Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Creators Sharing More Code

Posted by timothy on from the therefore-a-witch dept.

arpy writes "The Washington Times is carrying a report on a 5% increase in publicly available virus code in 2003 (based on a Symantec report). There are now about seven versions of MyDoom, and at least 14 each of Netsky and Beagle. Explains why my email account is overloaded with these little bastards. PC World is reporting changes in the countries that virus are originating from: Australia shot from 14th place to 5th over the last six months of 2003! The source of these stories seems to be the March 2004 Symantec Internet Security Threat Report." (This last requires registration to download.)

19 of 205 comments (clear)

  1. Now that there is more code available... by djeaux · · Score: 5, Funny
    ...when will someone write a worm that infects vulnerable Windows (or Linux, for that matter) boxen & surreptitiously applies all the latest security patches, cleans out the mal-ware & defrags the hard drive?

    The folks whose machines are that vulnerable probably need a little "housekeeping" help...

    --
    "Obviously, I'm not an IBM computer any more than I'm an ashtray" (Bob Dylan)
    1. Re:Now that there is more code available... by Necrobruiser · · Score: 5, Funny

      applies all the latest security patches, cleans out the mal-ware & defrags the hard drive?

      What? And put all of us MCSEs out of work?

      Damn. I knew my job was gonna get outsourced....

      --
      "I planned within my means and got a fixed rate mortgage, so where's MY bailout?" -cafepress
    2. Re:Now that there is more code available... by PhrostyMcByte · · Score: 5, Insightful

      I've seen a few viruses that do this. One was written from the MyDoom worm, and patched the hole after using it to get in.

      While the person who wrote it had good intensions, the network traffic turned out to be devastating for some businesses, and caused more trouble than leaving it alone would have.

      Not to mention, it is still illegal. Just like going into a sub7 zombie to remove the trojan that is ddosing you is illegal.

    3. Re:Now that there is more code available... by SpaceLifeForm · · Score: 5, Interesting
      Well, now Microsoft plans to have a Windows machine automagically download and patch itself.

      "The key for customers is getting these patches down," Muglia says. "The biggest issue right now is that when we issue a patch, it can take them weeks to get it installed after they're done testing it. We want it done right away."

      Yeah, right. The customer is not going to test first because Microsoft says it's ok?

      But it probably won't defrag the harddrive. As for cleaning out the mal-ware, can anyone tell the difference between the OS and 3rd party stuff?

      --
      You are being MICROattacked, from various angles, in a SOFT manner.
    4. Re:Now that there is more code available... by O2n · · Score: 5, Funny

      Actually the danger is not the 5% more virus code available, it's more about the 35% more windows code on the loose.

    5. Re:Now that there is more code available... by Anonymous Coward · · Score: 5, Funny

      Damn. I knew my job was gonna get outsourced....

      Suddenly all of those "go away or I will replace you with a very small shell script" t-shirts start to make a lot more sense...

  2. Antivirus Advantage by ziondreams · · Score: 5, Interesting


    Wouldn't the open source of these viruses be an advantage to the Antivirus folks? (Symantec, Norton, etc.) I mean, if they know the basics of the virus, wouldn't it be easier to defend against them? (I don't have much experience in the realm of viruses...just curious!)

    --
    01000001 01011001 01000010 01000001 01000010 01010100 01010101
    1. Re:Antivirus Advantage by whaley · · Score: 5, Insightful

      there's probably more script kiddies out there who could create a 'new' virus from the source code than there are antivirus analyzers who have trouble unpacking & disassembling a new virus.

      About not updating antivirus, well when people get a Norton Antivirus (with 60-day subscription) with their new pc, they're bound to assume it will still do its job after those 60 days.

      The good thing is that more and more ISPs are using scanners like ClamAV to scan mails before they reach the customer.

  3. Ballmer & Gates are right by Anonymous Coward · · Score: 5, Funny

    Open Source software really is viral!

  4. Doesnt mean too much trouble by moberry · · Score: 5, Insightful

    Any little kiddie who is going to copy a virus and change some code around isnt going to get very far, because the virus scanner is still going to pick it up. It would involve magor changes to change the virus enough for the scanner not to pick it up as the orignal virus. Just look at the last few varients of MyDoom, they hardly made a dent. As long as end users have updated scanners it should not pose as much of a problem.

  5. uh oh ... by Average_Joe_Sixpack · · Score: 5, Funny

    "Virus Creators Sharing More Code"

    Does this mean Norton and McAfee are going to merge companies ?

  6. They don't have to give it away to share by 31415926535897 · · Score: 5, Insightful

    The nature of most viruses and worms means that they are shared quite ubiquitously. If you have received any of these viruses, then you have the code that makes them work. It's not hard to reverse engineer most code, and it's even easier if the language is something like VB script.

    I remember getting the Anna Kornukova virus 4 years ago and just inspecting the script to see exactly how it worked. It would not be tough for a script kiddie to take that and modify it enough to get past virus filters. I'm sure there is virus code sharing, and I'm sure it's increasing, but if you really want to get your hands on the code, the author doesn't even need to intend to share it, he already has!

  7. Ladies and Gentleman... WE GOT THEM! by Anonymous Coward · · Score: 5, Funny

    It's so obvious.. all we have to do is trick these virus writers into putting some SCO code into one of these viruses. They can put it between /** **/.. it doesn't matter. If they do that, SCO will pursue them to the ends of the earth!

  8. Time to update the antivirus model? by serene.geek · · Score: 5, Interesting
    Slightly OT, but part of the frustration of this huge spike in virus activity for me is the fact that our antivirus product is still based on a model that is becoming outmoded. The old model strives to protect against situations in which viruses are piggybacking on legitimate content that someone actually wants. As a result, it's strength is:

    1. Detect

    2. Clean

    3. Deliver if cleaned

    4. Quarantine if not

    Problem is, about 99% of viruses that have come into our firm in the last 6 months have been nothing but virus - no legitimate content. Despite this, our antivirus tool has no option to use its 'knowledge' of the 100% illegitimate messages and simply delete these outright.

    In order to avoid the possibility of quarantining legitimate content, we are still detecting and cleaining, which still lets hundreds of confusing messages through to the users.

    I know there are other products which will eliminate this kind of traffic altogether, but it seems to me that a few minor changes to (at least our) current antivirus products could dramatically improve the situation for us.

    Are the other major mail-server based "pure" antivirus products any better than Mcafee?

    --
    ---------- It tingles because it's working.
  9. you're wrong by segment · · Score: 5, Insightful

    they hardly made a dent. As long as end users have updated scanners it should not pose as much of a problem Obviously you probably are not in the system administration field, ISP field, or anything similar. Right now I work in the ISP field, and you have no idea of the nuisances cause by the same repetitive viruses going on right now. Try explaining to Joe Blow common users why they're receiving messages from management, staff, security@someisp.com telling them their account will be terminated if they don't open foo file. Most don't know what a spoof is, and most don't understand why their dial up connections are now giving them errors.

    Along with antivirus sofware which - some go through autoupdates, try explaining to users why they need to run their antivirus software after an update. See most people outside of the geek world would believe that an autoupdate from Symantec, or McAfee or others is automagically going to take care of itself, and it's not. Sure people here may know, but not everyone is Top Geek.

    Whenever I talk to friends who don't know much about computing I try to liken it to human diseases and medicine, and those vaccination shots Americans have to take as kids going to school: "If you had diabetes you need insulin, if you go to the pharmacy and get that insulin but bring it home and put it on the table, your doing nothing. Think of an autoupdate from an antivirus company as doing just that. You got the medicine now, why leave it on the table. You have to use it." Most of the times they understand afterwards and ask silly things like well why doesn't the program do it itslef. Some antivirus software does after some configuration some doesn't.

    For anyone to think that; someone outside of the computing - is going to have an understanding of this, you're wrong. If this were the case, there would be no more viruses. People are too trusting and naive sometimes, and no antivirus software is not going to detect anything. Has anyone not seen viruses that disable firewalls, antivirus software altogether, because I know I have dealth with people becoming infected with such. You can't base your experience with that of Joe Blow, it's apples and oranges.

    --
    MoFscker
  10. The blame for viruses by Baron_Yam · · Score: 5, Insightful

    Users are generally like people who leave their car unlocked and then complain that their radio is missing when they get back.

    Yes, they're stupid, but in the end the thief is the guilty one.

    Virus writers are a great justification for the total elimination of privacy on the Internet. Imagine if you could use ISP logs to trace a virus right back to the first transmission, and then to the source. You could find the prick, drag him to the city limits, and dangle his corpse from a tree as a warning.

    Sadly, while I wouldn't mind executing the jerks who assault our information infrastructure, I do value my semi-privacy.

  11. In other news... by galen · · Score: 5, Funny

    ...legitimate programmers continue to reinvent the wheel.

  12. Computer viruses and Biological viruses by Seoulstriker · · Score: 5, Interesting

    One was written from the MyDoom worm, and patched the hole after using it to get in.

    That sounds freakishly like some biological viruses that recombine its genetic information into the host chromosomes which effectively seals off the cell from further attack by viruses, so that it can do its work safely without interference.

    If virus makers actually learn how to recombine their code into standard windows libraries and the code is then free to work without interference, the Windows users wouldn't know that they are actually infected until some future date when their credit card numbers are stolen/hard drives reformatted/etc.


    In fact, the whole idea of sharing the code of viruses is similar to the idea of recombinatorial DNA in viruses and bacteria: effective code from one virus can be transferred and incorporated into another virus/bacterium (plasmids) to make an even stronger pathogen. Scary stuff.

    --
    I am defenseless. Use your button. Mod me down with all of your hatred.
  13. An introduction to viruses by chrysalis · · Score: 5, Funny

    A lot /. readers are not familiar with Windows and may ask what "virus" means in computer science. So in order to better understand this article, here's a short presentation.

    Virus are popular peer-to-peer sharing systems designed and optimized for Windows platforms.
    Great features of these systems over other P2P systems :
    - It's free software, although the license is often missing.
    - They are very well maintained. New versions are released almost every day.
    - They are easy to use : no need for a GUI, no need for a CLI, everything is fully automated.
    - Updates are also automatic.
    - No need to tweak your firewall, popular viruses can work on port 25 using a SMTP-like protocol.

    In order to join this community, you just have to run an installer called "outlook.exe". To improve your experience, the "internet explorer" add-on is also recommended.

    And how handy, the installer and its add-on are part of the vanilla "Windows" installation CD set. No need to download anything and no registration is required. Very convenient.

    Once the installer ("outlook.exe") has been started, an Evolution-like interface pops up. This is bloat, it can be safely ignored. Directly go to the "add contact" panel and fill in email addresses of friends you want to share executable with. Wait a few minutes (check the internet link is ok) et voila, viruses are automatically downloaded, installed and configured.

    You know understand why this p2p system is so popular in the Windows world : easy to install, easy to use, and the operating system keeps a lot of unfixed security holes in order to avoid breaking backward-compatibility with older viruses.

    --
    {{.sig}}