Slashdot Mirror
Has Mass-Mailed Malware Peaked?
Ant writes "Broadband Reports posted a CRN article about researcher saying mass-mailed worms have reached their peak. Six years ago, on March 26, 1999, Melissa, the first virus that spread by mailing copies of itself to e-mail addresses it found on infected machines, swept the Internet. Today, the researcher who led authorities to the hacker who wrote Melissa, says that mass-mailed worms have reached their peak."
I believe it. Over the last three years I've seen mail-based virus infections disappear. I don't think I've seen a mail-based virus infection in the last year at all.
[insert witty sig here]
There are still plenty of chat-based worms such as the recent W32.Serflog.C worm, which is quite unpleasant.
As noted in the article, criminals will turn to other methods.
The thing about Melissa was that they were on to it before it spread very much.
The next big thing might be very complex and dreamed up by a complete brain box. On the other hand, it might be very simple and we'll all ask why we didn't think of it. My favorite example of simple was the Viet Cong with their dung covered stakes vs the greatest power in the history of the world. We all know how that one turned out. What I'm saying is that just because one threat may diminish, we are by no means out of the woods.
The problem with statements like these is that they take the name, worms, too literal. A computer virus or worm, although they behave very much like the real organisms, cannot be eradicated like a real virus or worm. To the casual reader you would think the email worms and viruses have been wiped out of existence like polio and small pox. It just isn't the same. Our immune system has a memory and protects itself. For some reason, programmers don't seem to have a memory. How else can you explain buffer overflows still being the number one cause of exploited systems? We all know it, but we just don't do anything about it.
What is funny though is that if we put as much proactive effort and money into combating preventing electronic viruses and worms as we did with polio and small pox, we could probably truly eliminate these things. What people don't appreciate about the diseases that we have 'wiped out' is that there are teams of very dedicated people (like the CDC) that respond to every reported outbreak of one of these diseases. If we tracked down every computer worm and virus the way we handle Ebola, I think this would all come to an abrupt end.
But that would but too many antivirus firms and the like out of business. And we can't have that...
I'm sure that's part of it - however it's not simply that end-users are employing more protection. Many companies and ISP's are putting antivirus scanners on their mail servers, which provides a basic level of protection for all of the users of their mail service. So even many of the clueless are getting antivirus scanning without even knowing about it.
I have in fact seen a few viruses get past our ISP's filters only to get caught by the antivirus scanner on the PC - most likely because the ISP only scans the mail when it arrives (and may not yet be looking for that virus signature yet) but the PC only scans it when it's downloaded from the server, which might be some time later and after the virus definitions have been updated on the PC.
So I'm sure there will continue to be some virus circulation - it's like Krupp and the armor plating: make better armor that the existing shells can't penetrate, so then you can sell all the navies of the world better shells, which requires better armor, and so forth. It's a never-ending battle.
As I recall, there was some sort of weird competition going on last year. So was there a "peak" or just an unusually high level of virus creation efforts that could repeat itself in the not so distant future?
Viruses is the correct term for the biological ones. Virii is perfectly acceptable for the computer ones.
Why? Because the English language is constantly changing. New words are invented, and new meanings are given to old words. What is a 'word' is determined by usage. SO if people use "virii" to describe computer, um, virii, then so be it.
You are witnessing the birth of a new word. Don't try to abort it just to be an ass.
Although it's true that living languages evolve, that doesn't give license for people to just make up words or change the meaning of existing words. There are certain rules of etymology to follow. Most words are formed in whole or part from words in other languages (such as Latin) and derivations such as plurality and tense follow common rules. Slang, trademarks, and other words which were in fact made-up don't get officially accepted as part of the English language unless they have achieved widespread usage over a number of years.
I thought that the definition of worms made them diffrent from viruses in that they don't need to pick up a ride on a file, they can come on there own. Maybe this is just another public misconception, like when people call crackers, hackers. We all should know that a statement like "I caught a worm from an email sent by a hacker" makes no sense at all.
Star Trek, there maybe hope.
While gathering such statistical data keeps someone employed and quite busy at that, it doesn't help to remedy the situation.
/. are exempt of course.)
Take for example the rise of free email services (ie. Hotmail, Yahoo!, etc) some years back: They were known to sell off email address in order to cover some operating costs. This was confirmed by researchers who created accounts on various systems (not limited to Hotmail or Yahoo!), and didn't disclose their address to anyone. Several weeks later, SPAM started appearing in their Inboxes. The rest is history...
Other causes:
* Bots/Spiders relentlessly sifting through vast amount of web pages and usenet archives for the simple purpose of harvesting and processing fresh email addresses.
* ID10T errors on the user side as they love to click on attachments they have no clue about.
* Users who participate in chain letters, as anyone's system who is compromised along the way can reveal their email address.
* Poorly configured mail servers who respond to requests for mailing lists.
* Consumers who volunteer their email address to telemarketers, store give-a-way programs, etc. That information is then sold off of course, and voila, more SPAM. Then they have the nerve to ask, why am I getting so much SPAM??!! Bunch of morons!!
With regards to worms and other system exploits:
* Piss poor implementations of TCP/IP (in the case of Windows)
* Weak firewall configurations or none at all (Windows XP's firewall is a joke as it trusts all outgoing connections. Therefore, once the worm has taken hold, it's free to do as it pleases)
* RPC (Remote Procedure Call) and Remote Administration tools implemented on end user machines (If I'm not mistaken, Macs carry these features as well.) This should only be implemented on corporate installations or the like. Since the average end user simply browses the web, checks email and logs onto their favorite IM program, such RPC capabilities should be an opt-in deal. Clients such as FTP and Telnet will still be available, but anything running as a server would be optional, and subject to a two-step authentication before allowing it to listen in on it's given port.
* The wide-spread use of P2P programs with embedded spyware/etc. The user infected by the use of such programs is at fault for this one.
* Unsecured wireless installation in homes. This is a growing concern as such connections are being used to launch DDoS attacks and serve as SPAM gateways, among other things.
(Note: Those using such connections to log on to
and finally...
* CraptiveX (or ActiveX[tm] for those M$ folks out there) - This so-called technology speaks for itself. Oh.. I'm sorry!! It's inherent lack of security is a FEATURE, not a bug.
well not really. Almost all worms that make use of vulnerabilities come after a patch has been released. So every that has auto updates are typically protected, the ones that dont are not.
And if someone does disable auto update (it is enabled by default in ff, xp_sp2) well there really is no point in disabling their auto update is there.
Well over 90% of what a ClamAV filter I administer catches is variants of HTML.Phishing.Bank. This seems to agree with the other posters who say that attention has shifted from 0wning machines to 0wning bank accounts. Netsky consistently comes in a poor second.
I had thought they were just too busy switching over to the far more profitable phishing schemes to write more viruses. I'm getting about 4 phishers a day here, compared to zero e-mail viruses.
The ______ Agenda
The only way to address bad info, whether lies or just bad news, is for more information. Context, corollaries, connections, discussion. The world is a complex place, where constructive growth vastly outweighs the bad actions and structures. Free expression is much more powerful than propaganda, especially when interactive and independent. So people can talk amongst ourselves about info we're getting. We've got a nascent P2P culture, on a P2P-oriented infrastructure. But it's up against the traditional media, which is highly centralized, with coroprate interests that conflict with both free expression and even stopping terrorism.
;). People always say "education" is the antidote to ignorance, fear and propaganda, but they're thinking of school buildings, state-sponsored/accredited teachers, more centralized official knowledge. The great strength of people is in our ability to communicate with each other, our desire for other people with whom to communicate. As we get past the huge edifice of traditional media institutions, into our global communictions mediasphere, we'll have the chance to leave terrorism as far in the past as maps with gaps labelled "here there be dragons".
:).
Any idea that requires perfection for execution is "utopian". But increased/improved communication is a practical reality that gains ground every day. Most Slashdotters are building the solution, both in our work, and the Slashdot discussions that work distracts us from
For a more specific set of insights, I recommend McLuhan's War and Peace in the Global Village. McLuhan pointed out that every new tech has brought a new kind of warfare, and identifies infowar as the spawn of mass media tech. Understanding the beast is the key to hunting it. Just be sure to eat everything you kill
--
make install -not war
Don't count on that being the reason.
.zip attachment .gif semicatchpa to prevent the virus scanners from using the the password to open the zip. .exe in zipfile .exe
We have seen viruses where user needs to jump through many hoops:
1. open the
2. enter the password for the zip (following the instruction in the email, embedded as
3. saving
4. running the
I thought the file was safe since it was password protected
Tell me, how is this different from a virus telling user to save an ELF attachment, chmod a+x it and run it?
Viruses rarely anymore exploit software flaws - they exploit the weakest link: user, via automated social engineering.
Apart from disabling users ability to execute arbitary binaries and perl/python/shell scripts, there only alternative I see is chopping a finger from the infected user everytime they get themself a virus.
Unfortunatly the first one creates practical problems and the second one legal.
signatures pending - ansa@kos.to - (dont mail there)
They usualy have management jobs. Hey guess what, our Vice President just opened up an attachment in email and now our whole network is down while IT tries to remove the malware infections.
I still see infected malware emails, my AV program detects them.
Yet there exists a problem caused by a few factors:
#1 Managers are usually given Administrative access to their machines. This increases the risk for infection.
#2 AntiVirus software uses a subscription model. If Management is too cheap to renew licenses, they can end up without protection from new malware. Most managers are unaware that AV software actually scans for signatures and that the signatures of new malware are different from the old ones.
#3 Those without Administrator access, cannot properly update their AV software. Imagine a McAfee VirusScan software not being updated since 2003. You attempt to update it, but the system fails to install the new software because you do not have access to install. The path to the AV data files is marked as read only. Yet Malware can easily infect your machine. I've seen college labs full of workstations with older protection that is unable to be updated. I can only guess that corporations are full of machines like that as well.
#4 Some viruses like to set the clock to the year 2000, hoping to trigger Y2K issues. Most malware kills itself after a certain date in the future. If the year is always 2000, the malware will not kill itself.
#5 People still download software willy-nilly from the Internet from file sharing networks, web sites, and IRC channels without scanning them first and then they run them. People are still getting malware infections this way, more so than the email attachments. All malware did was evolve from the email attachments to infecting software for download on the Internet. For example, one malware for OSX was a Word 2004 installer program, which actually was not a Word 2004 installer but a program script designed to delete all files on the OSX hard drive. It seems the age of the cuckoo egg malware infections have replaced the age of the email attachment malware infections. A cuckoo egg being a file you think is one thing, but it actually turns out to be something else.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.