Slashdot Mirror
Unprecedented level of Virus Alerts
arpy writes "iTnews reports that according to Trend Micro (makers of PC-cillin), there was a record-breaking level of virus alerts in the first quarter of 2004. In Q1 2003, Trend issued 35 virus warnings. During the same period this year, it issued 232. According to the company's annual virus round-up and forecast (PDF), the number of alerts was pretty much steady for 2001-2003. Particularly noteworthy is that so many of the viruses are variants, not original. Trend's April 2 Weekly Virus Report reveals that of the "Top 10 most prevalent global malware", the top five are all variations of Worm_NETSKY. This would seem to confirm Virus creators are sharing more code."
Especially on IRC. Quite a few IE/mIRC trojans/viruses. Too bad so many users are so clueless and will click anything that looks like it might be porn.
Its reactionary, they cant predict what people will code. Its sad that they give people a false sense of security.
A quote from a journal entry from last September:
And so we come to the nightmare scenario. A relatively benign
parasite has infiltrated the general population and suddenly a very
"hot" parasite discovers how to piggy-back that infection. In the
blink of an eye - a day, an hour - 50% of Windows PCs around the
world are destroyed. It can happen, and therefore, it most probably
will.
Ceci n'est pas une signature
that there are lots of pissed off wanna be script kiddies, who are not happy with the way the world is heading, and see it as their duty to try and throw a spanner in the works.
Clueless people deserve it. It's not just going to be the clueless... even those running AV software won't be protected from a super-fast-moving virus...
Well, there are even program's that can "make" a virus for you. So it is not strange you get more and more every day. I see it also on my box. How many times i have seen "Netski"... But it's good that the virusses aren't getting any "better". Like screwing up your bios or something like that.
don't many of these viruses use the same vulnerabilities? if that's the case, doesn't that mean a statistic like this should be pointed to not as an indicator of rising numbers of viruses, but as an indicator of the lack of response from the applications being exploited?
:)
i'm not certain that these viruses use the same vulnerabilities, so my second question is pretty heavily weighted on the first
A record number of viruses, and yet I've had no trouble with any viruses on my main machine (FreeBSD), my laptop (Debian) or the family computer (Redhat).
455fe10422ca29c4933f95052b792ab2
I just block everything that isn't a document of some sort. Haven't had any problems at my company since.
The unfortunate reality is that some viruses may affect you even if you aren't infected. Massive virus outbreaks are like spam: both generate large amounts of junk traffic that slow everyone's connection.
I've seen some pretty fast-moving viruses get past the very expensive virus-scanner we have at work, but the only one to get by the simple, free, procmail-based one I use at home is the stupid one where you have to open an encrypted zipfile.
. ht ml
./runMyVirus
http://impsec.org/email-tools/procmail-security
Now I have to ask, if users are dumb enough to open a password-protected zipfile in what sure looks like an obvious virus-generated message to me, aren't those users dumb enough to be convinced to chmod +x &&
I think this is evidence that no security system can realy be foolproof. The fools are just too persistent!
It also indicates a couple of other things:
- Outlook/Outlook Express need to die (or at the very least patched properly)
- Internet Explorer suffers the above affliction (and by implication, so does Windows as a whole)
- People never patch their boxes, even when patches are released
Since I am the "nerd" of the family, I get to make regular house calls to cleanse this shit from people's computers. I gotta say, the article is absolutely right. The number of worms, viruses, etc is insane this year.It's only a matter of time until one of these is truly destructive... Perhaps a fortunate side-effect would be the world waking up to why Microsoft software is so horrible.
bash: rtfm: command not found
There are few large virus threats in the past few years. Most of the stuff we see every day is technicall a worm.
Why are we married to calling everything virus related when it is actually the flash-spread of worms that pose the most risk?
The Morris worm was a wakeup call. It was the first large worm, and simultaneously the first Warhol attack. Today, the 'growing threat' is the idea of Warhol-type worms, even though the first such attack was back in the 1980s.
The future of security is probably in the department of protecting against blended threats. AntiVirus software that only deals with stuff on your disk isn't enough anymore. You need, in order of importance:
1. to adopt safer computing practices.
2. Have some type of firewall that limits external access to services you don't actively use.
3. A behavior based IDS (or similar technology)
4. Disk and memory AV (eg, a typical antivirus program)
5. Signature based IDS.
Signature based IDS is least important, especially if you have the firewall in slot 2 that negates most of the use of an IDS. Disk and memory AV is important, but since 99% of all user-originated content comes over the wire these days, the smart money is on 1, 2, and 3.
I suppose step 6 should be "Demand accurate coverage from technically competent news professionals that know the difference between the various threats". If your local anchorman said "Earthquake warning!" and it turns out it was a flood emergency, would you find that acceptable?
Clueful people don't run AV software. Clueful people (even if they use Windows for a desktop) keep important files backed up on a different server, running a different OS from their regular desktop.
Most of my files from the Linux machines are backed up on my FreeBSD machine; neither Linux nor FreeBSD are guaranteed secure, but the chances of both machines being vulnerable at the same time is exceptionally remote.
455fe10422ca29c4933f95052b792ab2
And writing them for the same reason for the same people. Money from spammers. Look how many of those new viruses open back doors for proxies and steal email addresses. I don't think that it is so the virus writers can send love notes anonymously.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
In a way, the antivirus industry always reminds me of the nobel profession of arms dealing. On the table you provide your clients weapens to "defend" themselves and to archieve and maintain peace. Off the table you know the business only flourishes when there is a war. Of course there is always a war, but your interest is in an all-out war. So what do you do if there is no such an all-out war going on? Don't panic, you simply make your clients believe there is one indeed. As soon as they believe you, you win.
If you don't know what I'm talking about, you shoudl read Vmyths more often.
SPAMMERS...
The worm/virus explosion is because RBLs are WORKING, and spammers are finding less IP space they can operate from. Their only alternative is to infect client PCs and turn them into proxies. Any mail admin can tell you this is what's happening. RBLs are working. Now if we can get the ISPs to enforce their Terms of Service and shut down compromised PCs, along with the authorities who may at some point get off their lazy asses and start putting some of these spammers in jail, we'd have 99% less virus/worm propagation. Occam would agree. Lobby your District Attorneys to stop prosecuting Tommy Chongs and do something in the public interest and the world will be a better place.
As more people get broadband, it makes sense for spammers to pay someone to write viruses/worms so that more spam can be sent via the infected computers with fat pipes. It's harder to close down the offenders as there are so many, and difficult to trace back to the culprit. As a bonus they can use the zombies to initiate DDoS attacks against anti-spam sites.
Hardly. This is just blaming the victim. A poor policy.
Relying on education and technological cures assumes that malware is a static target, but it's not. If you rely on improving people's understanding of viruses, you simply get viruses that act smarter and look like official emails. If you improve technology, you get viruses that actively target that technology itself (look at the BlackIce incident).
Technological solutions just create an arms race, and we've seen how well that works. Look at your inbox... the grim rise of noisemail is hardly a sign of success.
The solution is to acknowledge the nature of the problem: it follows the same laws as those of organic parasites, and the same solutions may be the only ones that work: perpetual change for the sake of change; trading of resistance; variety in place of standardization.
Ceci n'est pas une signature
Couldn't you just... not use IE? It's really that simple. There are other browsers.
My fault, I suppose, for leaving it the demilitarized zone. I'm just so used to Linux though -- the idea that a modern OS would permit such a thing to happen is ridiculous.
Reports lots of virii. Film at, meh.
If you were blocking sigs, you wouldn't have to read this.
virus companies, who appear to have gone quite literally bananas
So have they turned into bananas, or have they just gone to banana rich lands? Sorry, but I can't see how one can literally go bananas.
-Colin
First from a place near me a small town in South Dakota. Then from some shitty ISP in Texas, and now one originating from the UK. Every time I laugh and look at the .exe file thinking, yeah let me just load up wine and run that right away. Shit, like I use wine. Pffft. Send it to someone who runs an MS based system. I'd love to know how they got my email, I don't even give it to my family.
And we all know what end lusers do when their computer complains mightilly don't we? Yes, thats right - they just keep clicking ok until the annoying popup "you're getting infected with a virus" windows disappear :)
http://blog.nexusuk.org
> Any form of Microsoft Office document can contain VBA code, and therefore possibly a virus.
How long has Macro security been set to high by default now? 2 years? 3?
You dont have to be on Windows to get 100 NETSKY emails a day. I would say this is a problem for all platforms no matter what platform the virus is aimed at.
If this is such a problem, why has there been such little effort to actually fix it. There have been reactionary measures (patches, anti-virus), and overkill security that's years away (security at the hardware level). A HUGE chunk of viruses could be wiped out if
a) no more html email. Period. There's no reason for it other than making email look pretty. I've never run into a situtation where an informational email couldn't live without html.
b) No more attachments. Email isn't a file transfer protocol. There are many many many other safe ways to send files. Email was never meant to send binary attachments anyway. The RFC doesn't allow it. To comply, a dirty hack was created in which binary data is turned into plain text. But it's obvious email wasn't meant to be used in that fashion.
c) no more IE. No other piece of software has enabled so many viruses, adware, spyware, and shitware. IE is the malware enabler. I don't care if you use Opera, Mozilla, whatever, because pretty much everything is better than IE.
d) quit blaming the damn users. MS has designed an operating system to be used by the simpliest people on earth. Those whom have absolutly no computer experience at all. How can you blame them then when they open viruses? If you are going to design an operating system to be used by the masses, then you must implement security measures as if the user is clueless, because usually they are. Because you can open a virus without a warning, yet you can't modify your "Windows" directory without a myriad of warnings, makes me wonder how high a priority security really is to MS.
Just more proof that terrorists are stupid in the head
It's symbolism dude. Busting hidden computers (even though these may hold every micron of your life's detail) doesn't make for much news copy. Blowing up the two tallest buildings in a prominent skyline on the other hand.....
My Favourite Meme
On the one hand, what I see is a 'cool' new trend in virus writing; "Wow! Cool! Like, I can re-script a code which will secure me lots of slave machines! Excellllllent. I want to play, too!"
On the other hand, it also strikes me as very convenient that the web should be pummeled right now when there is such a push to massively control EVERYTHING and EVERYONE on the planet. --How easy would it be for the fine people in black-ops-secret-shmecret-government to release a few hundred viruses into the wild?
Pretty damned easy, I'd say. But to what end?
Simple. Everybody is getting fed up. "Oh, please install new laws which allow us to punish spammers. Oh, please, mighty government, do SOMETHING to control the web so that I can get my email!"
The internet, at the moment, is THE prime source of real information and world-wide communication. You can say here, out in the open, "BUSH IS A LIAR AND A CRIMINAL" And link to a hundred sites which explain -with detailed evidence- exactly why this is so.
Fascist governments don't appreciate this. Machiavelli recommended the swift destruction of dissidents who speak such things, in order to control a kingdom.
230 new script kiddies a month releasing malignant code into the wild, or a handful of unimaginative agents bent on pissing everybody off so much that they start begging for leashes?
I don't know. But it wouldn't surprise me in the slightest to find out that the assholes -once again- are in charge.
-FL
No, it did (does) work. It was simply more profitable to sell a program that requires frequent updates for each new threat. See e.g. Better antivirus software is worse than a virus?
Anti Virus makers are among the more profitable companies around, sure that they want to make it look like this is a gigantic threat.
...
Companies that
* Use a firewall
* Enforce the use of "RunAs" for all critical operations
* Dont use Outlook
Avoids 99.999999 % of all of viruses
What the fuck is a virii?
Yes, OS X, BSD, and the various Linux distributions (i.e. Debian, Mandrake, SUSE, or RedHat ). All easy to install, all easy to maintain, all easy to use. OS X comes pre-installed by the OEM and an increasing number of Linux distros are, too.
Furthermore, the layered structure of the OSes and separation of privileges means that these are resistent to future viruses as well as immune to those available today. Yes, apologists and astroturfers like to ignore that as well as blame users. But even if, and that's a big if, market share has more effect than design flaws, it will take quite some time for the virus activity to shift and during that time, businesses and users have come out ahead. Right now, die hard ideologs who refuse to drop a defective product are costing billions of dollars per quarter, a not insignificant number when you think how many jobs could be kept rather than downsized or outsourced in these increasingly bad economic times for the U.S.
How about a little focus? The title should have been "An Unprecedented level of MS Virus Alerts" and steer users off of the hamster wheel. From easy to hard, these are just a few of the many options:
1. Use WordPerfect, StarOffice or OpenOffice instead. 2a. Use Eudora, Evolution, or Pine instead. 2b. Use Mozilla, Firebird, or Opera instead. 3. Use one of the above resistent / immune OSes instead.Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
As more and more computer illeterate people switch to Linux, viruses will become a problem too:
The point here is that your average Linux user is technically much more competent than the average Windows user. Viruses on Linux are having a hard time, not only because of the superior security model of Unix-like systems, but also because those systems are having better admins and users!
cpghost at Cordula's Web.
And what happens if someone addressing email to more than one person accidentally chooses that address, and then fires off their email without noticing it?
Their internet access gets cut off then you get a nice irate phone call about their internet access going offline after hitting the send button.
Even Simple Heuristics could probably have ensured that netsky wasn't so prevalant. I'm tired of seeing new variants of this virus appear in my kapersky scanned inbox with attachments (sometimes zipped) called something.txt[space][space][space][space][space][s pace][space][space].exe
It'd take nothing for Kapersky to update thier scanner to be able to identify this as probably malicious code. The fact that they haven't is extremely frustrating.
Training monkeys for world domination since 1439
Are sharing code, then it stands to reason that keeping your system proactively patched protects you from more and more virii.
It's getting to the point at the office that all new virii noise on the IDS box is laptops coming in from the VPN. I can see a spike in traffic from one laptop, which gets reported to the Help Desk for cleaning, and the net result to the rest of the (properly patched) network sees NO negative result.
"Draco dormiens nunquam titillandus."
I admit, I use Windows, but I'm migrating to Mandrake, so lighten up here if this sounds like the typical "pissed-off ex-Windows user."
If you're a tech, and you do work on people's PCs, tell them about these. There is no excuse not to have these measures implemented on each and every PC in the world.
1: Routers. If you have a broadband connection and _any_ box, be it Windows or Linux, there is no damn reason _not_ to have a router with the newest firmware revisions and a _changed_ administrative password (not admin/admin like on so many Linksys WLANs I've found on my PubTrans rides home). It will stop about ninety-nine percent of outside attacks at that level.
Even a cheap-ass Linksys BEFSR41v3 will do wonders to stop outside attacks ($50 at Fry's, by the way). I know; I'm running one of those on my home LAN.
2: Remove IE/OE or keep them from integrating into the kernel in any way, shape, or form. As is, they're too tightly twined with explorer.exe and as such, that open the door for a _world_ of pain (CoolWebSearch, anyone?).
Recommended alternatives: Firefox (though it has issues with PDFs in Windows), K-Meleon, Opera, Firebird, Mozilla, Eudora (light mode _ONLY_ unless you're going to pay for it; it included Cydoor spyware in earlier versions), Thunderbird, et cetera.
3: Get a decent antivirus program and software firewall in addition to your external measures. Grisoft's AVG is free and it updates on pretty much a daily basis, and ZoneAlarm is free if they don't want something better (like a spare AIX UNIX box between their machines and the Internet).
That's enough for the casual home user.
Hell, if you don't protect your PC, you don't deserve to have it.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
Why would that matter? In the 80s, all of the worms, viruses and exploits were for UNIX machines, becuase that's what the Internet was.
Now, the Internet is Windows boxen, so that's what the virus writers are targeting.
Pointing out that 'all those worms are targeted at windows!' is like pointing out that thieves target rich people.
Vintage computer games and RPG books available. Email me if you're interested.
It looks like virus writers have switched to an open source model that is quite effective for attacking PCs. Just furthers the proof that open source programming really works. I use a Mac so I haven't had any problems at all. Security through obscurity? Nah- if that was the case then PC hackers would and would be able to make viruses that messed up Macs And linux boxes. And its not that simple to do that given there security minded design. PC users- look at it this way; they are going easy on you, it would be just as easy to design virii that simply deleted all of your files and erased your disks!
411 Y0UR 8453 4R3 8310NG 70 U5!! -NSA
They can work on Unix almost exactly like on Windows.
No, they wont, and never will. Viruses on Windows are a problem because of sloppy coding, too many ports are open by default, poor privilege separation, and ease of auto-execution. Now while there might be plenty of sloppy coding in modern Linux distributions, none of them suffer from the other three problems. And while yes its possible to write a script that would send out an email with the script attached to everyone in your address book, you'd have to jump through more hoops to do so. Each hoop greatly reduces the number of people that will be susceptible to the virus.
often it really is a case of uneducated users
And even more often its a case of Microsoft having an insecure operating system by default. What annoys me is the people who say "its the responsibility of the administrator to make sure its secure." For servers, yes that's true. But there is no excuse for not having a desktop operating system be secure out of the box.
The only thing that privilege separation under Linux does is prevent the user from listening on ports under 1024 to open backdoors.
AND from altering/destroying the operating system, AND from messing with the files of other users on the system. Both of those things are very easily done with Windows as the default is to have the first user be an Administrator.
The only thing separating us from Windows users at the moment are the small market share, and the fact that most Unix users are somewhat more clueful about computers.
No, unless someone writes an suid mail client for linux that executes attachments, it wouldn't matter if Linux had 100% marketshare and every user was an idiot, it still wouldn't have but a fraction of a percentage of the problems that Windows continues to have.
...is because the virus writers are too scared for being caught. Just take a look at the figures of the most virulent worms of the last 2 years. They did infect a substantialy large part of the open Windows systems in the first 10-15 minutes.
Wow. I guess I keep forgetting that Bush's psychopathic nature is not always commonly recognized. This seems amazing to me, but then I forget sometimes what it is like to be caught within the fog of manufactured reality. That's the nature of the psychopath, after all, but it takes two to tango.
I would strongly encourage you to do some reading and research into the matter. After all, you are the only one there is who can be depended upon to grow your knowledge structure. It would be a good idea to explore beyond old boundaries, especially now when the information is there for the taking. This may soon not be the case!
Good luck to you!
-FL