Home Archive RSS/XML Subscribe Shop

Re: [ISN] Microsoft to Blame for 'Love Bug'?

From: William Knowles <wk_at_C4I.ORG>
Date: Fri 12 May 2000 - 01:08:50 CDT
Forwarded by: JJ Gray <nexus@patrol.i-way.co.uk>

Hi folks,
    To my mind, it makes no odds wether it is a .vbs script, an .exe, a word
macro or whatever - chances are I'll find someone to run it for me, as was
proved recently by whoever wrote the iloveyou worm.
How long will it take for people to think for a second before blindly
double-clicking on an attachment ?

Regards,
            JJ

----- Original Message -----
From: "William Knowles" <wk@C4I.ORG>
To: <ISN@SECURITYFOCUS.COM>
Sent: Friday, May 12, 2000 6:35 AM
Subject: Re: [ISN] Microsoft to Blame for 'Love Bug'? (fwd)


> Forwarded by: Craig Williams <craig.williams@hookrise.com>
>
> my 2c -
>
> I think this is a lame attempt to pass blame. The virus didn't have to
> be a script - it could have been a simple exe - users would still have
> opened it and the same result would have occured.
>
> Are we supposed to now disable the running of exe files, I think not ;)
>
> -C
>
>> -----Original Message-----
>> From: William Knowles [mailto:wk@C4I.ORG]
>> Sent: 12 May 2000 05:51
>> To: ISN@SECURITYFOCUS.COM
>> Subject: [ISN] Microsoft to Blame for 'Love Bug'?
>>
>> http://www.thestandard.com/article/display/0,1151,15019,00.html
>>
>> Microsoft to Blame for 'Love Bug'?
>>
>> Security experts say automation features in Windows make it a
>> potential breeding ground for viruses.
>>
>> By Elinor Abreu
>>
>> Who is to blame for the "Love Bug" virus and its 25 or so nasty
>> variants that ripped through an estimated 600,000 computers and caused
>> computer-system shutdowns at corporations and government offices
>> worldwide? As law enforcement authorities homed in on a cadre of
>> technical-college students inManila, Philippines, security experts
>> pointed out that Microsoft's operating system creates an environment
>> that is vulnerable, if not virus-friendly.
>>
>> The "Love Bug" took advantage of a feature in Windows called Windows
>> Scripting Host, which allows users to automate routine tasks. The
>> virus' author created a Visual Basic script that was directed to send
>> itself to all recipients in a user's Microsoft Outlook address book
>> and then delete image files and hide audio files.
>>
>> The Scripting Host is not the only Windows feature that invites
>> hackers. Other flaws include Outlook's automation feature, which
>> allows external programs to command the application remotely. Security
>> experts say such features should be disabled by default.

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Fri May 12 04:04 CDT 2000
Google
 
Web www.infosecnews.org
© Copyright 2007 InfoSec News
Home Archive RSS/XML Subscribe Shop Privacy