Slashdot Mirror
Has Mass-Mailed Malware Peaked?
Ant writes "Broadband Reports posted a CRN article about researcher saying mass-mailed worms have reached their peak. Six years ago, on March 26, 1999, Melissa, the first virus that spread by mailing copies of itself to e-mail addresses it found on infected machines, swept the Internet. Today, the researcher who led authorities to the hacker who wrote Melissa, says that mass-mailed worms have reached their peak."
What have we accomplished by making this statement? If nothing else, doesn't this just tempt virii/malware writers into trying harder?
-dave
http://millionnumbers.com/ - own the number of your dreams
Could it be that more users are employing protection against these worms now? Thanks to ClamAV I never see any in my inbox now, but my log messages would suggest there are still plenty of clueless people out there propagating them.
I think that perhaps they might have reached their peak for propigating via email. IMs, P2P, IRC... pleanty of other mediums to play in.
So the whole premise here is that mass mail viruses are peaked because they are slowly being devoured by the phishes... err phishers.
While I suppose that's true to an extent, we are still a long way from providing an environment where the From header can not be (easily) spoofed. The article makes it sound like we are going to throw a switch any day now and all will be right in the world of SMTP.
In short, I wouldn't say we've reached a peak necessarily, but perhaps more of a plateau. But even then, I think that might be wishful thinking.
They don't need any more encouragement. That's not the limiting factor on their productivity. While I don't believe this article, which is entirely based on the idea that worms will decline now that the spoofing upon which they depend is addressed by some new tech for sender authentication, I also know we can't live in fear. The other way to react, in that fear cage, is to be afraid to say that worms are increasing, because that will make them more attractive: be on the side that's winning. No, you can't get paralyzed by fear of the truth - the truth is essential in addressing the problem, and anyone interested must freely discuss it, if we're to use our superiority in numbers to win.
This attitude goes to the heart of today's problems. Fear of terrorists, fear of criminals, fear of government, fear of people different from us, fear of big changes in the world economy, energy, politics. All of them have people who say we should just keep quiet, lest we make it worse by making it more "popular". We must talk about the realities, so we can confront them, resolve them. Otherwise, the fear has won, and we are defeated.
--
make install -not war
Peaked : The highest figure
So.. how do we know it's peaked untill we see clear evidence in a year or twos time?
I like muppets.
Changes in the gross volumes of malware mail are irrelevant. As long as the mean time to infection (receipt of the latest malware) is on the order of or less than the mean time to patching, computers will have problems. Only when patching is much faster than malware spreading rates can we claim even partial victory.
The other issue is the damage done by the malware. One especially dangerous piece of malware, mailed once to all susceptible machines, will be far more serious than more innocuous malware mailed thousands of times.
Besides, I suspect that malware creators have turned their attentions to more nefarious activities such as phishing. Owning someone's bank account is more valuable than owning their PC or corrupting their harddrive.
Two wrongs don't make a right, but three lefts do.
Probably the #1 reason that these viruses have peaked is because people protect themselves better. If they use windows they (usually, yes there will always be idiots) know not to click on random attachments, have filters, and regularly run a virus/spyware checker. Why? Probably because they got burned before or know someone who got burned.
Kind of reminds me of how in the late 90's people thought HIV was declining in the US because the rate of new infections was dropping. But then people got complacent and started doing stupid shit again and now the virus is making a comeback in the US as the rate of new infections is increasing once again.
Lesson learned: Somoeone is always trying to fuck you, so be vigilant with your protection.
Monstar L
I kind of like how Gmail's policy of "keep suspected spam 30 days, than discard" makes it pretty easy to gauge your spamrate...from this summer, it was above 14K, but now it's closer to 8.5K. I don't know how much of that comes from zombie nets, or if there's some other factor (since I own a few domains, and receive any email sent to them, sometimes I get waves of bounces when someone hijacks my domain name as a from address) but it does seem like spam ain't as bad as it used to be.
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
This guy says worms have peaked because they depend on spoofing the sender, and IBM has introduced some sender authentication tech. He made a good call on Melissa in 1999, but I don't see the rigor of this latest pronouncement. He assumes that people will use sender auth, which I don't - people don't even use free firewall SW like Zone Alarm. He also assumes that sender auth use will grow faster than the hosts on the Net, and that the worms' growth is entirely limited by the number of address books infected. Melissa only used the first 50 addresses - what if new worms use all the addresses? And with so many more people in addresses books, the exponential infection growth could easily surpass the exponential authentication growth. He might have had as much hope in widespread spam/virus filtering, which obviously hasn't stopped the tide from rising.
Sender auth is a great help, but it's not enough. And complacency like that in which these researchers indulge is a greater enemy than insecure protocols. Security is an intractable, NP-complete problem, where the pickers are up against the locksmiths every day. Declaring the war over is a sure way to lose.
--
make install -not war
To be honest, i dont receive in my gmail account mail worms, but that is because gmail executable attachment filtering. But in a server i administer there are a constant flow of mail worms (that dont impact end users thank to anomy sanitizer and ClamAV) but the biggest part of them are not for especific individuals but for randomgeneratedname@mydomain.com, almost none hits a real account. Not sure what or how many worms of this kind are, but a few infected people generates a lot of mail traffic this way.
I think the decline can be attributed to a few factors:
1. Increased use of SPAM and virus filters on email, esp. at the provider level
2. It's no longer really a challenge to write email worms, etc. So the only people writing them are the ones trying to work for spammers
The new threat is going to be in viruses written for mobile phones with ever increasing OS capabilities, memory and CPU power. I'm not an anti-MS bigot, but I don't really want any version of windows at all on any mobile device that I store confidential info on. As more and more phones keep coming out that support advanced OS', you can expect more and more viruses for these devices.
I'm sure then that they're being filtered before you get them. I get at least two a day, about 10% of my spam. And the author of TFA's reasoning was that "From" spoofing will be impossible because of some new mail standards touted by IBM and others (was he shilling for them?). But if spoofing is impossible, (something I rather doubt) the viruses will still be sent, just not spoofed, making it a bit easier to track back but not enough to eradicate them.
The people using that fear *are* the terrorists. The people who planebomb buildings are *saboteurs*, a specific (and often shortlived) kind of terrorist. Without the media fear, it's just sabotage. It becomes terrorism when the event is spread through the media - electronic, word of mouth, or otherwise. Terrorism is infowar, and "we" are our own worst enemy. The only remedy is knowledge - the antidote to any kind of fear, which is incubated in ignorance, and spawns anger and violence.
--
make install -not war
Of course, you'd wonder why people were using a convoluted irregular plural when the vast majority of words and nearly all new coinages in standard use use the regular plural form in English. But never mind.
If anything, I've been helping more and more people rid their computers of viruses/malware that two years ago.
I think you are absolutely right. The terrorists' most powerful weapon are the media. Possibly if the media were not telling us about those attacks, no one would be afraid of being blown up. But what solutions to this problem should there be? The media cannot just stop informing us. One might tend to say they should not report on terrorist attacks. But there would surely be some other way of keeping people afraid. And who would be to decide what to hush up? Government? No, this is a much too serious matter to be entrusted to a limited group of people!
I think the only solution is to make almost any information freely available. One would be less afraid of the Arab next door if one knew about his culture and just talked to him. IMHO educated people have far less problems when dealing with new situations, simply because they get used to the feeling of being confronted with something new. You often face something new when trying to understand things. Thus knowledge should be freely available and every human should be able to access it. Unfortunately this seems to be a utopian idea.
It's always been my "utopian" dream that the internet will evolve into the answer that good men have been lacking through the ages. The minorities in power have always relied on misinformation, lack of information, and the physical suppression of ideas to retain their control. The distributed and instantaneous nature of the 'net make the suppression of information much more difficult. I want to believe that man has evolved to the extent that having access to accurate information and communication with other cultures will open our eyes to the REAL us/them problem. It relies on each of us accepting the responsibility to discover the truth as best we can and taking responsibility for not just our own actions but for the actions done in our names. Is a man innocent if he knows his government is acting wrongly and he does nothing? The difference between terrorists and freedom fighters is often defined by whoever is writing the headlines - or more accurately - whoever is paying for the headlines.
My great worry is that people CHOOSE to remain ignorant. It's easier and more comfortable to sit in front of the plasma tv and watch the game than to risk the powers that be's ire. After all - they said those guys are evil - so that MUST mean we're good - right? And if you say anything different? Well that must mean you're evil too. If you're not, I might have to pay attention to what you say. And I might have to DO something uncomfortable, maybe even dangerous, like stand up for the truth. Naw, I'd rather just watch a little tube and order out for pizza. Business as usual, just like the President said. I mean, that IS the American way, right?
billy - who loves his country and fears for its honor