[svlug] Virus FUD

Rick Moen rick at linuxmafia.com
Sun May 7 11:05:27 PDT 2000


Quoting dfox at belvdere.vip.best.com (dfox at belvdere.vip.best.com):

> Most of these email viruses use Outlook because it's popular, but more
> importantly the Outlook users tend to keep track of all their contacts
> in a common address book.

I haven't had cause to look into _this_ current virus's design (multiple
variant forms have now been reported, by the way), but at least a couple
of prior Visual BASIC Script viruses have been able to do the address
book trick via standard MAPI calls.  

That interface plus the reckless auto-running of "associated" programs
for attachments are what make MS Outlook and MS Outlook Express such
especially dangerous designs.  

> Other GUI style mailers on Linux could be easy targets if the users
> use them similarly, since the virus replicates itself by sending
> itself automatically to email addresses listed in a common database.

That's a common misconception:  Supporting the MAPI address-book
protocol isn't the problem, one should stress; it's the auto-running
that's the critical flaw.  (MAPI-compliant MUAs such as Netscape Mail
aren't vulnerable, for that reason.)

> The key thing is that it couldn't do anything unless it were given the
> permission to do so.

Quite.  That's the auto-running flaw.  My suggestion to companies:  Brief new
employees on the hazards of such programs.  If they insist on using them
anyway, make _them_ bear the consequences of any cost and company
embarrassment from VBS viruses and the like.  (Reuniting action with
responsibility:  What a concept!)

In my experience, firms don't do this for fundamentally company-political
reasons -- because it's primarily dumbasses at the _top_ of the company who
(overwhelmingly) cause the problem.  Then, they pass the buck, and make
everyone _else_ pay for their negligence. 

--  
Cheers,        "Linux means never having to delete your love mail."
Rick Moen                                              -- Don Marti
rick (at) linuxmafia.com





More information about the svlug mailing list