Radsoft
 About | Buy | News | Products | Rants | Search | Security
Home » Security

Damn Those Nasty SCR Files!

Turing moans.


Get It

Try It

There's a new worm out there, clobbering the planet. It's spreading to computers everywhere. It's been dubbed the 'Here You Have Worm'. It's insidious and extremely contagious.

It starts by dropping into inboxes. The subject line contains the words 'here you have'. It seems to have a link to an Adobe PDF file. But the link actually takes the victim to a download link for an SCR file. SCR files are screensaver files. And all computers have screensavers. This bugger is insidious.

Once downloaded, the worm infects the victim's computer and then sends itself to the victim's email contacts. Insidious.

The new worm clobbered email systems everywhere yesterday. Everyone was getting hit by it. People clicked links and thereby infected their coworkers, colleagues, and friends. Disaster. Insidious.

There were reports of several networks being completely overrun by the worm. ABC News reported that NASA, Comcast, AIG, Disney, Proctor & Gamble, and others were knocked out. Network administrators screamed in pain.

As of yesterday evening, antivirus security suites still didn't know how to deal with the worm. A senior manager at Symantec claimed he hadn't seen anything like it since the year 2002.

The 'Here You Have Worm' doesn't seem to do much more than propagate. It spreads itself locally by copying itself to partitions and different hard drives. The body of the email message says something like the following.

'Hello... this is the document I told you about, you can find it here.'

Symantec started blocking the worm Thursday morning. The download link has since been broken, so the hysteric contagion rate may have been stymied. Some network administrators identified the payload as something called 'VBMania' and reported their network mailing systems being overwhelmed.

Nowhere in the reports of this worm is the word 'Windows' used. There's a natural assumption amongst Windows users that their problems are the world's problems.

There are several clues written between the lines that professionals pick up but which can go unnoticed by ordinary users.

  • The 'SCR' file extension. Yes it's a file extension for screensavers but it's only used by Windows.
  • The mention that 'Outlook' is vulnerable. Outlook is a Microsoft mail client. No other systems have it.
  • 'VBMania'. This is a reference to 'Visual Basic', a Microsoft product for Windows.

The 'Here You Have Worm' propagates the same way as the infamous 'ILOVEYOU' worm from May 2000. That too was a Windows worm. Now, over ten years later, systems are still being hit by the same thing. Now, ten years later, those systems are not one bit more secure.

Ten years ago Microsoft put enormous pressure on the news media to hide the fact that 'ILOVEYOU' attacked only their systems. The word eventually got out of course. But several major sources, including the BBC, were muzzled for days as people scrambled to find the truth and start defending themselves.

Wouldn't it be nice if news sites began by pointing out that the worm is a Windows worm? Wouldn't that help people understand better what's really going on? Wouldn't it be nice if Microsoft weren't allowed to silence the media?

Are you about to go away to an 'institution of higher learning' for the first time? Were Mummy and Daddy going to buy you a new computer for the occasion? You'd better hope it doesn't run Windows.

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.