Comments on: Comments on 16779

Post number 16779

Su — Tue, 30 Apr 2002 18:53:35 -0800

VCards are sort of a viral(or maybe voyeuristic) greeting card. You send one to someone, and they are sent your note with some attachments. The recipient is asked to run one of them(a VB script), that decrypts the other files, which are three images randomly chosen from the hard drive of the person who sent it to them, and so on. Everything is explained up front, and full source is provided at the web page.

By: machaus

machaus — Tue, 30 Apr 2002 19:03:48 -0800

Step04: Simultaneously, images are being harvested from the user's hard drive and mailed to the people in that user's address book. note to self: disconnect drive mapping to porn before launching attachment... I'd love to see one without using it (as if I could on a Mac.) I imagine that the images it usually gathers are probably pretty damn boring bits and pieces of application help files and other "clip art." Anyone who knows VB that can tell how intelligent the script is?

By: swell

swell — Tue, 30 Apr 2002 19:27:16 -0800

A worm that works on the honor system. Super. Won't take long at all for somebody to add a slightly more destructive payload to this, and disguise it as this.

By: chipr

chipr — Tue, 30 Apr 2002 19:32:50 -0800

Right now, Internet users are suffering a massive attack by the klez worm. We are trying to train people not to launch attachments--even from people they know. Then these twits come along and encourage people to transmit and execute strange script content by email. This is not simply moronic. It is evil.

By: Su

Su — Tue, 30 Apr 2002 19:34:50 -0800

Can't believe I forgot to post the actual message. Here goes: Click the " vcards.vbs " attachment to view your card! One of your friends is giving you a voyeuristic glimpse of their personal images. The images were randomly chosen and are totally uncensored! There is no telling what you will see! Click the " vcards.vbs " file attachment to see the uncensored images, and send your own images out to the people in your address book! + + + + + + + + + + + + + + + + + + + + + + + + Message from your friend: ***MESSGE GOES HERE*** + + + + + + + + + + + + + + + + + + + + + + + + If you are not interested? Just delete this email. VCards, Lets get with hot communications Swell & Chipr: What's your point? There are plenty of viruses out there that require the person to run a script. It's usually achieved through deception. So it becomes a question of how much you trust you computer and/or your friends, no? Still no different. If you're that paranoid, then don't run it. E-mail the person first and ask if they really sent the thing.

By: Su

Su — Tue, 30 Apr 2002 19:40:35 -0800

Also, the honor system worm idea has already been done, though I'm having a hell of a time finding the thing. It was created by someone who decided to play with the idea of computer security. When the thing infected your system, it would ask permission to encrypt the files on your hard drive, and actually did a pretty good job of it. If you refused, it wouldn't. Simple. Anybody else heard of this, and know where it is? It's most likely that I saw it at Slashdot.

By: swell

swell — Tue, 30 Apr 2002 19:56:05 -0800

More info from antivirus.com. My VBS knowledge is somewhat limited, but I do see where they create the directory described in the solution. The problem, IMO, is that the person who first sends it aims it at a particular friend, who is either a) clued in enough never to run a VBS attachment, or b) trusts it because it came from a friend, and seems like harmless fun. Admittedly, this is a bit unique in that it admits up front that it's sending to random files to everyone in that victim's address book. This is not harmless at all. Also, worms mutate as they land in the hands of someone more malicious than the original author. A couple lines of changes and ... something bad starts happening. Chipr's right, this is evil.

By: skallas

skallas — Tue, 30 Apr 2002 20:40:58 -0800

When the thing infected your system, it would ask permission to encrypt the files on your hard drive, and actually did a pretty good job of it. You're thinking of the KOH virus. You can get some info on it here. I wanted to play with it a long time ago, but the only place I could find it was on some software site for ten bucks. Not only is it friendly its for sale. Go figure.

By: plemeljr

plemeljr — Tue, 30 Apr 2002 20:45:57 -0800

Maybe this is like the lottery, an idiot tax. But seriously, I spend about 2-3 hours of my day explaining things to my peers, installing / uninstalling / guiding friends who did things to their system that confounds me. Then someone thinks that it would be cute to do this and then releases it in the wild? Yeah thanks, I'll pass. It is hard enough to deal with the malware and KaZaA instals. < / rant>

By: malevolent

malevolent — Tue, 30 Apr 2002 23:33:49 -0800

So it becomes a question of how much you trust you computer and/or your friends, no? No, it becomes a question of how much you trust the author of the .vbs file. It's a clever idea, but I still won't be running any emailed vbs/exe files or Office docs with macros (setting Outlook/Outlook Express to use the Restricted zone and making sure that zone if locked down is also a good idea to stop scripting in emails). That's not paranoia, it's common sense.

By: Su

Su — Thu, 02 May 2002 03:11:22 -0800

The VCard program has been added to McAfee's virus DAT file. *giggle*