VIRUS WARNING SUBJECT: [ltp] Administration

Bill Mair linux-thinkpad@linux-thinkpad.org
Sat, 09 Nov 2002 21:33:31 +0100 

Andrew Lee wrote:

> The virus is designed in such a way as to exploit a vulnerability in MS
> Lookout Express. It is one of the worst that I have seen for the way 
> that it
> mungs the MIME headers of the mail. It's very unlikely that this is a
> deliberately malicious attack, it's much more likely to be from a 
> genuinely
> infected workstation.

Very nasty. First time that I have heard the expression "MS Lookout 
Express" though :-)

> This specific type of malformed mail is generated by the virus. It 
> also has
> the ability to forge the "from" header, making it very hard to tell 
> where it
> came from. Usually you have to do a lookup on the originating IP.

It was only indentifiable via the SMTP logs and finding the originating IP.

> Seems a good idea, I doubt that there's ever much reason to post 
> binaries to
> this list, and if it is needed, better to post a link to an ftp or web 
> site.

My thoughts exactly.

> You could try to make it so that only subscribed addresses can post - 
> if you
> haven't already? That way, at least if this happened again (and it 
> will, it
> happens a lot!) then the poster would be aware of it.

This is a closed list. At least twice a day the list is spam, which I 
disgard. All mail
coming from non-members is put on hold.

> It happens all the time. If that user has ever subscribed to, had a 
> message
> forwarded from, or been cc'd, then potentially, the virus can be sent 
> to the
> list because the worm mails itself to EVERY contact in the WAB.

Don't you mean WEB ? ;-) In the mono-culture of M$ systems, I think 
there are
very, very few people not stored in someone's WAB. AFAIR that was why 
Melissa and
"I Love You" were able to cripple so many mailing systems over night.

BTW:

If one were to describe a really nasty virus as:
  a) Destorys valuable data
  b) Wastes valuable system resources
  c) Brings havoc into the normal computing day
  d) Hard to contain
  e) Widely spread
  f) Most people don't realise that they are a victim

Then shouldn't Windows be clssified as a virus, and as such be 
recognised by every anti-vir
software product ?

Recommended cure for the Virus: Linux ;-)

These are my opinions, and I don't want this to end up in an advocacy 
discussion.

And for a bit of fun see here: 
http://www.stratfordenterprises.com/oldsplash/windowsrg.html

Bill