Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Viruses Hit 30-Month High

Posted by CowboyNeal on from the my-worm-infested-inbox-agrees dept.

Mz6 writes "InformationWeek reports that Sophos has analysed and protected against 959 new viruses in May, this is the highest number of new viruses discovered in a single month since December 2001. From Sophos' own TopTen list they continue on to say that the 'Sasser and Netsky worms may have captured the headlines. ...May has seen a noticeable spike in cybercriminal activity, suggesting that even the arrest of Sven Jaschan ...has done nothing to curb the problem.'"

17 of 252 comments (clear)

  1. Re:arrests won't stem the tide... by agwis · · Score: 3, Informative

    oops, in hindsight I realized I shouldn't have lumped Mitnick in with virus writers, at least I don't think he was.

    Damn, where is that undo button?

  2. Re:Security... by dealsites · · Score: 5, Informative

    Security at the hardware layer is definately important, but don't under-estimate the power of a cheap NAT router. If if you don't need one, it will still keep out many of the IP port scans and vulnerabilities. I have a linksys with logging enabled, and it's amazing to watch the port scan in real time. I'm sure most of them are from script kiddies, or people that have compromised machines. But it sure does the job. NAT routers can be picked up for next to nothing these days.

    Of course it doesn't help with email viruses or attacks from the LAN side (ie, dumb users), but it helps cut down on the worm and viruses that propagate over the web.

    --
    New deal processing engine online: http://www.dealsites.net/livedeals.html

  3. Re:Use it to an advantage. by Kris_J · · Score: 3, Informative

    I've been suggesting Mozilla as the answer to IE-hijacking [ad/spy]ware. Works every time. I also recommend Eudora as the answer to Outlook-exploiting viruses, but patching Outlook works just as well.

  4. Re:Yeah, but... by The+Good+Reverend · · Score: 2, Informative

    "Knowing is half the battle" may be have been used in an after-school special, but was more popularly known as the catch phrase at the end of episodes of the GI Joe cartoon from the 1980s.

    This website has a list of the ends of these episodes where this phrase is used.

  5. Re:Use it to an advantage. by Adam9 · · Score: 2, Informative

    Eudora? How about some easy spam filtering with Thunderbird?

  6. Re:Security... by PacoTaco · · Score: 2, Informative

    A simple NAT device also allows you to download security patches for fresh OS installs without getting infected in the process. This is especially handy for unsophisticated users who would have trouble making a patch CD.

  7. Re:Do they not track anybody other than Win32? by LnxAddct · · Score: 2, Informative

    Every virus software I've ever used, about 7 different products, phoned home. Either when updates are being downloaded or when a virus is removed. Every AV program keeps logs, and sends them away back home. Read your license next time you install it, you apparently give them permission to do this. Then out of these numbers they use some simple statistics to figure out the totals.

  8. Re:Phatbot/Polybot/Gaobot/Agobot... by mythosaz · · Score: 3, Informative
    I'm going to hope that violating the GPL copy[direction] rules is going to be the least of their problems.

    These Agobot variations wouldn't be a problem if half of the virus scanners in the world didn't only scan into UPX compressed files.

    The problem is, if you search google for Executale Compressors you get a hundred more that McAfee and Norton can't see until it's too late.

    Run PEID and find a couple hundred things on your OWN executables that McAfee can't look inside.

  9. Re:Security... by m_pll · · Score: 2, Informative
    Even on 2000, outlook has root-access to the operating system

    Huh? Outlook has the same privileges as the user running it.

  10. Re:That's all very nice, but Sophos is 'moneyware' by docbrazen · · Score: 5, Informative

    You could try:

    ClamAV, A GPL virus scanner featuring:
    * command-line scanner
    * fast, multi-threaded daemon
    * milter interface for sendmail
    * database updater with support for digital signatures
    * virus scanner C library
    * on-access scanning (Linux and FreeBSD)
    * detection of over 20000 viruses, worms and trojans
    * built-in support for RAR (2.0), Zip, Gzip, Bzip2
    * built-in support for Mbox, Maildir and raw mail files

    I use ClamAV on my mail server and it works pretty good.

    There is also an open source windows version called ClamWin Antivirus.

  11. Sophos, in case you've forgotten... by gumpish · · Score: 4, Informative

    Sophos, in case you've forgotten, are the same bunch of asshats who asserted to the media that Linux advocates were responsible for the MyDoom worm.

  12. Re:Security... by pHDNgell · · Score: 3, Informative

    Security at the hardware layer is definately important, but don't under-estimate the power of a cheap NAT router.

    NAT is not a security device, it's only there to work around address limitation problems at the cost of making communication more difficult for legitimate services. What you're describing is the job of a basic firewall blocking ingres traffic.

    --
    -- The world is watching America, and America is watching TV.
  13. Call me a troll but... by azav · · Score: 1, Informative

    Get a mac, even a used one, and you won't have to worry about this crap.

    --
    - Zav - Imagine a Beowulf cluster of insensitive clods...
  14. Re:That's all very nice, but Sophos is 'moneyware' by Anonymous Coward · · Score: 2, Informative

    FYI: Other AV companies (like sophos) detect well over 90,000 viruses, worms, and trojans. I would not be touting 20k.

  15. Re:Of course... by Anonymous Coward · · Score: 1, Informative

    The most probable source of the sudden surge in viruses is that the unethical side of the business world has discovered that viruses can make money. Many of the latest viruses actually set up the infected machine to function as a SPAM relay, generating larger, and harder to stop, volumes of SPAM than otherwise possible, and at almost no cost to the originators. Other recent viruses perform phishing expeditions, install distributed SSL crackers, and a host of other unethical and/or criminal applications. Until we find a way to make it unprofitable, this type of virus is likely to simply get more common, and harder to block.

  16. Re:Too bad by ThePilgrim · · Score: 2, Informative

    I think your information is seriously out of date.
    Sophos Anti-Virus has been capable of disinfecting virus infections for years.

    --
    Wouldn't it be nice if schools got all the money they wanted and the army had to hold jumble sales for guns
  17. Re:Too bad by igw · · Score: 2, Informative

    ......That Sophos antivirus has the somewhat incredible problem of not being able to remove and clean viruses on an infected host......

    Actually having worked with Sophos for a few years I can tell you that it can remove viruses quite well, what you are referring to is a message that the end-user gets when a virus is discovered (the administrator also gets this message), that says "No action has been taken".

    This is the default behavior and can be configured differently, because Sophos is a corporate AV tool its not very wise to empower end users with deleting files and editing the registry, the administrator is informed of virus/location etc., and can take action (using Sophos which can disinfect, or any of the downloadable tools to clean up the registry, stop process etc.)

    An AV product which can't do anything when a virus is discovered, would be a silly idea if you think about it, bit like pushing your car everywhere because you didn't know about the engine.