Slashdot Mirror

← Back to Stories (view on slashdot.org)

Computer Viruses Broke 100,000 In 2004

Posted by timothy on from the research-purposes-of-course dept.

Sammy at Palm Addict writes "The count of known computer viruses broke the 100,000 barrier in 2004 and the number of new viruses grew by more than 50% according to news from the BBC. The BBC also reports that 'phishing attempts, in which conmen try to trick people into handing over confidential data, are recording growth rates of more than 30% with attacks are becoming increasingly sophisticated.'"

35 of 214 comments (clear)

  1. Easy enough by Anonymous Coward · · Score: 3, Informative

    They broke 100,000 in 2003 as well.

  2. my confidential data by WormholeFiend · · Score: 4, Funny

    They can have my confidential data when they pry it from my dead frozen Windows OS... oh wait!

  3. Quoth Strongbad by geeksdave · · Score: 3, Funny

    That is not a small number... that is a very large number!!! Ack poor compy.

  4. Could we have a distinction here? by i_want_you_to_throw_ · · Score: 4, Insightful

    Now how many non Windows viruses were there? You could probably count them on one hand. Let's give credit (or blame) where it is due.

    1. Re:Could we have a distinction here? by Xeo+024 · · Score: 4, Informative

      Linux vs Windows Viruses (from 2003 but still relevant).

      Some things (from the article) worth noting:

      To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it, writes SecurityFocus columnist Scott Granneman.

      "There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory."

      It says 60,000 viruses for Windows in 2003, which escalated to 100,000 in 2004. There haven't been that many major viruses released for Linux/Unix/Mac so let's add a modest 15 to each number listed in 2003.

      So, the list comes to:

      Windows: ~100,000
      Mac: ~55
      Unix: ~20
      Linux: ~55

      and that's being really generous to Windows. Also, keep in mind what it says above: "Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory."

    2. Re:Could we have a distinction here? by Meostro · · Score: 2, Interesting

      Bollocks back at you AC! Exploits and viruses aren't the same thing, although the article doesn't seem to mention the difference.

      Viruses don't need to do anything tricky to propagate, they're just programs that people run. If I want to make a virus, why the hell would I do X amount of work to make it run on Linux when I could expend the same amount of effort to make it run on Windows? Just by switching I can increase my target base by a huge amount.

      Exploits are different, they are based on actual software errors that shouldn't be. Exploits are solely the result of poor programming / design, and I agree that they are not in any way related to market share.

      The article doesn't differentiate anything, but I would add: Worms are another matter, since they are viral exploits... that's where there's a real grey area, as you could legitimately classify them under either type.

    3. Re:Could we have a distinction here? by Daniel+Dvorkin · · Score: 4, Interesting

      And what's the market share of Windows these days?

      Try to compare apples to apples...

      Divide the # of viruses by the user base of the affected platform, see who is ahead at that point. I have no idea, my guess is it's probably fairly even, probably just a little slanted in favor of Linux.

      Last I heard, there were something like 100 known Linux viruses, and 20 known Mac OS X viruses. Assume the current desktop market share is 3-5% each for Linux and Mac, and Windows still comes out "ahead" by quite a large margin. On the server side, of course, things look even worse for Windows.

      --
      The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
    4. Re:Could we have a distinction here? by Xeo+024 · · Score: 2, Interesting

      According to this, this, and this there are no viruses for OS X at all.

      The first link even links to an old /. article. :)

    5. Re:Could we have a distinction here? by jwdb · · Score: 2, Insightful

      None of the Unix or Linux viruses became widespread

      I'd believe the statistics in this article if it weren't for this last statement. Remember a famous worm, spread through unix sendmail, some time around 1988?

      http://en.wikipedia.org/wiki/Morris_worm - It exploited a number of unix vulnerabilities, along with guessing common passwords. Luckily for us, he supposedly made a mistake in the reproduction rate and the worm ended up spreading to every connected computer in a matter of days.
      His intent was to make a slow worm, and had he succeeded it would have gone undetected far longer.

      Worms and viruses that spread like wildfire are actually a boon - a burning car draws attention, a rusting one far less.

      Jw

  5. But... by Anonymous Coward · · Score: 4, Funny

    I'm running Windows XP. Bill Gates says I'm safe from viruses.

  6. URGENT! by Prince+Vegeta+SSJ4 · · Score: 4, Funny
    All slashdot users

    Phising scams are becoming more prevelant on the internet and world wide web. Unfortunately, they are now starting to show up on 'Blogs as well.

    Do to the dedication of security we in the OSS community have, we are updating our servers and account information.

    Please click the following link and verify your account information, password, and private PGP key.

    In order to Verify your identity, please have your Visa or Mastercard account number ready

  7. Re:My computer is acting weird by Niffux · · Score: 2, Funny

    That would most likely be either the 5408th, 37322nd, 56446th or the 74353rd.

  8. not suprising by spac3manspiff · · Score: 5, Informative

    The most common sentence i heard from relatives this holiday was,
    "Can you please fix my computer".
    "I accidently clicked something and my computer is slow".

    1. Re:not suprising by WidescreenFreak · · Score: 3, Insightful

      Accidentally

      Have you noticed that when it comes to computers the relatives always replace had a major lapse of common sense and with accidentally?

      "So, you accidentally received a piece of mail from someone you didn't know, you accidentally opened it up to see what it was, you accidentally moved the mouse over the attachment, and then you accidentally double-clicked on the attachment just because it was there? Oops! I accidentally just formatted your hard drive. Do you have your installation CD?"

      --
      The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
    2. Re:not suprising by Wordsmith · · Score: 3, Insightful

      And can you tell me what about common (non-geek) sense suggests that opening up an e-mail and the included file should be at all hazardous? Common sense suggests you should jsut get to see what's in the file. If it's junk, you'd delete it.

      Unless you've been specifically told otherwise, it wouldn't seem dangerous at all. When you open junk mail at home, or mail from a sender you don't recognize, you don't expect it to take pictures of your house and mail them back to the sender. You don't expect the opened mail to leave dogcrap on your doorstep or make your refridgerator stop working. It seems like a fairly harmless thing to do.

      It's only because of severe design flaws in e-mail programms and OSes that there's an issue.

    3. Re:not suprising by isecore · · Score: 2, Insightful

      I spent hours fixing my little brother's (14 yrs old) computer. Firstly they are on dial up so that was why it took so long.. just downloading Spybot etc.

      As a fellow roaming techsupporter (parents, witless friends) let me give you a little advice:

      Invest in one of them small USB-memory drives. 128 megs is fine, go for more if you feel like splurging.

      I've quickly discovered that these things are solid gold when dealing with different computers in different locations. Just slap Ad-Aware, Spybot and whatever else pieces of software you need onto that thing, and take it with you. Works like a charm. Then all you need the Internet for is for definition-updates and even those don't take years to download over Dial-Up.

      --
      I enjoy large posteriors and I cannot prevaricate.
  9. Distinct virsues? by Rick+Genter · · Score: 4, Insightful

    Should we really consider the dozens of variants of Bagle, Netstky, etc. separate viruses? Just because the anti-virus vendors choose to implement recognition of these variants by separate signatures, are they really different viruses?

    I think it would be more interesting to know how many new virus/worm/trojan families were released year-to-year.

    --
    Don't underestimate the power of The Source
  10. double counting? by Lawrence_Bird · · Score: 2, Insightful

    are they all unique? Or are many of them variants on an original? Seems to me we should only be counting big version
    numbers and not the updates

  11. How many of these viruses are linked to spam? by Lisandro · · Score: 2, Insightful

    That would be an interesting figure, and i guess it'd be pretty high. The ammount of mail traffic due to zombie machines spamming is amazing.

  12. obligatory comment by bigdaddyhame · · Score: 5, Funny

    Does the article mention how many of those >100,000 affected the Mac OS platform?

    The Top 10 List reads like the leader board at a chess competition.

    1) Netsky-P
    2) Zafi-B
    3) Sasser
    4) Netsky-B
    5) Netsky-D
    6) Netsky-Z
    7) MyDoom-A
    8) Sober-I
    9) Netsky-C
    10) Bagle-AA

    --
    ---- You are fully entitled to my opinion.
  13. Symantec cheated me! by sci50514 · · Score: 5, Funny

    I feel so cheated. My office Symantec Corporate Edition listed only 68585 viruses. Where are my other 31415 virus definition? :)

  14. complacency by Anonymous Coward · · Score: 4, Interesting

    Just because you have an ultra-secure computer doesn't mean you should be complacent about theft of confidential data.

    One of my buddies got his credit identity stolen a few months ago, he figures, by someone at a store who processed his credit application when he bought a home theatre system (Zero interest! Don't pay til way later!).

    By the time collection agencies were knocking at his door, that store had closed.

  15. Better headlines please. by northcat · · Score: 2, Insightful

    The first thing I thought when I saw the headline was 'broke 100,000 what?'. The headline should have been better, like 'crossed the 100,000 barrier' or just 'crossed 100,000'.

  16. So, who's responsible? by WidescreenFreak · · Score: 5, Insightful

    The problem with this topic is that Microsoft is always blamed for making an inherently insecure operating system. They are also to blame because of "too little, too late", aka. activating the firewall by default only in SP2.

    But quite frankly the ISPs and of course the individual users are to blame as well.

    Why don't broadband ISPs require boradband firewalls? Only recently have some of them started to incorporate firewalled modems, and even then they're only sent to new customers. Would this mean that existing customers would have to spend money for a new router at the ISPs demand? You bet. But given the choice between disconnection or buying a $50 router, I'm sure that the vast majority would find a way to get that $50.

    Additionally, most virii are sent over SMTP ports since they contain their own SMTP servers. I would not be against shutting down direct-from-client SMTP as long as those who run their own mail servers have the option of having their specific connection opened for SMTP traffic.

    Finally, the users absolutely MUST be educated. There are enough free tools out there that no one should be unprotected. But again who should be responsible for teaching these end users?

    At this point I would actually welcome something like a drivers license for broadband access. You don't gain the ability to use a broadband connection unless you prove to the ISP that you know the rules and that you are informed of how to be a responsible Netizen, including the use of firewalls, virus scanners, and alternate products like Mozilla, Eudora, Firefox, and others. If you break the "law" afterwards, your broadband privileges are revoked until you come into compliance.

    If people were made aware that any virus or worm outbreak cause by them would mean the complete loss of their Internet connectivity, I think we'd see the number of virus infections drop dramatically.

    But have an ISP do the responsible thing at the risk of pissing off customers? No, they'd rather spend billions of dollars a year on mail storage, spam-fighting hardware and software, increasing bandwidth usage, and always-rising amounts of mail to abuse@isp.net...and of course pass those charges onto us.

    --
    The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
  17. what viruses? where? by gobbo · · Score: 3, Interesting

    I've gotten so cozy in my nearly MS-free world since I managed to offload the last W2K machine that I forget about the risks, and how that antiviral cruft soaked up CPU and RAM.

    Until, that is, I open an MS Office document with macros, then the whole sense of dread and ire comes back; and I'm always surprised and annoyed when the latest worm brings local networks staggering to their knees.

    --
    Damn those pesky terrorists
  18. I don't really care about viruses... by Kjella · · Score: 3, Interesting

    100, 100.000 or more... viruses are quite easy to contain because they are unquestionably nuked as such. What I don't like is all the other semi-legitimate software (hello adware, hello malware, hello spyware) which can fuck up your computer almost as bad or worse, except they come with an EULA.

    I think all software should come with a self-signed key. By default it should allow upgrades by the same key (version 1.0->version 1.1), but not let other programs update eachother (e.g. explorer hooks, IE hooks, grab default applications, overwrite system libraries etc.)

    I'm talking about all optional here, not DRM. I would love to have it such that I could install apache on my linux box, and not have it overwritten by anyone but apache (without my explicit permission) as well. Right now, once you have root, it is enough. But proper rights should be "need-to-have". Give a program permission to install itself, but don't fuck the rest of the system? Today, that can't be done.

    Kjella

    --
    Live today, because you never know what tomorrow brings
  19. It's time Windows included a basic anti-virus tool by Luscious868 · · Score: 2, Interesting

    What continues to blow my mind are the numbers of users who do not have anti-virus software installed or kept up to date on their systems. I really wish that Microsoft would include some basic type of anti-virus / anti-spyware utility with the operating system.

    Yes, there would probably be a huge outcry about antitrust violations, but I believe the bottom line is that Microsoft has a duty to ship an operating system that is as reasonably secure as possible without including so many features as to push other vendors out of the market. I think the firewall in Windows XP SP2 is a good example of a compromise. The firewall includes enough basic features so that users aren't completely hanging out there in the wind, yet does not provide such a robust feature set so as to push third party firewall vendors out of the market. The disk defragmentation utility is another good example of a compromise. It has enough basic features to be useable, but not enough so as to push third party vendors out of the market.

    Microsoft could do it if they wanted to, even if there was an outcry from vendors. Look at what they did with I.E. when they decided they wanted a piece of the browser market. For a more modern, post anti-trust trial example, look at what they are doing now with Windows Media Player. Yeah, the EU is calling them on it, but I think a real case could be made that a basic anti-virus / anti-spyware utility is as important a part of basic system security as a firewall.

    Of course, if Microsoft just fixed I.E. and Outlook / Outlook Express, viruses and spyware wouldn't be as much of an issue, but we all know about how likely that is to happen.

  20. Re:Percentage of Windows Boxen by PyroPunk · · Score: 2, Insightful

    I always see these comments, but I want to know; if the mass of people using Windows today all switched over and were using Linux tomorrow, do you honestly think all of a sudden the computer world would be a safer place? Do you envision this utopia where all users suddenly start keeping their machines up to date to thwart off the latest exploit? Would we suddenly have ma and pa computer user logging into application.bugzilla.com and filing bug reports? If a trojan/worm/virus/etc was sent out and the user got infected and a dialog popped up saying they had to enter their root password to run it, do you think these same users that download everything off the net, always just click "yes" without reading anything, are going to say "if I log in as root I can cause serious damage" and not log in as root? no, a majority of them will log in as root and get exploited.
    The only difference I see will be all the Linux zealots either a) switching to another OS because now it's not 1337 to be running Linux or b) the same people that blame Microsoft for all the users problems, will now start blaming the user (instead of blaming Linux).

  21. strcpy, providing freedom to crackers since 1972! by ratboot · · Score: 4, Insightful

    Viruses still exist because programmers still use obscure C functions full of holes and obscure processors full of executable stacks.

    Please programmers, read the electronic paper "Smashing The Stack For Fun And Profit" (->Google).

    zzz

  22. Re:It's time Windows included a basic anti-virus t by stratjakt · · Score: 2, Insightful

    If you were paying attention, you'd have noted that not only is MSFT developing it's on AV tool but they also plan their own spyware scanner/remover.

    Windows 3.0 had MSAV, are any /.ers old enough to remember that? They abandoned it, deciding it was too much work to maintain something that, at the time, wasn't viewed as a necessary compnent. And it wasn't needed, in a simpler, kinder, pre-internet world.

    --
    I don't need no instructions to know how to rock!!!!
  23. In the wild? by slavemowgli · · Score: 2, Insightful

    How many of those are actually found in the wild? 100,000 is a big number, but ultimately meaningless when you want to assess the risk posed by viri etc. Throwing around big numbers like that is more the realm of marketing than that of engineering. :)

    --
    quidquid latine dictum sit altum videtur.
  24. Scarier than the number of virii is this stat... by rah1420 · · Score: 2, Informative

    from TFA:

    On the positive side, Finnish security firm F-Secure said that 2004 was the best-ever year for the capture, arrest and sentencing of virus writers and criminally-minded hackers.

    In total, eight virus writers were arrested and some members of the so-called 29A virus writing group were sentenced.

    Eight? EIGHT??

    (deep sigh)

    --
    Mit der Dummheit kämpfen Götter selbst vergebens.
  25. eBay phishing scam I got by YukiKotetsu · · Score: 3, Insightful

    These things are looking more and more realistic/genuine all of the time. The last I got I opened up the email just to take a look, and the reply to address was "cgi.ebay.com/cgi-bin/"whatever else... it looked so nearly authentic it was scary. Everyone sees the cgi-bin at the ebay page, so having the name cgi.ebay.com was just... yah... I see why people fall for these, they are just uninformed, thinking someone actually was trying to steal their eBay account and such. What needs to be done is when you sign up for stuff, you are required to read aloud to a microphone some statement about how the company will never send you emails to verify account information, social security numbers, and so on. It's the only way to guarantee they read it, but perhaps they still wouldn't understand it. It's just scary. What we need is to make a global law about these things as well... if you are found doing this sort of act, you and your whole immediate family is executed in front of a live TV audience. I bet it'd get higher ratings that Survivor!

  26. Nerd by the_mad_poster · · Score: 2, Insightful

    Yea... because hard drives never fail outright or suffer physical damage that prevents normal access to the data on them..... in fact, when that happens, it's because your neighbor's computer running Windows picked the lock on your front door, went into your den, and damaged the drive on your 1337 Lunax machine, right?

    --
    Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
  27. sophisticated phishing attack by SQLz · · Score: 2, Funny
    ...with attacks are becoming increasingly sophisticated.

    Yeah, by sophisticated they mean its one where they put @citibank.com in the reply-to address of the email so you know its legit!