Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Creators Sharing More Code

Posted by timothy on from the therefore-a-witch dept.

arpy writes "The Washington Times is carrying a report on a 5% increase in publicly available virus code in 2003 (based on a Symantec report). There are now about seven versions of MyDoom, and at least 14 each of Netsky and Beagle. Explains why my email account is overloaded with these little bastards. PC World is reporting changes in the countries that virus are originating from: Australia shot from 14th place to 5th over the last six months of 2003! The source of these stories seems to be the March 2004 Symantec Internet Security Threat Report." (This last requires registration to download.)

5 of 205 comments (clear)

  1. Re:Now that there is more code available... by eraserewind · · Score: 4, Informative

    Yes, and it caused more damage than the one that it was supposed to be protecting you against. It was the only worm/virus so far to cause a global outage in the company where I work.

  2. Quick fix: by KodaK · · Score: 4, Informative
    MailScanner + SpamAssassin + Clamav.

    Stops unwanted mail dead.

    Finally be able to stop bitching about your inbox.

    100% Free.

    Small catch: you need your own mailserver. Answer: add procmail to your recipie. Ha, get it?

    MailScanner
    SpamAssassin
    ClamAV

    --
    --J(K) DOS is like Unix in exactly the same way that a pinto is like an aircraft carrier.
  3. Re:Now that there is more code available... by devnull17 · · Score: 3, Informative

    As for cleaning out the mal-ware, can anyone tell the difference between the OS and 3rd party stuff?

    Not without gaining a pretty good knowledge of Windows internals. Once you've been, um, blessed with such a gift, it becomes pretty obvious what's real and what isn't, at least as far as processes and services go.

    That's only useful in diagnosing major problems, though. (Like when MSBlaster went around.) And cleaning things out completely is really tough: most malware automagically respawns all of its components unless you manage to remove all of them simultaneously, and I've even seen tricks played with filehandles that can't be closed without rebooting, upon which everything is reinstalled. Generally, I just run Ad-Aware about once a week. Why spend so much time scouring your machine and googling filenames when there's cheap or free software to do it for you?

  4. Re:Now that there is more code available... by GTRacer · · Score: 3, Informative
    Why spend so much time scouring your machine and googling filenames when there's cheap or free software to do it for you?

    [KifKroker]Why indeed?[/KifKroker] Periodically, I start my work PC (they admin, but it's still vulnerable) and pull up a process list and printscreen it. From there, I compare to my last baseline to see if anything's changed and why.

    Figuring out what was mal-ware and what 7 processes belonged to Novell was interesting. I learned about a couple of questionable services, and I learned more about what bloat-ware MS and Novell have foisted upon me. However, I *ALSO* run AA and Proxo (to keep crap from getting in via ActiveScript or JScript).

    If I ever do get permission to admin this thing, I'll know where to swing the axe first!

    GTRacer
    - Restrictive noob-oriented SysPols suck!

    --
    Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
  5. Re:Antivirus Advantage by Bombcar · · Score: 3, Informative

    I'm waiting for the virus that, in addition to spreading itself, will email out random Word docs found on the hard drive. This is more than a nuisance, it could potentially damage 1000s of companies. Imagine a Word doc getting out that contained corporate secrets.

    I believe either the Melissa virus or Sircam already did that.

    See Dan's Data for more info.

    --
    Fellowship 9/11