Unprecedented level of Virus Alerts
arpy writes "iTnews reports that according to Trend Micro (makers of PC-cillin), there was a record-breaking level of virus alerts in the first quarter of 2004. In Q1 2003, Trend issued 35 virus warnings. During the same period this year, it issued 232. According to the company's annual virus round-up and forecast (PDF), the number of alerts was pretty much steady for 2001-2003. Particularly noteworthy is that so many of the viruses are variants, not original. Trend's April 2 Weekly Virus Report reveals that of the "Top 10 most prevalent global malware", the top five are all variations of Worm_NETSKY. This would seem to confirm Virus creators are sharing more code."
This would seem to confirm Virus creators are sharing more code.
So, do they prefer GPL or BSD license?
A quote from a journal entry from last September:
And so we come to the nightmare scenario. A relatively benign
parasite has infiltrated the general population and suddenly a very
"hot" parasite discovers how to piggy-back that infection. In the
blink of an eye - a day, an hour - 50% of Windows PCs around the
world are destroyed. It can happen, and therefore, it most probably
will.
Ceci n'est pas une signature
It's a viral license, remember?
The Windows Virus License, of course, since they're all Windows viruses, of course! ;)
...
Windows Virus End User License Agreement
Licensor, Skrip T. Kidie hereby licenses to you, the licensee, the ability to be infected on a single machine with not more than eight (8) processors by this Windows Virus (hereafter "the Virus").
By reading this, you agree to allow your machine to become infected. We reserve any and all rights without limitation, while you disclaim any purported rights you might have so much as thought you had, including "fair use" rights, and agree to hold licensor harmless for the inevitable destruction of your PC.
In the event you are found in possession of more copies of the Virus than you have license for, you will owe us $699 per violation. Furthermore,
(10 more pages of legalese here)
I've seen some pretty fast-moving viruses get past the very expensive virus-scanner we have at work, but the only one to get by the simple, free, procmail-based one I use at home is the stupid one where you have to open an encrypted zipfile.
. ht ml
./runMyVirus
http://impsec.org/email-tools/procmail-security
Now I have to ask, if users are dumb enough to open a password-protected zipfile in what sure looks like an obvious virus-generated message to me, aren't those users dumb enough to be convinced to chmod +x &&
I think this is evidence that no security system can realy be foolproof. The fools are just too persistent!
AV software seems to do a lot of scanning in a minimum amount of time. Considering the thousands upon thousands of viruses running around the wild, how is AV software able to scan each file so quickly, even if it only looks for specific signatures, it seems that each file would take an inordinate amount of time to scan. However it doesn't.
Can someone give a brief explanation of how anti-virus software is able to scan so many files so quickly?
I have been pwned because my
I would like to elaborate on that thought. Virus Scanners worked when there wasn't a vast connected network such as the internet. Trojans/worms took a helluva lot more time to propagate where now-a-days they spread extremly fast, a good example would be the DCOM worm. It was a lot more difficult to be infected by a virus such as michelango than today's malware if for no other reason than companies having more time to react.
I run a website called politrix of which is my own Sun machine. I recently received the following email and am confused of what to doCan someone please link a book on common sense so I can buy it to figure out why I am suspending my own account. Please hurry! Currently I am writing to this poor man in Africa who's promising me a couple of cool millions, so when I become rich, I will reward you handsomely.
MoFscker
Joe user wants to be infected.
Make something idiot-proof and someone will build a better idiot.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
In a way, the antivirus industry always reminds me of the nobel profession of arms dealing. On the table you provide your clients weapens to "defend" themselves and to archieve and maintain peace. Off the table you know the business only flourishes when there is a war. Of course there is always a war, but your interest is in an all-out war. So what do you do if there is no such an all-out war going on? Don't panic, you simply make your clients believe there is one indeed. As soon as they believe you, you win.
If you don't know what I'm talking about, you shoudl read Vmyths more often.
I work in the 'PC Repair' industry, so this article really is of no news to me, as 90% of my business is pulling this garbage, and SPYWARE out of people's systems. I ask you, slashdot, are virus writers slowly getting in bed with these spyware writing scum suckers? More and more I see systems infested with a few nice worms, especially stuff along the lines of "Trojan.Startpage", the usually nastiness (B(e)agle, Netsky,) and TONS of spyware. Is this a sign that the two are going hand-in-hand, or just a giant example of the general idiocy of users. (I'm betting on both) Spybot/Ad-Aware/AVG only go so far. How are the tech-savvy supposed to protect these people? I've even had people try to claim that ad-aware or AVG INFECTED them a second time, because it wasnt there before, and they're system was working fine aside from mass mailing their friends viruses and throwing popups in their faces.
Will we reach a point when the constant pushing of garbage in users faces will make the internet worthless to the common man?
While I'm certainly against malicious software (my inbox gets absolutely flooded with these trojans), I think that "virus" writing has really gone down hill in recent years.
.com files to include it's code as they're opened. Compare with current "viruses", which are really no more than trojans. They're several tens of K in size, rely on the user to be stupid and execute it manually and often just add themselves to the list of programs to start on bootup.
In the good old days, viruses were tightly coded programs that often did cool things (undesirable, but still cool, like making all the letters fall off your screen). They would modify existing programs to become carriers - this is the true meaning of a virus, it modifys legitimate code to allow it to propogate.
Remember the Cascade virus, back in 1988? 1701 bytes of code that sits in memory, modifying
Correct me if I'm wrong, but I don't think a real virus has been written since the late 1990's. All current "viruses" are either trojans or worms.
Virus - modifies existing programs to include it's own code.
Trojan - executable file that pretends to be something the luser wants but is really malicious.
Worm - self replicating software that uses a network-accessible vulnerability to propogate to other machines on the network (think Code Red, et al)
http://blog.nexusuk.org
No, it did (does) work. It was simply more profitable to sell a program that requires frequent updates for each new threat. See e.g. Better antivirus software is worse than a virus?
I work at a UK University as a sysadmin and the most prevalent viruses around here are Bagle, Netsky and MyDoom. The scary part about it all is that Both Bagle and Netsky are in about their 20th revision (Yes, viruses get upgrades and bugfixes too)
The more recent versions of these viruses are even killing off their 'competitors' - a recent Netsky will kill off any Bagle or MyDoom viruses it finds.
I'm still staggered that people will open email from people they've never heard of, open any attachments therein, entering passwords as they go!
The worst case of virus authors realising the stupidity of the people they were targetting was a virus with an NTP client built-in, so that the timebomb expiry on it would still work, despite the host PC's clock not being set correctly!
perl -e 'print "Just another Perl newbie\n";'
I think viruses over email will stop as soon as sexually transmitted diseases will stop because people stopped to have recreational, unprotected sex.
the most sexp i get is my paren-mode.