A worm dubbed “Here you have” — the subject line of the email it hides in — is spreading wildly across the Internet. The attack comes in the form of a link purporting to take the reader to a PDF file, but instead leads to an executable that tries to send copies of the worm to people listed in the victim’s email address book. Several variants of the worm are out on the Web, according to McAfee. While the email attack has been crippled, infected hosts may continue to spread the worm.
why do morons insist on clicking on unknown links in their email that clearly didnt come from anyone they know?
To quote Gregory House, "People are idiots." Seriously though, it bugs the hell out of me when an ISP insists that it knows better than I do what is and isn't a "safe" link. As a coder, its hardly improbable that I might send a link, or even an attachment, containing an EXE, which isn't a virus. The problem here is two fold, really. #1: People will click on damn near anything. #2: Operating systems either won't let you run things at all from email, or they let them run within the main OS, with no sandboxing, and no way of knowing what they are doing.
Now, a *sane* solution would be to have a virtual sand box. You run the thing, it tells you what other applications its trying to talk to, which ports, if any, its opening, and even *where* its trying to send stuff. But, that would require that MS get its head out of its backside and provide a way to get that kind of data from something executing from inside an email. The alternative is to do the other, which is just not allow something to run *at all*, unless cleared by the user, and that only solves the problem for people that don't automatically click, "Ok, let it run." Mind, this is, at least partly, the fault of other people too. Everyone relies on, for example, scripting so much on the net that just "seeing" a page can sometimes require turning on the scripts, before you even know if the page is safe, so its way too easy for even someone careful to get into the habit of turning them on, the moment they get to an unknown page. And, if you don't.. Well, last time I didn't, the email + page confirming an order never showed up, so I ended up ordering two of an item, instead of one, from someone's site. Rather than make sure the script was on, to start, they gave no warning you had to have it on, then things blew up when the order finished... Similar problems arise when trying to read your damn email (what is it with a) MS Hotmail randomly blocking legit site's email, but always letting through viagra ads, for example?, and b) until the latest version, there was almost no way to tell Thnderbird, "Stop blocking stuff from this sender, its always legit!"). So, in the former case, you are not protected, except from the stuff you wanted in the first place, and the later, you got in the habit of clicking, "Show remote content", anyway, because you couldn't tell if it was something that was "supposed" to be there, or not, but was just being blocked, due to everything being blocked.
Bloody mess.
Mind, this is old, old, old, OLD news, so this new virus hardly "exposes" anything we didn't already know. lol
Loading ...
'Here You Have' Exposes Internet Security's Achilles' Heel
Posted by: Richard Adhikari September 10, 2010 11:30 AMA worm dubbed “Here you have” — the subject line of the email it hides in — is spreading wildly across the Internet. The attack comes in the form of a link purporting to take the reader to a PDF file, but instead leads to an executable that tries to send copies of the worm to people listed in the victim’s email address book. Several variants of the worm are out on the Web, according to McAfee. While the email attack has been crippled, infected hosts may continue to spread the worm.
Now, a *sane* solution would be to have a virtual sand box. You run the thing, it tells you what other applications its trying to talk to, which ports, if any, its opening, and even *where* its trying to send stuff. But, that would require that MS get its head out of its backside and provide a way to get that kind of data from something executing from inside an email. The alternative is to do the other, which is just not allow something to run *at all*, unless cleared by the user, and that only solves the problem for people that don't automatically click, "Ok, let it run." Mind, this is, at least partly, the fault of other people too. Everyone relies on, for example, scripting so much on the net that just "seeing" a page can sometimes require turning on the scripts, before you even know if the page is safe, so its way too easy for even someone careful to get into the habit of turning them on, the moment they get to an unknown page. And, if you don't.. Well, last time I didn't, the email + page confirming an order never showed up, so I ended up ordering two of an item, instead of one, from someone's site. Rather than make sure the script was on, to start, they gave no warning you had to have it on, then things blew up when the order finished... Similar problems arise when trying to read your damn email (what is it with a) MS Hotmail randomly blocking legit site's email, but always letting through viagra ads, for example?, and b) until the latest version, there was almost no way to tell Thnderbird, "Stop blocking stuff from this sender, its always legit!"). So, in the former case, you are not protected, except from the stuff you wanted in the first place, and the later, you got in the habit of clicking, "Show remote content", anyway, because you couldn't tell if it was something that was "supposed" to be there, or not, but was just being blocked, due to everything being blocked.
Bloody mess.
Mind, this is old, old, old, OLD news, so this new virus hardly "exposes" anything we didn't already know. lol