The Windows-using fuckwits are at it again.

[reddragdiva]

How many copies of the latest fucking virus are in my fucking mail? TOO FUCKING MANY. With a new one on average every one hundred and fifty seconds for the past three days! I think the Bayesian filter is this close to deciding the word 'Microsoft' indicates spam.

Your excuses are tired. The bogus analogies, the belligerent whininess. You talk like junkies in danger of being cut off. YOUR COMPUTERS ARE AGENTS OF CONTAGION. THEY DESERVE TO BE BANISHED FROM THE NET FORTHWITH. I wish to declare my full and ardent support for this move. People who complain this is unfaaair and toooo haaard are like people who run over kids and whose only defence is that they can't be expected to know how to drive and therefore couldn't possibly be held responsible.

I fully expect the comments on this entry to be filled with lame justifications, ridiculous analogies and badly-misremembered Microsoft FUD. Don't whine to me for daring to complain about your intrinsically unsecurable systems - just CLEAN UP AFTER YOURSELVES AND YOUR COMPATRIOTS, YOU SKANKY SHITBAGS.

(Thunderbird seems to detect the web page variant of the virus, but not the mailbounce one - it doesn't like running slabs of MIME-encoded binary through the filter. Filter on the string TVqQAAMAAAAEAAAA// - that's the beginning of the virus code, and will nail it nicely.)

Note: I expect things to be even worse when popular Linux is afflicted with self-propagating rootkits. For the same reason.

Comments

[http://users.livejournal.com/_nicolai_/]

If one pays by the megabyte for traffic one can try to pass on the extra costs of any misuse, including automated misuse by malware, to the user.
Some large Balkanised organisations already do this; "The marketing department is being billed pro-rata for the bandwidth they consume; this month, that means you will be paying about 63% of our bandwidth bill. Here's a copy of the site-licensed virus scanner. Use it and avoid the same bill next month. Have a Nice Day."
You can, trivially, detect M$ executables with Spamassassin (look for the magic number which identifies an EXE to the kernel) and score them up.

[reddragdiva]

I'm glad not to be paying for bandwidth on this here DSL. And Thunderbird eats 'em fine. It's just a ridiculous flood of the available bandwidth, particularly for those who do pay. This one is worse than Sobig.F.

[liz-lowlife.livejournal.com]

Hear, hear!
Cricket clap!
I'm an ardent MAC user.
Pish and tosh to McDonalds. I mean Microsoft.
(And all who have to sail in her).

Do you think this E mail bugging will die down any time soon?
We don't have any spam filtering system in place here at Swarf HQ.
I am the spam filtering system and I no longer enjoy my job...

[reddragdiva]

You can actually filter emails on the string I give - that'll knock out all the current bunch.

What are you using for an email program? The current Mozilla isn't quite OSX-conformant, but eats spam like nothing else.

[cypherwave.livejournal.com]

My G4 happily chugs along while the WinPCs around me choke on something minor. (I use both at my company sadly)

[reaverbob.livejournal.com]

Cheers for that. My bleedin mailbox was overflowing.

Though on a similair note, god i love Thunderbirds filters.

[damned-colonial.livejournal.com]

Hey, j_v_lynch wants to know if you think he's sexy (http://notsafeforwork.net/mt/archives/000015.html) (NSFW).

[reddragdiva]

Yes indeed! Although I'm not a fan of the pierced penis in general, the shots are Damned Fine. Yes.

[lucybond.livejournal.com]

I'm getting up to 200 of those mails per day through my business site :P

[lpetersson.livejournal.com]

I'm really beginning to think I don't have any friends and that people are just pretending. I never get any of those virus e-mails. *sulks*

But seriously:
CLEAN UP AFTER YOURSELVES AND YOUR COMPATRIOTS
I've been doing that up here in Liverpool for quite a while now. I have made sure that quite a few goths up here have decent firewalls and anti-virus software.
Really it's a matter of luser era-ducation. If they don't learn, take their net access away...
Or hit them. Or something like that...

I feel so left out

[loosechanj.livejournal.com]

I've never, I repeat *NEVER* gotten a single one of these mail viruses. Ever. Not even at any place of ork. *sob* I'm just unloved I guess. :-(

[arkady.livejournal.com]

Servalan has stopped falling over at last and seems to have started clearing it up more efficiently now, thank goodness.

Incidentally, anyone who thinks Diva is going overboard or being unneccessarily harsh: think about this for a moment. Diva is one of the most patient, most polite men I know. He's certainly a damned sight more patient and tactful than I am, for example. It takes quite a bit to provoke this kind of outburst.

I've received enough of this virus spam to cause Mozilla to crash two or three times a night under the onslaught, causing a forced reboot of my system. And I've received maybe a tenth of the crap Diva has.

Quite frankly I'm not surprised he's a tad pissed off.

[blarglefiend.livejournal.com]

He's certainly a damned sight more patient and tactful than I am

Woah. Either he's mellowed considerably, or you're *really* bad.

Diva got himself an interesting reputation when we were working together. There were more than a few complaints along the lines of "who does he think he is, the BOFH?".

But yeah, string the fuckers up. And the idiots with the virus scanners that send warning messages to the forged sender can go up with 'em -- I get as many of those at work as I do the actual virus.

[tcpip.livejournal.com]

Damn it's good to read you in rant mode ;-)

[trayce.livejournal.com]

Eh. Use XP at home with competent firewall and virus scanner, and (most importantly) Eudora for email - never had a problem, never ever seen any of these new virii going round. Not a one. EVER.

So blame the lusers, some of us know how to protect the crap we're forced to use ;P

[reddragdiva]

I still think securing Windows is like trying to strengthen a cardboard box to deal with tank warfare.

[crispygoth.livejournal.com]

I concur.. I'm getting a shiteload of these things to my chrisb@debian.org address. I guess this thing is scraping websites for e-mail addresses, because that one is all over the place.

[sheilamarie.livejournal.com]

I agree that there are way too many holes in MS software. The flip side of that is if you are one that has to use it or are to lazy to switch (this would be me[1]) then be smart about using it. Problem is that too many people don't know enough about computers in general to be smart about using them. Most companies don't bother to give a 10 minute speech on stupid things one shouldn't do. Even if they did you'd have morons who wouldn't pay attention or think "I'm above this" The ultimate solution would be to force everyone who would come in contact with a PC for work or pleasure to take a basic competency test. If you can't be bothered to do something like NOT USE THE STUPID PREVIEW PANE on Outlook then you do not get a computer.

[1]it's part laziness and part financial. I can get buttloads of free software with an MS based system and I have buttloads of software that I've paid for. If I switched I'd have to reinvest WAY too much money to make it worth the effort.

[reddragdiva]

The way we deal with it at work is to have a firewall THIS HIGH and virus filtering on everything. So far it's worked. So far.

[hellsop.livejournal.com]

There's an aspect to all this that I find exceptionally unforgivable: ALL of the last floods have been due to procrastination.

The pattern is predictable. CERT advisory goes out. 12-36 hours later, the Windows Update thingy shows up in system trays around the world. A week later, I see the $VBC internal IT announcements coming out saying "Patch NOW, dammit!" and giving directions for internal access to the patch. Then two days later, the emails with the virus payloads start flooding in. There's a LOT of Windows boxes out there, and many of them are at least competantly-managed ENOUGH to avoid contributing to the problem. All it really takes is the FIVE FUCKING MINUTES every couple of week to put the patch on that MS makes available. It's all coming from unpatched machines. Machines where the owners didn't know or care what the little update picture was, or thought "I'll do it next week" or "I'm safe! I have anti-virus software!"

Binky, anti-virus software doesn't protect your machine. It tells you when you're already fucked. If you put on the patch, even if you get an infected email, even if you click on the attachment, it won't be able to do anything except crash *your* machine. Most importantly, it won't be able to do it's main job of passing itself on. By the time your AV software yells and you do something about it, it's spooged itself on a hundred other machines, hoping to find a couple of fertile ones. Ones where the owners ALSO thought "I'll take care of that next week."

There's been discussion before about how Evil it would be for Microsoft to remove the choice option about downloading updates and patches to remote machines, so it happens *WITHOUT* the owner's aquiescence. I used to think that that was a horrible idea, and was giving MS way too much power. I think I'm changing my mind.

[rosefox]

At home, I use a Mac. Problem solved.

At work, I am forced to use Win2K, Outlook, and Explorer (yes, some of what I do is unfortunately browser-specific). I leave my computer running over the weekend so that it can thoroughly Nortonize itself every Saturday, and use Windows Update as regularly and religiously as if it were beads on a rosary. I also have serious filtering set up in Outlook, so if anything lands in my actual inbox and doesn't get filtered, I'm immediately suspicious of it. I don't even open joke emails from my coworkers--trash 'em all.

What gets me is that when I asked the second-in-command of our IT department whether they recommended that people patch their machines regularly, he said, "Well, you know, some patches can make your machine run slower... all you need to do is run antivirus software. What, are you afraid of hackers or something? If something goes wrong, we'll fix it." Leaving aside the fact that I do have credit card and bank account information on my machine and that it's going back and forth over our email servers all day, as far as I know completely unencrypted, no, I'm afraid of our site going down because our network is totally clogged with bogus packets! How the hell can you admin a Windows network for a company where Outlook is practically mandated--when I first started working there, I was told by a coworker that I "needed" to be using it because other people were doing things that required a recipient to have it, which sounded dubious from the beginning and of course turned out to be completely untrue--and not teach people how to take proper care of their machines?

Not to mention that plenty of my coworkers are stupid enough to open any attachment called "cute.tla" and be shocked when it infects their system. We email clients and other coworkers nonstop during the day; we are tremendously susceptible to virii. But when I got my work machine, pre-configured, Norton was installed but totally dormant, not even set to automatically download new virus definitions. Stupid stupid stupid.

*sigh*

[ewx.livejournal.com]

Clean up after themselves? Prevention, not cure!

[vatine]

Here's my stats for the last oh... 45 hours. Everything gets scanned and my UCE hashishin will happily kill anything that contains a MS executable.

head$ spamstatus
Scanned: 867
Passed: 355

[reddragdiva]

I had eighty-two megabytes of this crap last night. I deleted a pile directly off the spool this morning, so they won't be counted toward my final total.

My fun[at]thingy.apana.org.au address has been all across the net for the past six years, so I get a comprehensive view of this sort of thing.

[grumpy-sysadmin.livejournal.com]

Just blew away several hundred that my (untuned 'cause I'm lazy) SpamAssassin didn't catch over the weekend. With one command in mutt:

T ~s ^SUBJECT:

That's for the faked-bounce kind.

And, obviously, I now have a procmail rule to do the same (you know, because that's more useful than writing SA rule for it, when I've already got another procmail rule consulting SA ;^>).

Other options

[(Anonymous)]

Maybe everyone should use "Windows Real Good".
Take a squint at http://www.peteweb.com/winrg.php
It is indeed real good !

[reddragdiva]

Unfortunately, OE is susceptible to all IE problems as long as it uses IE as the default viewer. Which is not something you can in fact change.

[glensc.livejournal.com]

Frustratimg though it is It must also be taken into account that some of the early worm infections were on Unix boxen ( remember young Kevin )

Unix/Linux users do seem to be more aware of such stuff and inform one another and fix quicker, that probably contributes to the stats/results. As does the market share of OS use.

But another contribution is faith in the OSs security itself. I worked for an ISP, they installed new 2 Red Hat machines in Cardiff and sent them up to London, we got them and found they'd both already been root kitted. Too much faith is a dangerous thing.

A badly set up Linux box is just as insecure as a reasonably set up windows one, though there's less people able to exploit it, so there's more chance of geting away with it.