Slashdot Mirror
Has Mass-Mailed Malware Peaked?
Ant writes "Broadband Reports posted a CRN article about researcher saying mass-mailed worms have reached their peak. Six years ago, on March 26, 1999, Melissa, the first virus that spread by mailing copies of itself to e-mail addresses it found on infected machines, swept the Internet. Today, the researcher who led authorities to the hacker who wrote Melissa, says that mass-mailed worms have reached their peak."
What have we accomplished by making this statement? If nothing else, doesn't this just tempt virii/malware writers into trying harder?
-dave
http://millionnumbers.com/ - own the number of your dreams
I believe it. Over the last three years I've seen mail-based virus infections disappear. I don't think I've seen a mail-based virus infection in the last year at all.
[insert witty sig here]
or just reached a saturation point? I suppose that "peaked" sounds better.
The dogcow says "Moof!"
just like my stock prices did ... then of course they fell. So, cutting my losses, I sold them. An what do you know, it turns out that they are even higher now.
Could it be that more users are employing protection against these worms now? Thanks to ClamAV I never see any in my inbox now, but my log messages would suggest there are still plenty of clueless people out there propagating them.
I think that perhaps they might have reached their peak for propigating via email. IMs, P2P, IRC... pleanty of other mediums to play in.
So the whole premise here is that mass mail viruses are peaked because they are slowly being devoured by the phishes... err phishers.
While I suppose that's true to an extent, we are still a long way from providing an environment where the From header can not be (easily) spoofed. The article makes it sound like we are going to throw a switch any day now and all will be right in the world of SMTP.
In short, I wouldn't say we've reached a peak necessarily, but perhaps more of a plateau. But even then, I think that might be wishful thinking.
New versions of windows could change this. Vast untapped markets remain for Mac and Linux.
There are still plenty of chat-based worms such as the recent W32.Serflog.C worm, which is quite unpleasant.
They don't need any more encouragement. That's not the limiting factor on their productivity. While I don't believe this article, which is entirely based on the idea that worms will decline now that the spoofing upon which they depend is addressed by some new tech for sender authentication, I also know we can't live in fear. The other way to react, in that fear cage, is to be afraid to say that worms are increasing, because that will make them more attractive: be on the side that's winning. No, you can't get paralyzed by fear of the truth - the truth is essential in addressing the problem, and anyone interested must freely discuss it, if we're to use our superiority in numbers to win.
This attitude goes to the heart of today's problems. Fear of terrorists, fear of criminals, fear of government, fear of people different from us, fear of big changes in the world economy, energy, politics. All of them have people who say we should just keep quiet, lest we make it worse by making it more "popular". We must talk about the realities, so we can confront them, resolve them. Otherwise, the fear has won, and we are defeated.
--
make install -not war
Changes in the gross volumes of malware mail are irrelevant. As long as the mean time to infection (receipt of the latest malware) is on the order of or less than the mean time to patching, computers will have problems. Only when patching is much faster than malware spreading rates can we claim even partial victory.
The other issue is the damage done by the malware. One especially dangerous piece of malware, mailed once to all susceptible machines, will be far more serious than more innocuous malware mailed thousands of times.
Besides, I suspect that malware creators have turned their attentions to more nefarious activities such as phishing. Owning someone's bank account is more valuable than owning their PC or corrupting their harddrive.
Two wrongs don't make a right, but three lefts do.
They've reached their peak because there are no more computers remaining send them too. All computers are already getting them!
Greetings,
To check for malware please click on the link.
Check for SPYWARE
Panda Antivirus Has Scanned This Post.
There are no viruses.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Probably the #1 reason that these viruses have peaked is because people protect themselves better. If they use windows they (usually, yes there will always be idiots) know not to click on random attachments, have filters, and regularly run a virus/spyware checker. Why? Probably because they got burned before or know someone who got burned.
Kind of reminds me of how in the late 90's people thought HIV was declining in the US because the rate of new infections was dropping. But then people got complacent and started doing stupid shit again and now the virus is making a comeback in the US as the rate of new infections is increasing once again.
Lesson learned: Somoeone is always trying to fuck you, so be vigilant with your protection.
Monstar L
As noted in the article, criminals will turn to other methods.
The thing about Melissa was that they were on to it before it spread very much.
The next big thing might be very complex and dreamed up by a complete brain box. On the other hand, it might be very simple and we'll all ask why we didn't think of it. My favorite example of simple was the Viet Cong with their dung covered stakes vs the greatest power in the history of the world. We all know how that one turned out. What I'm saying is that just because one threat may diminish, we are by no means out of the woods.
The problem with statements like these is that they take the name, worms, too literal. A computer virus or worm, although they behave very much like the real organisms, cannot be eradicated like a real virus or worm. To the casual reader you would think the email worms and viruses have been wiped out of existence like polio and small pox. It just isn't the same. Our immune system has a memory and protects itself. For some reason, programmers don't seem to have a memory. How else can you explain buffer overflows still being the number one cause of exploited systems? We all know it, but we just don't do anything about it.
What is funny though is that if we put as much proactive effort and money into combating preventing electronic viruses and worms as we did with polio and small pox, we could probably truly eliminate these things. What people don't appreciate about the diseases that we have 'wiped out' is that there are teams of very dedicated people (like the CDC) that respond to every reported outbreak of one of these diseases. If we tracked down every computer worm and virus the way we handle Ebola, I think this would all come to an abrupt end.
But that would but too many antivirus firms and the like out of business. And we can't have that...
I kind of like how Gmail's policy of "keep suspected spam 30 days, than discard" makes it pretty easy to gauge your spamrate...from this summer, it was above 14K, but now it's closer to 8.5K. I don't know how much of that comes from zombie nets, or if there's some other factor (since I own a few domains, and receive any email sent to them, sometimes I get waves of bounces when someone hijacks my domain name as a from address) but it does seem like spam ain't as bad as it used to be.
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
From the article:
"The good news now," he said, "is that what Melissa ushered in is finally waning. Mass-mailed worms and viruses reached their peak last year."
It has peaked because the numbers are declining, from their peak last year. RTFA.
This guy says worms have peaked because they depend on spoofing the sender, and IBM has introduced some sender authentication tech. He made a good call on Melissa in 1999, but I don't see the rigor of this latest pronouncement. He assumes that people will use sender auth, which I don't - people don't even use free firewall SW like Zone Alarm. He also assumes that sender auth use will grow faster than the hosts on the Net, and that the worms' growth is entirely limited by the number of address books infected. Melissa only used the first 50 addresses - what if new worms use all the addresses? And with so many more people in addresses books, the exponential infection growth could easily surpass the exponential authentication growth. He might have had as much hope in widespread spam/virus filtering, which obviously hasn't stopped the tide from rising.
Sender auth is a great help, but it's not enough. And complacency like that in which these researchers indulge is a greater enemy than insecure protocols. Security is an intractable, NP-complete problem, where the pickers are up against the locksmiths every day. Declaring the war over is a sure way to lose.
--
make install -not war
As I recall, there was some sort of weird competition going on last year. So was there a "peak" or just an unusually high level of virus creation efforts that could repeat itself in the not so distant future?
does it bother anyone else that the /. "icon" for worm stories is actually a caterpillar.
I'll go back to picking my nits.
From TFA: "The good news now," he said, "is that what Melissa ushered in is finally waning. Mass-mailed worms and viruses reached their peak last year."
I think the blurb is a little misleading. The blurb should have said that the peak was last year and we are on the decline.
The Tasmanian Devil is endangered, but not anywhere near extinct. The "practically extinct" animal you are thinking of is likely the Tasmanian Wolf, also called the Tasmanian Tiger. This animal, however, is much less remembered, due to its extinction(?) and the fact that there is no Warner Brothers cartoon character to make it so everyone thinks it is so cool.
Don't blame Durga. I voted for Centauri.
To be honest, i dont receive in my gmail account mail worms, but that is because gmail executable attachment filtering. But in a server i administer there are a constant flow of mail worms (that dont impact end users thank to anomy sanitizer and ClamAV) but the biggest part of them are not for especific individuals but for randomgeneratedname@mydomain.com, almost none hits a real account. Not sure what or how many worms of this kind are, but a few infected people generates a lot of mail traffic this way.
Your post reminded me of Hastur the Unspeakable. But I was really channeling the Kwisatz Haderach.
--
make install -not war
I thought that the definition of worms made them diffrent from viruses in that they don't need to pick up a ride on a file, they can come on there own. Maybe this is just another public misconception, like when people call crackers, hackers. We all should know that a statement like "I caught a worm from an email sent by a hacker" makes no sense at all.
Star Trek, there maybe hope.
I think the decline can be attributed to a few factors:
1. Increased use of SPAM and virus filters on email, esp. at the provider level
2. It's no longer really a challenge to write email worms, etc. So the only people writing them are the ones trying to work for spammers
The new threat is going to be in viruses written for mobile phones with ever increasing OS capabilities, memory and CPU power. I'm not an anti-MS bigot, but I don't really want any version of windows at all on any mobile device that I store confidential info on. As more and more phones keep coming out that support advanced OS', you can expect more and more viruses for these devices.
On a graph that is increasingly climbing, today is always the peak.
If you mod this up, your slashdot background will turn into a beautiful sunset!
Due to the distinct lack of thinking machines and robots at Hogwarts School, there might be something to claims of a Dune/Potter connection. Surely the blast-ended skrewt must be related to the Sandworm.
Don't blame Durga. I voted for Centauri.
While gathering such statistical data keeps someone employed and quite busy at that, it doesn't help to remedy the situation.
/. are exempt of course.)
Take for example the rise of free email services (ie. Hotmail, Yahoo!, etc) some years back: They were known to sell off email address in order to cover some operating costs. This was confirmed by researchers who created accounts on various systems (not limited to Hotmail or Yahoo!), and didn't disclose their address to anyone. Several weeks later, SPAM started appearing in their Inboxes. The rest is history...
Other causes:
* Bots/Spiders relentlessly sifting through vast amount of web pages and usenet archives for the simple purpose of harvesting and processing fresh email addresses.
* ID10T errors on the user side as they love to click on attachments they have no clue about.
* Users who participate in chain letters, as anyone's system who is compromised along the way can reveal their email address.
* Poorly configured mail servers who respond to requests for mailing lists.
* Consumers who volunteer their email address to telemarketers, store give-a-way programs, etc. That information is then sold off of course, and voila, more SPAM. Then they have the nerve to ask, why am I getting so much SPAM??!! Bunch of morons!!
With regards to worms and other system exploits:
* Piss poor implementations of TCP/IP (in the case of Windows)
* Weak firewall configurations or none at all (Windows XP's firewall is a joke as it trusts all outgoing connections. Therefore, once the worm has taken hold, it's free to do as it pleases)
* RPC (Remote Procedure Call) and Remote Administration tools implemented on end user machines (If I'm not mistaken, Macs carry these features as well.) This should only be implemented on corporate installations or the like. Since the average end user simply browses the web, checks email and logs onto their favorite IM program, such RPC capabilities should be an opt-in deal. Clients such as FTP and Telnet will still be available, but anything running as a server would be optional, and subject to a two-step authentication before allowing it to listen in on it's given port.
* The wide-spread use of P2P programs with embedded spyware/etc. The user infected by the use of such programs is at fault for this one.
* Unsecured wireless installation in homes. This is a growing concern as such connections are being used to launch DDoS attacks and serve as SPAM gateways, among other things.
(Note: Those using such connections to log on to
and finally...
* CraptiveX (or ActiveX[tm] for those M$ folks out there) - This so-called technology speaks for itself. Oh.. I'm sorry!! It's inherent lack of security is a FEATURE, not a bug.
In a recent interview, he says that he has not seen a single email virus for at least 3 years.....
PENAROL: Seras eterno como el tiempo y floreceras en cada primavera.
The people using that fear *are* the terrorists. The people who planebomb buildings are *saboteurs*, a specific (and often shortlived) kind of terrorist. Without the media fear, it's just sabotage. It becomes terrorism when the event is spread through the media - electronic, word of mouth, or otherwise. Terrorism is infowar, and "we" are our own worst enemy. The only remedy is knowledge - the antidote to any kind of fear, which is incubated in ignorance, and spawns anger and violence.
--
make install -not war
Of course, you'd wonder why people were using a convoluted irregular plural when the vast majority of words and nearly all new coinages in standard use use the regular plural form in English. But never mind.
If anything, I've been helping more and more people rid their computers of viruses/malware that two years ago.
I think you are absolutely right. The terrorists' most powerful weapon are the media. Possibly if the media were not telling us about those attacks, no one would be afraid of being blown up. But what solutions to this problem should there be? The media cannot just stop informing us. One might tend to say they should not report on terrorist attacks. But there would surely be some other way of keeping people afraid. And who would be to decide what to hush up? Government? No, this is a much too serious matter to be entrusted to a limited group of people!
I think the only solution is to make almost any information freely available. One would be less afraid of the Arab next door if one knew about his culture and just talked to him. IMHO educated people have far less problems when dealing with new situations, simply because they get used to the feeling of being confronted with something new. You often face something new when trying to understand things. Thus knowledge should be freely available and every human should be able to access it. Unfortunately this seems to be a utopian idea.
The only way to address bad info, whether lies or just bad news, is for more information. Context, corollaries, connections, discussion. The world is a complex place, where constructive growth vastly outweighs the bad actions and structures. Free expression is much more powerful than propaganda, especially when interactive and independent. So people can talk amongst ourselves about info we're getting. We've got a nascent P2P culture, on a P2P-oriented infrastructure. But it's up against the traditional media, which is highly centralized, with coroprate interests that conflict with both free expression and even stopping terrorism.
;). People always say "education" is the antidote to ignorance, fear and propaganda, but they're thinking of school buildings, state-sponsored/accredited teachers, more centralized official knowledge. The great strength of people is in our ability to communicate with each other, our desire for other people with whom to communicate. As we get past the huge edifice of traditional media institutions, into our global communictions mediasphere, we'll have the chance to leave terrorism as far in the past as maps with gaps labelled "here there be dragons".
:).
Any idea that requires perfection for execution is "utopian". But increased/improved communication is a practical reality that gains ground every day. Most Slashdotters are building the solution, both in our work, and the Slashdot discussions that work distracts us from
For a more specific set of insights, I recommend McLuhan's War and Peace in the Global Village. McLuhan pointed out that every new tech has brought a new kind of warfare, and identifies infowar as the spawn of mass media tech. Understanding the beast is the key to hunting it. Just be sure to eat everything you kill
--
make install -not war
They usualy have management jobs. Hey guess what, our Vice President just opened up an attachment in email and now our whole network is down while IT tries to remove the malware infections.
I still see infected malware emails, my AV program detects them.
Yet there exists a problem caused by a few factors:
#1 Managers are usually given Administrative access to their machines. This increases the risk for infection.
#2 AntiVirus software uses a subscription model. If Management is too cheap to renew licenses, they can end up without protection from new malware. Most managers are unaware that AV software actually scans for signatures and that the signatures of new malware are different from the old ones.
#3 Those without Administrator access, cannot properly update their AV software. Imagine a McAfee VirusScan software not being updated since 2003. You attempt to update it, but the system fails to install the new software because you do not have access to install. The path to the AV data files is marked as read only. Yet Malware can easily infect your machine. I've seen college labs full of workstations with older protection that is unable to be updated. I can only guess that corporations are full of machines like that as well.
#4 Some viruses like to set the clock to the year 2000, hoping to trigger Y2K issues. Most malware kills itself after a certain date in the future. If the year is always 2000, the malware will not kill itself.
#5 People still download software willy-nilly from the Internet from file sharing networks, web sites, and IRC channels without scanning them first and then they run them. People are still getting malware infections this way, more so than the email attachments. All malware did was evolve from the email attachments to infecting software for download on the Internet. For example, one malware for OSX was a Word 2004 installer program, which actually was not a Word 2004 installer but a program script designed to delete all files on the OSX hard drive. It seems the age of the cuckoo egg malware infections have replaced the age of the email attachment malware infections. A cuckoo egg being a file you think is one thing, but it actually turns out to be something else.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
- Network operators have blocked outbound port 25 for large chuncks of the net -- protecting the net from their infectable, directly networked machines.
- Mail admins have installed virus filters on most legitimate MTAs that touch the internet.
- End users have figured out that they really do need virus protection. Even if they "just" use their computer for browsing and email.
- Microsoft got lots of their users on Windowsupdate.
- Legislators have passed some laws. Eg, making it a felony to use zombies for sending spam. (The virus writters might be hard to catch, but the spammers that buy/rent zombies are much easier, and they are the source of the money.)
All of these help a little bit, and there's a network effect with some of them. For example, mail admins a year ago had trouble installing virus filters because there were so many viruses loading down their servers. Now with other mailservers dropping the viruses quicker, it's easier to add the filters. There's also a network effect for the virus/worm writers. If its harder for them to get new zombies (and many of the zombies can't be used for spam), there's less profit motive to write the viruses to get the zombies.It's always been my "utopian" dream that the internet will evolve into the answer that good men have been lacking through the ages. The minorities in power have always relied on misinformation, lack of information, and the physical suppression of ideas to retain their control. The distributed and instantaneous nature of the 'net make the suppression of information much more difficult. I want to believe that man has evolved to the extent that having access to accurate information and communication with other cultures will open our eyes to the REAL us/them problem. It relies on each of us accepting the responsibility to discover the truth as best we can and taking responsibility for not just our own actions but for the actions done in our names. Is a man innocent if he knows his government is acting wrongly and he does nothing? The difference between terrorists and freedom fighters is often defined by whoever is writing the headlines - or more accurately - whoever is paying for the headlines.
My great worry is that people CHOOSE to remain ignorant. It's easier and more comfortable to sit in front of the plasma tv and watch the game than to risk the powers that be's ire. After all - they said those guys are evil - so that MUST mean we're good - right? And if you say anything different? Well that must mean you're evil too. If you're not, I might have to pay attention to what you say. And I might have to DO something uncomfortable, maybe even dangerous, like stand up for the truth. Naw, I'd rather just watch a little tube and order out for pizza. Business as usual, just like the President said. I mean, that IS the American way, right?
billy - who loves his country and fears for its honor