Slashdot Mirror
New Viruses Hit 30-Month High
Mz6 writes "InformationWeek reports that Sophos has analysed and protected against 959 new viruses in May, this is the highest number of new viruses discovered in a single month since December 2001. From Sophos' own TopTen list they continue on to say that the 'Sasser and Netsky worms may have captured the headlines. ...May has seen a noticeable spike in cybercriminal activity, suggesting that even the arrest of Sven Jaschan ...has done nothing to curb the problem.'"
The release of the Phatbot source made most of this possible. Agobot had over a thousand variants because any kid with GCC could change half a dozen strings, pick a new list of tasks to kill, pick a new IRC server to report back to for 'pwn3rship' and then pack the thing up with the executable compressor of his choice.
Not everything should be released under the GPL, I'm afraid.
May has seen a noticeable spike in cybercriminal activity, suggesting that even the arrest of Sven Jaschan ...has done nothing to curb the problem.
I doubt these arrests ever really curb the problem but instead add to it. Those that are captured get their names known world wide and are considered by many l33t hackers, although most are nothing more than script kiddies. Some (Mitnick for one) start successful security consulting businesses and become published authors afterwards.
On the other hand, the monetary rewards for turning in a virus writer might be a better deterrent. I know people that would snitch on their own mothers for a reward!
All of their top ten are W32 viruses. This isn't surprising at all- but my question is, is it because of W32 being an inherantly insecure platform (which it certainly IS) or is it because Sophos doesn't track anything else?
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
(not that I want there to be -- I'd be happy if all these sociopathic virus writers found something more productive to do, or just f****d off and died.)
Am I part of the core demographic for Swedish Fish?
Your comment sort of does make me think about how many of these new threats/problems are being produced simply because some CS graduate is having a hard time finding that $100,000 a year job and is looking to stick it to the society that fooled him into banking his future on IT...?
When was the last virus that used Outlook to do anything but read the email and have the user execute an executable?
In fact didn't most of the virus in May require the user to unzip the email with a password before it ran?
My point is that we are past the access that Outlook has to the OS. We are way into the users proving they will jump through hoops to run a program from an unknown source.
Although I will admit that some of them actually were faking coming from a trusted source (your ISP) pretty well.
Great point indeed. If I had mod points, I'd surely bump you up.
Certainly it's a scary thought to think that an 18-year old kid in Germany caused billions of dollars worth of damage to the global economy without even leaving his house.
It's been said before, but I wouldn't be surprised if terrorist groups started looking into the use of worms. They're ridiculously easy to write, and they could cause a ton economic damage.
Most of these worms exploit buffer overflows.
Just like most exploits under Unix systems.
I think we'll see less occurances of theses worms when NX-compatible processors become common.
Like AMD64 processors...
Other anti-virus programs, like the open source ClamAV, can not disinfect files. According to them: "cleaning viruses from files is virtually pointless these days. It is very seldom that there is anything useful left after cleaning, and even if there is, would you trust it?"
When you think mediocrity, think ClamAV
That might actually help it penetrate the corporate and academic markets.
Seriously though, the names of some OSS projects totally preclude their penetration in some markets. I asked my boss if we could put 'the GIMP' on the image for the summer, and only purchase a Photoshop seat when requested; she laughed at me and said 'no', then asked what the GIMP was.
"Sometimes, I think Trent just needs a cup of hot chocolate and a blankie." -Tori Amos on Nine Inch Nails
Spam filtering at the client is not the solution. All my filtering occurs at the server.
Do you really think that most of "today's youth" is capable of writing viruses in any mature manner? Other than Visual Basic programs that delete files, which isn't "mature," I don't. Your assumption that viruses are written by "rebellious and outcast youth" is not only unfounded, but completely absurd.
Moreover, what do you suggest on preventing virus writing? Not arresting and punishing virus writers? Yes, that will work. Let people run around and break into computers maliciously and ruin things. That will definitely deter people from doing it.
Of course software writers should create better applications and OSes, but that doesn't excuse malicious intent on someones part.
Also, creating viruses doesn't hurt Microsoft. People will buy Windows regardless of the amount of viruses available for it. You're hurting the average joe, not Microsoft.
that once biotech takes off we'll see the same explosion in human virii that we currently see in their digital cognates.
'Bitter, disillusioned teenager (or bitter, disillusioned terrorist) whips up new version of influenza, pictures and patches at eleven. If you live on the south side of the river, however, you're as good as dead, please try X brand tylenol for all your lethal-flu-related misery.'
BTW, what would a human equivalent to 'Windows Update' look like?
- undoware.ca
You must be a proctologist. I've never seen anyone else with their head so far up their ass before.
Lots of people use antivirus software for the simple purpose of scanning files introduced to their machine BEFORE they are executed, viewed, etc.
And guess what? They're not doomed. Well, technically death comes for us all, but you actually CAN use antivirus software effectively without being relegated to the realm of the imbecile.
If someone believes a single antivirus package is the be-all, end-all of virus prevention, then they're in trouble simply because they're cloaked by a false sense of security.
On the other hand, a user who is conscientious about the code run on their machine, even if the OS isn't one of the most secure, is better off scanning then not.
At the risk of sounding like a bigger loser than I really am:
One time, when I was bored a number of years ago (think, 10-12 years ago), I was browsing through the complete listing of viruses for the Mac that the virus scanner would catch. There were only a couple hundred at the time, and pretty much all of them were trojans.
Something that struck me was the number of political ones. A rather significant percentage were designed to spread a message. I find this interesting, because nowadays, that political element seems to be totally gone. That's not to say they didn't have destructive payloads - I recall that more often than not, they did.
I think it would be a fairly interesting study to hunt down early virus databases and compare them to ones today.
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
There are several infection vectors used by the current round of viruses. I'm assuming that even fully patched versions of Windows, Outlook Express, and Internet Explorer are vulnerable to security exploits (they are).
.zip file where the password was given in the email body?
1: Executable attached to email, either auto-infecting or using the social engineering made possible by Microsoft's "virus-friendly" File Extension Hiding. So people click on what they think is a text file attachment (where even the icon makes them think that it is a genuine text file). As I've repeatedly said before, it is time that Microsoft released a patch to completely diasble and remove this dubious feature from Windows.
Cure: Use a non-Microsoft email reader - Pegasus Mail, Thunderbird, whatever.
2: Social engineering via email. Who in their right mind would open an attached password-protected
Cure: User education.
3: Seemingly innocent HTML emails which contain an OBJECT DATA exploit.
Cure: Don't use Outlook. Use an email gateway box running MailScanner to disarm dangerous HTML tags.
4: Worms spread via direct connect to your PC.
Cure: Proper firewalling, use application proxies and don't NAT anything to the net. This is more appropriate in a corporate environment.
5: Web pages with dangerous HTML which, by exploiting IE or Outlook Express vulnernabilities, run malware on your PC.
Cure: Use a proxy server which strips all dangerous tags; Dump Internet Explorer and use Mozilla Firefox instead.
6: You are "Protected" by Antivirus software but the virus / worm got you before the vendor's weekly update came out. (Waving to McAfee and Symantec as I write this). This is the BIGGEST change I've seen in virus behaviour this year. Since February, we've been catching viruses/worms before some of the main vendors have had updated patterns out. (thanks ClamAV and Bitdefender).
Cure: Antivirus vendors need to release patterns as soon as they've got the virus signatures tested, and not wait to see if an outbreak happens. Users need to update their virus patterns on an hourly basis, not weekly.
That'll do for starters.
if you think about it, they pretty much HAVE to have port forwarding off by default.
Assuming you're talking SNAT, which most people are, then where would you forward the packets?
You'd have to specifically enable it so you could tell the router which one of the machines it's masquerading for gets the forwarded packets....
Advanced users are users too!
i've installed clamav on osx too just by the way, i don't think it fully works...clamd not running and i'm not sure if i can't get clamscan to work because im making a configuration foobar of some other reason... but certainly clamscan can be used to scan files from terminal.
and i think freshclam may not be the only way to update the virus definitions but i've not looked too hard into it