"The Love Bug"
May 5, 2000 9:16 AM   Subscribe

Not to nitpick, but isn't it really more of a trojan horse, rather than a virus, since one has to open the silly thing?

I find it interesting to note how the article has to include a paragraph about Kevin Mitnick, who really has nothing to do with the virus community...but all us computer geeks are the cut from the same criminal cloth, eh?
posted by nomisxid at 9:32 AM on May 5, 2000

I personally like this photo.
posted by fil! at 9:38 AM on May 5, 2000

Interesting how *that guy's* version has the source code in the body of the letter, ain't it?

And actually, Donny, they seem to have decided (on BugTraq, at least) that this is actually a worm -- which is, roughly, a trojan that drags itself around a network.
posted by baylink at 10:05 AM on May 5, 2000

Its a Visual Basic script, its not a virus, its not a worm, its not a trojan horse. There is nothing clandestine, or subtle about it. They didn't even complie it into another executable application. There is no source code... Its not different than if it were a batch file. Thus, anyone can save it to a disk grab a text editor and see what it will do right there in plain english. The script is actually very well written...

I also monitor bugtraq, the users are indeed calling it a worm. However, no one has corrected them.
posted by Dean_Paxton at 10:26 AM on May 5, 2000

Well, a worm is defined as a program that can copy itself from one machine to another across a network without help.

If you take "starting Outlook to read my mail" a an action that is common enough so as not to constitute *explicit* human assistance, and assume that a statistically significant number of people have Outlook misconfigured to auto-open attachments, then 'worm' is the term to which it comes *closest*... no?
posted by baylink at 10:33 AM on May 5, 2000

Does life imitate art? The script, among other things, destroys MP3 files on the users computer. Not to be conspiratorial or anything, bt wouldn't it be interesting if this was the recording industry's version of Project Zapster???

Makes you go hmmmmmm.

posted by fooljay at 10:45 AM on May 5, 2000

Here's the line of interest: "Or, perhaps better, we could release a virus that silently turns Napster into Zapster, deleting songs at random."

Coincidence? :-)

posted by fooljay at 10:46 AM on May 5, 2000

Closest... yes. But not a true worm. It's not complied, executable, nor does it open itself without the users consent. The program is useless without Office 2000 or Office 97 script editor/debugger. Additionally, how can a persons software be "misconfigured" to use features that are evidently and inexplicably built in?

Wow, Outlook will do that? Automatically open attachments without prompting?!? How stupid. Why isn't the FBI going after Microsoft?
posted by Dean_Paxton at 10:47 AM on May 5, 2000

No, Outlook will *not* automatically open attachments -- no matter how it's configured. You have to open it explicitly. In fact, you are warned before doing so.
posted by evhead at 11:11 AM on May 5, 2000

It is my understanding that yes, Outlook (one of the versions, anyway) can in fact be configured to auto-open attachments when the message is loaded into the preview pane. I'll try to track down exactly where I got that from, and whether it's correct, before I say it again.

(A quick search suggests that I, too, have been taken in. I'll check more deeply tonight. To my perverse annoyance, it appears to be Eudora that actually can do this. )
posted by baylink at 11:30 AM on May 5, 2000

BTW, Ev: note that Dan explicitly points out that he's using Outlook 2k; this doesn't speak to any of the other versions, including Express (which is what *I* thought I heard the meme about...)
posted by baylink at 11:31 AM on May 5, 2000

I did a bit of testing with Outlook Express 5.

I sent myself a dummy test.vbs file and I had to open the message (I could view it in the preview pane just fine), double click the attachment and then it came up with an "Open Attachment Warning" where it clearly says:

"Some files can contain viruses or otherwise be harmful to your computer. It is important to be certain that this file is from a trustworthy source."

It then prompts you to either open it or save it to disk, and "save it to disk" is the default selection.

And while I could find no option in the preferences that would allow you to automatically open attachments (why would you ever want to do that?) There *is* an "Always ask before opening this type of file" checkbox in the attachment warning.

Most people probably disregard this warning the first time it comes up and turn it off, as I will now do. But since it refers to "this type of file", turning it off is probably extension based (ie. if you turn it off for .zip files, the warning will still be on for .exe files.) Very, very few (if any) of the people hit had probably received a .vbs files before, so they all probably got the warning dialog.

Address book thing is an entirely other subject of course. Feature or security vulnerability? I see no beneficial use of it, but the argument rages on.

--lz.
posted by lzealand at 12:48 PM on May 5, 2000

It's definitely a trojan horse, albeit a very lightly disguised one. The key to that kind of transmission is that it cannot run without the assistance of the user.

It's also definitely a worm, in that it replicates itself out to everyone's address book, but also in that it seeks out files on other computers (e.g. network servers) and damages them, all without the user's intervention.

It's also definitely a virus, in that once run on your system it quietly installs itself and attempts to evade detection and removal.

The problem lies both in that this is a complex, highly-evolved type of attack, and that the definitions of "virus", "worm", and "trojan horse" aren't completely discrete. Dean, I think you're splitting hairs. I think "worm" describes its chief means of transmission relatively well. If you'd like to come up with another word, you're welcome. But in the meantime there are very, very few things available which fit your strict definition, making the term available for broader use.

(It's kind of like people who insist that a DSL/ISDN modem isn't a modem at all. Well, so what? The term will soon become an anachronism; why not repurpose it?)
posted by dhartung at 3:48 PM on May 5, 2000