Unprecedented level of Virus Alerts
arpy writes "iTnews reports that according to Trend Micro (makers of PC-cillin), there was a record-breaking level of virus alerts in the first quarter of 2004. In Q1 2003, Trend issued 35 virus warnings. During the same period this year, it issued 232. According to the company's annual virus round-up and forecast (PDF), the number of alerts was pretty much steady for 2001-2003. Particularly noteworthy is that so many of the viruses are variants, not original. Trend's April 2 Weekly Virus Report reveals that of the "Top 10 most prevalent global malware", the top five are all variations of Worm_NETSKY. This would seem to confirm Virus creators are sharing more code."
A quote from a journal entry from last September:
And so we come to the nightmare scenario. A relatively benign
parasite has infiltrated the general population and suddenly a very
"hot" parasite discovers how to piggy-back that infection. In the
blink of an eye - a day, an hour - 50% of Windows PCs around the
world are destroyed. It can happen, and therefore, it most probably
will.
Ceci n'est pas une signature
Clueless people deserve it. It's not just going to be the clueless... even those running AV software won't be protected from a super-fast-moving virus...
don't many of these viruses use the same vulnerabilities? if that's the case, doesn't that mean a statistic like this should be pointed to not as an indicator of rising numbers of viruses, but as an indicator of the lack of response from the applications being exploited?
:)
i'm not certain that these viruses use the same vulnerabilities, so my second question is pretty heavily weighted on the first
I've seen some pretty fast-moving viruses get past the very expensive virus-scanner we have at work, but the only one to get by the simple, free, procmail-based one I use at home is the stupid one where you have to open an encrypted zipfile.
. ht ml
./runMyVirus
http://impsec.org/email-tools/procmail-security
Now I have to ask, if users are dumb enough to open a password-protected zipfile in what sure looks like an obvious virus-generated message to me, aren't those users dumb enough to be convinced to chmod +x &&
I think this is evidence that no security system can realy be foolproof. The fools are just too persistent!
I would like to elaborate on that thought. Virus Scanners worked when there wasn't a vast connected network such as the internet. Trojans/worms took a helluva lot more time to propagate where now-a-days they spread extremly fast, a good example would be the DCOM worm. It was a lot more difficult to be infected by a virus such as michelango than today's malware if for no other reason than companies having more time to react.
There are few large virus threats in the past few years. Most of the stuff we see every day is technicall a worm.
Why are we married to calling everything virus related when it is actually the flash-spread of worms that pose the most risk?
The Morris worm was a wakeup call. It was the first large worm, and simultaneously the first Warhol attack. Today, the 'growing threat' is the idea of Warhol-type worms, even though the first such attack was back in the 1980s.
The future of security is probably in the department of protecting against blended threats. AntiVirus software that only deals with stuff on your disk isn't enough anymore. You need, in order of importance:
1. to adopt safer computing practices.
2. Have some type of firewall that limits external access to services you don't actively use.
3. A behavior based IDS (or similar technology)
4. Disk and memory AV (eg, a typical antivirus program)
5. Signature based IDS.
Signature based IDS is least important, especially if you have the firewall in slot 2 that negates most of the use of an IDS. Disk and memory AV is important, but since 99% of all user-originated content comes over the wire these days, the smart money is on 1, 2, and 3.
I suppose step 6 should be "Demand accurate coverage from technically competent news professionals that know the difference between the various threats". If your local anchorman said "Earthquake warning!" and it turns out it was a flood emergency, would you find that acceptable?
And writing them for the same reason for the same people. Money from spammers. Look how many of those new viruses open back doors for proxies and steal email addresses. I don't think that it is so the virus writers can send love notes anonymously.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
In a way, the antivirus industry always reminds me of the nobel profession of arms dealing. On the table you provide your clients weapens to "defend" themselves and to archieve and maintain peace. Off the table you know the business only flourishes when there is a war. Of course there is always a war, but your interest is in an all-out war. So what do you do if there is no such an all-out war going on? Don't panic, you simply make your clients believe there is one indeed. As soon as they believe you, you win.
If you don't know what I'm talking about, you shoudl read Vmyths more often.
My fault, I suppose, for leaving it the demilitarized zone. I'm just so used to Linux though -- the idea that a modern OS would permit such a thing to happen is ridiculous.
virus companies, who appear to have gone quite literally bananas
So have they turned into bananas, or have they just gone to banana rich lands? Sorry, but I can't see how one can literally go bananas.
-Colin
If this is such a problem, why has there been such little effort to actually fix it. There have been reactionary measures (patches, anti-virus), and overkill security that's years away (security at the hardware level). A HUGE chunk of viruses could be wiped out if
a) no more html email. Period. There's no reason for it other than making email look pretty. I've never run into a situtation where an informational email couldn't live without html.
b) No more attachments. Email isn't a file transfer protocol. There are many many many other safe ways to send files. Email was never meant to send binary attachments anyway. The RFC doesn't allow it. To comply, a dirty hack was created in which binary data is turned into plain text. But it's obvious email wasn't meant to be used in that fashion.
c) no more IE. No other piece of software has enabled so many viruses, adware, spyware, and shitware. IE is the malware enabler. I don't care if you use Opera, Mozilla, whatever, because pretty much everything is better than IE.
d) quit blaming the damn users. MS has designed an operating system to be used by the simpliest people on earth. Those whom have absolutly no computer experience at all. How can you blame them then when they open viruses? If you are going to design an operating system to be used by the masses, then you must implement security measures as if the user is clueless, because usually they are. Because you can open a virus without a warning, yet you can't modify your "Windows" directory without a myriad of warnings, makes me wonder how high a priority security really is to MS.
On the one hand, what I see is a 'cool' new trend in virus writing; "Wow! Cool! Like, I can re-script a code which will secure me lots of slave machines! Excellllllent. I want to play, too!"
On the other hand, it also strikes me as very convenient that the web should be pummeled right now when there is such a push to massively control EVERYTHING and EVERYONE on the planet. --How easy would it be for the fine people in black-ops-secret-shmecret-government to release a few hundred viruses into the wild?
Pretty damned easy, I'd say. But to what end?
Simple. Everybody is getting fed up. "Oh, please install new laws which allow us to punish spammers. Oh, please, mighty government, do SOMETHING to control the web so that I can get my email!"
The internet, at the moment, is THE prime source of real information and world-wide communication. You can say here, out in the open, "BUSH IS A LIAR AND A CRIMINAL" And link to a hundred sites which explain -with detailed evidence- exactly why this is so.
Fascist governments don't appreciate this. Machiavelli recommended the swift destruction of dissidents who speak such things, in order to control a kingdom.
230 new script kiddies a month releasing malignant code into the wild, or a handful of unimaginative agents bent on pissing everybody off so much that they start begging for leashes?
I don't know. But it wouldn't surprise me in the slightest to find out that the assholes -once again- are in charge.
-FL
No, it did (does) work. It was simply more profitable to sell a program that requires frequent updates for each new threat. See e.g. Better antivirus software is worse than a virus?
Anti Virus makers are among the more profitable companies around, sure that they want to make it look like this is a gigantic threat.
...
Companies that
* Use a firewall
* Enforce the use of "RunAs" for all critical operations
* Dont use Outlook
Avoids 99.999999 % of all of viruses
...is because the virus writers are too scared for being caught. Just take a look at the figures of the most virulent worms of the last 2 years. They did infect a substantialy large part of the open Windows systems in the first 10-15 minutes.