Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
The pinnacle of computer viruses?

By ubernostrum in Internet
Sun Jun 03, 2001 at 09:25:50 PM EST
Tags: Security (all tags)
Security

For years we've seen viruses come and go, wreaking havoc on systems and finding new ways to get people to open them and pass them on. But recently some anonymous Brazilian has achieved the highest form of the art - a "virus" which causes the user to carry out its malicious action and forward it. The question now is "What can we do about this sort of thing if it happens again?"


First, a little background for anyone who's not familiar with the story, then I'll get to my point:

In case you haven't heard of it, there's a pretty interesting virus hoax being propagated via email across the United States right now, and it seems to have reached epic proportions. The hoax is a "warning" about a virus which is supposedly being transmitted via email and is a program called "SULFNBK.exe." Those who receive the warning are urged to search their systems for the file and delete it if found, lest they suffer untold consequences. I first heard about this on Tuesday, when someone forwarded the warning to me, and (being the suspicious bastard that I am when it comes to things people say in forwarded emails) I did a little investigating, and found out pretty easily that it was a hoax. The best source of information I found was a write-up on Symantec's website containing the original text of the email, info on the hoax, and instructions in case you deleted the file (it's a Windows utility, not a virus, so most people who deleted it probably want it back). I didn't think much of it until I noticed that the hoax had achieved such notoriety that it made CNET's front page (the article is here on CNET but the page has bugs), and that's when I started thinking.

OK, background info done, now for the real issue brought up by the SULFNBK.exe hoax: how exactly do you protect against this sort of thing?

Think about it - this isn't really a "virus" in the traditional sense of the term, yet it does what viruses traditionally do - it causes damage to your computer (relatively light damage in this case, but I have no doubt it could have been worse if the originator had picked a different filename), and then passes itself on to others. It just doesn't use any code to do it - it's almost like an old joke called the Honor System Virus, which asked the user to forward it and then wipe his hard drive.

As such, how can you fight something like this? Anti-virus software is powerless against the gullible user who voluntarily damages his system at the bidding of an email message. There's speculation that the SULFNBK.exe message may have originated by accident (there actually is a virus which uses that filename, as Symantec's page helpfully points out), but someone with malicious intent could easily write a similar message instructing users to delete a critical file, and such a message could easily damage a lot of computers and cause a lot of frustration.

The best remedy I can think of is education, but even that is tough to implement - within five minutes of receiving the SULFNBK.exe warning, I'd found the Symantec page and fired off an email to most of my friends pre-emptively warning them about the hoax, but too many people don't know enough about computers or the Internet to recognize such a hoax, or don't think to go check out the information for themselves, and as a result they fall victim to it. The best solution is an informed, intelligent population, but any experience with democratic government will show the likelihood of that happening.

More drastic solutions, like setting up a home PC so that the user can't delete critical files, seem to be the next obvious answer, but I'm not sure I like that - I'd rather have the freedom to accidentally destroy my entire system than not be able to modify and customize to my liking.

Those are just a couple examples of solutions to hoaxes like SULFNBK.exe, but one probably can't be implemented, and the other isn't really a pleasant idea. So what (if anything) could be done if virus writers realized the enormous potential of this sort of thing? Could anything effectively prevent thousands of users who just simply don't know better from voluntarily wrecking their computers?

Of course, after a few times around, people would learn and start to distrust the hoaxes, but how many times would it take? And is it acceptable to simply let users shoot themselves in the foot a couple of times to learn the lesson?

And I'm sure that somewhere in the first couple of comments someone will post links to stories about all sorts of similar hoaxes (I've seen lists of them alrady on Symantec's site and others, while looking into the SULFNBK.exe hoax) and ask why I think there's a problem all of a sudden. So I'll answer that now: this hoax has really managed to "make it big," and it thankfully wasn't very malicious, so perhaps it's time to start thinking now about solutions to hoax viruses like SULFNBK.exe, because I've seen a lot of hoaxes, but no good, lasting solution to keep them from doing damage.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Have you received the SULFNBK.exe warning?
o Yes. 18%
o No. 48%
o I disregarded it because I use Shake'n'Bake.exe instead. 4%
o Don't bother me, I'm restoring the file. 1%
o I don't use Windows. What's this SULFNBK.exe file again? 27%

Votes: 85
Results | Other Polls

Related Links
o write-up on Symantec's website
o here on CNET
o Honor System Virus
o Also by ubernostrum


Display: Sort:
The pinnacle of computer viruses? | 72 comments (72 topical, editorial, 0 hidden)
common sense (3.75 / 8) (#1)
by MashH on Sat Jun 02, 2001 at 10:20:21 PM EST

if most of your friends needed an email to warn them about this, maybe they also need an email to warn them about the "good times" "join the crew" and other virus hoaxes that have been around forever. Have you warned them that the little boy doesn't want any more postcards and forwarding email will not cause Bill Gates to give them $1000?

What I'm trying to point out is that none of this is new, and people should know better by now.

To do something productive, make sure your friends know some reliable quickly updated virus and virus hoax sites - and how to search for infomation about new ones.

Give them some common sense rather than specific warnings.

Disregarding common sense (4.40 / 5) (#4)
by Delirium on Sat Jun 02, 2001 at 10:30:38 PM EST

Well part of the problem is that computers are very unintuitive for some people. They have common sense, but they've learned that often computers don't fit what their common sense would expect, so they've learned to disregard it. I can't count the number of times mailing lists I'm on have gotten forwards like that "Bill Gates will give you $100 if you forward this!" mail from users who said "ok this probably isn't real, but just in case." Obviously their common sense told them it wasn't really an email from Bill Gates, but they've learned that in the past some things about computers that seem counter to common sense turn out to be true.

[ Parent ]
re: common sense (4.00 / 4) (#5)
by ubernostrum on Sat Jun 02, 2001 at 10:40:20 PM EST

Imparting common sense is harder than it seems (I should know, I've got a piece on my website right now on how to spot hoaxes, but it's been there for a year and still I get these forwards), and it's really not a great solution - it may not reach very many people, because my friends may or may not pass on their newfound knowledge, and if they do it quickly degenerates into the kind of "well, a friend of a friend of a friend said to check it out here" behavior that's causing the problem in the first place...the whole idea of getting people to think for themselves gets lost that way. So I'm wondering if a broader solution (or a better implementation of the "give them some common sense" option) is available, or if it's just a lost cause.




--
You cooin' with my bird?
[ Parent ]

Common Sense? (4.00 / 4) (#24)
by paulT on Sun Jun 03, 2001 at 12:29:24 PM EST

Common sense is neither.



--
"Outside of a dog, a book is probably man's best friend; inside of a dog, it's too dark to read." - Groucho Marx
[ Parent ]
Beware of the CD-ROM tray (none / 0) (#65)
by Teehmar on Mon Jun 04, 2001 at 10:48:47 PM EST

Recently a friend forwarded me this message that takes a somewhat serious somewhat funny look at the stuff that is being sent around.
I've put it up as http://didntduck.org/~chiner/hoaxspotting.txt
It's got some good pointers for how to determine if things are hoaxes.

[ Parent ]
Strange hoax (3.85 / 7) (#2)
by Delirium on Sat Jun 02, 2001 at 10:27:57 PM EST

This particular hoax confuses me; I really don't see the motivation for it. The file it asks you to delete is a Windows system utility for restoring the FAT32 longfilenames table (the one that maps long filenames to the DOS 8.3 names) from a backup. Almost nobody knows this utility exists, and it's virtually never used. Deleting it will not affect 99.9% of the users at all, so this hoax isn't really any more destructive than any other virus hoax.

So why would somebody write a hoax like that? If the intent was to get people to mess up their systems, why not ask them to delete a system file that actually might be important?

The other possibility, which makes more sense to me (but might be wrong) is that this wasn't intended to be a hoax, but was written by someone who thought it was a real virus warning. A few of the Windows email worms propogate themselves by renaming to the names of various system files (to make it harder for firewalls or email servers to blocking attachments with certain names). This system file is known to be one of the names a few worms use, so some user might've gotten a virus with that filename and jumped to conclusions.

One reason (4.00 / 5) (#9)
by /dev/trash on Sat Jun 02, 2001 at 10:55:39 PM EST

Most system files are in use when Windows is running and as such can't be deleted. Granted the hoax could say "boot into DOS mode and delete someimportantfile.sys".

---
Updated 02/20/2004
New Site
[ Parent ]
Harmless files (4.00 / 4) (#10)
by Anonymous 6522 on Sat Jun 02, 2001 at 10:55:40 PM EST

If this hoax told people to delete a file that is crucial to their system's operation, the hoax would probably die quickly. User A would forward the email and do the fix, and render his computer unbootable. He would then frantically try to contact everyone that he forwarded the message to and tell them ignore it.

Or, as you said, it could just be someone who doesn't know any better.

[ Parent ]

Ebola vs the Flu (none / 0) (#47)
by jabber on Mon Jun 04, 2001 at 11:29:02 AM EST

The reason that a relatively harmless file is the target is this: The virus needs to propagate. It a critical file was the target, the system would crash and the virus would stop spreading. The most successful viruses are ones which spread first, and then leach off of their host. One's that kill their host too quickly do themselves a disservice.

Consider Ebola. It's an absolutely fearsome bug, but it's ferocity works against it in the greater scope since it's kills it's hosts so quickly that it never really has a good chance to spread. After the first few days of infection, you simply turn to human flavored Jello.

Contrast with the Flu which infects exponentially more people each year. It rarely kills - except for the remarkably vulnerable, and in doing so it does it's host species a service. It culls the herd leaving strong hosts to carry it to new hosts. Hosts can continue about their daily business of interacting with other potential hosts while the virus rides piggyback causing little more than mild discomfort in a great majority of cases.

Returning to the subject at hand, it would have been set up in such a way that the virus requests forwarding BEFORE asking for the deletion of a critical file, but really, would that work? People being people will always poke things with sticks, they will always cram their fingers into wounds to make sure they're real. This virus is effectively a Windows version of Mononucleosis - leaves you just a little weaker while getting under the skin of all friends ignorant enough to give you a peck on the cheek. :)

[TINK5C] |"Is K5 my kapusta intellectual teddy bear?"| "Yes"
[ Parent ]

Know your files (5.00 / 1) (#51)
by Steeltoe on Mon Jun 04, 2001 at 01:51:48 PM EST

While some files being in use can't be deleted, I'm sure there are files that will majorly screw up the boot-sequence if deleted. That would be enough for the virus to be spread while still harming the system. It wouldn't be as long-lived and infectuous as a harmless virus though.

It seems the author of this particular hoax was aiming more at spreading awareness, than actually spreading harm.

- Steeltoe
Explore the Art of Living

[ Parent ]
Prevention (3.88 / 9) (#3)
by sigwinch on Sat Jun 02, 2001 at 10:30:35 PM EST

Could anything effectively prevent thousands of users who just simply don't know better from voluntarily wrecking their computers?
Yes: user accounts and proper file access controls. Which, I might add, has been well known since at least the mid-'60s. If Microsoft continues to innovate at this rate, the Pentium V will be made of vacuum tubes.

--
I don't want the world, I just want your half.

Not a solution (4.28 / 7) (#7)
by Anonymous 6522 on Sat Jun 02, 2001 at 10:49:17 PM EST

The next virus-haox could just include and extra step, "Log into your computer as root/Administrator." If the user has the ability to delete the files, adding extra steps to the process won't help.

The only effective method, that I can think of, to combat this is to convince every single windows user to only use an up-to-date version of a reputable antivirus program to deal with virus/worm infections, and not try to cure infections on their own.

[ Parent ]

I don't know... (4.00 / 5) (#18)
by psctsh on Sun Jun 03, 2001 at 04:05:56 AM EST

My parents live and die by Norton Antivirus, and are already convinced that it forms some impenetrable barrier between them and the world.

That being said, my parents called me up the other day so I could tell them how to delete the file mentioned in the article. It seems that they got a variation of the email from someone, and wanted to get the thing off their system immediately. Basically I became suspicious of the email (it said it wouldn't be classified as a virus until june 1st), did some research, and spent at least 20 minutes trying to explain to my parents that the email was a hoax.

So how does this relate to your comment? Basically, when dealing with the computer illiterate, there's some kind of a hysteria that's involved with "oh my god a virus." The thing that made my parents panic was that in email it said that it wouldn't be picked up by antivirus progams. I guess what I'm trying to say is that people will put their fears ahead of their judgement when dealing with computers, and no amount of convincing will get the illiterate computer user to stay calm and not follow the email's advice.

Oh yeah, and the irony in all this is that my parents think that everyone on the internet is a lying pedophile trying to strangle children, yet they implicitly trust any fear-mongering email they get. Over their own son (yes, they deleted the file after I finished talking to them). All I have to say is if they ever need to restore an MS-DOS Backup to the long filename format, I'm not helping them.

[ Parent ]
It's a 99% solution (4.00 / 6) (#19)
by sigwinch on Sun Jun 03, 2001 at 04:11:32 AM EST

The next virus-haox could just include and extra step, "Log into your computer as root/Administrator."
By isolating the security-critical stuff, you can train users to be paranoid about it. E.g., you can pop up a warning for the Admin login, and put a big blinking warning message on the Admin desktop. The default Admin programs can be highly-restricted to only safe ones. To get to the dangerous programs, you'd be forced to go through a warning screen telling you to think twice and be very, very careful.

With current consumer OSes, it's hopeless. There's no easy way for a nonspecialist to tell the difference between an ordinary action and an extremely dangerous action. The pervasive overlap between safe and dangerous trains the user to be incautious, and once this training takes the poor user is a ripe target for the meme virus.

The only effective method, that I can think of, to combat this is to convince every single windows user to only use an up-to-date version of a reputable antivirus program to deal with virus/worm infections, and not try to cure infections on their own.
In other words, let the user fuck themself up the ass with a red hot poker, but train them to use really good anesthetics and antibiotics. That's no solution.

The proper solution is twofold. First, design programs that are not chock full of security vulnerabilities. Current Microsoft consumer software is abysmal when it comes to security. Second, and more important, isolate the compromise to the user's account. User accounts are easy to backup and restore. In fact, with large hard drives, it's possible to make several read-only checkpoints of their account right on the hard drive.

The thing to prevent is the total system compromise. User accounts are disposable. The kernel and system utilities are not, and are extremely expensive to reinstall, in terms of both time and money. Furthermore, modern computers have flash memories that can be permanently damaged by an attack; good security isolation makes it much harder for the macro worm of the week to fry the motherboard.

As a bonus, families and roommates can share the machine without stomping on each other's files, email, and themes. The Win 9x and Outlook sharing provisions are cumbersome and laughable. Most families would gladly switch to a multiuser system just to get good sharing. As a feature, it sells itself, nobody has to sell users on the security aspects.

--
I don't want the world, I just want your half.
[ Parent ]

Accounts/access control (4.50 / 8) (#8)
by ubernostrum on Sat Jun 02, 2001 at 10:51:17 PM EST

Those are nice features, and someday when either 1) the world has switched to UNIX-like systems or 2) Microsoft implements such a thing in Windows (they seem to be taking baby steps toward true user accounts and access control with XP), maybe it'll be an answer. But then again, we'll still have the problem of the home user who's root on his own machine...




--
You cooin' with my bird?
[ Parent ]

MS=Intel? (3.71 / 7) (#17)
by NightRain on Sun Jun 03, 2001 at 03:13:13 AM EST

If Microsoft continues to innovate at this rate, the Pentium V will be made of vacuum tubes.

That would be rather impressive of them seeing as how one would assume Pentium related innoveation falls within Intel's purview :)

[ Parent ]

*sigh* (3.62 / 8) (#30)
by NightRain on Sun Jun 03, 2001 at 05:51:53 PM EST

Apparently if you mention, or quote MS in your repsonse, and don't pay them out, it's worthy of having your comment rated lowly.

I knew there was a reason my instinct was telling me to avoid posting on this story. But I'm willing to bet that even in defending myself, I'll get rated down again. Such is the k5 experience though I guess :)

Don't vote, it only encourages them!


[ Parent ]
Actually, not so low. (3.00 / 2) (#45)
by mcherm on Mon Jun 04, 2001 at 08:01:15 AM EST

Actually, you aren't rated so low. At this moment, you're averaging just over 3. According to the K5 FAQ, a 2 is an appropriate rating for a "normal" comment, and a 3 is a good point.

I'll admit, there's a bad problem with "grade inflation" here, but we don't need to contribute to it. I usually give 3's for decent articles, saving 4 and 5 for really impressive ones. If we ALWAYS give out 4's and 5's, there won't be anything to use to mark the really impressive ones.

-- Michael Chermside

-- Michael Chermside
[ Parent ]

There... (1.00 / 1) (#50)
by Steeltoe on Mon Jun 04, 2001 at 01:41:14 PM EST

...gave you a 5. Hope you're happy.

MUAHAHA! :*)

- Steeltoe
Explore the Art of Living

[ Parent ]
Re: a 5 (1.00 / 1) (#54)
by mcherm on Mon Jun 04, 2001 at 02:54:43 PM EST

Ouch! I think I've been overrated.

I'd mark myself down, to compensate, but I can't post and moderate in the same discussion. Wait... that's somewhere else...

-- Michael Chermside

-- Michael Chermside
[ Parent ]

Ahhh (1.00 / 1) (#55)
by Steeltoe on Mon Jun 04, 2001 at 03:50:11 PM EST

The joy of teasing you!

You can't even moderate yourself down *cackle*

(Unless you start cheating by multiplaying of course ;-)

- Steeltoe
Explore the Art of Living

[ Parent ]
Oh yeah? Watch me! (1.00 / 1) (#57)
by mcherm on Mon Jun 04, 2001 at 04:44:02 PM EST

You can't even moderate yourself down *cackle*

(Unless you start cheating by multiplaying of course ;-)

I wouldn't DREAM of cheating.

However, I've always felt that anything could be accomplished if you try hard enough.

Open Offer! I'll moderate up (or down, your choice) 2 comments of your choice for the first 2 people to moderate my original comment ("Actually, not so low") with a 1!

-- Michael Chermside
(PS: Please don't take this too far... I don't exactly want to open up a market in mis-moderated postings as a side effect of a this bout...)

-- Michael Chermside
[ Parent ]

Naw (1.00 / 1) (#59)
by Steeltoe on Mon Jun 04, 2001 at 05:31:53 PM EST

I'd just look stupid, and I don't want that today. Maybe tomorrow. HTML is not my strong side. :-)

- Steeltoe
Explore the Art of Living

[ Parent ]
Yes, now.... (3.00 / 2) (#63)
by NightRain on Mon Jun 04, 2001 at 07:52:15 PM EST

Yes, at the time you replied to this, I was averaging good ratings. However, when I first made my comment, I had two votes at rating 2. And according to the FAQ "An alternate way to view ratings are to consider than a normal" (to you) response is a 3. An article which is not as good as this could be a 1 or 2". 2 votes at 2 looks like being rated down to me :)

Don't vote, it only encourages them!


[ Parent ]
Hoaxes. (3.91 / 12) (#6)
by id10t on Sat Jun 02, 2001 at 10:40:53 PM EST

Granted that this hoax is relatively harmless, there is a valid point here. In future, more and worse types of hoax can and will appear.

I work for an ISP, and have to deal with the vast number of people who would take one look at something like that and simply delete the file without thinking. You have to remember that, while a community like K5 may be intelligent enough to avoid this kind of hoax, most of the people who own computers at home really have no idea how the thing works at all. I deal with them everyday, and constantly end up asking myself what business THIS person has owning a computer.

I agree that education would be a big help in preventing this kind of mess, and also that it likely will not happen.

The author leaves as an option that people be left free to trash their systems, and while I don't like it either, it seems that is probably the best way to go. Maybe, after having to pay for the Tech Support call to Microsoft only to be told to re-install the OS a few times people might learn. We can only hope.

--------

"Still! `Old friend!' You've managed to kill just about everyone else, but like a poor marksman you keep missing the target!"

Admiral James Tiberius Kirk, ST: The Wrath of Khan

--------

id10t

people are dumbfucks (3.71 / 7) (#13)
by Seumas on Sun Jun 03, 2001 at 01:31:35 AM EST

I'm sorry, but my abundant compassion and patience for people who are unfamiliar with computers runs out at the point where they immediately act on advice from an unknown source regarding an unknown problem with something they are completely clueless about.

I can understand the confusion people have when it comes to computers. It's understandable that some people may not know what the Any Key is or what to do with the cup-holder that slides out of their box, but I can not understand people who act without thinking.

This is similar to checking your answering machine and finding an anonymous voicemail on it telling you to immediately remove your car's spark-plugs and distributor cap to prevent it from automatically driving away and going on an autonomous one-car rampage through the streets of your city. I can't offer sympathy for anyone like that.
--
I just read K5 for the articles.
[ Parent ]

True, but not in this case (4.00 / 3) (#29)
by leviathan on Sun Jun 03, 2001 at 05:12:09 PM EST

[...]they immediately act on advice from an unknown source[...]

The point with this 'virus' is that it's propogated by thinking users. It does not fire emails off to everyone Outlook has recorded as ever sending an email to you. Instead, the user forwards the email off to his or her friends - people they care about.

Yes, people regularly act braindead when it comes to technology, but this is not one of those instances. Bad advice happens in real life too, it just doesn't spread as fast.

P.S. Is scoop doing weird formatting today, or is it just me? It now correctly requires the <p> after the closing </blockquote> for proper spacing to occur, but it's replacing all my <p>s with <br><br>s...

--
I wish everyone was peaceful. Then I could take over the planet with a butter knife.
- Dogbert
[ Parent ]

preventing people from deleting important files (3.40 / 5) (#11)
by adamba on Sun Jun 03, 2001 at 12:15:45 AM EST

More drastic solutions, like setting up a home PC so that the user can't delete critical files, seem to be the next obvious answer, but I'm not sure I like that - I'd rather have the freedom to accidentally destroy my entire system than not be able to modify and customize to my liking.

Windows 2000 has something called System File Protection which actually does this. If you replace a file (from a known list), it is put back by the system.

Every developer I knew hated it (mostly because it kept "protecting" files they wanted to test private versions of) but I guess for Joe User it is a good feature.

- adam

Educate them, or don't let them have computers.... (2.83 / 6) (#12)
by CaptainObvious on Sun Jun 03, 2001 at 01:14:42 AM EST

The average luser gets word of these virii through the masses of chain letters and miracle diet emails that their friends send them, sometimes creating unnecessary paranoia. Solution? Educate them. Tell someone who only knows that "the computer makes screeching sounds to get the internet to come on" that they need to format their hard drive because they an unhealthy addiction to animated gifs and Beanie Babies and they'll do it.

We all know half the people that own computers need an intelligence test before they "Plug and Play", right? Yes I know this is a perfect world scenario but how hard is it, really?
---

Excuse me for butting in, but I'm interrupt-driven...
I don't think so. (none / 0) (#48)
by eudas on Mon Jun 04, 2001 at 11:50:20 AM EST

Tell one of those people to "format their hard drive" and the next words out of their mouth will be them asking you how they do that.

eudas
"We're placing this wood in your ass for the good of the world" -- mrgoat
[ Parent ]
Clarification (none / 0) (#49)
by eudas on Mon Jun 04, 2001 at 11:51:46 AM EST

What I meant by this comment was that these people don't know how to format a hard drive, or even what it is, let alone how to do it.

eudas
"We're placing this wood in your ass for the good of the world" -- mrgoat
[ Parent ]
They do exist... (none / 0) (#58)
by CaptainObvious on Mon Jun 04, 2001 at 05:06:37 PM EST

I dunno...I used to work in Technical Support, and people would tell them to go to a DOS prompt and type "format c:" because their dial-up networking was misconfigured, and there were several occassions where customers did this, and employees were fired as a result. This of course was not strictly due to the idiocy of the user, but when provoked...

I never said all users were this gullible, but there are people out there that will believe you when you tell them to buy a new modem because their flux capacitator on their modem is corrupt. So again I ask...what's so wrong with giving the average computer user a clue?


---

Excuse me for butting in, but I'm interrupt-driven...
[ Parent ]
Words in my Mouth?? (none / 0) (#66)
by eudas on Tue Jun 05, 2001 at 03:15:43 AM EST

"So again I ask...what's so wrong with giving the average computer user a clue?"

I never said there was anything wrong with it. I simply mentioned the likelihood that the user won't know how to format their hard drive. If more users had clues, tech support would have a nicer day.

eudas
"We're placing this wood in your ass for the good of the world" -- mrgoat
[ Parent ]
Not at all. (none / 0) (#68)
by CaptainObvious on Tue Jun 05, 2001 at 08:56:21 PM EST

Not my intention to imply you had said that, so I apologize if it was conveyed that way. I was basically speaking to the people who seemed to vote me down without reason, and attempting to respond to you at the same time, miserably failing. :)
---

Excuse me for butting in, but I'm interrupt-driven...
[ Parent ]
an English virus (3.66 / 9) (#14)
by danny on Sun Jun 03, 2001 at 02:13:22 AM EST

this isn't really a "virus" in the traditional sense of the term

It's not a traditional virus in that it doesn't attach itself to other programs, but it's just as much a virus as any emailed executable - it just happens to be written in English instead of in Visual Basic or machine code.

Danny.
[900 book reviews and other stuff]

It's quite ironic to me... (2.50 / 4) (#15)
by ti dave on Sun Jun 03, 2001 at 02:44:24 AM EST

That I am reading about this form of virus, while reading "Snow Crash". On Vicodin. After checking one of my fave sites, memepool.com.

ti_dave
"If you dial," Iran said, eyes open and watching, "for greater venom, then I'll dial the same."

[ Parent ]
The honesty virus. (3.14 / 7) (#16)
by www.sorehands.com on Sun Jun 03, 2001 at 02:45:40 AM EST

I am too lazy to write a virus, so please: Send a note to 10 of your friends telling them to format their boot drive, then format your own boot drive.

Thank you.



------------------------------------------------------------------------------
http://www.barbieslapp.com
Mattel, SLAPP terrorists intent on destroying free speech.
-----------------------------------------------------------

Good (let them live in it) (4.00 / 9) (#20)
by DeadBaby on Sun Jun 03, 2001 at 08:22:29 AM EST

I've always found the question of virus protection, or lack thereof, to be similar to giving a kid a bike. They're going to fall off, they're going to scrap their elbows, they might even manage to break an ankle or wrist if they're really daring but I will bet you once they suffer the pain a few times they'll quickly understand the value of safety. I see computer viruses the exact same way. For those who don't use any virus protection, randomly open executable attachments, randomly take advice from mass mailings, etc, they're doomed to have every last bit of data on their computer destroyed at some point or another.

To the point of not being able to delete system files, in a modern version of Windows it's actually very hard to delete anything critical. Windows File Protection in Win2k (ME? Too?) will replace the files you remove quickly, if the system attribute is set it shouldn't let you delete the file at all. Still people find a way.

Stupidity, laziness and apathy are the virus here, not BadMeanVirus.txt.vbs. Let them (them being the untold number of people who seem to get every new virus out there) live in it for a while, they'll swiftly learn data backup and virus protection.

"Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity -- in all this vastness -- there is no hint that help will come from elsewhere to save us from ourselves. It is up to us." - Carl Sagan
Solution for the unknowing? (2.50 / 2) (#28)
by losthalo on Sun Jun 03, 2001 at 04:36:56 PM EST

Wouldn't it be possible to place the OS on a chip on the motherboard, rather than on a writeable hard drive, thus preventing the owner from erasing the files that are necessary to boot the computer? Never mind having to find your DOS boot disk, it's on the motherboard. Make it removable like the CPU, and you can swap in upgrades, and change your OS by swapping the chip out.

[ Parent ]
Atari ST (none / 0) (#46)
by greycat on Mon Jun 04, 2001 at 11:15:24 AM EST

The Atari ST used to have the operating system in ROM. This has obvious advantages and disadvantages. The obvious advantages are fast booting, no need for an OS on the disks (this was an era where most people had no hard disks), and immutability of the OS. The disadvantage is that upgrading your OS is a major hassle and costs real money -- thus most people never bother.

I honestly don't think it would be very popular today.



[ Parent ]
The problem is they don't get hurt. (none / 0) (#60)
by coffee17 on Mon Jun 04, 2001 at 05:55:07 PM EST

Now, this is a very uncommon thing to hear from me, but the corporate world is too forgiving. If a user runs a virus at home and deltes all his porn, s/he has learned a lesson, and likely won't do so again. However, if a luser opens an attachment at work, and it brings down the mailserver, or destroys their machine, or deletes data from shared sources, it is IT's job to fix the machine, and restore any shared data from backup. And what happens to the luser? Nothing.

Chaos rot, there's one accountant at work who's opened 5 sepearate virii, AND forwarded the hoax you key in on in the story. She's not learning because she's not experiencing pain.

In my professional opinion, I realize the danger that virii can do (if they remove stuff from shared areas, you have to restore from backup, losing anywork done inbetween there (or even worse, it could breach your firewall/security from the inside)), and realize how simple it is to not blindly open attachments, especially from family members who routinely send you virii (three of the times she received it from the same person). If the person is very important to the company, they should be officially disciplined, and educated. If they are not one of the founding minds of the company, they should be either fired on the spot, or fired and given two weeks severance, depending on the attitude of the company. If even a few companies started firing people for opening virii, I guarantee that these epidemics would stop happening.


-coffee


[ Parent ]

The sad fact is... (none / 0) (#71)
by Armaphine on Wed Jun 06, 2001 at 11:32:26 AM EST

...most of the time, they can plead ignorance, and are free to go about their day while IT has to pick up the slack.

While I completely agree with your point, and wish I could do the same thing myself, the sad fact is that in most companies, the IT department really doesn't have that kind of pull with the Powers That Be. The only good solution that I've seen is to use the dirty game of office politics to your advantage. When people are screaming bloody murder because you're rebuilding the mail server, be sure to drop the luser-in-question's name several times during the necessary apologies. While this might not work right away, they aren't quite as dumb as they sometimes look, and will start realizing that this person's name & a mail server outage are starting to go hand in hand.

Aside from that, the only other option is to begin implementing more Draconian security measures on his/her PC.

The point I would like to get across is this: Sooner or later, they will learn. Be it through punitive measures from the higher-ups, icy glares from co-workers, belittlement from every tech in the chain, or just good ol' fashioned beatings, the lesson will sink in sooner or later. Here's hoping for sooner...

Question authority. Don't ask why, just do it.
[ Parent ]

Education, but not that kind (3.80 / 10) (#21)
by DesiredUsername on Sun Jun 03, 2001 at 08:55:50 AM EST

"...how can you fight something like this?"

"The best remedy I can think of is education..."

As you point out, "targetted" education is ineffective since it doesn't spread as fast or widely (or along the same vector) as the original problem. But, the perfect solution exists and only has be implemented once so solve all problems of this type. Furthermore, you mentioned it yourself: "...being the suspicious bastard that I am when it comes to things people say in forwarded emails..."

More generally: Be skeptical of anything you read in a forwarded email.
More generally still: Be skeptical of anything you read on the Internet.
Even more generally: Be skeptical of anything you read.
Best of all: Be skeptical.

Obviously you can't be skeptical of *everything*. Weigh the risks. For instance, I might as well just believe the sun will rise tomorrow--if it doesn't, there's nothing I can do anyway. On the opposite side, the cost of deleting random files on my harddrive is large (and avoidable) while the cost of checking it out first is small.

Play 囲碁
Why skepticism won't work. (none / 0) (#61)
by coffee17 on Mon Jun 04, 2001 at 06:10:15 PM EST

More generally: Be skeptical of anything you read in a forwarded email.
More generally still: Be skeptical of anything you read on the Internet.
Even more generally: Be skeptical of anything you read.
Best of all: Be skeptical.

However when you consider that about ~90% of the US population (which is probably at least 50% of the internet using population) believes in xtianity without skepticism (not only the people who say "If English was good enough for Jesus, then it's good enough to be our country's national language." and other such stupidities, but the luke-warm believer who heads in at xmas and easter, and maybe thinks that Pascal's wager is valid), how are you going to get them to take something as trivial as email with suspician?

-coffee


[ Parent ]

Re: Why skepticism won't work. (none / 0) (#62)
by AzTex on Mon Jun 04, 2001 at 06:35:10 PM EST

coffee17 wrote:

...the people who say "If English was good enough for Jesus, then it's good enough to be our country's national language."
Please tell me you are making this up!  Have you actually heard someone say this?  If so, I'm putting it in my sig.



solipsism: I'm always here. But you sometimes go away.
** AzTex **

[ Parent ]
unsure (none / 0) (#64)
by coffee17 on Mon Jun 04, 2001 at 08:48:08 PM EST

I know that I've seen it quoted many times, and it was said in "A Knight's Tale" (it was supposed to show the speaker's ignorance, but rather than laughing like me, the audience cheered, and one person did shout out "Damn right!" ... this was in silly con valley, not the deep south), but I'm unsure if I've actually heard it stated by someone intending to be serious. It could be urban rumor that someone said it while being asked for opinions about officially making English the US's language.

But, I have actually heard someone (a very white someone with blode hair and blue eyes) say "I wish all those damned Indians would go back where they came from." note, this was about Native American Indians, not India Indians.

-coffee


[ Parent ]

Bibles in English (none / 0) (#69)
by ubernostrum on Wed Jun 06, 2001 at 01:08:44 AM EST

I haven't heard the "if it was good enough for Jesus" comment, but I grew up in West Virginia, and I've known folks who think the Bible was divinely inspired when written down...in the original King James English.





--
You cooin' with my bird?
[ Parent ]
I hate to say this (3.50 / 8) (#22)
by Skippy on Sun Jun 03, 2001 at 10:33:29 AM EST

But the only education that generally works in this regard is the school of hard knocks - trial and error. Most people have to whack their thumbs while hammering before they learn to be careful and respectful of the hammer as a tool. Unfortunately, the same people are going to have to render their computer unusable a couple of times before they learn to engage their brain before following instructions in an email from an unknown source.

As someone else mentioned you can decrease, but not eliminate, the number of people who get burned by something like this with tech benefits like proper file permissions but this is essentially a social engineering problem and people are slow to learn.


# I am now finished talking out my ass about things that I am not qualified to discuss. #

when someone tells someone else (3.00 / 6) (#23)
by blackdown on Sun Jun 03, 2001 at 11:14:49 AM EST

A website that I subscribe to (and assumed knew better) mailed all its users twice in one morning warning them about this before finally announcing that action wasn't as "urgent" as they thought.
They actually wrote their own warning rather than simply forwarding the original. Without exclaimation marks and capitals it was pretty convincing. Can't imagine how many people acted on it, I got pretty close.
As for prevention - the world's a dangerous place. Live with it and love it.

Solution? (3.00 / 5) (#25)
by theR on Sun Jun 03, 2001 at 12:43:34 PM EST

The simple solution to a problem like this is to not be an idiot.

Unfortunately, not being an idiot is not an option for a lot of people when it comes to computers. Common sense would seem to say, however, that most people are not notified about new viruses by passing around chain emails. Sure, you can be notified by somebody who accidentally sent you a virus, but it makes no sense that they would ask you to forward the email to every person you have emailed for months. If a virus is this big, Symantec, McAfee, and other virus scanners will have updates in short order and information will be all over the internet.

By the way, McAfee has also had a description up for some time, and I think they have now put a link on their front page.



The fault (3.33 / 9) (#26)
by Jive Billy on Sun Jun 03, 2001 at 12:59:28 PM EST

...lies with the OS maker, not the user. The simple fact is that 99% of people who use a computer don't know a thing about them, and are therefore easy prey.

I know a lot of you have the opinion, "Well, they should educate themselves -- it's their fault." However, how many of you have had to bring a car in to a mechanic, knowing full well they could rip you off however they wanted since you don't know a thing about cars?

When you design an OS, the stupidity of users must be taken into account. If you allow them to delete vital system files, then they will. It's not a matter of education -- if you are an OS developer you must live with the fact that most of your customers won't know how to use your software properly.

Stuipd analogy... (1.28 / 7) (#31)
by SvnLyrBrto on Sun Jun 03, 2001 at 06:33:42 PM EST

And when it comes to the present topic, it's even more stupid. >how many of you have had to bring a car in to >a mechanic, knowing full well they could rip >you off however they wanted since you don't >know a thing about cars? True, I'm no expert mechanic, and with today's card being run almost entirely by embedded electronics, the amature skills I DO have become more useless with every model year. But the tiniest bit of intelligence and common sence should still prevail... If *I* received mail from some random stranger, telling me to open up the hood of my car and remove some component whose purpose I didn't understand... I sure as HELL would NOT do so!!! john

Imagine all the people...
[ Parent ]

Stuipd analogy... (4.00 / 3) (#32)
by SvnLyrBrto on Sun Jun 03, 2001 at 06:34:22 PM EST

And when it comes to the present topic, it's even more stupid.

>how many of you have had to bring a car in to
>a mechanic, knowing full well they could rip
>you off however they wanted since you don't
>know a thing about cars?

True, I'm no expert mechanic, and with today's card being run almost entirely by embedded electronics, the amature skills I DO have become more useless with every model year.

But the tiniest bit of intelligence and common sence should still prevail...

If *I* received mail from some random stranger, telling me to open up the hood of my car and remove some component whose purpose I didn't understand...

I sure as HELL would NOT do so!!!


john

Imagine all the people...
[ Parent ]

It probably wouldn't be from a random stranger. (2.00 / 1) (#34)
by Phaser777 on Sun Jun 03, 2001 at 07:30:15 PM EST

What if that email came from a well-meaning friend or relative? Honor system email viruses generally ask the gullible user to send the "warning" to everyone they know.

---
My business plan:
Obtain the patents for something (the more obvious and general the better)
Wait u
[ Parent ]
How about another way to look at it (3.50 / 2) (#37)
by theboz on Sun Jun 03, 2001 at 09:00:30 PM EST

You would think it would have to come from a friend/family member that actually knows something about computers. In the example of cars, if my grandmother told me I could get better gas mileage by removing the transmission, I wouldn't go start trying to rip it out of my car based on her word.

It just seems that people lose their common sense when it comes to computers. I don't expect everyone to be an expert and able to completely do everything, but they should at least realize people will lie to them as much as in real life.

I think there is something to be said for optimizing software for the user, however, if someone decides to break it because they are gullible that is their own fault. If I decide to take my truck and drive down the wrong side of the road, it would be my fault, not that of the manufacturer.

Stuff.
[ Parent ]

Not a stupid analogy (3.00 / 1) (#36)
by Jive Billy on Sun Jun 03, 2001 at 08:40:06 PM EST

If you go to a garage, and the mechanic says, "well, looks like we'll have to replace X", then unless you actually know something about cars 90% of people will say, "Ok, replace it."

Obviously you wouldn't normally do something to your car if you got an email telling you to, just like you wouldn't take your mechanic's word when he tells you, "by the way, delete the file XYZ.exe from your home computer." I didn't ever suggest that as part of my analogy.

[ Parent ]

Why the car analogy doesn't work.... (2.00 / 1) (#41)
by SvnLyrBrto on Mon Jun 04, 2001 at 01:20:16 AM EST

I REALLY hate the "what if you were working on a car" analogy.

So, just about every time someone complains about stupid users; weather it's a sysadmin complaining about dumb lusers on their network, or poor fools doing their time on the helldesk; we get the "car" analogy thrown in our face.

Well, It just doesn't wash. Sure, when it's appropiate, I defer to an expert....

BUT there are some things that are just plain common sence, for which anyone with an ounce of grey matter doesn't NEED an expert.

Sure, I don't expect to rebuild my own engine (well, a VW Bug, maybe). But I can bloody well change my own oil. I don't do my own fuel system work, but I know that I need to put gas in the tank to make the car go. I don't know how my car meets California emissions... but, as in the case we're talking about, I'm not about to remove a random component.

You do NOT have to be an expert to have a little bit of common sence. And that's where the analogy breaks down. Everyone knows that cars need gas, oil and all their parts to go. But some lusers seem to think that the computer is some kind of magic box that they can abuse at will.

Likewise, *I* do NOT expect joe yuppie from marketing to be modifying and recompiling the kernel, but it's not unreasonable to expect him to know how to login, check his mail, and NEVER touch a .vbs file. jane the salesdrone shouldn't have to open up her laptop case, and she has no reason to even know what a grounding strap IS... but she better damn well know that you have to plug in the power adaptor to charge the battery.... that the machine doesn't just run by magic.

And, just as under the hood of a car... your average user doesn't need to know what every file in their system directory does (weather that system directory is \windoze, or a combo od /etc /bin/ and /sbin).

But to remove files.... executables even, from the system directory, without knowing what they do... if just plain fscking STUPID!


john

Imagine all the people...
[ Parent ]

It DOES work! (4.00 / 2) (#42)
by Jive Billy on Mon Jun 04, 2001 at 02:01:46 AM EST

But to remove files.... executables even, from the system directory, without knowing what they do... if just plain fscking STUPID!

Guess what -- 99% of computer users would do this if told to. They have no concept of "system" directory. They don't care what it is or does. They don't know what an executable is.

I used to lead a team of programmers on a large billing program -- I watched the new programmers make the same assumptions about user knowledge and know-how over and over again. It wasn't until the clients came on-site that the programmers realized what they were dealing with.

Similarily for cars...you make some pretty broad claims about what should be general knowledge. Guess what...it's not. No one I know (myself included) knows how to change the oil in a car. I don't care to know. The important thing...I don't need to know.

[ Parent ]

more to the point (none / 0) (#56)
by kubalaa on Mon Jun 04, 2001 at 04:13:24 PM EST

How about just leave it at: don't automatically follow advice from random strangers on a topic you don't understand, over e-mail or any other medium, on computers or any other topic.

[ Parent ]
What?! (4.00 / 1) (#33)
by Sunir on Sun Jun 03, 2001 at 06:45:27 PM EST

And by that logic, it's the application programmer's fault if she doesn't prevent the user from munging the application executables? Or, to extend your analogy, it's the car manufacturer's fault if the driver pours windshield wiper fluid in the oil reservoir.

You can't baby everyone. But that doesn't mean you don't have to try to make things easier. This isn't an extreme this-or-that binary dichotomy that compscis seem to love.

"Look! You're free! Go, and be free!" and everyone hated it for that. --r
[ Parent ]

Duh (3.00 / 1) (#35)
by Jive Billy on Sun Jun 03, 2001 at 08:35:19 PM EST

Have you ever written a GUI? If you have, then you'll have written plenty of code to verify input from a user. Any commercially viable GUIs just won't let users do stupid things (like enter invalid characters, wrong date formats, etc).

OSes are no different. There has to be some acknowledgment of the ignorance of the common user, and there should be something in place to ensure they can't do stupid things. I would consider not allowing them to delete vital system files a no brainer.

[ Parent ]

Vital system file?! Not really, so who cares? (4.50 / 2) (#38)
by Sunir on Sun Jun 03, 2001 at 09:49:32 PM EST

The file in question is not a vital system file. It's a utility used in very unique circumstances.

Windows 2000 protects vital system files from overwriting. This is an improvement only possible due to the new COM rules that seem to admit that component oriented programming was a bit of a dead end. shrug

Actually, Windows NT put barriers up to wonking around with system files, but most users run as administrators anyway. double shrug Personally, with Unix, I switch back and forth between su more often than security experts would prefer. Whatever.

Fundamental rule of easy use: most security is a waste of time. If it gets in your way, get it out of your way. Sure, occasionally you'll have a severe data recovery problem, but the daily friction of having to deal with security is far more expensive, especially if you realize that the resource expenditure compounds with interest over time. If this expenditure is greater than the cost of a disaster, you're wasting dollars.

A good unobtrusive scheme like daily backups isn't a bad way to go. Network security can similarly be unobtrusive. These are the kinds of things users really want because most just don't give a damn. They have other jobs to do.

Similarly, if you've ever watched users use your GUI, you learn to realize they really hate having modal dialogs (sometimes system modal dialogs, groan) pop up telling them that they can only enter integers from 1 to 10. If you are going to limit choices, it's better to limit them beforehand, not after. A better answer is either a combo box with 1..10 or a slider from 1-10. In that case, you no longer have to validate the input because it is already constrained.

This is an important point. Most security involves punitive responses to teach the so-called luser what not to do. For people who aren't security obsessed, they generally just want to get the job done as efficiently as possible. This is also why most user interface experts blame the interface designer for making a difficult to use interface instead of the user.

Most interfaces are arrogant.

The system recovery feature of Windows is a much better answer. Undoing damage is much better than yelling at the user.

"Look! You're free! Go, and be free!" and everyone hated it for that. --r
[ Parent ]

But... (3.00 / 1) (#39)
by Jive Billy on Mon Jun 04, 2001 at 12:22:28 AM EST

better answer is either a combo box with 1..10 or a slider from 1-10

Regardless of how it is finally implemented, you are still acknowleging the fact that you need something in place to restrict the user. Only people who have never actually worked on GUIs will say "just make a text box...the user will know they should just put a number between 1 or 10 there."

Similarily, I'm arguing that, for developers of an OS, it is their responsibility to ensure that a user cannot delete files needed for operation.

[ Parent ]

Distinctions are important (4.00 / 1) (#40)
by Sunir on Mon Jun 04, 2001 at 12:52:59 AM EST

The question is the attitude of the system designer. For instance, with the example I used of mixing windshield wiper fluid with the oil, it is currently not possible to restrict the user error. So, the "security" is post-fact and punitive. Alternatively, one could change the architecture of the system to prevent mixing entirely, say by making the connector between the windshield wiper bottle and the oil reservoir incompatible.

For an operating system, the attitude is definitive. For a half-assed and patched bazaar like GNU/Linux, the attitude is that the end user is ultimately responsible for her system because she is willing to take responsibility. For a manually constructed and controlled cathedral like BSD (especially OpenBSD), the attitude is that much is taken care of for the user. For Microsoft Windows, the vendor has decided that many details are too complicated for its target market, so they are configured very simply through vague and general modes. For MacOS, things are even more vague, often without configuration choices available.

Thus, it isn't the operating system's responsibility per se unless that is the agreed understanding of responsibility for the operating system.

For the average user, I agree that the operating system should maintain its integrity in the face of most obstacles. Clearly this isn't the average case today. Of course, in reality, the system files shouldn't be shown to the average end user. This shouldn't be a big deal. The idea of "files" that represent the operating system isn't important. It's just the "operating system" and it doesn't matter if it is loaded off disk or off a ROM chip. Then, it's impossible to delete the files by accident because there's absolute no way to do it.

Windows and MacOS are moving in this direction. Of course, this is really @#$%@!ing annoying to developers like myself. ;)

"Look! You're free! Go, and be free!" and everyone hated it for that. --r
[ Parent ]

Same Page (none / 0) (#43)
by Jive Billy on Mon Jun 04, 2001 at 02:06:20 AM EST

Sounds like we're on the same page here...

Of course, this is really @#$%@!ing annoying to developers like myself.

Unfortunately, this is the reality we have to face.

[ Parent ]

The paradox of email and viruses (3.25 / 4) (#27)
by nictamer on Sun Jun 03, 2001 at 04:10:09 PM EST

Why is it that every time I get a "virus warning" in the mail, it's a hoax?

And why is it that the same persons who send me those hoaxes are also those who transmit viruses?



The latest one: I get the thousandth confused virus warning from a guy I already educated (or I thought) about the syndrom. The warning is completely unreadable, buried under dozen layers of reformatting / quoting / translations.

I reply sarcastically to the guy, and the dozens of people he CC'ed.

Well I'm an idiot he says, because this virus warning comes from ... taddam ... tadddam roll drum taddam taddamm ... the Perrier company information services!!!

WOW! I was used to bogus authorities in that domain, but I have to admit I was quite flabbergasted trying to understand what was so impressive to the guy to work in Perrier or some other food producer's IS.

Nah, lusers have a different logic, a sort of _alien_ logic.
--
Religion is for sheep.
Trusted Sources (3.00 / 3) (#44)
by NotZen on Mon Jun 04, 2001 at 06:42:25 AM EST

It all comes down to trust. Who do you trust to send you this information.
Whenever I get a virus message I check with symantec's virus centre. That's my trusted source for virus information.

The same can be said for all sorts of information I recieve. I trust information from some sources more than from others, and I place more trust in people whos identity I can verify. Once the internet has more facilities in place for trust metrics, it'll be easier to control this kind of thing.

Infected copies of SULFNBK (2.50 / 2) (#52)
by starbreeze on Mon Jun 04, 2001 at 02:04:56 PM EST

So what (if anything) could be done if virus writers realized the enormous potential of this sort of thing?

They already have, there is a virus called Magistr that distributes an infected copy of SULFNBK.EXE.

On another note, my parents received the email warning, but luckily they run Windows95 and don't have that file. I looked at the email, checked Mcafee's site and replied to the people on the email list asking them not to delete the file, and directed them to Mcafee's site. I received a reply to this email from someone saying "Check out this attachment", with an attached humor.txt.pif file. WTF? Luckily I got to that email first, because despite all my warnings, my parents constantly run exes they get in email thinking theyll all be some cute "Elf Bowling" or such. Then they bitch at me to fix their PC. Like I don't do that 8 hours a day at work.

~~~~~~~~~
"There's something strangely musical about noise." ~Trent Reznor

Infection of SULFNBK.exe by Magistr (1.00 / 1) (#70)
by ubernostrum on Wed Jun 06, 2001 at 04:34:02 AM EST

They already have, there is a virus called Magistr that distributes an infected copy of SULFNBK.EXE

Yeah, it's mentioned on the Symantec page, and a lot of speculation I've seen has decided that the warning email originated with someone who'd gotten Magistr (I've seen corroboration for this on a French mailing list that someone pointed me to). But the problem isn't Magistr or any real virus - it's what happens if someone writes a totally fraudulent warning which instructs a user to delete something more important - the SULFNBK trouble has shown us that it could work, and work easily.




--
You cooin' with my bird?
[ Parent ]

The Real Pinnacle (4.20 / 5) (#53)
by Shalom on Mon Jun 04, 2001 at 02:37:57 PM EST

I have been thinking about an email virus that would spread itself like wildfire. And be totally blameless. It goes like this:

The email goes into a brief explanation of how email viruses spread, and warns of the "Voodoo" email virus, which mutates into different forms and may even look like a normal email from a friend. Then it goes into a heartfelt plea that you should NEVER EVER click on an attachment on an email unless you've talked to the person who sent it and confirmed it was real.

Then it asks you to click on the attachment below to search for the Voodoo virus.

Despite the warning above--actually, probably because of it--I'm willing to bet most users would actually click on the attachment. The program could do whatever it wanted, including installing a real virus, but the upshot should be a popup box that says "Voodoo Virus detected and removed. Click here to resend this warning to all the people on your contact list--they may already be infected." Some people might even call the sender, and the sender would likely confirm it :) To enhance the authenticity of the message, provide a little message box for a personal message from the sender.

Voluntary spreading and installing the virus!

I'm not actually going to make a virus, but it's kinda fun to think about.



Oh no! (none / 0) (#72)
by Int0h on Mon Jul 02, 2001 at 05:40:46 AM EST

Please stop me! I don't want to make that virus! :)

The idea is very good and the best part is that it would probably work, as you said.

Anyways, it would be fun to make such a virus, but it shouldn't be harmful :)

Also, I think every country should have a dictator, but he shouldn't be evil, so I guess he would be a nice dictator (is that possible?) Computer viruses ought to be the same, not harmful, but helpful. But I guess it wouldn't be a virus then, just a tool or utility or whatever you want to call it. Program maybe. Like ICQ :) Well, the point of this reply was just to say that the idea you have is great :)

[ Parent ]

It's got nothing to do with computers (2.00 / 2) (#67)
by SIGFPE on Tue Jun 05, 2001 at 06:42:24 PM EST

We hear about AIDS all the time and yet people still continue to infect each other. I don't believe that in the modern Western world anyone but a small minority hasn't heard about the risks. But it doesn't stop people. So I don't expect that any amount of training about computer viruses, where the risks are so much less, has much chance of helping.

Come to think of it, people have known since the dawn of time how to make babies and yet people still insist on carrying out precisely those actions resulting in unwanted babies.

If using a condom is too difficult for people then not-deleting-system-files is far beyond their ability.
SIGFPE

The pinnacle of computer viruses? | 72 comments (72 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!