Unprecedented level of Virus Alerts
arpy writes "iTnews reports that according to Trend Micro (makers of PC-cillin), there was a record-breaking level of virus alerts in the first quarter of 2004. In Q1 2003, Trend issued 35 virus warnings. During the same period this year, it issued 232. According to the company's annual virus round-up and forecast (PDF), the number of alerts was pretty much steady for 2001-2003. Particularly noteworthy is that so many of the viruses are variants, not original. Trend's April 2 Weekly Virus Report reveals that of the "Top 10 most prevalent global malware", the top five are all variations of Worm_NETSKY. This would seem to confirm Virus creators are sharing more code."
When you have 232 virus warnings in a year, you have a wee bit of a problem. When you have 232 alerts in a fourth of a year, you have an industry gone markebonkers. Thats 2 and a half alerts per day. Is it any wonder Joe Average isn't paying attention any more and is getting fried? 232 virus warnings doesn't say to me that there is a problem with viruses, it tells me that there is a problem with whomever is issueing them. They need to re-evaluate what constitutes a warning, and what doesn't. Does BobWanky'sWhoopieWorm_A, BobWanky'sWhoopieWorm_B, and BobWanky'sWhoopieWorm_C, all need separate alerts? Its doubtful. We need to reign in these virus companies, who appear to have gone quite literally bananas, and give them a good smiting.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
AV software seems to do a lot of scanning in a minimum amount of time. Considering the thousands upon thousands of viruses running around the wild, how is AV software able to scan each file so quickly, even if it only looks for specific signatures, it seems that each file would take an inordinate amount of time to scan. However it doesn't.
Can someone give a brief explanation of how anti-virus software is able to scan so many files so quickly?
I have been pwned because my
...the data regarding AntiVirus software purchases, firewall purchases, patch downloads, etc for the same period?
Since there was an unusually high number of viruses and alerts, it would be nice to see just how it's being handled on the user end. Were there spikes in Norton Anti-Virus purchases? Or are people getting nailed with virus after virus ( a big clue is that it's mostly just a slightly altered form of the virus ) because they're being typical Joe User and not trying to guard themselves?
Slashdot sucks
Viruses reply on several points of entry, and now use specialised code with predictable behaviour, that cause measurable damage to systems and networks.
One thing, the companies who make money off this certainly do not want this to stop. This isn't a put a tin foil hat on message. Just correlate the line, viruses and profit for these companies. Now, of course, chicken and egg.
Security is going nowhere, patching holes isn't going to save a sinking ship, and myself, I do not want to let the 'everybody else' flaot the security boat for too long now, else they will have enough power just to pay their own people to write the next netsky.
What do you think can be done to remove the threat of viruses trojans and worms in the near future?
Something simple, like an email client that runs with no provileges, in a sandbox, unable to harm the host computer.
Or idiotic employees working *in* a sandbox, with no network connection, and a fisherprice computer.
Yeah, that'd be more useful.
Lets just all keep in our minds these people *profit* from this, and we cannot altogether trust anything they say.
*puts on tin foil hat* erm.
Oh the point, yeah, maybe anti-virus writers should SHARE CODE.
I work in the 'PC Repair' industry, so this article really is of no news to me, as 90% of my business is pulling this garbage, and SPYWARE out of people's systems. I ask you, slashdot, are virus writers slowly getting in bed with these spyware writing scum suckers? More and more I see systems infested with a few nice worms, especially stuff along the lines of "Trojan.Startpage", the usually nastiness (B(e)agle, Netsky,) and TONS of spyware. Is this a sign that the two are going hand-in-hand, or just a giant example of the general idiocy of users. (I'm betting on both) Spybot/Ad-Aware/AVG only go so far. How are the tech-savvy supposed to protect these people? I've even had people try to claim that ad-aware or AVG INFECTED them a second time, because it wasnt there before, and they're system was working fine aside from mass mailing their friends viruses and throwing popups in their faces.
Will we reach a point when the constant pushing of garbage in users faces will make the internet worthless to the common man?
I am running Fedora Core 1 w/ kernel 2.6.4 ... There have been these forrester research findings that linux distributions have about the same amount of dangerous vulnerabilities as Windows. When I took a peek at linuxsecurity.com all I found were vulnerabilities in server services like Open SSL, Squid and etc. Though I know those services are important to Linux's current most successful market (Enterprise Server Market). As a user running Fedora and runing services like: X server, cups, vmware and not having any other users but myself. Do I even need to patch? I mean, like X-server has been around for 20 yrs, can't I assume that it pretty much is safe from an external network attack?
I work at a UK University as a sysadmin and the most prevalent viruses around here are Bagle, Netsky and MyDoom. The scary part about it all is that Both Bagle and Netsky are in about their 20th revision (Yes, viruses get upgrades and bugfixes too)
The more recent versions of these viruses are even killing off their 'competitors' - a recent Netsky will kill off any Bagle or MyDoom viruses it finds.
I'm still staggered that people will open email from people they've never heard of, open any attachments therein, entering passwords as they go!
The worst case of virus authors realising the stupidity of the people they were targetting was a virus with an NTP client built-in, so that the timebomb expiry on it would still work, despite the host PC's clock not being set correctly!
perl -e 'print "Just another Perl newbie\n";'
In the last month and a half, I've literally received about 2 gigabytes of virus/worm mail in my UNIX-based mailbox. (Actually, it's an AIX box at my ISP.)
Anyway, I noticed that most of these come from a rather small set of "From:" addresses, and my (now cancelled) email address, im14u2c@primenet.com, was one of them. Did any of you receive large quantities of email wastage with that forged "From:" address?
Here's a short list of forged From: addresses I saw repeatedly on these virus/worm spam, in decreasing order of occurrence:
I noticed sis.com.tw got hit pretty hard, as did Jeff Garzik! I think they must've scraped these out of the SiS900 driver in the Linux kernel.
I'm regretting that suggestion I made to Ollie on how to speed up his CRC routine.
--JoeProgram Intellivision!
Correct me if I'm wrong
Well, I think you are. At least CIH was a real virus, by your definition. Check the technical descripion here.
Nasty one, also - tries to re-flash the BIOS with garbage.
But generally speaking you're right, most of the so-called viruses are actually trojans these days.
Here's a new anti-virus idea I came up with just now, I'm not sure if anybody else has thought of this before or not but here goes:
.vcf files for the initial distribution to users. It would protect even against new and undetected viruses, would work *immediately* to prevent an outbreak from spreading, and would be next to impossible for virus writers to circumvent; a dictionary-based algorithm for generating random addresses/names could make it nearly impossible for a virus to skip the poison address, and no amount of clever social engineering or code morphing or hacking around a corporate e-mail filter would do any good.
Network admins and ISP's would basically add a "poison e-mail address" to a user's address book (and possibly spoof a few old/sent messages with this address as the sender/recipient). Every user's poison address would be unique, and it would only be used for this virus-prevention system. The name/address/other fields would be populated with random data and the user would be told not to delete this entry from their address book for any reason.
Whenever an e-mail was sent to that poison address, the network administrator (and possibly the user as well) would receive a plaintext, PGP-signed e-mail (with a plaintext URL that they could visit to further authenticate it) informing them that they had a virus; better yet, they could temporarily be disconnected from the network altogether.
Implementing this system would be very easy, a little bit of extra code on an e-mail server and automatically-generated
Am I missing something or would this make a major dent in the e-mail virus problem?
You forgot File Extension Hiding. One of the key weapons in the malware-writers' social engineering attacks. It's time File Extension Hiding was turned off. And time that MS released a patch to disable it for all time.
Phil
What are you talking about? There's been lots of effort in combating the virus problem, namely the products of the major antivirus software vendors like Trend Micro, and Symantec. It's worked extremely well. More and more viruses and worms come out, and the vendors make more and more updates, and sell more licenses. They've become extremely profitable. Since profit = success, this virus problem is obviously well in hand.
I'm guessing that was sarcasm, in which case I totally agree ^^
The problem here is that the viral arms race is a cash cow. It's in Symantec/Trend/McAffee/et. al.'s best interest, financially, to make sure that viruses/worms/malware continue to propagate.
If virus/worm/malware activity suddenly stopped, there'd be little need for the services those companies provide. If, however, the threat multiplied over time, there would be an increased demand for thier services - which in turn would equate to more money in their pockets.
I'm not saying these firms are crooked - I'm also not saying they aren't. All I'm saying is that they have a vested interest in keeping the threat alive, or even increasing its magnitude. Whether they do so or not is neither here nor there.
MS, of course, shoulders a portion of the blame for the problem. OE, after all, is the most effective virus/worm/malware distribution engine *ever*. (Outlook itself not being far behind, but that's part of Office, which most folks actually have to pay for -- OE comes installed with the Windows OS that comes pre0nstalled on most new machines, and hence has a much greater distribution) But then again, if it were secure, given MS's overwhelming marketshare, how would *that* effect the bottom line for the AV companies?
A healthy skepticism about the industry is quite warranted, I think.
Word processing documents - randomly deleted words like 'no' and 'not', or flipped words like 'always' and 'never'.
Spreadsheets - zeroed out one or two cells
Presentations - Inserted random obscenities and links to unappetizing images
Imagine what would happen if nobody could trust their computers any more. Microsoft would be sued into oblivion, EULA or no EULA.
To a Lisp hacker, XML is S-expressions in drag.