Tuesday, January 31, 2006

Why did you UUE it?

Master!
Master, are you there?
Where?
Oh, thank you Master, I have some news for you! This morning when I opened my mailbox, I saw an email with an attachment of type UUE! I was both shocked and impressed at the same time! You know why master?
Why?
Because Master, our solution has been rendered useless!
What?
Master, do you remember we had discussed how to work around the deletion of attachments by email servers?

Was it worth remembering?
Of course Master! It was a wonderful method!
Then why wasn't it mainstream?
Because Master, it was abstruse, it was arcane! It was cool!
I am sure, that became its undoing!
What do you mean Master?
Go on, you tell me first!
Uhh...What I was saying is, this email had an attachment with UUE extension! The email provider's anti-virus checked it, and it said the attachment was clean!

Yahoo Email Virus Scan Result



So, I saved the attachment to my disk, and opened it in Notepad and well, it was indeed a UUE, and not just a renamed executable type!
I opened it in Winzip and the default Winzip window showed the attachment contained another UUE (note, instead of a ".UUE', it was a ",UUE" -- a giveaway that there's something fishy!) I maximized the name column, and saw that the extension was actually ".scr!" So, to catch an uneducated user unawares (I like that alliteration :D ) the file name was modified! UUE Virus in Winzip MyWife.d



Then on a whim, I decided to extract the file onto my desktop! I know Master, I was being capricious and indiscreet, but I reasoned, extraction never executes the file, so went ahead with the extraction!
Thankfully, my anti-virus was updated, and On-access Scan was enabled, due to which my actions were condoned! And, that's how I received a visit from "MyWife.d"!
McAfee Detect UUE Virus MyWife.d


I guess you were thrilled beyond words!

Well, not exactly Master. I was thinking about a few things! One, the kind of mechanism this virus employed. Two, how many more such mechanisms we have around! Three, What are our "chances" of fending off such attacks?

One morsel at a time, please, lest we gag!

Hahaha! Ok, Master. Let me elaborate one at a time: my statement about the mechanism this virus employed.

As we discovered earlier, UUE was let through by most email servers and anti-virus apps. Why? It was commonly employed by many email servers as a mechanism to transfer attachments. What makes these transfers sane and sterile? Why should there be distrust only for the MUAs and not for the MTAs?

That's not entirely true!

I agree Master, that's how incoming spam and virii are detected (i.e by checking incoming mail from other MTAs) but most of the protection is limited at point of entry! What I suggest is, a sanity check on the content must be done after every operation and whenever it changes hands!
But what does this have to do with the mechanism this virus employed?

I am coming to that! As we learnt earlier, any attachment type that the anti-virus does not recognize is simply allowed to pass through! This is what went wrong! I refuse to believe that an anti-virus that could scan inside a zip could not scan inside a UUE! Its appalling! How could they miss UUE as an extension! Which brings me to my second point that is, how many more such mechanisms we have lying around?!

For a second lets step back and take a look at what's happening around! We have PCs and other computing devices entering more and more domains. And, they are increasingly getting connected onto the internet, and more often than not, with broadband connections! The ease of use of modern OSes ensure that people don't need enough training for them to be productive with their systems. Nor they need to know what executables are, what social engineering is, what trojans are etc. etc.

May I interrupt your chain of reasoning for a second? Let's take a step backwards! A few millenia ago, somebody must have detected a shiny piece lying on the sand (what was to be later identified as Iron)! And, it must have also been flung carelessly into fire revealing smelting and smithy to man! Then it was easy to discover that iron beautifully cuts flesh, of both the cutter and being cut! So, the cutter invents the handle! And, lo, we had the "knife!" Use it to cut your enemies and not cut yourself! That's not all! And, lets trade it so that each and every one on this planet is allowed to carry a knife for cutting his/her enemies! What do we do next? Lets innovate and have the knife in various shapes and sizes! Let's create a dagger, sword, scimitar, what have you! Lets proliferate the usage of knives! Now, this became a problem! Sir, what would we do! Our children don't carry knives, but they are cut by the school bullies who carry swords and daggers! But wait, there's more, we can use knife to cut food into morsel size pieces, Wow! what a tool!

ok..OK! Master enough (of the rambling) I get what you are trying to say!

So, at various points in time, we have had people worrying how will we carry the civilization forward because some tool had uses beyond its intended purpose! Don't worry, the next version will take care of it because some intelligent developer discovers the unintended use! If his endeavour is thwarted by his manager, then the nexter version surely will due to public pressure. Otherwise the nextest version must take care of it to remain in business, his CEO will ensure that he takes care of it! Do you worry about Michaelangelo or Joshi anymore? Relax, many innovations have been brought because of these unsung virus writers and their ilk, from browser warning dialogs to phishing filters and buffer overflow protection at CPU level ! A generation without tension breaks into chaos. Peace is held together by the tension of war! Data is backed up due to the threat of these virii!

Keep your OS and anti-virus updated. Be updated on what's happening around, and be skeptical about what you receive from online samaritans!

Wow, thanks Master! I really got swayed by all the reports in the media, even though I knew better!

Hmm...If you believe everything you read, better not read. If you run every attachment you receive, if you download and run every application you see, better remove your net connection, remove your hard-disk and run a live OS

But Master, I cannot use UUE as an attachment type anymore!

Attachment is the root cause of all pain *poof* (master disappears)

6 comments:

  1. Why don't they get you to write those quantam computing and higher order programming papers? Would make life simpler for people like me, I would understand what they were saying! ;)

    ReplyDelete
  2. I wonder, do you mean, I explain things better or, their explanations appear better once I explain....Hmm...
    Jokes apart, thanks for the compliments :) Appreciate that coming from someone I respect :)

    ReplyDelete
  3. I notice the link to my blog on your blog is broken. Could you change it pls?

    I was surprised to find the no. of people who point to my old blog even now! Wish there was a shortcut to patching these.

    ReplyDelete
  4. This comment has been removed by a blog administrator.

    ReplyDelete
  5. Hi Vinil,
    Today i noticed that the same email provider didnt scan viruses for tar.gz files :) (well it doesnt say that the file is clean it says it couldnt scan the file...) .. may be now viruses can be gzipped and mailed ;)

    So for the time being, we can use gz and bz instead of UUE ;)

    ReplyDelete
  6. Good One...Worth reading...

    ReplyDelete