Is that your mugly ug?

Some administrivia to start - this Friday's issue of the Virus & Security Watch will be the last for the year, with your weekly hit of security news returning rested and well-tanned on 14 January 2005...

This issue's topics:

Introduction:

* Ugly viruses; Thunderbird released; anti-spam screensaver a bad idea

Virus News:

* Is that your mugly ug?

Security News:

* Mozilla Thunderbird released

* Gone in 240 seconds...

* Spammers slam Lycos screensaver stupidity

Introduction:

Some administrivia to start - this Friday's issue of the Virus & Security Watch will be the last for the year, with your weekly hit of security news returning rested and well-tanned on 14 January 2005...

The virus scene was fairly quiet this week, so we have chosen an item with interest (and hopefully humour) value. On the security side it was also fairly quiet, with news stories and the first full public release of Mozilla's Thunderbird e-mail client being the most interesting things to report.

Virus News:

* Is that your mugly ug?

A couple of variants of a mass mailing virus variously named Mugly or Murmark have been isolated. Although not at all widespread, this typical mass-mailing and network share-crawling virus is somewhat interesting for the characteristic graphic it displays. Most of the linked virus descriptions include a screen capture of this graphic which hopefully makes some sense of this item's title...

Computer Associates Virus Information Center

Network Associates Virus Information Library

Sophos Virus Info

Symantec Security Response

Trend Micro Virus Information Center

Security News:

* Mozilla Thunderbird released

As we recently advocated serious consideration be given to replacing Internet Explorer as your web browser with Mozilla Firefox, so we again suggest that folk still using Outlook Express as their e-mail client should consider the newly released Mozilla Thunderbird.

Of course, public beta and release candidate versions have been available for some time now, but in many environments there is something magical about the perceived usability or stability when a program's version number rolls around from 0.9x to 1.0. Aside from sporting the standard features of a modern IMAP/POP3/SMTP e-mail client, Thunderbird also provides an RSS reader. Of course, the fact that it is not IE-based means that Thunderbird is not prone to the myriad security concerns that accompany Outlook Express, Outlook and the many third-party e-mail clients that are also really just wrappers for the IE browser control.

As with Firefox, whether Thunderbird is really less vulnerable to major security worries than the Microsoft applications it could potentially replace is still largely untested, so that should not be a strong reason to adopt Thunderbird. However, we do know that as of today Thunderbird, like Firefox, is not directly targeted by any major viruses, worms, adware or other security or privacy attacks based on exploiting known and unpatched vulnerabilities.

Thunderbird home page - mozilla.org

* Gone in 240 seconds...

PC-jacking would appear to have become a finely tuned art...

In fact, if data from a recent study of the security of the default installations of several popular OSes connected to the Internet is representative, default Windows XP SP1 machines can be expected to be jacked within just a few minutes of hooking up a broadband connection.

Of course, without the Internet Connection Firewall enabled by default, and with a host of commonly searched for remote code execution exploits, XP SP1 is a veritable sitting duck.

Unprotected PCs Fall To Hacker Bots In Just Four Minutes - techweb.com

* Spammers slam Lycos screensaver stupidity

Lycos Europe NV recently offered a screensaver to strike back at spammers, by driving up traffic to their 'spam-vertised' web sites. The basic idea was disgruntled users would download and run the screensaver that checked with another Lycos server for target URLs, then would drive up traffic to those URLs, causing grief between the spammers and their web hosting services. In effect, a form of distributed denial of service would be achieved, with the spammers eventually being denied web-hosting service as the traffic volume bill from their web hosting services increased dramatically but without a proportionate increase in revenue from increased sales.

Some of the targeted spammers did not take too well to this.

One Lycos-targeted web page has adopted its own retaliation by redirecting its reputedly spam-vertised page to the home page of the domain hosting the screensaver - makelovenotspam.com. In effect, this turns Lycos' attempted DDoS against the spammer into an attempted DDoS of the screensaver site.

There were also reputed defacements of the makelovenotspam.com website and some ISPs and other network service providers, in attempts to prevent their own users from participating in the dubious practices encouraged by the screensaver, have redirected traffic from their network to the makelovenotspam.com domain to 'protest' web pages decrying the practice encouraged by the screensaver.

Much as they have a certain base attraction, such retaliatory approaches, often called 'strike backs', are generally frowned on by responsible service providers as they tend to have all manner of negative and unintended effects such a clogging up the networks that have to deliver the increased traffic, slowing access to other perfectly legitimate services hosted on the same machines, server farms and networks as the 'bad' hosts and so on.

Lycos, spammers trade blows over screen saver - computerworld.com

Join the newsletter!

Error: Please check your email address.

More about CA TechnologiesLycosMicrosoftMozillaSophosSymantecTrend Micro Australia

Show Comments
[]