Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Virus Squad

Posted by michael on from the 3-parts-hype-2-parts-drudgery-1-part-usefulness dept.

dncsky1530 writes "Sydney Morning Herald - The Virus Squad - 'A new species has been discovered. So new, it's still unnamed, but researchers are racing to tag it - before it spreads around the world. For the next 10 to 30 minutes, the computer virus or worm is dissected, analysed and identified... "On the day we detected MyDoom, we did another 18 viruses," says Paul Ducklin, Sophos's head of technology for the Asia-Pacific. "There are about 800 new viruses a month. And the unglamorous bit of our work is often the other 798."'"

13 of 175 comments (clear)

  1. Re:Ugh, these aren't viruses... by sheriff_p · · Score: 3, Informative

    Actually, common industry usage says that worm is a subset of virus. If you want to use your own terminology, fine, just don't inflict it on others :-)

    +Pete

    --
    Score:-1, Funny
  2. Re:I wonder by aheath · · Score: 5, Informative
    I remember the days when anti-viral software was freeware or shareware. The anti-virus industry will have to adapt when Microsoft includes free anti-virus technology in Windows XP service pack 2. Assuming of course that the XP SP2 anti-virus software is robust and fully featured. Perhaps some of the anti-viral software companies will have to evolve from providing software to providing security conulting.

    Some security companies do give back to the community. GRISOFT offers a free version of AVG Anti-Virus 6.0 for single home users. Zone Labs offers a free version of the Zone Alarm firewall.

    Do you know of any other companies that offer free anti-viral or firewall software?

  3. So very, very true. by nordicfrost · · Score: 5, Informative

    "If you unblocked port 135 [an access point Blaster targeted] you would be found by Blaster," Lee says, adding that it would just be a matter of time.

    This happened when I installed a (legal) copy of Windows 2000 on my GFs old machine. Boom! Infected with Blaster on the first five minutes on the net, trying to D/L a firewall. Not to speak of the servicepacks... It happened so fast, I thought there was something wrong with the modem drivers, I downloaded via an iBook. I spent a lot of time getting that machine up. But as the family of the GF saw what happened, three persons became Apple converts that evening.

    My GF now has an iBook and is more productive on a computer than ever.

    1. Re:So very, very true. by wfberg · · Score: 3, Informative

      You can click on advanced in the TCP/IP setup during setup, and activate IP filtering, and deny all TCP connections (it blocks inbound only). It doesn't work during booting, so don't be hooked up to the internet during that.

      It's inexcusable that things like DCOM even listen to non-localhost connections by default, even moreso as windows NT/2k/XPproper firewalling. The times I've wished for ipchains on these things..

      --
      SCO employee? Check out the bounty
  4. Re:I wonder by merlin65537 · · Score: 5, Informative

    There is AntiVir which provides its software free for personal users, however it's in German only. I've used it on my Win2k system for a few years now. As far as I know it doesn't integrate with any e-mail-clients, but it recognized viruses in attachments as soon as I saved them to disk.

  5. Re:I wonder by merlin65537 · · Score: 3, Informative

    Well, just found out they do have an English version...

  6. Re:I wonder by Fex303 · · Score: 5, Informative
    Avast! Antivirus is free for home users. I've been using it for a while now and it's successfully picked up the few viri that have tried to visit my inbox. I've installed it on few machines (parents/friends computers) and I've had no probs so far.

    It's got auto-updates, Outlook add-on module, etc. All good. They want some info in lieu of registration, but it's non-spammy/invasive

    You can download it from here if you're so inclined.

    Disclaimer: I have nothing to do with Avast, beyond being a quite satisfied user of their software.

  7. Re:Unsafe by s7uar7 · · Score: 5, Informative

    How do you know? Without anti-virus software, unless a virus is doing something really obvious, such as rebooting your machine, you're not going to. I always find it amusing when I here people say they've been using Norton/McAfee/Whatever for 5 years and never had a virus. That's not their anti virus software, that's just luck. All they can be sure of is they've never had a virus their package can detect. Anti virus software doesn't make you immune from catching them, it just stops them spreading and (hopefully) makes cleaning up easier.

  8. Re:The Perfect Virus..? by gnu-generation-one · · Score: 4, Informative

    "I was thinking about how to design the "perfect" virus."

    (1) Virus intially comes in as an attachment. This is a decoy, we're not going for computers owned by retards this time.

    (2) Virus tests for one of the recent linux vulnerabilities. If it gets in, this indicates that we've got someone with a default unpatched install of Mandrake or whatever, who probably imagines they're immune. Plenty of time to proceed.

    (3) Virus has a look through the setup files of common FTP programs to obtain website passwords, connects to website, searches for .exe and .tar.gz files, uploads itself in their place. Virus knows that people will download the .tar.gz, configure, make, and install it, then run it without even looking at the source code.

    (4) Virus uploads a set of personal data to a hidden file on that website.

    (5) Virus goes through the ~/Mail folder, looking for username/password combinations mailed to the person by clueless companies such as maplin.co.uk, who email peoples' passwords in cleartext. Stores a list of all the data it's collected so far.

    (6) Virus sets up a backdoor, using port-knocking so that none of the "respond to virus with portscan" tools can find it.

  9. Re:I wonder by jaavaaguru · · Score: 4, Informative

    F-Prot antivirus is available for free for home users, and runs on Linux, Windows, BSD, DOS and Solaris. For the Unix-based systems, there is a nice GUI front end called xfprot.

    Smoothwall is a "best-of-breed Internet firewall/router, designed to run on commodity hardware, and to give an easy-to-use administration interface to those using it. Built using open source and Free software, it's distributed under the GNU Public License".

    --
    Follow me
  10. Re:Huh? by jaavaaguru · · Score: 4, Informative

    If the average person in front of a computer had an office suite with VB scripting turned off by default (typing up your homework in Word doesn't require it anyway), and the OS only executed files that were saved to disk and needed the execute permission turned on explicitly (I think Windows using NTFS has this option, but it's always on by default), then the "mouse clicking fools" wouldn't be doing so much harm. This is something that only the OS vendor can fix.

    --
    Follow me
  11. Re:I wonder by Anonymous Coward · · Score: 3, Informative

    A completely passive method (will not piss off local admins) is to run port monitoring software on your PC and watch port 3127; Any machine trying to connect to port 3127 is likely to be a Mydoom infected machine. Telnetting to port 3127 on one of these machines will get a login prompt, which indicates an infected zombie monitoring that port for commands. I ran portsentry on a Linux box (had to edit the config file to watch 3127) and within a couple of hours found three infected machines on our local network.

  12. Re:Ugh, these aren't viruses... by theCoder · · Score: 3, Informative

    Who modded this up as *insightful*? Translate this to biology: "parasites are exactly the same thing as biological viruses except at a bigger scale -- instead of merely infecting cells in one body, it (sic) infects bodies in a group (or city/colonly/ecosystem, etc)".

    Worms and viruses are both forms of malware, but they are not the same! They may have similar qualities, but they are not "exactly the same". Here's the critical difference -- a virus is not executable by itself. It is just some executable code that knows how to spread itself by infecting other executables (or in some cases, documents that contain executable code, like Word macro viruses). This is analogous to the biological world, where biological viruses are not full (as in independent) life forms (as I understand at least), but just a small amount of DNA in a container cell that knows how to infect a cell and replicate itself. A worm, like a parasite, is a distinct executable (organism) that just happens to need a host in order to run and spread. They are both bad, but they are distictly different.

    And the original poster is right -- there hasn't been a large scale outbreak of a real virus in quite some time (probably a combination of malware authors getting lazy, virus scanners getting better, and viruses being more difficult to transmit over the Internet).

    --
    "Save the whales, feed the hungry, free the mallocs" -- author unknown