On Mon, Jan 26, 2004 at 09:00:40PM -0500, mike@sentex.net said:
We are seeing 2 wide spread worms right now, mydoom and dumaru.*
NAI has info at
http://vil.nai.com/vil/content/v_100983.htm
and
http://vil.nai.com/vil/content/v_100980.htm
They rate of it is quite surprising. By the description, the trick / method of infection does not seem all that different than past worms viri. Makes me wonder how many people in a room would reach into their purse/pocket on hearing, "Wallet inspector"
I've been wondering lately, after about 10 years of email worms spreading in exactly the same manner with every incarnation ... why do you think people haven't learned not to open unexpected attachments yet? It would seem to me that even the most clueless user would modify his/her behavior after, say, the 25th time they've been infected and had to 1) call tech support or 2) reinstall their OS (or more likely, have someone else reinstall their OS). Worms today are exploiting the same fundamental flaws they were using 10 years ago, so maybe the question above has the wrong focus. Maybe we should be asking why vendors haven't bothered to fix these problems - it's not like they haven't had enough time or examples. (Note: I really do not want this to degenerate into another rant against vendor M; for once, I really am curious as to why we're still getting bit by bugs using the same holes they were using with Windows 95 and NT 4. Worms obviously pose a significant financial cost to business, and I heard this latest one mentioned at least 3 times from various non-Internet media outlets yesterday, so public awareness isn't the probem either.) -- Scott Francis | darkuncle(at)darkuncle(dot)net | 0x5537F527 "I gave you the chance of aiding me willingly, but you have elected the way of pain!" -- Saruman, speaking for sysadmins everywhere