Mass Mailing Worms
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Mass Mailing Worms

  1. #1
    Senior Member
    Join Date
    Dec 2001
    Posts
    590

    Question Mass Mailing Worms

    OK, I'm not sure how exactly these virus' work and I'm not sure if anyone has posted on this or if it has been talked about, but I was just thinking, why is it that these virus' are the ones you always hear about? You always here of these types of virus' that mail themselves out to every person in the user's address book.

    Anyways, what I'm thinking is that why not tackle the problem where it is. The address book. I'm not sure if it's just Outlook Express, but isn't there anything that can be done to prevent these simple virus' from using the user's address book?

    I'm not sure it'll help, but what about putting a password on the address book or encrypting the addresses, and the decrypting them when the user enters a password or whatever. Surely these people at Microsoft can think of something if they put their brain powers together. Don't start saying 'people at MS have no brains', blah blah. I know this...hehe, but I'm serious - can't anything be done with the address book to make it more secure?

    Anyways, that's just my thoughts, I could be totally wrong, but I think that surely something can be done to prevent this damn mass mailing worms.

    Greg
    \"Do you know what people are most afraid of?
    What they don\'t understand.
    When we don\'t understand, we turn to our assumptions.\"
    -- William Forrester

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    I'm not entirely sure that the idea would be very useful.

    Clearly MS could make the MAPI require a password to access the address book. Then viruses could just look at your sent-mail folders or other folders and get the email addresses from there and mail everyone you've ever mailed.

    So they could put a password on those too.

    But if the virus simply waited until you typed the password, then read the address book (or folders etc), then that technique would be defeated.

    So you really cannot defeat them easily, particularly not without making it very inconvenient for the users.

    Perhaps if we just insisted that people use snail mail instead ...

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    681
    #1- why are they used so often... because they spread... These virii are verypowerful. they require no real effort by the creator other then sending it once, from there it spreads like wild fire.

    #2- yes it is just outlook, when it comes to email... microsoft has more holes in that then a slice of swiss cheese... and outlook is pretty simple to target for that reason... (which is another reason these are so prominent.
    ***side note... Nimda is one of the types of virri you are talking about. Nimda not only exploits outlook, but if you are on a LAN it tries to upload itself through shared folders...so even if you password thing worked...there would still be a small problem


    #3 - your idea to stop it would not work effectively. first. most people would save there password to the poasssword list for convenience. the virii could use that. second, this idea would not be widely accepted by the blithering idiots who are having the most problems. it would be inconvenient for them. third, there would prolly be a way around the password protect.

    the real problem is not the addressbook. the biggest problem is people not downloading patches for outlook. other then that there are the people that just aren't educated about the problem.
    Learn like you are going to live forever, live like you are going to die tomorrow.

    Propoganda

  4. #4
    Senior Member
    Join Date
    Dec 2001
    Posts
    590
    Yeah, I understand both your points about the address book. I'm sure there would be a way around the password. All I was saying is with so many of these 'mass mailing worms', maybe they (I dunno who, MS or antivirus companies) can put a group of people together to try to tackle the problem.

    I mean, yeah, now we don't think there is a solution, but you never know what people could come up with. Ideas might start flowing and solutions could be conjured up.

    Hmm...just thinking, what about having an address book in another (small) program? I mean surely a simple virus like these mass mailing ones couldn't open up another program unless there was a serious security hole in the mail client, or unless the virus itself was something more serious then a simple virus. But would that stop most of them mass mailing ones like the 'My Life' one going around now?

    I dunno, I'm just throwing ideas around...tell us what you think.

    Cheers,
    Greg
    \"Do you know what people are most afraid of?
    What they don\'t understand.
    When we don\'t understand, we turn to our assumptions.\"
    -- William Forrester

  5. #5
    Senior Member BrainStop's Avatar
    Join Date
    Jan 2002
    Posts
    295
    Originally posted here by lord_darkside_x

    the real problem is not the addressbook. the biggest problem is people not downloading patches for outlook. other then that there are the people that just aren't educated about the problem.
    I have to agree with lord_darkside_x. People are the ones who are the most vulnerable to virii. After all, would you really open a love letter that comes as an attachment to an email? Why would a person need to create a "doc" file to tell you "I love you"?

    Most virii spread because people do not think ... they just open attachments at random. After finally managing to train my mom on the subject ... it's my dad who goes in and opens an attachment ... cost them the data on their harddisk .... lesson learned I think (although I'm not sure).

    The problem lies in making software easy to use for idiots while making it safe ... that's an impossible challenge. Way back when, people connected to the Internet knew what it was about ... now, you tell someone he's using TCP/IP to connect to a network to browse the web, most of them go Huh?.

    The only safe solution is to educate people ... whatever technical solution you find, people will defeat it, just like they write down their passwords on PostIt notes ...

    Just my 2 cents ...

    Cheers,

    BrainStop
    "To estimate the time it takes to do a task, estimate the time you think it should take, multiply by two, and change the unit of measure to the next highest unit. Thus we allocate two days for a one-hour task." -- Westheimer's Rule

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    681
    what about having an address book in another (small) program? I mean surely a simple virus like these mass mailing ones couldn't open up another program unless there was a serious security hole in the mail client, or unless the virus itself was something more serious then a simple virus.
    the virii compile on load....(when the email is opened or attach is opened). it would just require one more line of code to get it to open another prog... not to difficult for the skilled programmer.
    Learn like you are going to live forever, live like you are going to die tomorrow.

    Propoganda

  7. #7
    Senior Member
    Join Date
    Dec 2001
    Posts
    590
    People are the ones who are the most vulnerable to virii.
    Very true.

    The only safe solution is to educate people ... whatever technical solution you find, people will defeat it, just like they write down their passwords on PostIt notes ...
    That is exactly right, but how do you educate the MILLIONS, and I'm sure in the future you'll have BILLIONS, of people who are using email? I mean you can't exactly go, 'don't open strange looking emails that you aren't expecting'!! I mean that's what everyone is saying now, but very few people listen. Educating people is very hard to do, especially when you have such a HUGE audience.

    Wouldn't it be easier to just create a technology that is unable to pass-on and be infected by virus'?? Hell no - it's impossible, virus writer's will always find a way. But at the moment, writing a virus seems too easy. Hopefully, however, the answer lies somewhere in between - educating people and created very good software. Then, maybe if you have a good combination of both, the spreading of virus' will reduce...just maybe...hopefully.

    Greg
    \"Do you know what people are most afraid of?
    What they don\'t understand.
    When we don\'t understand, we turn to our assumptions.\"
    -- William Forrester

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    I disagree that these virii are very powerful. They are not very powerful at all.

    Compared to "codered" which was a technical masterpiece, the likes of "ILOVEYOU" is a mere toy.

    The reason that these spread fast is because people execute them.

    MS has created no specific security holes which allow this to happen. If it's a security hole making a mail program that lets you open or save attachments, then they made a security hole, but no *actual* bug.

    I note that MS keep making the warnings bigger and bigger, and now give the administrator the option to prevent certain types of file from being opened or saved at all

    The fact is:

    1. A child of 10 years old could write a worm of the complexity of ILOVEYOU
    2. The main problem is people's attitude to opening these attachments. You give them a warning and they ignore it.
    3. A further problem is the homogeneity of the software used by the vast majority of (particularly corporate) email users.
    4. MS complicate the problem by introducing ever more types of executables. Unlike on other systems, there's no fail-safe way of identifying an executable file. There are dozens of extensions now.

    I wrote a proof-of-concept of a self-encrypting VBS program, it worked quite nicely (No, it wasn't a worm, and didn't email itself!)

  9. #9
    Senior Member
    Join Date
    Feb 2002
    Posts
    216
    educate people ? rather say try to educate people. i have been sent the i love you worm 78 times in 3 days . all this from 5 persons and this after contacting them and telling them what to do . now that is just me there are 250 comps on this network!
    Never miss a good opportunity to shut up.....

  10. #10
    Senior Member Ouroboros's Avatar
    Join Date
    Nov 2001
    Location
    Superior, WI USA
    Posts
    628
    Here's how I work it...

    1) i don't use MS Outlook

    2) if anyone sends me an attachment, i have asked them to type in an indiviualizing bit of text into the message body, as no MMW can replicate it, since it is typed by hand, and can vary... a greeting, a nickname, or some other rubbish that i can identify their intent with... if an attachment comes to me with nothing but the header details and a nonesensical bit of nothing(see MyParty) in the text body, i don't open it, even if it is from a friend, even if it is benign, even if my internet based e-mail claims that it has been scanned...i don't open it, and explain why later...

    Paranoia is the only solution to prevent the spread of such things...but the introduction of skepticism to the bumbling users out there is the problem...in my opinion, they get what they deserve for their lack of concern...I learned how to be skeptical just by RTFM, so to speak...if they want to be so trusting, let them...they'll learn.

    Ouroboros
    "entia non sunt multiplicanda praeter necessitatem"

    "entities should not be multiplied beyond necessity."

    -Occam's Razor


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •