in case nobody else noticed it, there was a mail worm released today

Scott Francis darkuncle at darkuncle.net
Wed Jan 28 15:17:06 UTC 2004


On Mon, Jan 26, 2004 at 09:00:40PM -0500, mike at sentex.net said:
> 
> 
> We are seeing 2 wide spread worms right now, mydoom and dumaru.*
> 
> NAI has info at
> 
> http://vil.nai.com/vil/content/v_100983.htm
> 
> and
> 
> http://vil.nai.com/vil/content/v_100980.htm
> 
> They rate of it is quite surprising.  By the description, the trick  / 
> method of infection does not seem all that different than past worms 
> viri.  Makes me wonder how many people in a room would reach into their 
> purse/pocket on hearing, "Wallet inspector"

I've been wondering lately, after about 10 years of email worms spreading in
exactly the same manner with every incarnation ... why do you think people
haven't learned not to open unexpected attachments yet? It would seem to me
that even the most clueless user would modify his/her behavior after, say,
the 25th time they've been infected and had to 1) call tech support or 2)
reinstall their OS (or more likely, have someone else reinstall their OS).

Worms today are exploiting the same fundamental flaws they were using 10
years ago, so maybe the question above has the wrong focus. Maybe we should
be asking why vendors haven't bothered to fix these problems - it's not like
they haven't had enough time or examples.

(Note: I really do not want this to degenerate into another rant against
vendor M; for once, I really am curious as to why we're still getting bit by
bugs using the same holes they were using with Windows 95 and NT 4. Worms
obviously pose a significant financial cost to business, and I heard this
latest one mentioned at least 3 times from various non-Internet media outlets
yesterday, so public awareness isn't the probem either.)
-- 
       Scott Francis | darkuncle(at)darkuncle(dot)net | 0x5537F527
"I gave you the chance of aiding me willingly, but you have elected the way
of pain!" -- Saruman, speaking for sysadmins everywhere
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040128/32fbb867/attachment.sig>


More information about the NANOG mailing list