Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft

Discussion in 'Computer Security' started by Lord Shaolin, Sep 19, 2003.

  1. Lord Shaolin

    Bill Unruh Guest

    This reminds me of Hitchhiker's guide. When Arthur Dent objected to them
    bulldozing his house for a bypass, he is told that the plans had been
    published long ago and the objections should have been made then. He
    finally found them down some broken dark stairs in a locked file cabinet
    behind a door marked"Beware of tigers".

    They certainly work hard trying to make sure users know.
     
    Bill Unruh, Sep 20, 2003
    #21
    1. Advertisements

  2. System administrators need to apply critical patches as these become
    available. Waiting for tabloid headlines is irresponsible.

    Follow-ups narrowed.

    Thor
     
    Thor Kottelin, Sep 20, 2003
    #22
    1. Advertisements

  3. LOL. I'm a home user, not a system administrator. Unless of course you
    want to call someone that has two computers on a home network a system
    administrator, but in that case I should get paid more :)
     
    Rev Turd Fredericks, Sep 20, 2003
    #23
  4. Lord Shaolin

    Jim Watt Guest

    I get shedloads anyway

    HOWOEVER ther is a neat solution to the email problem of
    losts of crap on the server which is Magic Mail which is not an
    email clent per se, but allows you to delete messages and
    attachments from a server without downloading them

    http://www.geeba.org/magic/

    Get it and use it its freeware, and excellent.
     
    Jim Watt, Sep 20, 2003
    #24
  5. I'm not even sure they can read.
    They have no clue.
    That is correct.
    It does buffer-overflow. Finds a port open (one of RPC), and just
    enter in the buffer a bunch of crap, then insert some i80x86 machine
    code, and jumps to it. The code executes and does it's magic. No
    user-interaction needed.
     
    Davorin Vlahovic, Sep 20, 2003
    #25
  6. But stuck somewhere under the carpet.
    Of course.
    Really sad.
    sendmail, openssh and ftp daemons bugs were fixed in some 2hrs. And were
    minor bugs, easily fixed. And those bugs definitely can't cause this
    much damage...

    P.S.
    How often do you have to patch windblows, and how often do you have to
    patch some daemon under OpenSource O.S.-es?

    And, BTW, if you've got unix shell account on the mail machine, you can
    use procmail to stop the gwens, swens, msblasts etc...there is also
    spamassassin and others...n0 s3r141 c|24ck2 n33d3d! ;)
     
    Davorin Vlahovic, Sep 20, 2003
    #26
  7. Lord Shaolin

    Mimic Guest

    aaawwww, would you ? Thats the nicest thing anyone has every done for me
    heh
    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Sep 20, 2003
    #27
  8. Lord Shaolin

    Pete Guest

    945 yesterday ... still counting ... :(

    And those are just the ones that had a valid address :\

    I could bounce them all back, but I don't think that would help anyone.

    At least I know my mail servers' AV is working. And working, and working...

    Regards,

    Pete.


    PGP Public Key ID : 98ED9C55
     
    Pete, Sep 20, 2003
    #28
  9. Lord Shaolin

    Juha Laiho Guest

    Not meant as an offense - but as a serious heads-up.

    Combining some other responses here as well; as I wrote earlier, Internet
    isn't the friendly place it used to be -- and thus, I have to agree with
    Thors statement about each machine connected to the 'net needing an
    administrator. It doesn't matter what is your real profession; if the
    machine is unmaintained on the net, it is a risk to your own data as well
    as other computers. The minimum maintenance for a Windows system could be
    considered to be visiting the "Windows Update" site regularly (f.ex. each
    time when starting up the machine -- but every two weeks at least) and
    running an antivirus software with automatic updates (preferably running
    a manual update every time before opening the mail client). These two
    things should keep most of the nasties away -- and this doesn't require
    that much computer knowledge.

    For computers that are continuously powered on and connected to the 'net,
    some kind of firewall (configured correctly!) is an additional requisite;
    for machines that connect to the 'net just occasionally, I'd consider
    this as an optional -but recommended- thing (considering that the virus
    detection and system updates are properly handled).
     
    Juha Laiho, Sep 20, 2003
    #29
  10. Lord Shaolin

    Jim Watt Guest

    I was thinking of a worthy cause to send mine to, just post your
    real email address and you will get your wish :)
     
    Jim Watt, Sep 20, 2003
    #30
  11. In general I'd agree there, but how would you make that work?
    You can't provide an admin with every PC.
    That's why I'd say the ISPs are supposed to care for security of their
    provided link to the internet unless the customer explicitely takes
    responsibility with a customized contract and hence is _really_
    responsible for any security violations caused by or on his side.
    We all know you can't have full service and full security together, so
    for every service you use, you open a security hole.
    The ISP could care for standard services's security while the customer
    had to care for any additional services's security he requires from
    the ISP. That would at least avoid making every standard user a
    security risk for everyone on the net.

    regards
    André
     
    =?ISO-8859-1?Q?Andr=E9_Franke?=, Sep 21, 2003
    #31
  12. Lord Shaolin

    Guest Guest

    No, these guys (and gals) wouldn't, because it would be too
    complicated for them - they'd never get it right. Think child-proof
    bottles.
     
    Guest, Sep 21, 2003
    #32
  13. Lord Shaolin

    Don Kelloway Guest


    Since 4:40pm (9/18) I've accumulated 2500+ in my 'infected' folder,
    waiting for that special person. <grin>

    --
    Best regards,
    Don Kelloway
    Commodon Communications

    Visit http://www.commodon.com to learn about the "Threats to Your
    Security on the Internet".
     
    Don Kelloway, Sep 22, 2003
    #33
  14. Lord Shaolin

    Mimic Guest

    fwd them to... well you know who ;D see if shes stupid enough to infect
    herslef 2500 times hehe

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Sep 24, 2003
    #34
  15. Lord Shaolin

    Peter Jones Guest

    (Bill Unruh) wrote in @string.physics.ubc.ca:
    "Beware of the Leopard", fyi... :)

    Pete,
    who is obviously in desperate need of a life...
     
    Peter Jones, Sep 26, 2003
    #35
  16. Lord Shaolin

    Peter Jones Guest

    aaawwww, would you ? Thats the nicest thing anyone has every done for me
    If you're really hungry for some, you can have my 1000/day too... :)
     
    Peter Jones, Sep 26, 2003
    #36
  17. Lord Shaolin

    Mimic Guest

    Yeah sure just send them to my emila account, all of them ;D



    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Sep 26, 2003
    #37
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.