic Guest

    thats what you get for posting your mail addy to
    www.free-boobie-pics-mail-me.com ;D

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Sep 19, 2003
    #5
  6. Lord Shaolin

    Mimic Guest

    Nice to see someone taking pride and effort in their work :p

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Sep 19, 2003
    #6
  7. Lord Shaolin

    Moonlit Guest

    Hi,

    Thanks for the link, so it is mainly replicating and major nuisance (with
    the false error messages).

    Regards Ron.
     
    Moonlit, Sep 19, 2003
    #7
  8. Lord Shaolin

    Moonlit Guest

    Hi,

    It looks so real I think this one is going to beat a lot of other virusses
    (as one said this virus relies heavily on social engineering and
    unfortunately that works).

    Luckily I only got two in the past 24 hours.

    Regards, Ron AF Greve.
     
    Moonlit, Sep 19, 2003
    #8
  9. Lord Shaolin

    Jim Watt Guest

    Hell it should be able to find that out for itself :)

    the MS patch thing seems rampant here, just got six.
     
    Jim Watt, Sep 20, 2003
    #9
  10. Lord Shaolin

    Dave Guest

    The problem here is not the virus, which is easily detected by a number of
    AV programs, but the jamming of email boxes. One of my boxes has 1210
    messages, all with 106KB attachements, just in the last few hours. I can't
    download all those messages to sift out the real ones, so that effectively
    renders this box useless.



    This is a box I opened recently, so I know pretty much where the spam is
    coming from. I used the address in posting to comp.os.linux.misc, and
    comp.os.ms-windows.misc. I was even careful to modify the address, so it
    could only be used by a real person not a robot. Someone is making a big
    effort to spread this worm.



    I guess the only solution is to never use your real identity or email
    address in a newsgroup.



    - Dave
     
    Dave, Sep 20, 2003
    #10
  11. Lord Shaolin

    Zarggg Guest

    Lord Shaolin wrote On 18 Sep 03 22:41:
    Yep. I've gotten over 260 spam e-mails as a result of this worm (90+ on
    Thursday, 90+ by lunchtime EDT today, and 80+ more after coming home
    from work). It's obviously based on harvested e-mail addresses, as I
    received them to all three of my "public" e-mail addresses, two of which
    are domain-based aliases.
     
    Zarggg, Sep 20, 2003
    #11
  12. Lord Shaolin

    Dave Guest

    Microsoft advocates are claiming that XP is just as secure as Linux, that
    you can't get a virus without doing something stupid, like clicking on an
    email attachement. Could you tell us more about this incident. Does "play
    a game" mean download some program and run it? Why would you need to turn
    off a firewall to play a game on your own computer?

    I've also heard that msblast can infect a computer without *any* user
    interaction. I was told this by a system administrator who takes care of
    hundreds of Windows workstations. I asked him what network services were
    running on the computers (telnet, ftp, etc.) and he said none. The virus
    can apparently propagate with just the basic network communication
    protocols.

    - Dave
     
    Dave, Sep 20, 2003
    #12
  13. It was an online game called Neverwinter nights. The program was not
    downloaded, it was purchased. She doesn't use email at home either. The
    firewall was disabled because it sometimes interferes with the game, I
    have since fixed that and the game can be played with the firewall on.
    There was no user interaction required. The only reason we found out was
    when she renabled her firewall, the firewall warning window popped up
    and asked "msblast.exe requests a connection to IP xxx.xxx.xxx.xxx".
    msblast takes advantage of an RPC vulnerability. She doesn't use XP but
    it is also vulnerable to msblast in the same manner.
    Yup.
     
    Rev Turd Fredericks, Sep 20, 2003
    #13
  14. Lord Shaolin

    Juha Laiho Guest

    And fixes to close the RPC hole used by msblast were published by
    Microsoft some months before the msblast attack, if I recall correctly.

    If the machine in question is running NT 4.0 workstation, it might be
    that the fix is not available, as the OS is no longer supported by MS,
    in which case the firewall is the only remaining protection. But _if_
    the OS was something for which the fix was available, this infection
    was caused by user ignorance/neglicience.

    It is unfortunate the Internet has turned this way, that everyone
    connecting to it must be acutely aware of security issues. And it is
    unfortunate the integrity of software available is what it is (for
    those starting to advocate open source software at this point, look
    at recent issues with sendmail, OpenSSH, some ftp daemons, etc; perhaps
    not as bad as Microsoft side, but not completely solid, either).
     
    Juha Laiho, Sep 20, 2003
    #14
  15. Lord Shaolin

    Mimic Guest

    I imagine if it was an online game she'd wanna squeeze every bit of
    bandwidth and cpu out of the box for the game, i turn mine off sometimes
    when my games get lagged.

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Sep 20, 2003
    #15
  16. Lord Shaolin

    Mimic Guest

    heh i dunno how you people do it :p 200 a day, heh I havent hd any i'd i'll
    bet 10$ i wont get it.
    On a further note, it might be useful to have a fwding email address, i use
    one for people i dont know / aint really interested in.
    fwds to my isp account, that way if the spam fills, i can just terminate or
    redirect the fwding.

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Sep 20, 2003
    #16
  17. Lord Shaolin

    Mimic Guest

    Well thatll teach you for being so darn popular ;D

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Sep 20, 2003
    #17
  18. Hey! I should take offence to that, but I won't. However, I guess you
    could call it ignorance as I had not heard of the msblast worm until
    shortly before the infection occured. I think the fix came in early-mid
    july, but it didn't get a lot of fanfare, the machine got infected
    around mid-August.
    Yeah, the internet is a dangerous place.
     
    Rev Turd Fredericks, Sep 20, 2003
    #18
  19. Actually, the box is pretty powerful and we have a T1 :) However, the
    game was screwing up at the server end, and my wife thought it was her
    firewall (it had caused problems in the past which I had thought I had
    fixed) so she just turned it off.
     
    Rev Turd Fredericks, Sep 20, 2003
    #19
  20. If you want any of mine, I could forward them all to you. I mean, I
    wouldn't want you to feel left out or anything :)
     
    Rev Turd Fredericks, Sep 20, 2003
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.