Is this showing up as an issue for anyone? All I'm looking at is an MSNBC story which gives me the impression that it's a pretty low-bandwidth deal. It sounds like it requires intervention by the end user (or a system reboot) to activate it, so the propagation rate ought to be very low. http://vil.mcafee.com/dispVirus.asp?virus_k=100358 http://www.msnbc.com/news/922529.asp?0cv=CB10 -- +---------------------------------------------------------------------+ | Eric W. Anderson E-Mail: anderson@cs.uoregon.edu | | Computer and Information Science / Phone: (541)346-1381 | | Advanced Network Technology Center USPS: CIS Department | | University of Oregon University of Oregon | | Eugene, OR 97403-1202 | | | | http://www.cs.uoregon.edu/~anderson/ | +---------------------------------------------------------------------+
Eric Anderson wrote:
Is this showing up as an issue for anyone? All I'm looking at is an MSNBC story which gives me the impression that it's a pretty low-bandwidth deal. It sounds like it requires intervention by the end user (or a system reboot) to activate it, so the propagation rate ought to be very low.
That is a very bad assumption to make. Not all AV software can detect the various variations of it yet. In addition, there are many EU's that will still run any executable that shows up in their inbox. Many reports of the Microsoft Patch scam being used with this one. It is multi-part mime, so my current stripping methods will protect the mailboxes on my system. -Jack
Maybe I should clarify: By "very slowly" I meant that this should spread significantly more slowly than something which is able to exploit a vulnerability and start executing as soon as it finds a susceptible host. If it's been in the wild for 12 hours without compromising most of the vulnerable hosts, that's slow relative to what's possible. Thus spake Jack Bates (jbates@brightok.net): [snip]
That is a very bad assumption to make. Not all AV software can detect the various variations of it yet. In addition, there are many EU's that will still run any executable that shows up in their inbox. Many reports of the Microsoft Patch scam being used with this one.
It is multi-part mime, so my current stripping methods will protect the mailboxes on my system.
-Jack
On Thu, 05 Jun 2003 18:47:45 PDT, Eric Anderson <anderson@cs.uoregon.edu> said:
Is this showing up as an issue for anyone? All I'm looking at is an MSNBC story which gives me the impression that it's a pretty low-bandwidth deal. I t sounds like it requires intervention by the end user (or a system reboot) to activate it, so the propagation rate ought to be very low.
Never underestimate the collective user's ability to say 'oooh, SHINY' and click on it anyhow. The sad part is that enough people clicked on it that it's making the news at all. The truly pathetic part is that every provider is going to have at least one user who calls in and asks "Why am I getting all these 'user unknown' messages from friends who changed their addresses a long time ago?"
participants (3)
-
Eric Anderson
-
Jack Bates
-
Valdis.Kletnieks@vt.edu