Slashdot Mirror

← Back to Stories (view on slashdot.org)

Has Mass-Mailed Malware Peaked?

Posted by CmdrTaco on from the still-a-huge-percentage-of-my-inbox dept.

Ant writes "Broadband Reports posted a CRN article about researcher saying mass-mailed worms have reached their peak. Six years ago, on March 26, 1999, Melissa, the first virus that spread by mailing copies of itself to e-mail addresses it found on infected machines, swept the Internet. Today, the researcher who led authorities to the hacker who wrote Melissa, says that mass-mailed worms have reached their peak."

15 of 221 comments (clear)

  1. Ok... by MankyD · · Score: 4, Insightful

    What have we accomplished by making this statement? If nothing else, doesn't this just tempt virii/malware writers into trying harder?

    --
    -dave
    http://millionnumbers.com/ - own the number of your dreams
  2. I believe it. by BaldGhoti · · Score: 4, Interesting

    I believe it. Over the last three years I've seen mail-based virus infections disappear. I don't think I've seen a mail-based virus infection in the last year at all.

    --
    [insert witty sig here]
  3. Peaked... by fidget42 · · Score: 5, Funny

    or just reached a saturation point? I suppose that "peaked" sounds better.

    --
    The dogcow says "Moof!"
  4. New Virus by Anonymous Coward · · Score: 5, Funny
    Smith pleaded guilty to creating Melissa -- which was named after a topless dancer he knew from Florida -- in 1999, and in 2002 was sentenced to serve 20 months in federal prison.
    I hear that now he is working on a new virus in prison called Bubba that will exploit a backdoor.
  5. anti-virus protection by Darkon · · Score: 4, Insightful



    Could it be that more users are employing protection against these worms now? Thanks to ClamAV I never see any in my inbox now, but my log messages would suggest there are still plenty of clueless people out there propagating them.

  6. Peak Of Email, perhaps by Anonymous Coward · · Score: 4, Insightful

    I think that perhaps they might have reached their peak for propigating via email. IMs, P2P, IRC... pleanty of other mediums to play in.

  7. So the whole premise is... by NitroWolf · · Score: 4, Insightful

    So the whole premise here is that mass mail viruses are peaked because they are slowly being devoured by the phishes... err phishers.

    While I suppose that's true to an extent, we are still a long way from providing an environment where the From header can not be (easily) spoofed. The article makes it sound like we are going to throw a switch any day now and all will be right in the world of SMTP.

    In short, I wouldn't say we've reached a peak necessarily, but perhaps more of a plateau. But even then, I think that might be wishful thinking.

    1. Re:So the whole premise is... by NitroWolf · · Score: 4, Insightful

      Now, you can argue that we're still a long way from getting people from using methods to ensure email sources are valid, but techincally we can do it today with existing infastructure.

      I never said the technology wasn't there. I said: "we are still a long way from providing an environment where the From header can not be (easily) spoofed."

      The net is built on the foundation of open SMTP. Switching that entire foundation over to something else is a long, LONG way off. GPG signatures are probably the last thing on the list of viable alternatives. It may be the best, but it's still the last thing. It has to be implemented at the server level with exactly ZERO user intervention, otherwise it won't get done. GPG signatures are great for the geek, but they are totally useless to the population at large.

      They won't implement them, and even if they do, they will click "Ok" on insecure documents anyway.

      With your example, it would be very, very easy to send mail as you. So the signature check fails, so what? It just takes a 5 second look at a website where the HTTPS certificate fails and people click "So what, give me the content anyway." If you believe that won't happen with email, you are terribly mistaken.

      So no, GPG signatures are not even remotely a possible solution to the problem.

  8. Fear Is the Mind Killer by Doc+Ruby · · Score: 5, Insightful

    They don't need any more encouragement. That's not the limiting factor on their productivity. While I don't believe this article, which is entirely based on the idea that worms will decline now that the spoofing upon which they depend is addressed by some new tech for sender authentication, I also know we can't live in fear. The other way to react, in that fear cage, is to be afraid to say that worms are increasing, because that will make them more attractive: be on the side that's winning. No, you can't get paralyzed by fear of the truth - the truth is essential in addressing the problem, and anyone interested must freely discuss it, if we're to use our superiority in numbers to win.

    This attitude goes to the heart of today's problems. Fear of terrorists, fear of criminals, fear of government, fear of people different from us, fear of big changes in the world economy, energy, politics. All of them have people who say we should just keep quiet, lest we make it worse by making it more "popular". We must talk about the realities, so we can confront them, resolve them. Otherwise, the fear has won, and we are defeated.

    --

    --
    make install -not war

  9. MTTI: Mean Time To Infection by G4from128k · · Score: 4, Insightful

    Changes in the gross volumes of malware mail are irrelevant. As long as the mean time to infection (receipt of the latest malware) is on the order of or less than the mean time to patching, computers will have problems. Only when patching is much faster than malware spreading rates can we claim even partial victory.

    The other issue is the damage done by the malware. One especially dangerous piece of malware, mailed once to all susceptible machines, will be far more serious than more innocuous malware mailed thousands of times.

    Besides, I suspect that malware creators have turned their attentions to more nefarious activities such as phishing. Owning someone's bank account is more valuable than owning their PC or corrupting their harddrive.

    --
    Two wrongs don't make a right, but three lefts do.
  10. Analogs to HIV? by antifoidulus · · Score: 4, Insightful

    Probably the #1 reason that these viruses have peaked is because people protect themselves better. If they use windows they (usually, yes there will always be idiots) know not to click on random attachments, have filters, and regularly run a virus/spyware checker. Why? Probably because they got burned before or know someone who got burned.
    Kind of reminds me of how in the late 90's people thought HIV was declining in the US because the rate of new infections was dropping. But then people got complacent and started doing stupid shit again and now the virus is making a comeback in the US as the rate of new infections is increasing once again.
    Lesson learned: Somoeone is always trying to fuck you, so be vigilant with your protection.

    --
    Monstar L
  11. Just not the same thing. by AaronH · · Score: 5, Interesting

    The problem with statements like these is that they take the name, worms, too literal. A computer virus or worm, although they behave very much like the real organisms, cannot be eradicated like a real virus or worm. To the casual reader you would think the email worms and viruses have been wiped out of existence like polio and small pox. It just isn't the same. Our immune system has a memory and protects itself. For some reason, programmers don't seem to have a memory. How else can you explain buffer overflows still being the number one cause of exploited systems? We all know it, but we just don't do anything about it.

    What is funny though is that if we put as much proactive effort and money into combating preventing electronic viruses and worms as we did with polio and small pox, we could probably truly eliminate these things. What people don't appreciate about the diseases that we have 'wiped out' is that there are teams of very dedicated people (like the CDC) that respond to every reported outbreak of one of these diseases. If we tracked down every computer worm and virus the way we handle Ebola, I think this would all come to an abrupt end.

    But that would but too many antivirus firms and the like out of business. And we can't have that...

  12. The base problem... by gmuslera · · Score: 4, Insightful
    ... is still not solved, i.e. how trivial is for unaware users to launch a mail attachment, or how integrated is the html engine in the mail renderer that enables automatic or so launching of attachments. Ok, the main culprits here are Microsoft, and in particular Internet Explorer and Outlook, mail based worms are hard to be found for other plataforms or even mail clients, but the end users play an important role too.

    To be honest, i dont receive in my gmail account mail worms, but that is because gmail executable attachment filtering. But in a server i administer there are a constant flow of mail worms (that dont impact end users thank to anomy sanitizer and ClamAV) but the biggest part of them are not for especific individuals but for randomgeneratedname@mydomain.com, almost none hits a real account. Not sure what or how many worms of this kind are, but a few infected people generates a lot of mail traffic this way.

    1. Re:The base problem... by dmaxwell · · Score: 4, Interesting

      Well over 90% of what a ClamAV filter I administer catches is variants of HTML.Phishing.Bank. This seems to agree with the other posters who say that attention has shifted from 0wning machines to 0wning bank accounts. Netsky consistently comes in a poor second.

  13. Infowar by Doc+Ruby · · Score: 5, Insightful

    The people using that fear *are* the terrorists. The people who planebomb buildings are *saboteurs*, a specific (and often shortlived) kind of terrorist. Without the media fear, it's just sabotage. It becomes terrorism when the event is spread through the media - electronic, word of mouth, or otherwise. Terrorism is infowar, and "we" are our own worst enemy. The only remedy is knowledge - the antidote to any kind of fear, which is incubated in ignorance, and spawns anger and violence.

    --

    --
    make install -not war