Mass Mailing Worms

[hot_ice]

OK, I'm not sure how exactly these virus' work and I'm not sure if anyone has posted on this or if it has been talked about, but I was just thinking, why is it that these virus' are the ones you always hear about? You always here of these types of virus' that mail themselves out to every person in the user's address book.

Anyways, what I'm thinking is that why not tackle the problem where it is. The address book. I'm not sure if it's just Outlook Express, but isn't there anything that can be done to prevent these simple virus' from using the user's address book?

I'm not sure it'll help, but what about putting a password on the address book or encrypting the addresses, and the decrypting them when the user enters a password or whatever. Surely these people at Microsoft can think of something if they put their brain powers together. Don't start saying 'people at MS have no brains', blah blah. I know this...hehe, but I'm serious - can't anything be done with the address book to make it more secure?

Anyways, that's just my thoughts, I could be totally wrong, but I think that surely something can be done to prevent this damn mass mailing worms.

Greg

[slarty]

I'm not entirely sure that the idea would be very useful.

Clearly MS could make the MAPI require a password to access the address book. Then viruses could just look at your sent-mail folders or other folders and get the email addresses from there and mail everyone you've ever mailed.

So they could put a password on those too.

But if the virus simply waited until you typed the password, then read the address book (or folders etc), then that technique would be defeated.

So you really cannot defeat them easily, particularly not without making it very inconvenient for the users.

Perhaps if we just insisted that people use snail mail instead ...

[lord_darkside_x]

#1- why are they used so often... because they spread... These virii are verypowerful. they require no real effort by the creator other then sending it once, from there it spreads like wild fire.

#2- yes it is just outlook, when it comes to email... microsoft has more holes in that then a slice of swiss cheese... and outlook is pretty simple to target for that reason... (which is another reason these are so prominent.
***side note... Nimda is one of the types of virri you are talking about. Nimda not only exploits outlook, but if you are on a LAN it tries to upload itself through shared folders...so even if you password thing worked...there would still be a small problem


#3 - your idea to stop it would not work effectively. first. most people would save there password to the poasssword list for convenience. the virii could use that. second, this idea would not be widely accepted by the blithering idiots who are having the most problems. it would be inconvenient for them. third, there would prolly be a way around the password protect.

the real problem is not the addressbook. the biggest problem is people not downloading patches for outlook. other then that there are the people that just aren't educated about the problem.

[hot_ice]

Yeah, I understand both your points about the address book. I'm sure there would be a way around the password. All I was saying is with so many of these 'mass mailing worms', maybe they (I dunno who, MS or antivirus companies) can put a group of people together to try to tackle the problem.

I mean, yeah, now we don't think there is a solution, but you never know what people could come up with. Ideas might start flowing and solutions could be conjured up.

Hmm...just thinking, what about having an address book in another (small) program? I mean surely a simple virus like these mass mailing ones couldn't open up another program unless there was a serious security hole in the mail client, or unless the virus itself was something more serious then a simple virus. But would that stop most of them mass mailing ones like the 'My Life' one going around now?

I dunno, I'm just throwing ideas around...tell us what you think.

Cheers,
Greg

[BrainStop]

Originally posted here by lord_darkside_x

the real problem is not the addressbook. the biggest problem is people not downloading patches for outlook. other then that there are the people that just aren't educated about the problem.

I have to agree with lord_darkside_x. People are the ones who are the most vulnerable to virii. After all, would you really open a love letter that comes as an attachment to an email? Why would a person need to create a "doc" file to tell you "I love you"?

Most virii spread because people do not think ... they just open attachments at random. After finally managing to train my mom on the subject ... it's my dad who goes in and opens an attachment ... cost them the data on their harddisk .... lesson learned I think (although I'm not sure).

The problem lies in making software easy to use for idiots while making it safe ... that's an impossible challenge. Way back when, people connected to the Internet knew what it was about ... now, you tell someone he's using TCP/IP to connect to a network to browse the web, most of them go Huh?.

The only safe solution is to educate people ... whatever technical solution you find, people will defeat it, just like they write down their passwords on PostIt notes ...

Just my 2 cents ...

Cheers,

BrainStop

[lord_darkside_x]

what about having an address book in another (small) program? I mean surely a simple virus like these mass mailing ones couldn't open up another program unless there was a serious security hole in the mail client, or unless the virus itself was something more serious then a simple virus.

the virii compile on load....(when the email is opened or attach is opened). it would just require one more line of code to get it to open another prog... not to difficult for the skilled programmer.

[hot_ice]

People are the ones who are the most vulnerable to virii.

Very true.

The only safe solution is to educate people ... whatever technical solution you find, people will defeat it, just like they write down their passwords on PostIt notes ...

That is exactly right, but how do you educate the MILLIONS, and I'm sure in the future you'll have BILLIONS, of people who are using email? I mean you can't exactly go, 'don't open strange looking emails that you aren't expecting'!! I mean that's what everyone is saying now, but very few people listen. Educating people is very hard to do, especially when you have such a HUGE audience.

Wouldn't it be easier to just create a technology that is unable to pass-on and be infected by virus'?? Hell no - it's impossible, virus writer's will always find a way. But at the moment, writing a virus seems too easy. Hopefully, however, the answer lies somewhere in between - educating people and created very good software. Then, maybe if you have a good combination of both, the spreading of virus' will reduce...just maybe...hopefully.

Greg

[slarty]

I disagree that these virii are very powerful. They are not very powerful at all.

Compared to "codered" which was a technical masterpiece, the likes of "ILOVEYOU" is a mere toy.

The reason that these spread fast is because people execute them.

MS has created no specific security holes which allow this to happen. If it's a security hole making a mail program that lets you open or save attachments, then they made a security hole, but no *actual* bug.

I note that MS keep making the warnings bigger and bigger, and now give the administrator the option to prevent certain types of file from being opened or saved at all

The fact is:

1. A child of 10 years old could write a worm of the complexity of ILOVEYOU
2. The main problem is people's attitude to opening these attachments. You give them a warning and they ignore it.
3. A further problem is the homogeneity of the software used by the vast majority of (particularly corporate) email users.
4. MS complicate the problem by introducing ever more types of executables. Unlike on other systems, there's no fail-safe way of identifying an executable file. There are dozens of extensions now.

I wrote a proof-of-concept of a self-encrypting VBS program, it worked quite nicely (No, it wasn't a worm, and didn't email itself!)

[titanmike]

educate people ? rather say try to educate people. i have been sent the i love you worm 78 times in 3 days . all this from 5 persons and this after contacting them and telling them what to do . now that is just me there are 250 comps on this network!

[Ouroboros]

Here's how I work it...

1) i don't use MS Outlook

2) if anyone sends me an attachment, i have asked them to type in an indiviualizing bit of text into the message body, as no MMW can replicate it, since it is typed by hand, and can vary... a greeting, a nickname, or some other rubbish that i can identify their intent with... if an attachment comes to me with nothing but the header details and a nonesensical bit of nothing(see MyParty) in the text body, i don't open it, even if it is from a friend, even if it is benign, even if my internet based e-mail claims that it has been scanned...i don't open it, and explain why later...

Paranoia is the only solution to prevent the spread of such things...but the introduction of skepticism to the bumbling users out there is the problem...in my opinion, they get what they deserve for their lack of concern...I learned how to be skeptical just by RTFM, so to speak...if they want to be so trusting, let them...they'll learn.

Ouroboros