A new computer virus dubbed "Killer Resume" is spreading through email systems
using the Microsoft Outlook program, the FBI said.
Antivirus companies reported late yesterday that several corporate email systems had already been infected, and
some had been shut down, the FBI's National Infrastructure Protection Center said.
The virus, similar in makeup to the notorious Melissa virus, is carried in a file attached
to an email with the subject "Resume--Janet Simons." The attachment is a Microsoft
Word file named "Explorer.doc" or "Resume.doc," according to an alert posted on the
Web site of computer security company Network Associates.
A phone call from a Microsoft lawyer earlier this month provided some more signposts as
to how Microsoft intends to implement/embrace 'open' industry standards. Jason Bishop,
who'd been involved in development of SOAP in his previous job as a contractor at
Microsoft, was due to give a talk to the Seattle area Java-XML SIG, but immediately prior to
his presentation he took the call, and was reminded that he was still covered by NDA.
Security Focus has posted a comparative review on the number of security incidents that have appeared on
the BUGTRAQ mailing list for various operating systems and software packages. The most-often
plagued software package seems to be Windows NT.
Microsoft's remedy to the ILOVEYOU virus may cause more problems than the
Microsoft posted three patches as an answer to the Outlook
email virus and its copycat cousins. "Microsoft has reported several cases of functionality failure surrounding the Outlook
updates. The most significant of these involves the updates' installation procedures,"
reports Windows Web site EntEnt.
According to Microsoft
itself, there is no uninstall procedure and if the patch installation goes awry.
With its patches this week, Microsoft typically went for the symptoms, rather than try
and tackle the root cause of the problem, which now leads to perfectly normal systems procedures causing virus alerts.
Microsoft's browser bug team is working to patch an Internet Explorer glitch that afflicts Apple
Macintosh computers running the latest iteration of IE.
The bug, which can expose private files and, in some circumstances, grant unauthorized access to sites on a
company's intranet, first cropped up in late 1997. Microsoft patched it then, only to reintroduce the bug with the
release of IE 5.
Dick Craddock, product unit manager for Mac IE at Microsoft, would not estimate
when a fix would be available.
If you're a Windows 2000 user, be warned: Your security software may not work the way
you think it does.
Microsoft intentionally designed Windows 2000 so that export versions can use a
notoriously weak encryption method to scramble information sent over the Internet and
intranets, leaving sensitive data exposed to hackers and eavesdroppers.
Microsoft Corp. intensified its counterattack on government antitrust enforcers,
boosting lobbying and political contributions and helping fund a group that blames recent state
pension-fund losses on state officials.
The Redmond, Wash., software concern said it will give about $1 million each
in cash, software and services to the Republican and Democratic national
conventions this summer. The gifts are the latest escalation in campaign giving
by Microsoft, which amount to $2.6 million so far for the 1999-2000 election
Heise Publishers of Germany report a security hole in Office 2000 which can allow a malicious web site or e-mail to erase your entire hard disk. This is due to an ActiveX component installed by Office, which is incorrectly marked as
"safe for scripting". This control, the Office 2000 UA Control, is used by the
"Show Me" function in Office Help, and allows Office functions to be scripted.
A malicious web site operator could use the control to carry out Office
functions on the machine of a user who visited his site.
Microsoft has released a patch that diasbles the UA Control, also disabling the "Show Me" function in the process.
NOTE: This article is in German
Security enthusiasts Bennett Haselton and Jamie McCarthy demonstrated how a simple substitution in Web
addresses (URLs) can foil IE's security checks, exposing the cookie files that Web sites place on visitors'
computers. Cookies authenticate people's identities when they return to Web sites and store data about visitors'
activities and purchases.
Microsoft acknowledged that the hole leaves room for plenty of trouble.
"The vulnerability could allow a malicious Web site to read, change or delete cookies
that belong to another Web site," Microsoft said in a statement. "We expect to deliver
the patch shortly. A security bulletin will be published...to discuss the issue and
advise customers how to obtain and apply the patch."
A new security hole in Microsoft's Hotmail service allows enterprising snoops to browse
your email messages without a password.
attacker can read, send, and delete messages from that person's account.
"Anyone could use this trick to gain access to another person's Hotmail
account temporarily and read their messages," says Bennett Haselton, a
programmer who lives in Bellevue, Washington and discovered the bug.
A spokeswoman for Microsoft Benelux in the Netherlands has claimed that the love
bug affects both Linux and Apple, in an interview with Egbert Kalse, a journalist with
the Dutch newspaper NRC Handelsblad. The story subsequently appeared on the
front page of the newspaper last Friday, and included: "A spokesperson from
Microsoft Benelux denies [the virus only spreads on Microsoft software] and said that
other operating systems such as Apple and Linux are hit."
A glance at the VB script of the love bug shows with no doubt whatsoever that it is
impossible for there to be any adverse effect on non-Microsoft software. But that's not
The Register asked Microsoft Benelux to confirm the claim. They denied that this
had been said by a Microsoft spokesperson.
They subsequently spoke to Egbert Kalse and he confirmed that he was "absolutely sure" about the
response from a spokeswoman with Microsoft Benelux: he had called Microsoft
Benelux and asked for the right person in PR with whom to discuss the virus.
The Justice Department's top trust buster said today Microsoft's anti-competitive actions
were not invented for the New Economy, but instead relied on "time-tested tricks" of monopolists.
Klein said that Microsoft got into trouble by using illegal
business techniques, "as old as the antitrust laws themselves."
Those techniques include:
cutting off the access to competitors to important suppliers and markets, tying two products together, predatory practices, in which a firm spends money in a way that makes sense only to hurt a competitor, and others.
"Basically, these are the time-tested tricks of the monopolist's trade," Klein added.
While most of the world convalesces from the Love Bug worm, people running alternatives
to Windows are smugly congratulating themselves for knowing better than to use Microsoft
The Love Bug and its variants over the last few days have melted down millions of
computers worldwide and caused billions of dollars in damages. But clever users running
Macs, the BeOS, and various flavors of Unix happily gloat that they were immune to the
"The point is that the root cause of these mass virus proliferations is a
pathetically insecure email client foisted upon the public by a certain evil
monopoly whose name I need not mention," wrote Seldolivaw Ssov in an
email. "Hey, this *only* happens when you use Outlook and Outlook
Global virus armageddon will be the result of the breakup of Microsoft, writes Bill Gates in
this week's Time magazine.
Microsoft is split into two, there would be less innovation in the software, hence fewer
developers, and ultimately less defence against viruses.
So there you go. If you've been thinking that the reasons viruses are specifically targetted at
Microsoft software are because Outlook leaves plenty big holes for them to drive through,
and because Microsoft software has 90 per cent plus of the market, then you're wrong. On
the contrary, continual Microsoft innovation must have made the software less vulnerable.
Security issues tied to Microsoft's Outlook email program drew heated criticism today from security analysts after a new virus swept through computer systems across the globe.
Some analysts said the "I Love You" attack points to serious flaws in Microsoft code. They noted that the virus takes advantage of well-known exploits involving Visual Basic script files.
Michael Zboray, chief technology officer for market researcher Gartner Group, harshly criticized Microsoft for releasing a programming language with the "wrong security posture" to businesses and the public.
"Visual Basic script and the macros are proving to be a disaster. This is just happening over and over again. We have to get away from this hostile active content that is coming in through Word documents, Excel spreadsheets and the browser. The security posture from which ActiveX and VBScript were designed is the wrong posture."
For its part, Microsoft attributes the ongoing security issues not so much to inherent problems with Visual Basic script and its macro language, but to bad people misusing good software.
In his commentary on the ILOVEYOU virus for ZDNN, Steve Vaughan-Nichols tells readers why he wasn't affected by the virus: he is not using Microsoft Outlook, which he calls "a security hole that also happens to be an e-mail client". He points out: "If it weren't for the fundamental flaws of Outlook having minimal security and its too-close integration with
Windows, we wouldn't have a Melissa or an ILOVEYOU at all."
His conclusion is therefore: "[...] because Microsoft isn't going to fix the Outlook vulnerabilities, which leads to worms, you've got one choice. Change
your e-mail client today."
Read the full article at ZDNN.
A computer virus that experts warn could be more disruptive than the notorious Melissa virus has
hit computers in Asia and Europe and is quickly spreading across the United States via email.
The virus, which includes the message "I Love You" or "Love Letter" in the email subject line, was first spotted
in Asia this morning, according to security systems firm F-Secure.
Antivirus experts were amazed by the power of the virus. "I've been
doing antivirus research for the past nine years, and it hasn't been this
bad," said Mikko Hypponen, a research manager at F-Secure. "It's spreading
so fast, so globally, and twice as widespread as the Melissa virus."
The virus uses a security leak in Microsoftıs Outlook email program to send messages with the virus to everyone listed
in that person's address book.
The email virus has infected computer systems across Asia, Europe
and the United States and is spreading fast, according to
representatives from many companies.
Computers running Apple's MacOS operating system are mostly immune to the virus, as it makes explicit use of Windows-specific security holes.
Microsoft chief technology officer Nathan Myhrvold, the brains behind the
software titan's $3 billion-a-year research lab, has left the company, officially ending
a nearly year-long leave of absence. Myhrvold's decision not to return to Microsoft is also the latest in
a series of high-level departures, including that of the company's
former chief financial officer, Greg Maffei.
According to a study brough forward by the German TÜV institute, Microsoft Office 2000 is not compliant with the DIN EN ISO 9241-10 norm for usability. In particular, it did not meet required standards for data safety and intuitive user interface. The product was therefore classified as "unfit for daily use". Non-compliance with this ISO norm means that employers in Germany have to remove the software from all computers should employees demand it.
NOTE: This article is in German.
Previous | Next