Is this showing up as an issue for anyone? All I'm looking at is an MSNBC
story which gives me the impression that it's a pretty low-bandwidth deal. It
sounds like it requires intervention by the end user (or a system reboot) to
activate it, so the propagation rate ought to be very low.
http://vil.mcafee.com/dispVirus.asp?virus_k=100358
http://www.msnbc.com/news/922529.asp?0cv=CB10
Eric Anderson wrote:
Is this showing up as an issue for anyone? All I'm looking at is an MSNBC
story which gives me the impression that it's a pretty low-bandwidth deal. It
sounds like it requires intervention by the end user (or a system reboot) to
activate it, so the propagation rate ought to be very low.
That is a very bad assumption to make. Not all AV software can detect the various variations of it yet. In addition, there are many EU's that will still run any executable that shows up in their inbox. Many reports of the Microsoft Patch scam being used with this one.
It is multi-part mime, so my current stripping methods will protect the mailboxes on my system.
-Jack
Maybe I should clarify: By "very slowly" I meant that this should spread
significantly more slowly than something which is able to exploit a
vulnerability and start executing as soon as it finds a susceptible host. If
it's been in the wild for 12 hours without compromising most of the vulnerable
hosts, that's slow relative to what's possible.
Thus spake Jack Bates (jbates@brightok.net):
[snip]
Is this showing up as an issue for anyone? All I'm looking at is an MSNBC
story which gives me the impression that it's a pretty low-bandwidth deal. I
t
sounds like it requires intervention by the end user (or a system reboot) to
activate it, so the propagation rate ought to be very low.
Never underestimate the collective user's ability to say 'oooh, SHINY' and
click on it anyhow.
The sad part is that enough people clicked on it that it's making the news at
all. The truly pathetic part is that every provider is going to have at least
one user who calls in and asks "Why am I getting all these 'user unknown'
messages from friends who changed their addresses a long time ago?"