Although Ronald touched on it earlier, I thought I'd pontificate about my lovely experience with the Anna virus. Damage did all his learning over the weekend, but I got mine as a Monday morning slap to the face.
At least I can say I wasn't one of the people who opened the e-mail; I just had to do clean-up. A couple of the charming things I learned: People are quick to open an e-mail that supposedly contains a single picture of Anna Kournikova, in spite of the fact that her name and the word "pictures" gets around 40,000 hits on Google. Heck, even with the addition of the all-important word "nude" there's 23,700. But I digress.
Another thing I learned is that Norton Anti-Virus for Exchange sucks rocks. It's served me well for a year or more, and when it works it works great. But the only thing it cares about are its virus definition files, and if the virus isn't in there yet, you're screwed. I sat depressed noting that (1) Trend Micro's Safemail product had its virus definitions updated at least a couple of hours before Symantec did and (2) it didn't matter because, unlike NAV, Safemail can just blanket filter attachments by extension. And when was the last time you got a .VBS file that wasn't a virus?
I learned some more things courtesy of this ABCNEWS.com article on the virus. I learned that the virus was actually fairly clever, but the virus author was not. The virus code is encrypted and modifies itself to dodge detection. The author, however, apparently had little to do with the virus except for naming it, as it was actually built by a pre-existing virus construction kit (I am not making this up). According to the article, the kit's author has done no fewer than nine versions of the kit, with "the most recent one apparently guaranteed to dodge antiviral programs."
I also learned, incidentally, that Graham Cluley of the antiviral firm Sophos doesn't seem to have much in the way of social skills, having quotes attributed to him in the article such as "Think about the average guy who uses a computer — overweight, slobbing around in front of a terminal, sad social life. . ." Don't take it personally, guys.
One thing I didn't learn in the article: If this virus was built using a virus construction kit that's been sitting out on a web site just waiting for somebody to fire it up, and if anti-virus companies ". . . are aware of at least a half-dozen VBS script viruses created using [Alamar's] construction kit," then why don't the people doing virus definitions figure out how to detect the kit's product before it's found in the wild? I'd ask Anna, but I hope never to meet her again.
|Cherry MX Low Profile RGB switches arrive in the Ducky Blade Air||4|
|Nothing Day Shortbread||6|
|Here's all of TR's CES 2018 coverage in one place||7|
|Intel Core i5-8500 appears in SiSoft database||0|
|Tuesday deals: cheap SSDs, motherboards, and a sweet laptop||11|
|Report: Intel TLC SSD 760p and QLC SSD 660p on the way soon||13|
|be quiet! displays its Dark Rock 4 and Dark Rock Pro 4 coolers||20|
|Gigabyte, Asus, and MSI prep updates against Meltdown and Spectre||41|
|EVGA teases its 2200-W power supply and Z10 keyboard at CES||25|
|There's finally an SSD with a Quad-Damage feature! Unfortunately it's self-inflicted quad damage.||+21|