Same old underlying problem, glossed over as usual
jbrabeck wrote:
Sneaky virus poses as email from sysadmin
One of the sneakiest viruses to date began spreading rapidly across the Internet this weekend.
Mimail, which poses as an email from a potential victim's own sysadmin or ISP, suggests that a user's email account is about to expire.
I had to dig deep into my received-junkmail folder to find a copy, because Spam Assassin had automatically classified it as probable spam. I've posted a copy, in case anyone wants to study it, at [link|http://linuxmafia.com/pub/linux/security/mimail.exe.txt|http://linuxmafia.co...ty/mimail.exe.txt] . Posted description in the file catalogue: "Mimail AKA W32.Mimail.A@mm AKA WORM_MIMAIL.A Microsoft worm, defanged for study. As usual for such things, relies on the defective-by-design Microsoft Internet Explorer browser to autorun untrustworthy executables from untrustworthy sources, w/ predictable results."
My point is that the antivirus press -- reflecting ingrained tendencies of the antivirus industry -- has yet again completely ignored the crucial point: Malware doesn't run itself. This worm was made possible by yet another unforgiveable design error in Microsoft Internet Explorer: credulously not just auto-opening a ZIP archive[1] (which is OK) but also auto-running a Win32 binary within that archive (which fscking well isn't).
MS-Windows users can be forgiven for being unaware of the ongoing pattern of such design errors, because the press almost never highlights the real problem.
If your "network security" people had been truly doing their job, they wouldn't have simply sent out a "virus warning": They would have helped people prevent using the disaster-waiting-to-happen that is Microsoft Corporation application software, thereby making the autorunning of all malware much less likely in the first place.
[1] Masquerading as having a .html filename extension and application/x-zip-comp MIME type. Thus, it doesn't matter what MUA you use to open the e-mail it arrives in, if you've allowed .html files to be handed off to MS Internet Explorer.
Rick Moen
rick@linuxmafia.com
