Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Virus Squad

Posted by michael on from the 3-parts-hype-2-parts-drudgery-1-part-usefulness dept.

dncsky1530 writes "Sydney Morning Herald - The Virus Squad - 'A new species has been discovered. So new, it's still unnamed, but researchers are racing to tag it - before it spreads around the world. For the next 10 to 30 minutes, the computer virus or worm is dissected, analysed and identified... "On the day we detected MyDoom, we did another 18 viruses," says Paul Ducklin, Sophos's head of technology for the Asia-Pacific. "There are about 800 new viruses a month. And the unglamorous bit of our work is often the other 798."'"

23 of 175 comments (clear)

  1. Ugh, these aren't viruses... by tgd · · Score: 5, Insightful

    Maybe a lot of /. readers are too young to remember real viruses, or to have played around/collected them, but its been a decade since a real infectuous virus has gone around.

    If it can't infect any arbitrary EXE file, its not a virus, its a trojan or a worm, depending on wether or not its a moronic user or a security hole that allows it to enter the system.

    1. Re:Ugh, these aren't viruses... by interiot · · Score: 5, Insightful
      The main reason we needed to have a copy of the virus in every executable was because we were running on DOS, which doesn't usually support multiple programs running at once. And a lot of networks were little clumps of networked file systems.

      Now that the most common OS's support multiple processes at once, and the internet/web/email is the main thing that connects everybody (and writable network file systems are mainly only found in the workplace), viruses have naturally changed.

    2. Re:Ugh, these aren't viruses... by AndroidCat · · Score: 5, Interesting

      Back then, at lot of them didn't infect executables, but went for boot sectors like STONED. And there are arbitrary EXE infectors around still, but they tend to get noticed and whacked faster than ones that don't.

      --
      One line blog. I hear that they're called Twitters now.
    3. Re:Ugh, these aren't viruses... by MrAngryForNoReason · · Score: 5, Interesting

      Old schoool viruses tended to be designed to do damage. They infected as many files on the system as possible often destroying the file in the process.

      This approach is counterproductive if you want it to spread. Modern e-mail worms rarely show much evidence of their presence, if it seems like nothing is wrong then the user won't look for a problem. This leaves the worm free to mail itself to thousands of others and the system is added to the long list of compromised machines at the crackers disposal for DDoS attacks or spam relays.

      This is the same reason you don't get any 'wipe your hard drive on a certain date' viruses anymore. It isn't about doing damage it is about infecting as many machines as possible either for the 'fame' or to build up nets of infected drone machines for another purpose.

      I am surprised the article didn't mention the real reason MyDoom targeted SCO, it was a diversion. Spammers need new drone machines to send spam from but they don't want the backlash from being connected to a virus so they add in a diversion, the attack on SCO. This took the heat off the spammers and placed it firmly on the OSS community. And it worked, kind of, only recently has the spamming 'features' of MyDoom seen any press. For weeks all that was reported was how it was probably created by a OSS zealot lashing out at SCO.

    4. Re:Ugh, these aren't viruses... by AndroidCat · · Score: 5, Funny
      They seem to be running down Slashdot's Axis of Evil list for their merkins: SCO, Microsoft, and now the RIAA. We ought to be able to deduce the next MyDumb.n target.

      Slashdot could run a poll, but the answer would almost certainly be .. CowboyNeal.

      --
      One line blog. I hear that they're called Twitters now.
  2. Re:I wonder by prat393 · · Score: 5, Insightful

    Well, I have to wonder how well the whole antivirus industry is handling the problem; why release virus signatures instead of just changing the entire underlying security system in the operating system? It's things like viruses that make SELinux seem like a very good idea to me.

  3. Re:I wonder by BiggerIsBetter · · Score: 5, Insightful

    It's things like SELinux that make the status quo seem like a very good idea to the antivirus industry.

    --
    Forget thrust, drag, lift and weight. Airplanes fly because of money.
  4. Half-life of Viruses by Melvin+Daniels · · Score: 5, Insightful

    "There's still a big perception out there that only broadband users need one," Lee says. "Everyone needs a firewall, along with antivirus."

    This rings all too true. If forwarding ports for certain applications wasn't such a pain in the ass, I would say make ISPs require firewalls or find a way to have some sort of personal firewall for their connection that they can access from the internet and change the settings on. Just a thought.

    This would bring up other problems, but it'd at least stop a lot of problems with trojans and open relays.

  5. Huh? by Anonymous Coward · · Score: 5, Insightful
    Virus writers seem to be paying more and more attention to what makes people click - and that makes observers like Lee suspicious. "I'm sure these people are recruiting psychologists."

    How does that go?

    "I AM PR3PAr3D T0 0ff3R TH3 2um 0F tHR33 BaGz 0f Ch33zY P00fS 4 a 3l33T P2Ych0!og!st!!!"

    "While you clearly have abandonment issues, the practice has been hard up for money lately. Very well, I accept. But first, tell me about your mother."

    Look, it doesn't take a psychologist to explain that when you sit the average person in front of a computer, they become a mouse-clicking fool. No amount of emergency IT sessions with the staff explaining precautionary tactics involving attachments is going to change that, and if any psychologist recruitment is necessary it's to explain why the average person keeps clicking attachments to messages in obviously broken English.

    That's why blaming software vendors like Microsoft is stupid. Will four ARE YOU SURE YOU WANT TO RUN THIS warnings before allowing the execution of an attachment do any more than three?

  6. Re:I wonder by aheath · · Score: 5, Interesting
    I've also wondered about this. I suspect it is because it is extremely difficult to change an operating system that is designed with permissive security instead of restrictive security. In Mac OS 1.0 to 9.2, MS-DOS 1.0 to 6.22, and Windows 1.0 to XP anything that is not explicitly forbidden is allowed. Apple addressed operating system security by using a UNIX base to create Mac OS X. I suspect Microsoft will change from a permissive security model to a restrictive security model in Longhorn.

    I have been working as a consultant for small office and home office users since being laid of from Intel in 2002. The view from the small office and home office is very different from the view from within the IT industry. I've been working to educate my clients on the importance of regular backups, anti-viral protection and firewall protection. I spent the last two weekends removing viruses from computers that were on cable modem connections with no ant-viral software installed and no firewall installed.

    I am starting to think that I need to help my clients to protect their data and make their systems hard targets. I'd like to think that the virus problem will be addressed by operating system changes. However, the reality in the small office and home office is that operating system upgrades are almost always tied to the purchase of a new computer. Third party security products will continue to be important as long as users stick with what works for them today without worrying about what might be available tomorrow.

  7. Boy I sure will sleep better tonight... by igloo-x · · Score: 5, Funny

    ...safe in the knowledge that the VIRUS SQUAD are dissecting viruses for me AS WE SPEAK!

    ACTIVATE TEAM VIRUS SQUAD! GO FOR GLORY!

    1. Re:Boy I sure will sleep better tonight... by AndroidCat · · Score: 5, Funny

      When things get really tough, do they all join into a giant virus-fighting robot?

      --
      One line blog. I hear that they're called Twitters now.
  8. Re:I wonder by prat393 · · Score: 5, Insightful

    But how often do you run across a computer you have to service with expired virus subscriptions? It seems to happen to me quite a bit. I suppose M$'s virus scanner mentioned earlier on /. might help, but that reeks even more of conspiracy than the current "protection money" setup does.

    Rather than bundling a questionably legal virus scanner into their next service pack, Microsoft should perhaps add a tool that helps to lock down permissions on NTFS volumes, creates unpriveleged accounts for users and various services, etc. Even with the multitude of security holes, Windows can be made a lot harder to mess with, if you put a little work into. The key here is privelege seperation.

  9. Re:I wonder by aheath · · Score: 5, Informative
    I remember the days when anti-viral software was freeware or shareware. The anti-virus industry will have to adapt when Microsoft includes free anti-virus technology in Windows XP service pack 2. Assuming of course that the XP SP2 anti-virus software is robust and fully featured. Perhaps some of the anti-viral software companies will have to evolve from providing software to providing security conulting.

    Some security companies do give back to the community. GRISOFT offers a free version of AVG Anti-Virus 6.0 for single home users. Zone Labs offers a free version of the Zone Alarm firewall.

    Do you know of any other companies that offer free anti-viral or firewall software?

  10. Re:Conflict of interest.. by prat393 · · Score: 5, Interesting

    Well, the article hints at some sort of collusion between spammers and the author of MyDoom, but it seems like this would be the exception, even if it's true. The virus writers are in it for the fun, of course (not to mention revenge).

    It also seems possible that the antivirus companies themselves are writing the viruses, then charging to protect users against them, but this also seems unlikely, given the police investigations that inevitably follow major virus outbreaks.

  11. So very, very true. by nordicfrost · · Score: 5, Informative

    "If you unblocked port 135 [an access point Blaster targeted] you would be found by Blaster," Lee says, adding that it would just be a matter of time.

    This happened when I installed a (legal) copy of Windows 2000 on my GFs old machine. Boom! Infected with Blaster on the first five minutes on the net, trying to D/L a firewall. Not to speak of the servicepacks... It happened so fast, I thought there was something wrong with the modem drivers, I downloaded via an iBook. I spent a lot of time getting that machine up. But as the family of the GF saw what happened, three persons became Apple converts that evening.

    My GF now has an iBook and is more productive on a computer than ever.

  12. Re:AV companies? by benj_e · · Score: 5, Insightful

    programmers that prefer to spend their know-how writing code they will never get paid for, instead of selling their experience to someone who needs it and earn a lot of money

    Right, no one would ever write code for the joy of writing it. That's why this OSS fad will never take off...oh wait.
    --
    The Tao that can be spoken is not the one eternal Tao
  13. Unsafe by t_allardyce · · Score: 5, Interesting

    Its quite ironic that over the years ive downloaded a hell of a lotta dodgy programs from dodgy sites and P2P and never used an anti-virus tool and the only trouble ive had (never used outlook) is when i've connected an unpatched windows machine to the net and been infected in 3 minutes.

    --
    This comment does not represent the views or opinions of the user.
    1. Re:Unsafe by s7uar7 · · Score: 5, Informative

      How do you know? Without anti-virus software, unless a virus is doing something really obvious, such as rebooting your machine, you're not going to. I always find it amusing when I here people say they've been using Norton/McAfee/Whatever for 5 years and never had a virus. That's not their anti virus software, that's just luck. All they can be sure of is they've never had a virus their package can detect. Anti virus software doesn't make you immune from catching them, it just stops them spreading and (hopefully) makes cleaning up easier.

  14. Re:I wonder by merlin65537 · · Score: 5, Informative

    There is AntiVir which provides its software free for personal users, however it's in German only. I've used it on my Win2k system for a few years now. As far as I know it doesn't integrate with any e-mail-clients, but it recognized viruses in attachments as soon as I saved them to disk.

  15. Re:The Perfect Virus..? by AndroidCat · · Score: 5, Interesting
    With the professional turn in viruses, I wonder if we'll ever see an automated version of the Make Money Fast scam?

    At each hop in the infection, a virus could gather PayPal and other account information from the hard drive. That would be passed along in all the mailings it sends out to other machines, gathering more account info along the way. Once it travelled five hops, it would use the information to send five dollars to the account at the top of its list, remove top account, move the others up, repeat.

    The social engineering aspects are huge: "Gee, my computer has been infected, but if I wait until it's infected several other computers before removing it, I could make millions!" It could even come with a reassuring EULA: "This is really legal honest! The FTA said so!"

    There are privacy concerns, of course, but if it only passed on the account information required to deposit and not to withdraw money, I'm sure people would feel so much better about it. :^P

    --
    One line blog. I hear that they're called Twitters now.
  16. Re:I wonder by Fex303 · · Score: 5, Informative
    Avast! Antivirus is free for home users. I've been using it for a while now and it's successfully picked up the few viri that have tried to visit my inbox. I've installed it on few machines (parents/friends computers) and I've had no probs so far.

    It's got auto-updates, Outlook add-on module, etc. All good. They want some info in lieu of registration, but it's non-spammy/invasive

    You can download it from here if you're so inclined.

    Disclaimer: I have nothing to do with Avast, beyond being a quite satisfied user of their software.

  17. A couple of years ago... by cwsulliv · · Score: 5, Interesting

    I received a few emails with attachments which just smelled like worms, although neither the AV checker I had on my Linux system nor one of the online AV checkers identified them as infected. Curious about this, I saved them in a directory and rechecked them from time to time. It wasn't until 3 or 4 months later that the AV checkers fingered them as worms, and worms that had been floating around for almost a year. (I assume a virus writer must have tweaked the code on an existing virus just enough to make its signature unidentifiable as the original worm.)