Now I’ve seen it all

The new Bagel Virus takes the cake. (Update: Also known as Beagle, Bagle, etc.)

It comes as an EXE attachment (which would be blocked by all current versions of Outlook and Outlook Express) with the subject “Test” and the message body “Test, yep.”

It doesn’t even attempt to socially engineer the user into opening the attachment (no celebrity photos, no fake Microsoft security patches, etc) and yet the distribution is listed as “High.”

Comments (11)

  1. Actually, based on the dozen copies that I got from a prominent VB developer, Outlook doesn’t block this one. At least, I’m seeing attachments with .exe extensions rather than the "Outlook has blocked potentially harmful attachments" message. I haven’t bothered to try to figure out how it works.

  2. Christoc says:

    That’s where those emails started coming from Today :) O2k3 has been blocking their attachments for me.

  3. Peter Torr says:

    Mike: What version of Outlook do you have? The Symantec site doesn’t list anything special about the virus.

    One has to wonder what motivates people to click on the EXE (and say "OK" to the warning dialog) in this case.

  4. Interesting. I’m also running Outlook 2003.

    As to why people click on things: people are morons. Simple as that. Yes, that goes double for the VB developer I didn’t name.

  5. Peter Torr says:

    The virus apparently spoofs the "from" address, so don’t be so quick to blame that person — it could have come from anyone.

    As for why you see the EXE… perhaps you (or your admin) changed the default settings:


  6. David Cumps says:

    Users can’t resist temptation :p

    They click and click and click but forget to think

  7. Eric Lippert says:

    It’s not that users are morons or that they "forget" to think. Its that users are trained to not think. Users very quickly learn from experience that:

    * dialog boxes are modal. But users do not think of them as "modal", they think of them as "preventing me from getting any work done until I get rid of them."

    * dialog boxes almost always go away when you click the leftmost or rightmost button

    * dialog boxes usually say "If you want to tech the tech, you need to tech the tech with the teching tech tech. Tech the tech? Yes / No"

    * If you press one of those buttons, something happens. If you press the other one, nothing happens. Very few users want nothing to happen — in the majority of cases, whatever happens is what the user wanted to happen. Only in rare cases does something bad happen.

    In short, from a user perspective, dialog boxes are impediments to productivity which provide no information. It’s like giving shocks or food pellets to monkeys when they press buttons — primates very quickly learn what gives them the good stuff and avoids the bad.

    Modal dialog boxes are in general, badness — and you’ll see that more and more products rely less and less upon them. But they are particularly heinous when security is on the line. Security questions cannot be asked on a "retail" basis. The way users make security decisions is to set their policies appropriately and then let the security system enforce their wishes "wholesale".

  8. Peter Torr says:

    Amen to that.

    Although the interesting thing in this case is *why* they open the attachment. They are not compelled to by the text of the message.

    Perhaps another thing we can add to the food-pellet theory is that people have learnt that if someone sends you an attachment then you’re probably supposed to open it, even if it has a random name, you have no idea what it does, and the e-mail doesn’t actually ask you to open it.

  9. RichB says:

    I’ve seen one of these sent to the Mono Open Source mailing list and one spoofed from a Genghis address (the open source .Net library). Clearly, these originated from developers who are working with cutting edge technologies – so we can’t simply blame dumb lusers.

    Quite often I see the argument (from Microsofties) that the software version on their desktop stops these viruses, therefore there is no excuse for them getting into the wild. This is just not the case – how many people still run Windows 98? How many people have Office 2000? How many people have IE 5.0? How many people have an unpatched IE5.5 or IE6? Clearly too many, but that doesn’t mean that it’s the user’s fault.

  10. Patone says:

    Regarding Users: By the time you make something idiot-proof, they’ll make a better idiot.