Information Security News mailing list archives
Re: Microsoft to Blame for 'Love Bug'?
From: William Knowles <wk () C4I ORG>
Date: Fri, 12 May 2000 01:08:50 -0500
Forwarded by: JJ Gray <nexus () patrol i-way co uk> Hi folks, To my mind, it makes no odds wether it is a .vbs script, an .exe, a word macro or whatever - chances are I'll find someone to run it for me, as was proved recently by whoever wrote the iloveyou worm. How long will it take for people to think for a second before blindly double-clicking on an attachment ? Regards, JJ ----- Original Message ----- From: "William Knowles" <wk () C4I ORG> To: <ISN () SECURITYFOCUS COM> Sent: Friday, May 12, 2000 6:35 AM Subject: Re: [ISN] Microsoft to Blame for 'Love Bug'? (fwd)
Forwarded by: Craig Williams <craig.williams () hookrise com> my 2c - I think this is a lame attempt to pass blame. The virus didn't have to be a script - it could have been a simple exe - users would still have opened it and the same result would have occured. Are we supposed to now disable the running of exe files, I think not ;) -C-----Original Message----- From: William Knowles [mailto:wk () C4I ORG] Sent: 12 May 2000 05:51 To: ISN () SECURITYFOCUS COM Subject: [ISN] Microsoft to Blame for 'Love Bug'? http://www.thestandard.com/article/display/0,1151,15019,00.html Microsoft to Blame for 'Love Bug'? Security experts say automation features in Windows make it a potential breeding ground for viruses. By Elinor Abreu Who is to blame for the "Love Bug" virus and its 25 or so nasty variants that ripped through an estimated 600,000 computers and caused computer-system shutdowns at corporations and government offices worldwide? As law enforcement authorities homed in on a cadre of technical-college students inManila, Philippines, security experts pointed out that Microsoft's operating system creates an environment that is vulnerable, if not virus-friendly. The "Love Bug" took advantage of a feature in Windows called Windows Scripting Host, which allows users to automate routine tasks. The virus' author created a Visual Basic script that was directed to send itself to all recipients in a user's Microsoft Outlook address book and then delete image files and hide audio files. The Scripting Host is not the only Windows feature that invites hackers. Other flaws include Outlook's automation feature, which allows external programs to command the application remotely. Security experts say such features should be disabled by default.
ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Microsoft to Blame for 'Love Bug'? William Knowles (May 12)
- <Possible follow-ups>
- Re: Microsoft to Blame for 'Love Bug'? William Knowles (May 12)
- Re: Microsoft to Blame for 'Love Bug'? Felix von Leitner (May 12)
- Re: Microsoft to Blame for 'Love Bug'? Aj Effin ReznoR (May 12)
- Re: Microsoft to Blame for 'Love Bug'? The Dodger (May 12)
- Re: Microsoft to Blame for 'Love Bug'? Barry H Gill (May 12)
- Re: Microsoft to Blame for 'Love Bug'? Bronc Buster (May 12)
- Re: Microsoft to Blame for 'Love Bug'? Erik Moeller (May 12)
- Re: Microsoft to Blame for 'Love Bug'? Barry H Gill (May 12)
- Re: Microsoft to Blame for 'Love Bug'? Chico (May 12)