Slashdot Mirror

← Back to Stories (view on slashdot.org)

Has Mass-Mailed Malware Peaked?

Posted by CmdrTaco on from the still-a-huge-percentage-of-my-inbox dept.

Ant writes "Broadband Reports posted a CRN article about researcher saying mass-mailed worms have reached their peak. Six years ago, on March 26, 1999, Melissa, the first virus that spread by mailing copies of itself to e-mail addresses it found on infected machines, swept the Internet. Today, the researcher who led authorities to the hacker who wrote Melissa, says that mass-mailed worms have reached their peak."

30 of 221 comments (clear)

  1. Ok... by MankyD · · Score: 4, Insightful

    What have we accomplished by making this statement? If nothing else, doesn't this just tempt virii/malware writers into trying harder?

    --
    -dave
    http://millionnumbers.com/ - own the number of your dreams
    1. Re:Ok... by Spodlink05 · · Score: 3, Insightful

      What have we accomplished by making this statement?

      It's called disseminating information.

      If nothing else, doesn't this just tempt virii/malware writers into trying harder?

      So we should hide this information? I thought that security by obscurity was A Bad Thing(TM).

    2. Re:Ok... by badriram · · Score: 3, Insightful

      I think it just means that after 6 years, every major program blocks most executable attachments.(Outlook, OE, Thunderbird etc.)

      So there is not going to be a major outbreak of mass mailing worms, unless people start finding flaws in html rendering engines to execute code...But that is what auto updates is for.

    3. Re:Ok... by missing000 · · Score: 3, Insightful

      Isn't there a flaw in that reasoning? If I was writing such a worm and took this seriously, I'd just target the auto-update mechanism.

      Sure, it's tough, but there are always holes. That's the reason for auto update, but it's also a vulnerability. If you can find out how to forge updates, you have a delivery mechanism that would be much more effective than email.

    4. Re:Ok... by cgenman · · Score: 3, Interesting

      I had thought they were just too busy switching over to the far more profitable phishing schemes to write more viruses. I'm getting about 4 phishers a day here, compared to zero e-mail viruses.

      --
      The ______ Agenda
  2. I believe it. by BaldGhoti · · Score: 4, Interesting

    I believe it. Over the last three years I've seen mail-based virus infections disappear. I don't think I've seen a mail-based virus infection in the last year at all.

    --
    [insert witty sig here]
  3. Peaked... by fidget42 · · Score: 5, Funny

    or just reached a saturation point? I suppose that "peaked" sounds better.

    --
    The dogcow says "Moof!"
  4. New Virus by Anonymous Coward · · Score: 5, Funny
    Smith pleaded guilty to creating Melissa -- which was named after a topless dancer he knew from Florida -- in 1999, and in 2002 was sentenced to serve 20 months in federal prison.
    I hear that now he is working on a new virus in prison called Bubba that will exploit a backdoor.
  5. Yeah, it peaked ... by jrl87 · · Score: 3, Funny

    just like my stock prices did ... then of course they fell. So, cutting my losses, I sold them. An what do you know, it turns out that they are even higher now.

  6. anti-virus protection by Darkon · · Score: 4, Insightful



    Could it be that more users are employing protection against these worms now? Thanks to ClamAV I never see any in my inbox now, but my log messages would suggest there are still plenty of clueless people out there propagating them.

    1. Re:anti-virus protection by bcwright · · Score: 3, Interesting

      I'm sure that's part of it - however it's not simply that end-users are employing more protection. Many companies and ISP's are putting antivirus scanners on their mail servers, which provides a basic level of protection for all of the users of their mail service. So even many of the clueless are getting antivirus scanning without even knowing about it.

      I have in fact seen a few viruses get past our ISP's filters only to get caught by the antivirus scanner on the PC - most likely because the ISP only scans the mail when it arrives (and may not yet be looking for that virus signature yet) but the PC only scans it when it's downloaded from the server, which might be some time later and after the virus definitions have been updated on the PC.

      So I'm sure there will continue to be some virus circulation - it's like Krupp and the armor plating: make better armor that the existing shells can't penetrate, so then you can sell all the navies of the world better shells, which requires better armor, and so forth. It's a never-ending battle.

  7. Peak Of Email, perhaps by Anonymous Coward · · Score: 4, Insightful

    I think that perhaps they might have reached their peak for propigating via email. IMs, P2P, IRC... pleanty of other mediums to play in.

  8. So the whole premise is... by NitroWolf · · Score: 4, Insightful

    So the whole premise here is that mass mail viruses are peaked because they are slowly being devoured by the phishes... err phishers.

    While I suppose that's true to an extent, we are still a long way from providing an environment where the From header can not be (easily) spoofed. The article makes it sound like we are going to throw a switch any day now and all will be right in the world of SMTP.

    In short, I wouldn't say we've reached a peak necessarily, but perhaps more of a plateau. But even then, I think that might be wishful thinking.

    1. Re:So the whole premise is... by NitroWolf · · Score: 4, Insightful

      Now, you can argue that we're still a long way from getting people from using methods to ensure email sources are valid, but techincally we can do it today with existing infastructure.

      I never said the technology wasn't there. I said: "we are still a long way from providing an environment where the From header can not be (easily) spoofed."

      The net is built on the foundation of open SMTP. Switching that entire foundation over to something else is a long, LONG way off. GPG signatures are probably the last thing on the list of viable alternatives. It may be the best, but it's still the last thing. It has to be implemented at the server level with exactly ZERO user intervention, otherwise it won't get done. GPG signatures are great for the geek, but they are totally useless to the population at large.

      They won't implement them, and even if they do, they will click "Ok" on insecure documents anyway.

      With your example, it would be very, very easy to send mail as you. So the signature check fails, so what? It just takes a 5 second look at a website where the HTTPS certificate fails and people click "So what, give me the content anyway." If you believe that won't happen with email, you are terribly mistaken.

      So no, GPG signatures are not even remotely a possible solution to the problem.

  9. Peaked on the windows platform by Anonymous Coward · · Score: 3, Funny

    New versions of windows could change this. Vast untapped markets remain for Mac and Linux.

  10. Fear Is the Mind Killer by Doc+Ruby · · Score: 5, Insightful

    They don't need any more encouragement. That's not the limiting factor on their productivity. While I don't believe this article, which is entirely based on the idea that worms will decline now that the spoofing upon which they depend is addressed by some new tech for sender authentication, I also know we can't live in fear. The other way to react, in that fear cage, is to be afraid to say that worms are increasing, because that will make them more attractive: be on the side that's winning. No, you can't get paralyzed by fear of the truth - the truth is essential in addressing the problem, and anyone interested must freely discuss it, if we're to use our superiority in numbers to win.

    This attitude goes to the heart of today's problems. Fear of terrorists, fear of criminals, fear of government, fear of people different from us, fear of big changes in the world economy, energy, politics. All of them have people who say we should just keep quiet, lest we make it worse by making it more "popular". We must talk about the realities, so we can confront them, resolve them. Otherwise, the fear has won, and we are defeated.

    --

    --
    make install -not war

    1. Re:Fear Is the Mind Killer by value_added · · Score: 3, Funny
      [The heart of today's problems. Fear of terrorists, fear of criminals, fear of government, fear of people different from us, fear of big changes in the world economy, energy, politics.

      So then, choose not to be afraid. Choose something else.

      Choose life. Choose a job. Choose a career. Choose a family. Choose a fucking big television. Choose washing machines, cars, compact disc players and electrical tin openers. Choose good health, low cholesterol and dental insurance. Choose fixed interest mortgage repayments. Choose a starter home. Choose your friends. Choose leisurewear and matching luggage. Choose a three-piece suite on hire purchase in a range of fucking fabrics. Choose DIY and wondering who the fuck you are on a Sunday morning. Choose sitting on that couch watching mind-numbing, spirit-crushing game shows, stuffing fucking junk food into your mouth. Choose rotting away at the end of it all, pishing your last in a miserable home, nothing more than an embarrassment to the selfish, fucked up brats you spawned to replace you. Choose your future. Choose life.

      Alternatively, ... choose this.

    2. Re:Fear Is the Mind Killer by nchip · · Score: 3, Interesting

      Don't count on that being the reason.

      We have seen viruses where user needs to jump through many hoops:

      1. open the .zip attachment
      2. enter the password for the zip (following the instruction in the email, embedded as .gif semicatchpa to prevent the virus scanners from using the the password to open the zip.
      3. saving .exe in zipfile
      4. running the .exe

      I thought the file was safe since it was password protected

      Tell me, how is this different from a virus telling user to save an ELF attachment, chmod a+x it and run it?

      Viruses rarely anymore exploit software flaws - they exploit the weakest link: user, via automated social engineering.

      Apart from disabling users ability to execute arbitary binaries and perl/python/shell scripts, there only alternative I see is chopping a finger from the infected user everytime they get themself a virus.

      Unfortunatly the first one creates practical problems and the second one legal.

      --
      signatures pending - ansa@kos.to - (dont mail there)
  11. MTTI: Mean Time To Infection by G4from128k · · Score: 4, Insightful

    Changes in the gross volumes of malware mail are irrelevant. As long as the mean time to infection (receipt of the latest malware) is on the order of or less than the mean time to patching, computers will have problems. Only when patching is much faster than malware spreading rates can we claim even partial victory.

    The other issue is the damage done by the malware. One especially dangerous piece of malware, mailed once to all susceptible machines, will be far more serious than more innocuous malware mailed thousands of times.

    Besides, I suspect that malware creators have turned their attentions to more nefarious activities such as phishing. Owning someone's bank account is more valuable than owning their PC or corrupting their harddrive.

    --
    Two wrongs don't make a right, but three lefts do.
  12. Analogs to HIV? by antifoidulus · · Score: 4, Insightful

    Probably the #1 reason that these viruses have peaked is because people protect themselves better. If they use windows they (usually, yes there will always be idiots) know not to click on random attachments, have filters, and regularly run a virus/spyware checker. Why? Probably because they got burned before or know someone who got burned.
    Kind of reminds me of how in the late 90's people thought HIV was declining in the US because the rate of new infections was dropping. But then people got complacent and started doing stupid shit again and now the virus is making a comeback in the US as the rate of new infections is increasing once again.
    Lesson learned: Somoeone is always trying to fuck you, so be vigilant with your protection.

    --
    Monstar L
  13. Just not the same thing. by AaronH · · Score: 5, Interesting

    The problem with statements like these is that they take the name, worms, too literal. A computer virus or worm, although they behave very much like the real organisms, cannot be eradicated like a real virus or worm. To the casual reader you would think the email worms and viruses have been wiped out of existence like polio and small pox. It just isn't the same. Our immune system has a memory and protects itself. For some reason, programmers don't seem to have a memory. How else can you explain buffer overflows still being the number one cause of exploited systems? We all know it, but we just don't do anything about it.

    What is funny though is that if we put as much proactive effort and money into combating preventing electronic viruses and worms as we did with polio and small pox, we could probably truly eliminate these things. What people don't appreciate about the diseases that we have 'wiped out' is that there are teams of very dedicated people (like the CDC) that respond to every reported outbreak of one of these diseases. If we tracked down every computer worm and virus the way we handle Ebola, I think this would all come to an abrupt end.

    But that would but too many antivirus firms and the like out of business. And we can't have that...

  14. don't celebrate yet by khallow · · Score: 3, Interesting

    As I recall, there was some sort of weird competition going on last year. So was there a "peak" or just an unusually high level of virus creation efforts that could repeat itself in the not so distant future?

  15. Peaked LAST YEAR by hugesmile · · Score: 3, Informative
    From the sensationalized Slashdot blurb: Today, the researcher who led authorities to the hacker who wrote Melissa, says that mass-mailed worms have reached their peak."

    From TFA: "The good news now," he said, "is that what Melissa ushered in is finally waning. Mass-mailed worms and viruses reached their peak last year."

    I think the blurb is a little misleading. The blurb should have said that the peak was last year and we are on the decline.

  16. The base problem... by gmuslera · · Score: 4, Insightful
    ... is still not solved, i.e. how trivial is for unaware users to launch a mail attachment, or how integrated is the html engine in the mail renderer that enables automatic or so launching of attachments. Ok, the main culprits here are Microsoft, and in particular Internet Explorer and Outlook, mail based worms are hard to be found for other plataforms or even mail clients, but the end users play an important role too.

    To be honest, i dont receive in my gmail account mail worms, but that is because gmail executable attachment filtering. But in a server i administer there are a constant flow of mail worms (that dont impact end users thank to anomy sanitizer and ClamAV) but the biggest part of them are not for especific individuals but for randomgeneratedname@mydomain.com, almost none hits a real account. Not sure what or how many worms of this kind are, but a few infected people generates a lot of mail traffic this way.

    1. Re:The base problem... by dmaxwell · · Score: 4, Interesting

      Well over 90% of what a ClamAV filter I administer catches is variants of HTML.Phishing.Bank. This seems to agree with the other posters who say that attention has shifted from 0wning machines to 0wning bank accounts. Netsky consistently comes in a poor second.

  17. Yes but, by Tribbin · · Score: 3, Informative

    On a graph that is increasingly climbing, today is always the peak.

    --
    If you mod this up, your slashdot background will turn into a beautiful sunset!
  18. If the shoe fits... by AtariAmarok · · Score: 3, Funny
    "Holy crap, a Dune reference mistaken for a Harry Potter one? Turn in your geek card, pronto. What's the world coming to?"

    Due to the distinct lack of thinking machines and robots at Hogwarts School, there might be something to claims of a Dune/Potter connection. Surely the blast-ended skrewt must be related to the Sandworm.

    --
    Don't blame Durga. I voted for Centauri.
  19. Infowar by Doc+Ruby · · Score: 5, Insightful

    The people using that fear *are* the terrorists. The people who planebomb buildings are *saboteurs*, a specific (and often shortlived) kind of terrorist. Without the media fear, it's just sabotage. It becomes terrorism when the event is spread through the media - electronic, word of mouth, or otherwise. Terrorism is infowar, and "we" are our own worst enemy. The only remedy is knowledge - the antidote to any kind of fear, which is incubated in ignorance, and spawns anger and violence.

    --

    --
    make install -not war

  20. Lots of things help. by davburns · · Score: 3, Informative
    It's more than not running executables from email (Although that certainly helps!) In the last year or so:
    • Network operators have blocked outbound port 25 for large chuncks of the net -- protecting the net from their infectable, directly networked machines.
    • Mail admins have installed virus filters on most legitimate MTAs that touch the internet.
    • End users have figured out that they really do need virus protection. Even if they "just" use their computer for browsing and email.
    • Microsoft got lots of their users on Windowsupdate.
    • Legislators have passed some laws. Eg, making it a felony to use zombies for sending spam. (The virus writters might be hard to catch, but the spammers that buy/rent zombies are much easier, and they are the source of the money.)
    All of these help a little bit, and there's a network effect with some of them. For example, mail admins a year ago had trouble installing virus filters because there were so many viruses loading down their servers. Now with other mailservers dropping the viruses quicker, it's easier to add the filters. There's also a network effect for the virus/worm writers. If its harder for them to get new zombies (and many of the zombies can't be used for spam), there's less profit motive to write the viruses to get the zombies.
  21. Re: Infowar (but how to stop it?) by ramblin+billy · · Score: 3, Insightful


    It's always been my "utopian" dream that the internet will evolve into the answer that good men have been lacking through the ages. The minorities in power have always relied on misinformation, lack of information, and the physical suppression of ideas to retain their control. The distributed and instantaneous nature of the 'net make the suppression of information much more difficult. I want to believe that man has evolved to the extent that having access to accurate information and communication with other cultures will open our eyes to the REAL us/them problem. It relies on each of us accepting the responsibility to discover the truth as best we can and taking responsibility for not just our own actions but for the actions done in our names. Is a man innocent if he knows his government is acting wrongly and he does nothing? The difference between terrorists and freedom fighters is often defined by whoever is writing the headlines - or more accurately - whoever is paying for the headlines.

    My great worry is that people CHOOSE to remain ignorant. It's easier and more comfortable to sit in front of the plasma tv and watch the game than to risk the powers that be's ire. After all - they said those guys are evil - so that MUST mean we're good - right? And if you say anything different? Well that must mean you're evil too. If you're not, I might have to pay attention to what you say. And I might have to DO something uncomfortable, maybe even dangerous, like stand up for the truth. Naw, I'd rather just watch a little tube and order out for pizza. Business as usual, just like the President said. I mean, that IS the American way, right?

    billy - who loves his country and fears for its honor