MyDoom and VSTO

I've blogged a lot about the VSTO security model, and many customers have been frustrated / confused by the tight security policy we use. Why on earth would we not trust code just because it's on the local machine?

Well, one of our main scenarios for the VSTO model (and one that I demo-ed at TechEd last year) was a ZIP-based attack where a user receives an e-mail with a ZIP file containing a document and a DLL which they extract and then open. Of course at the time the attack was "theoretical" and some people laughed at such an idea...

Of course now the new MyDoom virus proves that users will extract files from a ZIP and then open them. The old Linux virus joke of "please add the following files to your kernel, re-compile it, and then forward this message to all your friends" gets closer to reality with each passing day... <sigh>

Comments (4)

  1. MartinJ says:

    I’ve thought about email viruses and how they can be socially engineered.

    You want to know a really nasty one that I’m afraid of? Imagine that you receive a reply from someone you actually sent mail to. It even has the right subject line because, in truth, it is a reply message from your friend’s machine. The kicker is that he didn’t send you the message. The virus/worm did it. It included the original text of you message, just like it should. It even put some text in there to let you think that your friend sent you an aside (Hey, BTW, check this thing out) with an executable attached.

    Would you open it? You wouldn’t, you paranoid freak. But, how many normal, trusting people would? It would be a social nightmare. Even worse than the one that impersonated MS sending out a hotfix in email. Because it was your friend. And, it didn’t look like a virus.

    Like I said, scary.

  2. Peter Torr says:

    Hey Martin,

    You can definitely concoct lots of scenarios that will get users to open the attachment. I will not mention any of my own fears here because then I’d feel really bad if they ever happened.

    As software becomes more secure, it is the users that will be attacked (as people like Kevin Mitnick have proved in the past)

    – The freak 😉

  3. MartinJ says:

    I hear ya. I’m just waiting for the day when I have to go back to my sister’s house and reload Windows *again* because they had some "optimizer" (forget the ten copies of Gator) that corrupted the NTFS so bad I had to FDISK it for setup to even run. Don’t you love getting a blue screen during setup, fdisk it, and everything installs just fine.

Skip to main content