Worms world party

Was origially posted at bitfever.blogspot.com on Wed Jan 07, 08:53

Today I recived the following e-mail (german), wich is of course a mail sent out by sobig.c:

From: anotherone@jofeofefxsw.it
Subject: Du hast einen Trojaner drauf!
To: forthespambots@qwertzgdfs.it

Juten Tach,
habe mal einen internet port scan gemacht. dabei konnte
ich deinen rechner sehen und einsteigen.
deine mail adresse hab ich auch auf deinem pc gefunden.

bei dir ist der trojaner lsass.exe am wüten. deshalb kann
jeder auf deinen rechner zugreifen!
du kannst ja mal den taskmanager öffnen, und versuchen ihn zu beenden.
du wirst aber feststellen, das er sich nicht beenden lässt.
solltest du windows98/me haben, siehst du ihn erst gar nicht im task!

dieses hartnäckige miststück hatte ich auch mal drauf, 3 tage
hat es gedauert, bis ich endlich ein programm zum entfernen
gefunden habe. ich hab's dir mal mit beigetan. wenn fragen,
meld dich einfach."

This is a very common thing (and always something entertaining for Mac user) nowadays, but the that fact really concerns me, is that i scanned the attached file witn Norton AntiVirus 2003 (for Windows of course) using todays signatures; given the fact that Sobig.C is not a very new thing, i thougt it will catch it without problem - but in fact it reported that it found nothing.
Of course I do not execute files that i don't know the sorce of or that even came in an email, but almost every average computer user would have thogt this: "So Norton found no Virus? Good, so lets double click it.". He maybe would have checked upon the lsass.exe (wich of course exists, because it is a vital part of Windows 2000/XP) before, but he would have used it - and got another sobig infected user!
I always wonderd how fast these viruses spreaded, even if they said in the evening news: "Don't click .exes!". This will not be the main reason (cause most people don't bother running a virusscanner) - but it concernes me a lot. Poor Norton, shame on you.
The main reason a virus/worm workes obviously because the human nature itself. It is often argured that all those Windows/Outlook bugs are the main reason for the fast spreading of worms. Those bugs of course encourage it and make it easier for the crackers and worm authors, but there would be worms without those bugs.

Besides, this concernes me, but it doesn't suprise me that Norton AntiVirus fails.
Have you ever looked at the so called "Norton Utilities"? One of the poorest software packages i know of - it costs a lot, claims to be "Designed for Windows XP" but some features, e.g. the Rescue Boot Disk on the CD, just don't work properly. The Rescue CD boots a DOS, but cannot use NTFS drives at all, wich makes it inusable for a lot of Windows XP installations! And the progam doesn't work at all if you are not logged in as an Admin user. This is everything, but not "Designed for Windows XP".