Unprecedented level of Virus Alerts

arpy writes "iTnews reports that according to Trend Micro (makers of PC-cillin), there was a record-breaking level of virus alerts in the first quarter of 2004. In Q1 2003, Trend issued 35 virus warnings. During the same period this year, it issued 232. According to the company's annual virus round-up and forecast (PDF), the number of alerts was pretty much steady for 2001-2003. Particularly noteworthy is that so many of the viruses are variants, not original. Trend's April 2 Weekly Virus Report reveals that of the "Top 10 most prevalent global malware", the top five are all variations of Worm_NETSKY. This would seem to confirm Virus creators are sharing more code."

Ummmm

[soundsop]

This would seem to confirm Virus creators are sharing more code.

So, do they prefer GPL or BSD license?

And it's not going to go away soon...

[heironymouscoward]

A quote from a journal entry from last September:

And so we come to the nightmare scenario. A relatively benign
parasite has infiltrated the general population and suddenly a very
"hot" parasite discovers how to piggy-back that infection. In the
blink of an eye - a day, an hour - 50% of Windows PCs around the
world are destroyed. It can happen, and therefore, it most probably
will.

Re:And it's not going to go away soon...

[tim_mathews]

Wait, 50% of Windows PCs being destroyed is a nightmare scenario? I thought that would be more a breath of fresh air?

GPL, duh

It's a viral license, remember?

Windows Virus End User License Agreement

The Windows Virus License, of course, since they're all Windows viruses, of course! ;)

Windows Virus End User License Agreement

Licensor, Skrip T. Kidie hereby licenses to you, the licensee, the ability to be infected on a single machine with not more than eight (8) processors by this Windows Virus (hereafter "the Virus").

By reading this, you agree to allow your machine to become infected. We reserve any and all rights without limitation, while you disclaim any purported rights you might have so much as thought you had, including "fair use" rights, and agree to hold licensor harmless for the inevitable destruction of your PC.

In the event you are found in possession of more copies of the Virus than you have license for, you will owe us $699 per violation. Furthermore, ...

(10 more pages of legalese here)

Re:Good

[YetAnotherDave]

I've seen some pretty fast-moving viruses get past the very expensive virus-scanner we have at work, but the only one to get by the simple, free, procmail-based one I use at home is the stupid one where you have to open an encrypted zipfile.

http://impsec.org/email-tools/procmail-security. ht ml

Now I have to ask, if users are dumb enough to open a password-protected zipfile in what sure looks like an obvious virus-generated message to me, aren't those users dumb enough to be convinced to chmod +x && ./runMyVirus

I think this is evidence that no security system can realy be foolproof. The fools are just too persistent!

Question about AV software

[ObviousGuy]

AV software seems to do a lot of scanning in a minimum amount of time. Considering the thousands upon thousands of viruses running around the wild, how is AV software able to scan each file so quickly, even if it only looks for specific signatures, it seems that each file would take an inordinate amount of time to scan. However it doesn't.

Can someone give a brief explanation of how anti-virus software is able to scan so many files so quickly?

Re:Virus scanners suck

I would like to elaborate on that thought. Virus Scanners worked when there wasn't a vast connected network such as the internet. Trojans/worms took a helluva lot more time to propagate where now-a-days they spread extremly fast, a good example would be the DCOM worm. It was a lot more difficult to be infected by a virus such as michelango than today's malware if for no other reason than companies having more time to react.

need help fast

[segment]

I run a website called politrix of which is my own Sun machine. I recently received the following email and am confused of what to do

Date: Mon, 06 Apr 2004 12:43:28 -0800 (PST)
From: root <root! @ politrix.org>
To: root! @ politrix.org
Subject: Your Account

Your account has been suspended due to massive amounts of spam and Mountain Dew spillage on your machine. If you do not open this zip file and click on the password protected zip file you generated, you will suspend your own account.

Act now this is not a joke of virus! It is as real as Iraq's Weapons of Mass Destruction.

Sincerely,
Me
root! @ politrix.org

U.S. and Canada: (800) 555-1212
Outside the U.S. and Canada: +1 (212) 555-1212

Can someone please link a book on common sense so I can buy it to figure out why I am suspending my own account. Please hurry! Currently I am writing to this poor man in Africa who's promising me a couple of cool millions, so when I become rich, I will reward you handsomely.

Re:Good

[JPriest]

Information wants to be free.
Joe user wants to be infected.

Make something idiot-proof and someone will build a better idiot.

Antivirus Software Makers vs. Arms Dealers

[henrypijames]

In a way, the antivirus industry always reminds me of the nobel profession of arms dealing. On the table you provide your clients weapens to "defend" themselves and to archieve and maintain peace. Off the table you know the business only flourishes when there is a war. Of course there is always a war, but your interest is in an all-out war. So what do you do if there is no such an all-out war going on? Don't panic, you simply make your clients believe there is one indeed. As soon as they believe you, you win.

If you don't know what I'm talking about, you shoudl read Vmyths more often.

Related to Spy/Adware?

[Boinger69]

I work in the 'PC Repair' industry, so this article really is of no news to me, as 90% of my business is pulling this garbage, and SPYWARE out of people's systems. I ask you, slashdot, are virus writers slowly getting in bed with these spyware writing scum suckers? More and more I see systems infested with a few nice worms, especially stuff along the lines of "Trojan.Startpage", the usually nastiness (B(e)agle, Netsky,) and TONS of spyware. Is this a sign that the two are going hand-in-hand, or just a giant example of the general idiocy of users. (I'm betting on both) Spybot/Ad-Aware/AVG only go so far. How are the tech-savvy supposed to protect these people? I've even had people try to claim that ad-aware or AVG INFECTED them a second time, because it wasnt there before, and they're system was working fine aside from mass mailing their friends viruses and throwing popups in their faces.

Will we reach a point when the constant pushing of garbage in users faces will make the internet worthless to the common man?

Re:Related to Spy/Adware?

[ender81b]

You know what boggles my mind in regards to spyware/virus'?

I work tech support at a local isp. We have... a fair number of customers (stupid NDA's). And I would say around 10-15% of our calls are virus/spyware related in at least some way.

But what is really upsetting is this - how can users (somehow) manage to get 225 pieces of spyware and 42 virus' and then NOT be able to install a anti-virus program or spybot? Jesus Christ. It just... fucks with my head. I can't figure out who's to blame in this one.

The other thing that is extremely upsetting is the utter lack of responsibility taken on by the computer manufactures in regards to spyware/virus'. Here's the deal. User X gets a new PC with their tax refund. User X puts computer on intarweb. 15 minutes later they get blaster, call me and tell me that "the internet broke their computer, can't be anything wrong with it just bought it blah blah blah blah." And then I go to look and, I'll be dammed, the brand spanking new dell they just bought contains 0 patches. No service pack 1, nothing.

I'm not sure if it's just dell (I think hewlett packard is the same) but both of these manufactures, for home pc's, ship them 100% unpatched. And, of course, they don't have to deal with the tech support of cleaning off spyware/blaster. It's not like it is even the user's fault. If any of you put winxp on a machine (even with the firewall in xp enabled) that wasn't behind NAT/firewall it will get blaster/wachi/nachi in 10 minutes. There's litterally nothing you can do.

Can we really blame Microsoft for this one? Or even ther user?

Allright, I think i'm done venting ;).

Re:Virus scanners suck

[FireFury03]

While I'm certainly against malicious software (my inbox gets absolutely flooded with these trojans), I think that "virus" writing has really gone down hill in recent years.

In the good old days, viruses were tightly coded programs that often did cool things (undesirable, but still cool, like making all the letters fall off your screen). They would modify existing programs to become carriers - this is the true meaning of a virus, it modifys legitimate code to allow it to propogate.

Remember the Cascade virus, back in 1988? 1701 bytes of code that sits in memory, modifying .com files to include it's code as they're opened. Compare with current "viruses", which are really no more than trojans. They're several tens of K in size, rely on the user to be stupid and execute it manually and often just add themselves to the list of programs to start on bootup.

Correct me if I'm wrong, but I don't think a real virus has been written since the late 1990's. All current "viruses" are either trojans or worms.

Virus - modifies existing programs to include it's own code.
Trojan - executable file that pretends to be something the luser wants but is really malicious.
Worm - self replicating software that uses a network-accessible vulnerability to propogate to other machines on the network (think Code Red, et al)

Re:Heuristic antivirus

[1u3hr]

I remember years ago some were touting heuristic antivirus as the way of the future. Obviously, it didn't work. The idea was to look for certain patterns rather than the actual virus.

No, it did (does) work. It was simply more profitable to sell a program that requires frequent updates for each new threat. See e.g. Better antivirus software is worse than a virus?

Re:There are some nasty ones

[andy+landy]

I work at a UK University as a sysadmin and the most prevalent viruses around here are Bagle, Netsky and MyDoom. The scary part about it all is that Both Bagle and Netsky are in about their 20th revision (Yes, viruses get upgrades and bugfixes too)

The more recent versions of these viruses are even killing off their 'competitors' - a recent Netsky will kill off any Bagle or MyDoom viruses it finds.

I'm still staggered that people will open email from people they've never heard of, open any attachments therein, entering passwords as they go!

The worst case of virus authors realising the stupidity of the people they were targetting was a virus with an NTP client built-in, so that the timebomb expiry on it would still work, despite the host PC's clock not being set correctly!

Re:Solve the damn problem

[MoP030]

a) no more html email. Period. There's no reason for it other than making email look pretty. I've never run into a situtation where an informational email couldn't live without html.

Maybe you didn't have that that problem and neither do I. But i know a lot of less technically inclined people, who would send an email simply because it is pretty (say, because their new email program has these pretty templates with pictures of hawaii as a background.). Same goes for attachments. Email isn't only used for short, important messages. People use it to socialize, and as such they send stuff they think is funny, pretty or shiny.
I think viruses over email will stop as soon as sexually transmitted diseases will stop because people stopped to have recreational, unprotected sex.