• Penguin (unregistered) in reply to brazzy
    brazzy:
    AC:
    So, just to get this straight: There was a virus scanner that had all of the email-found viruses quarantined, but not a virus scanner that checked file system access?
    Read again. It *did* check file system access. For 10k files at the same time. Presumably leading to a a few hours of disk thrashing.
    At least with Linux, you can kill it without damaging the underlying file system with a filesystem.
  • (cs) in reply to Child of the '20s
    Child of the '20s:
    Doesn't "XXX" stand for "whiskey?"

    Whiskey? Where???

  • Willie Nelson (unregistered) in reply to whiskeylover
    whiskeylover:
    Child of the '20s:
    Doesn't "XXX" stand for "whiskey?"

    Whiskey? Where???

    I'm drowning in a whiskey river.

  • trtrwtf (unregistered) in reply to I do not prefer the ipod
    I do not prefer the ipod:
    trtrwtf:
    I don't get to see these marvels, because I use gmail for my personal mail and my work has spam filters that catch all of this stuff, so I'm just guessing here, but I would suspect that these files actually do show an image. If they didn't, the dumbass user who opens up the file might start to wonder why "hotxxx.jpg" (extensions are hidden by default under windows, yeah?) doesn't open up, and they might maybe figure out that something was up.

    So among other things, yeah, I would guess that this might try to show 10,000 images of improbable acts of copulation. (In addition to installing 10,000 pieces of malicious code.)

    You are so sheltered. Wanna take a walk on the wild side?

    I'd sooner kiss a pig.

    (or perhaps that was what you had in mind)

  • I do not prefer the ipod (unregistered) in reply to trtrwtf
    trtrwtf:
    I do not prefer the ipod:
    trtrwtf:
    I don't get to see these marvels, because I use gmail for my personal mail and my work has spam filters that catch all of this stuff, so I'm just guessing here, but I would suspect that these files actually do show an image. If they didn't, the dumbass user who opens up the file might start to wonder why "hotxxx.jpg" (extensions are hidden by default under windows, yeah?) doesn't open up, and they might maybe figure out that something was up.

    So among other things, yeah, I would guess that this might try to show 10,000 images of improbable acts of copulation. (In addition to installing 10,000 pieces of malicious code.)

    You are so sheltered. Wanna take a walk on the wild side?
    I'd sooner kiss a pig.

    (or perhaps that was what you had in mind)

    In fact, it was, just not on the lips.

  • trtrwtf (unregistered) in reply to I do not prefer the ipod
    I do not prefer the ipod:
    trtrwtf:
    I do not prefer the ipod:
    trtrwtf:
    I don't get to see these marvels, because I use gmail for my personal mail and my work has spam filters that catch all of this stuff, so I'm just guessing here, but I would suspect that these files actually do show an image. If they didn't, the dumbass user who opens up the file might start to wonder why "hotxxx.jpg" (extensions are hidden by default under windows, yeah?) doesn't open up, and they might maybe figure out that something was up.

    So among other things, yeah, I would guess that this might try to show 10,000 images of improbable acts of copulation. (In addition to installing 10,000 pieces of malicious code.)

    You are so sheltered. Wanna take a walk on the wild side?
    I'd sooner kiss a pig.

    (or perhaps that was what you had in mind)

    In fact, it was, just not on the lips.

    That definitely qualifies as "improbable".

  • (cs) in reply to Child of the '20s
    Child of the '20s:
    Doesn't "XXX" stand for "whiskey?"

    I thought it was a Vin Diesel movie.

  • I do not prefer the ipod (unregistered) in reply to trtrwtf
    trtrwtf:
    I do not prefer the ipod:
    trtrwtf:
    I do not prefer the ipod:
    trtrwtf:
    I don't get to see these marvels, because I use gmail for my personal mail and my work has spam filters that catch all of this stuff, so I'm just guessing here, but I would suspect that these files actually do show an image. If they didn't, the dumbass user who opens up the file might start to wonder why "hotxxx.jpg" (extensions are hidden by default under windows, yeah?) doesn't open up, and they might maybe figure out that something was up.

    So among other things, yeah, I would guess that this might try to show 10,000 images of improbable acts of copulation. (In addition to installing 10,000 pieces of malicious code.)

    You are so sheltered. Wanna take a walk on the wild side?
    I'd sooner kiss a pig.

    (or perhaps that was what you had in mind)

    In fact, it was, just not on the lips.
    That definitely qualifies as "improbable".
    Maybe for you, square.

  • I do not prefer the ipod (unregistered) in reply to trtrwtf
    trtrwtf:
    I do not prefer the ipod:
    trtrwtf:
    I do not prefer the ipod:
    trtrwtf:
    I don't get to see these marvels, because I use gmail for my personal mail and my work has spam filters that catch all of this stuff, so I'm just guessing here, but I would suspect that these files actually do show an image. If they didn't, the dumbass user who opens up the file might start to wonder why "hotxxx.jpg" (extensions are hidden by default under windows, yeah?) doesn't open up, and they might maybe figure out that something was up.

    So among other things, yeah, I would guess that this might try to show 10,000 images of improbable acts of copulation. (In addition to installing 10,000 pieces of malicious code.)

    You are so sheltered. Wanna take a walk on the wild side?
    I'd sooner kiss a pig.

    (or perhaps that was what you had in mind)

    In fact, it was, just not on the lips.
    That definitely qualifies as "improbable".
    Maybe for you, square.

  • Abso (unregistered) in reply to Daniel
    Daniel:
    BlackBart:
    Queue comments about how Linux is so much better than all that GUI stuff in Windows and how you're so much better by having to type 'sudo rm -rf /' instead of CTRL+A, + Boss Hand Slap + Enter.

    Even GUI Linux would have been better in this instance. It isn't going to run a file as a executable simply because of the file name. You have to set the executable bit.

    Thus do this exact same thing on a linux box and you have to go out of your way to screw up, on windows all you need is to fit enter.

    Granted that does mean that Windows, Just Works.

    Depending on your window manager and various other things, .exe files might automatically open in Wine.

  • Mark Wilden (unregistered) in reply to anon

    Exactly. My theory for this bastard pluralization is that it comes from radius, radii. Except that virus isn't virius.

  • North Shore Beach Bum (unregistered) in reply to Tim
    Tim:
    Isn't the plural of virus "viridae"?
    Wikipedia explains why viri and virii are wrong, but notes that we have no known examples of the plural form of virus in Classic Latin. The accepted plural in English is viruses.
  • BentFranklin (unregistered) in reply to Matt Westwood
    Yes, "virus" comes from the Latin word "virus". But the Latin word means "rod"

    From whence springs "virile" and hence "Viagra".

  • Melvis (unregistered) in reply to The Enterpriser
    The Enterpriser:
    What a moran.

    What's a moran? I had a professor Moran once. He was a moron.

  • Ken B. (unregistered) in reply to AC
    AC:
    So, just to get this straight: There was a virus scanner that had all of the email-found viruses quarantined, but not a virus scanner that checked file system access?
    No, after he pressed Enter instead of Del, he learned that "their virus scanner worked surprisingly well against an assault of 10,000 viruses". In other words, the virus scanner did its job, and prevented 10,000 more infections.
  • (cs) in reply to Melvis
    Melvis:
    The Enterpriser:
    What a moran.
    What's a moran?
    According to Wiktionary, it's an unmarried Maasai or Samburu warrior, apparently.
  • Ken B. (unregistered) in reply to neonzebra
    neonzebra:
    Read the example file name again. What do you think a file named hotxxx1.jpg contains? Now imagine opening up 10,000 of these files while your boss is looking.
    Re-read it again. The example name was "hotxxx.jpg.exe", which is why Windows' default "hide extensions of known file types" is a "Bad Idea"[tm].
  • abbas (unregistered) in reply to BlackBart
    BlackBart:
    Queue comments about how Linux is so much better than all that GUI stuff in Windows and how you're so much better by having to type 'sudo rm -rf /' instead of CTRL+A, + Boss Hand Slap + Enter.

    I wonder if the subsequent virii removed the previous ones or just chained the infection?

    I didn't understand the aritcle... Cntrl + A = Select all Enter = Open

    Even if he hit Del not Enter, he still gets prompted, "Are you sure you want to mess up the universe?", right? Plus recycle Bin.

    Or is Exchange Server different to my every day Windoze experience?

  • Ken B. (unregistered) in reply to word usage pedant
    word usage pedant:
    BlackBart:
    Queue comments about how Linux is so much better than all that GUI stuff in Windows and how you're so much better by having to type 'sudo rm -rf /' instead of CTRL+A, + Boss Hand Slap + Enter.

    I wonder if the subsequent virii removed the previous ones or just chained the infection?

    The phrase is "cue" comments. The metaphor we are suggesting here is that of a play, with you as the director, and you believe it is now time for the pro-Linux comments to come in. So you give the cue.

    The more you know....

    Perhaps he was expecting so many, that he was suggesting that the system queue them up, so they don't overwhelm the server?

  • Ken B. (unregistered) in reply to hoodaticus
    hoodaticus:
    If you want something done right, lock your boss in the tape safe before you do it yourself.
    What? And have his magnetic "health bracelet" wipe out your backups?
  • Ken B. (unregistered) in reply to tharpa
    tharpa:
    1) What is the plural of virus?
    "Windows"
    2) Explain.
    QED.
  • rjk (unregistered)

    This is why some of the smarter anti-virus systems hide the quarantine and only allow you to delete or restore using their interface.

  • saltimoco (unregistered) in reply to andres
    andres:
    Even better "sudo rm -rf . /" vs "sudo rm -rf ./"... yeah that happen to me once. The server was never the same again.
    Or a script that includes that (or something similar) that suddenly starts sayinf:

    "Command not found" "Command not found" "Command not found" "Command not found" "Command not found" "Command not found" "Command not found" "Command not found" "Command not found"

  • (cs) in reply to Ken B.
    Ken B.:
    hoodaticus:
    If you want something done right, lock your boss in the tape safe before you do it yourself.
    What? And have his magnetic "health bracelet" wipe out your backups?
    True... all the more reason to lose the safe keys, bust a water pipe on that floor, and let time and gravity do the rest.
  • Stout and Porter (unregistered) in reply to tharpa

    Right Click the article and select "View SOurce". There is an explanation....

  • stu (unregistered) in reply to Child of the '20s
    Child of the '20s:
    Doesn't "XXX" stand for "whiskey?"
    It stands for very spicy food.

    So hotxxx.jpg = Hot, very spicy food photos.

    Guillermo must work in the food industry.

    /I'm telling you Akismet, this is not spam!/

  • Julian (unregistered) in reply to not Jimmy Wales
    not Jimmy Wales:
    tharpa:
    1) What is the plural of virus? 2) Explain.

    The plural of "virus" is "viruses".

    There are several reasons:

    1. Virus is a noun of the English language. Unless otherwise stated, nouns are formed by adding an "s"
    2. Yes, "virus" comes from the Latin word "virus". But the Latin word means "rod", not "a tiny organism". So English "virus" != Latin "virus", so the rules of Latin grammar don't apply here.
    3. Even if the rules of Latin grammar applied here, "virus" is a fourth declension -- thus the Latin plural is "virus" -- long u. Were it a second declension noun, then the plural form would be "viri". Were it a third declension noun, then the plural form would be "virii". If it were an -i stem noun. (Third declension nouns are a grammatical class all to themselves.
    4. Tom Christiansen has a useful essay on this issue. It is in the top 10 hits if you Google for "plural form of virus".
    5. The most obnoxious virus created was the work of that pinhead who insisted the proper plural of "virus" was anything except "viruses." Maybe it was Paula whats-her-name.

    Captcha: aliquam. Appropriate.

    According to Google Translate (as bad a source as any other), "Virus" translates to:

    1. VENOM
    2. SLIME
    3. POISON
    4. VIRUS
    5. STRONG SMELL
    6. SHARP TASTE
    7. PUNGENCY
    8. SALT TASTE
  • Mr.'; Drop Database -- (unregistered) in reply to Ken B.
    Ken B.:
    neonzebra:
    Read the example file name again. What do you think a file named hotxxx1.jpg contains? Now imagine opening up 10,000 of these files while your boss is looking.
    Re-read it again. The example name was "hotxxx.jpg.exe", which is why Windows' default "hide extensions of known file types" is a "Bad Idea"[tm].
    I wouldn't trust non-technical users to memorise which file extensions are unsafe, and that still wouldn't help if the file is called "hots(right-to-left override)gpj.exe". I think they're better off with the way that web/email software displays warnings before opening unsafe file types, and with antivirus software on top of that.

    (Besides, I kind of like the default being the way it is, since it makes it harder for clients to rename a Photoshop file to a .jpg. Power users can always change the option.)

  • nonzenze (unregistered)

    Why doesn't the virus scanner mark all files moved to the quarantine folder as deny-execute-all?

    ....

    captcha: validus, as in, this is a validus question.

  • PG4 (unregistered)

    The real WTF is even scanning for stuff in email messages.

    What the user doesn't have a virus scanning program on is system? And don't say defense in depth. It's not the same thing. Having 5 check points to get into a protected area and at all five you have the same idiot making the same mistakes is not defense in depth.

    How about if the email is not going to a windows machine, ever. Send all the windows malware you want, it's meaningless.

    How about you reject mal from known known spam sources on the fly, then you never have to scan it to start with. Oh, I forgot, Exchange, you can't put 3 lines in your sendmail.cf that will check a dynamic black hole list. It simple almost no cost and dumps close to 99% of spam and malware.

    Oh I forgot, no money in selling that solution, since you don't have to buy software. None of the "experts" will tell you about a free thing.

  • Don L (unregistered) in reply to nonzenze

    All virus scanners I've seen renames files placed in quarantine (e.g. adding .vir to the file names) if they're accessible through the file system. Furthermore some of them might also prevent execution through NTFS deny permissions.

    Now, if the point is that he was executing the 10k virus exes, so what? The scanner could already detect those, else they wouldn't be quarantined.

    And if the point is "wow, 10k files executed simultaneously bogs the server down", I'd say "so what? That shouldn't take long. If it actually made the server perform bad for more than a few minutes, the customer has other, much worse problems....

    Something's wrong here.

    TRWTF is the performance of NTFS, especially in folders with 30k+ files...

  • P (unregistered) in reply to BlackBart
    BlackBart:
    Queue comments about how Linux is so much better than all that GUI stuff in Windows and how you're so much better by having to type 'sudo rm -rf /' instead of CTRL+A, + Boss Hand Slap + Enter.

    I wonder if the subsequent virii removed the previous ones or just chained the infection?

    Well, it'd be pretty stupid to enter a command like that in the first place, but even if you did it would ask you for your password and then only execute it if you had permissions to use sudo :)

    However, I'm wondering what really happened here. As several people have already pointed out, Windows would ask if you really wanted to open 10,000 files. Also, is there any virus scanner which doesn't encrypt / mangle the files before archiving / quarantining them?

  • (cs)

    While I wouldn't recommend opening up 10,000 suspicious-looking attachments, we should be aware that the only stuff that goes into the quarantine folder is the stuff that the virus scanner has already caught.

    So there's wasn't much risk of infection here.

  • Kef Schecter (unregistered)

    Not only is the plural of "virus" not "virii", there is no word in the entire English language -- or Latin language -- where -us becomes -ii in the plural. People are probably thinking of radius -> radii, but it's only the -us that changes: radi-us, radi-i.

    CAPTCHA: vindico. Seems fitting somehow.

  • db (unregistered) in reply to PG4
    PG4:
    The real WTF is even scanning for stuff in email messages.

    What the user doesn't have a virus scanning program on is system?

    Sometimes they conspire with accounts to do an end run around IT and stupidly get a laptop via "salary sacrifice" instead of the company providing it to them for free. Then they have either no antivirus or nothing after a trial period.

    Sometimes they have antivirus and delete it in an attempt to speed up thier computers.

    Sometimes they deliberately download something that contains malware which nukes their antivirus. In some cases the useful appearing malware vector will have installation instructions that include turning off antivirus, so it doesn't matter how good or bad the antivirus is, it still gets nuked.

    Sometimes the mail servers antivirus is all the users have between them and all the malware on the net.

  • (cs) in reply to Daniel
    Daniel:
    BlackBart:
    Queue comments about how Linux is so much better than all that GUI stuff in Windows and how you're so much better by having to type 'sudo rm -rf /' instead of CTRL+A, + Boss Hand Slap + Enter.

    Even GUI Linux would have been better in this instance. It isn't going to run a file as a executable simply because of the file name. You have to set the executable bit.

    Thus do this exact same thing on a linux box and you have to go out of your way to screw up, on windows all you need is to fit enter.

    Granted that does mean that Windows, Just Works.

    Of course, you'd hate to accidentally press enter after typing "sudo rm -rf /", before you'd finished typing the rest of the path...

    (which is why you alias rm=rm -i, but anyway...)

  • (cs) in reply to PG4
    PG4:
    The real WTF is even scanning for stuff in email messages.

    What the user doesn't have a virus scanning program on is system?

    So you like to actually receive and have to manually delete emails with viruses attached? And you like having to allocate space on the email server and in your backups to store all these useless emails that nobody will actually ever read?

    We scan for viruses in emails for the same reason we scan for spam: it's a waste of time to receive them. And, viruses are pretty low-hanging fruit in this regard as the majority can be efficiently detected with very low overheads and almost no chance of a false positive. The "cost" of doing this is tiny compared to the time it saves.

    Additionally, it's quite possible to use a different virus scanner for your email than you install on desktops, which does provide some measure of "defense in depth". If one vendor misses the virus, another might not.

  • (cs) in reply to lolwtf
    lolwtf:
    Daniel:
    BlackBart:
    Queue comments about how Linux is so much better than all that GUI stuff in Windows and how you're so much better by having to type 'sudo rm -rf /' instead of CTRL+A, + Boss Hand Slap + Enter.

    Even GUI Linux would have been better in this instance. It isn't going to run a file as a executable simply because of the file name. You have to set the executable bit.

    Thus do this exact same thing on a linux box and you have to go out of your way to screw up, on windows all you need is to fit enter.

    Granted that does mean that Windows, Just Works.

    Of course, you'd hate to accidentally press enter after typing "sudo rm -rf /", before you'd finished typing the rest of the path...

    (which is why you alias rm=rm -i, but anyway...)

    BUT LINUX IS JUST THE KERNEL!!!!1!!11!!ONEONE!! And it has no virusii /troll

  • Planar (unregistered) in reply to The Enterpriser
    The Enterpriser:
    Also, about that time where he was working for 6 companies at once.. at the same time.. sounds like someone might not have been filling in their time sheet correctly.
    What does your time sheet have to do with what you're actually doing?
  • M (unregistered) in reply to BlackBart
    BlackBart:
    Queue comments about how Linux is so much better than all that GUI stuff in Windows and how you're so much better by having to type 'sudo rm -rf /' instead of CTRL+A, + Boss Hand Slap + Enter.

    On Linux I just can install bumblebee http://www.sysadmin.im/2011/06/20/47.html

  • (cs)

    423,827 Viruses found!

  • experts (unregistered) in reply to PG4
    PG4:
    The real WTF is even scanning for stuff in email messages.

    How about you reject mal from known known spam sources on the fly, then you never have to scan it to start with. Oh, I forgot, Exchange, you can't put 3 lines in your sendmail.cf that will check a dynamic black hole list. It simple almost no cost and dumps close to 99% of spam and malware.

    Oh I forgot, no money in selling that solution, since you don't have to buy software. None of the "experts" will tell you about a free thing.

    It's Exchange. You type the dynamic black list url into the appropriate text-entry field.

    The TWTF is Lusers who think that they understand Exchange and network admin because they've installed sendmail once.

  • mikolajl (unregistered)

    "The Plural of Virus is not Virii"

    Next you're going to tell us that tha plural of box is not boxen???

  • freibooter (unregistered) in reply to The Enterpriser
    The Enterpriser:
    I guess he was running a special version of windows which didn't say "are you sure you want to run all 10,000 of these files at the same time".
    I simply assume that his boss slapped him so hard, that he got knocked out and passed out face down on the "enter" key ... possibly strafing the cursor keys on the way down and therefore answering every single question with a "Yes".
  • JolleSax (unregistered) in reply to tharpa
    tharpa:
    1) What is the plural of virus? 2) Explain.

    Not Virii. If it would be a latin word, it would be virus - viri (one i).

    As it was not known in ancient times and hence not a latin word, we use the english way of pluralization : viruses. But someone else said that already I reckon...

  • (cs) in reply to @Deprecated
    @Deprecated:
    Child of the '20s:
    Doesn't "XXX" stand for "whiskey?"
    It stands for Amsterdam. [image] http://www.crwflags.com/fotw/flags/nl-amsdm.html
    Some people might argue that there's not much of a difference between Amsterdam and what you'd associate with 'XXX'. Ever been to amsterdam.com? (Not safe for work last time I checked.)

    It's a seriously beautiful and cool place to live, though.

    As for opening thousands of files... once, on an Windows NT 4.0 system, I accidentally pressed 'Enter' after I'd selected some 6000 folders. Mind, this was in the mid nineties, when computers were still steam-powered.

    Rather than crashing, what you'd expect from Windows, it dutifully started opening 6000 windows, and went paging like mad. I think that eventually we just rebooted the damn thing, because it took too long.

  • (cs) in reply to Severity One
    Severity One:
    @Deprecated:
    Child of the '20s:
    Doesn't "XXX" stand for "whiskey?"
    It stands for Amsterdam.
    Some people might argue that there's not much of a difference between Amsterdam and what you'd associate with 'XXX'. Ever been to amsterdam.com? (Not safe for work last time I checked.)

    It's a seriously beautiful and cool place to live, though.

    Some people might argue that there's not much of a difference between Amsterdam and any other city in the world on this matter, apart from the presentation.

  • Ru (unregistered) in reply to tharpa

    If in doubt, be evasive.

    • Many instances of a virus
    • Some virally infected files
    • A folder of viral executables
    • They're god-damned trojans you clueless fuck. AAAARGH

    And so on.

  • (cs) in reply to PG4
    PG4:
    Oh, I forgot, Exchange, you can't put 3 lines in your sendmail.cf that will check a dynamic black hole list.

    Umm, no you can't do it in sendmail.cf, but you can do it in message delivery options. In fact you can set up blacklists, whitelists, set up different return codes and rejections criteria, exceptions . . . .

  • (cs) in reply to Ken B.
    Ken B.:
    tharpa:
    1) What is the plural of virus?
    "Windows"
    2) Explain.
    QED.
    You're probably trolling, but +1 anyway.

Leave a comment on “The Plural of Virus is not Virii”

Log In or post as a guest

Replying to comment #:

« Return to Article