Slashdot Mirror
70% Of 2004 Virus Activity Down To One Man
arpy writes "According to a report produced by anti-virus software provider Sophos, 70% of anti-virus activity in the first half of this year can be blamed on Sven Jaschan, an 18-year-old German who wrote the Netsky and Sasser worms. According to the report, "Sasser claimed the top spot of the virus chart, in spite of the raging battle between the widespread Netsky and Bagle worms." The Register has a good summary of the report."
I guess that makes him l337. Let's give him all the publicity he wants!
well them antivirus and security companies shoulda be thunking earlier about their problem now, that almost nobody need them products any more, as they constantly chase and hunt down them spammers and virus authros and scriptkiddies crax0rers....
well, jobs lost again.... whats the new business model of these companies now?
rating: informative/insiteful rather than funny. thankyou
Actually, without computer screw ups those ppl would be out of a job. I know plenty of techs who enjoyed the extra payday the sasser worm provided.
To be honest, I'd rather have to do AV work on one virus 70% of the time, and spend the other 30% fixing a couple of others. Maybe write a script if need be, and 70% of the time, I just do the same thing over and over.
Or, you could spend 10% of the time working on each of 10 viruses. Suddenly, you think, I wish I could be 70% sure what the problem will be, it is alot easier.
Scapegoat, my ass. Can you say guilty?
Well if you could measure multiple angles and get exactly 360, then either you are very good at measuring or cheated. If you just wrote down 360 then you didn't do what the question asked you.. why is giving some leway to measuring stupid?
Combination - fun iPhone puzzling
...99% of virus activity this year due to bugs / vulnerabilities in products from a single company.
Oh, could you of now?
THANK YOU!
People like you help me argument against the beady-eyed managers that a computer-monoculture is bad for business.
How else could I easily bring Linux or Firefox on Windows to our enterprise customers? And hey, what people know from the office, they will also use at home.
Not to say that you help the OSS community, but you do.
Thanks again.
Someone is feeding us disinformation with a shovel.
Hi and welcome, you must be new here
Where have you been the last hmmmmm... 2000 years?
I'm a chainsmokin' alcoholic sociopath, so-ci-o-path
Netsky forms a major share in that 70%.But that is including all its variants.I do not know if u attribute the credits for the Netsky variants [A,B,C,D...] also to Sven.I beleive the variants are from other virus hobbists as well.It is not fair to attribute them all on Sven at a staggering 70%.
fifteen jugglers, five believers
If a significant portion of the world's communications and commerce infrastructure can be signficantly effected by the hackings of a disgruntled, alienated minor, perhaps rather than murdering the most likely talented, albeit misguided youth, we could take a closer look at why our infrastructure is so vulnerable.
Because a guy with a compiler will do alot less damage than a company with a govenment which will do whatever they say.
Think...how hard is it to clean up Sasser? How hard is it to get DMCA/INDUCE/etc. revoked? Which would you prefer to try?
And the virus writer who can do this has put a lot of effort into it. MPAA/RIAA/SCO just sue people again, and again, and again.
In terms of direct harm, it would appear that Sasser may have done more damage than slamming planes into the WTC.
Number of people killed in the WTC collapse: ~3000.
Number of people killed by Sasser and Netsky: 0.
You Idiot Normal Person
This guy wrote the worms. He is directly responsible for 100% of the damage they caused.
I'd say people are justified to be angry at him.
"Ask not what your country can do for you." --John F. Kennedy
Me, I would have placed the blame squarely on all of the admins out there who allowed their systems to be compromised by the worms in the first place. That includes the admins of the e-mail systems of ISPs. It's time to start placing blame where it belongs. Security is a job function, not a function of the system. An {OS/mail system/website/whatever} is only as secure as its admin.
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
It's bad enough that they feel the need to "compete" against other virus writers for some internet version of "street cred" but now we're fucking ranking them?
How long until people start writing viruses just to "get points" on some chart somewhere? Christ, you people have no logic whatsoever.
> Security is a job function, not a function of the system
Nonsense, it's both. Also, the users count as well. To what degree each factors in is a policy decision - it's by no means absolute.
Ladies and gentlemen, I give you modern day America.
You're right, it is time to start placing blame where it belongs - with the bastards writing the viruses and spreading them. I suppose now you want to go after police every time someone gets shot. Surely it's not the fault of the guy pulling the trigger. Damn cops, if they would only get out of the donut shop and do their jobs no one would ever be murdered again. . .
Wait, you're saying it is the initial victim's fault that the virus authors wrote malicious code -and- released it publicly?
... Think of it in terms of vandalism ...
... the vandal.
... it is now the responsibility of that company to make materials that are up to the job. It won't stop the vandals, that is the job of the police, but it should make their vandalism as hard as possible to have a permanent effect.
I think if you're going to lay the responsibility chain, it lies primarily with the virus author.
Subsequently, the responsibility lies on the DSL service provider who KNOWS they are selling to often uninformed users and yet fail to provide adequate first (NOC) or second level (CPE) protection for these users.
Next responsility lands in the laps of those people who wrote software that was prone to infection.
Last, reponsibility makes it to Joe User at that point and then recycles to the beginning for any systems that his infection spreads to.
So I, as the end user, have -final- responsibility, but not primary responsibility nor -blame- for the infections.
The primary person responsible for vandalism is
Subsquent responsibility (for prevention) is law enforcement. Is law enforcement to blame for the vandalism? Only if they do less than is required to reasonably address the situation (I don't expect them to spend all day hunting down the tagger 3 blocks over, but I -do- expect them to patrol all the blocks as much as they can without hampering other worthy law enforcement activities).
Making the assumption that I know that I live in an area where people are vandalizing property, I will probably buy paint and materials that are durable enough to be washed/repaired (if I don't, we hit the next level)
Last, I am responsible for -using- the materials above, I am responsible for calling law enforcement if there is an infraction so that they can address it. However, if I fail to do the above all that happens is the 2nd and 3rd levels of responsibility are void. I am still not responsible for the unknown vandal having decided to unleash their frustrations on my neighborhood.
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
"More power to him I say.[...] Expecting people 'not' to crack/compromise insecure systems, a daydream you're having"
Newsflash: the real world was not built on being 100 unbreakable and unpenetrable.
E.g., your front door would _not_ be unbreakable to someone determined to get past it with an axe. It's a known vulnerability, for the past few thousands of years, and noone's fixing it. Your windows are likely even more vulnerable.
E.g., locks can be picked. Locks with master keys allow for escalation of privileges by attacking one pin at a time. It's a known vulnerability too.
The way Real Life works isn't to waste manpower and money to make something 100% impenetrable. Real Life works by basically just setting up a big sign that says "you're not allowed past this point." And if you do, we'll throw your sorry ass in jail.
That's really all that your front door and lock are: a sign that other people are not allowed past that point. If someone actually does the effort to pick the lock or hack down the door, it's proof enough that they did get their hint to stay out and deliberately circumvented it. So we throw them in jail.
If someone entered your home, it's not the door manufacturer's fault, it's not the lock manufacturer's fault, it's simply the thief that's to blame. That's the one who deserves some fine time in a state prison.
That's the security model that the Real World society was built upon. It's not perfect, but it worked wonderfully so far.
And here's your free complimentary clue for the day: those Windows users' instinctive expectation of computer security is the same. They don't expect their computers to be an impenetrable fortress, since their RL home or car isn't either. They do expect that whoever breaks past the boundary of their home, car or computer be thrown into state jail.
Unrealistic expectation at the moment? Maybe. But not an _unreasonable_ one. As in: it's not unreasonable to throw the script kiddie or virus writer in jail anyway. Sure, we won't stop trying to make the apps more secure, but in the meantime we also throw the asshole in jail to deter other assholes.
And maybe it's time to give users what they ask for, instead of idiotically insisting that they addapt to what we feel like programming. Not even just in this aspect. The software industry is a fucking disaster in this aspect, and all this whining about "idiot users" and "idiot managers" is just proof of it.
Any other industry, they try to make things comfortable and obvious for the user. In the software industry we just call them idiots and have whole sites dedicated to whining about them.
A polar bear is a cartesian bear after a coordinate transform.
You're measuring angles with an analog device with at best 1 degree accuracy per angle. When adding such imprecise data, yes, the margin for error increases.
IF you are measuring it. IF you know the lines come from the exact same point, THEN you know that any circle around that point is exactly 360 degrees.
When measuring, the best you can measure is to half the smallest division of the measuring device, if you can even see it.
When you know universal truths, you can be exact.
I.e., had I been a teacher, I would have been a lot more suspicious of anyone who came with 360 there, than of someone whose angles added up to 355. The guy with 360 probably skipped the last angle and just subtracted the sum of the others from 360. Which is _not_ what was asked.
Had I been a teacher, I would be suspicious of anyone, student or otherwise, that had been through a geometry class, and could not make this simple deduction.
I'm still more suspicious of anyone that thinks they can claim "what was asked" without knowing the exact wording of the question. i.e. you are talking out your ass here.
3. If you work with computers, be aware of the limitations of the data type you use.
Working with computers, you should learn how much the precision effects your calculations. If you can CALCULATE to a higher precision, then do so. If you can deduce an even higher precision, then do that instead. The best calculator is still your own head though it may not be the fastest.
What do you suggest we do about that?
Set up virus scanners at the ISP level - any mail that passes through an ISP's MTA gets scanned for viruses, double-extensioned attachments that would indicate possible worm payload (ie: anything that Windows will auto execute) should be bounced back to the sender with an "Unable to relay due to potential virus infection, see [website] for why we blocked this" error with instructions on how to fix it. Of course, that won't kill all routes but it'll guard a lot of people.
Next block windows RPC ports at the router level, don't even route traffic between subscriber lines within the ISP network - I'm on Zen and, while Zen block access to windows ports from outside the network, once one machine inside is infected it spreads like mad. Some two thirds of my firewall logs are hits from infected machines owned by other zen subscribers. If people need to share files with remote machines they should use tunnels or VPN.
Finally ISPs should also periodically portscan at least ports 0 to 1024 on subscriber machines and email those running machines without a firewall informing them that they are running a vulnerable box and provide instructions for how to lock it down. Those who fail two months of portscans without providing a valid reason why or start generating virus traffic are sandboxed with restricted email and web access to ISP instructions for how to get out of the sandbox.
Of course, none of this is actually going to happen because ISPs will see it as likely to scare people off.
If I ever have an employee look at a circle and tell me he has to measure and add angles to determine it is 360 dgrees around, he'll be flipping burgers the next day. Especially if he comes back and tells me it 365 after measuring.
One of the saddest things about modern education is that we fail to teach people to use logic to solve a problem, instead of relying on formulas to get the answer every time.
"Unheard of means only it's undreamed of yet,
Impossible means not yet done." ~~ Julia Ecklar
While I agree with the essentials, you are very wrong. Devil in the details.
My front door is out of reasonable reach except for maybe 15000 people. My computer on cable modem is available to (however many people are on the internet) spread all over the world. This is a fact, and if I sell a door that opens to such a huge number of people, it should be designed to handle it.
I may want to beat this particular character, or prosecute him. Another fact gets in the way. He is in a different country 9 time zones away. I can't talk to the local prosecutor to get action. I can't even make it an issue country wide, since it is outside of my country. Laws, iow, mean nothing. So again, my door has to be built with that in mind.
With these realities in mind, perhaps it is sheer incompetence to sell a product that, for example, has ports designed for a lan open to the whole world. Or allows execution of things from who knows where.
Derek
How many ISPs have had their email systems compromised by viruses or worms?
Sorry, that wasn't properly worded. My intent was to say a mail system that allows them to go through. ISPs are now starting to put spam filters on their mail systems, why not AV filters as well?
Unless they happen to be using Exchange as a mail server
I administered Exchange servers for 6 years, never once had a virus on my networks, never once had it used to relay spam, and never once had it compromised. Any Exchange admin who says Exchange can't be secured is too lazt to RTFM and should be fired.
how long until we start expecting Internet routers to filter out worms?
About 7-8 years ago when it first started becoming a HUGE issue.
(which will fundamentally break the Internet even more, btw -- the middle of the Internet is supposed to be a bunch of dumb routers, not smart filters
That's nice, and the highways are supposed to be havens of safe drivers who never cut anyone off, never drive while talking on the phone and no one needs a license to drive. However, once more and more people hit the highways the government stepped in and started requiring everyone to at least show a basic level of competence before getting behind the wheel. Times change, even moreso with computers and the Internet, and so definitions and paradigms need to change. The idea of a completely free and open Internet is a nice nostalgic memory, but it's over. If we're going to let any person connect to it, we need to put systems in place to protect those people from the predators that exist there.
Now watch me get flamed for suggesting that poor, "innocent" Grandma on her cable connection should be held responsible for the attacks
This discussion thread revolves firmly around the idea that Grandma is using Windows, let's change it and assume she's using Linux, setup by her loving grandson to protect her from these kinds of problems. Let's say there's more and more grandmothers out there using Linux in this fashion. How long until a spammer figures out an easy way to get a preconfigured Sendmail on her machine?
You've received an animated greeting card from your grandson, in order to view it, you'll need the Bebopper plugin! Follow these easy instructions to install it!
Click this link: www.imaspammer.com/bebopper.rpm
Click the terminal button.
Cut and paste this line into the terminal window and provide your root password when asked. That's it, you're done! su rpm -Uvh bebopper.rpm
Tada! Grandma's now got Bebopper installed. Whose fault is it now? Grandma? The spammer? The ISP? The grandson for giving her the root password?
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
In that twisted logic, I suppose you would blame gunshot victims for not wearing a bullet-proof vest or upgrading to the newest models when better armor piercing bullets came out.
Are some admins just lazy who don't do their jobs? Yes. But an admin can't always patch right away.
Remember in most corporate environments, admins can't simply patch a system when a new patch comes out. MS has burned them too many times with bad patches and this problem isn't an issue of the far past. Just last year, MS released a patch that crippled a computer's network connections. They released a fix online for the patch, but if you have no Internet, how do you get it?
Admins have to test them first before rolling it out. In some cases this may take up to six months. If they put in a bad patch, it's their blame not MS.
In some companies, admins have been plaqued with downsizes and more duties. This means for some of them security is just another load they have to tackle with normal admin duties.
I think most admins would not want the 10+ hours it takes to clean up a virus/worm. They don't have much of a choice in many cases.
Well, there's spam egg sausage and spam, that's not got much spam in it.