Slashdot Mirror
January 2006 Virus and Spam Statistics
Ant writes "Commtouch reports the January 2006's virus and spam statistics. Its summary said there were four massive virus attacks (including a multi-wave attack of 7 variants) and the most aggressive attacks penetrated before the average antivirus (AV) solution could even release a signature. The data is based on information continuously gathered by the Commtouch Detection Center, which analyzed more than 2 billion messages from over 130 countries during the month of January 2006..."
Not very long ago, when the Kama Sutra (Nyxem.E, MyWife, whatever) worm was released to the world it seemed to take absolutely forever to find anyone with a solution for the removal or even the detection of the thing. I think it was almost a full week before the signatures were widely distributed. Even though this was a attack was very mild (as far as viruses are concerned), what would have been the outcome had this been "the Big One"?
Nam et ipsa scientia potestas est - Sir Francis Bacon
January was a horrible month for viruses. Take it from me: If you get an email from an Asian Bird, don't open it.
My Greatest Heist - Muisc partly inspired by the unbeatable Qwantz
Spammers have deduced that to avoid being blocked by the simplest mail server rules, they need to use a valid domain. However, if the domain that is used is unique and used only for spam, they would easily be blacklisted. The result - the use of popular domains that blacklists dare not touch. I would like to learn what the email domains listed in the article are doing to keep the number of spammers low. I mean if Google can churn out the world's best search engine, targeted ads, and other random applications of the week, then they surely have enough creative juices to flush out their own spam accounts.
I find that although many people are liberal in beliefs, they are conservative in actions.
That is some interesting research(only 5% of spam is porn?!), but where is spam headed long term? They have that little graph were you can see trends for 30 days, 100 days, or 12 months(though the 30 days and 12 months didn't work for me in Safari), but does anyone have reliable statistics that go back farther?
Is spam burning out, finding new markets, or are people just continuing to send spam even if they don't make a profit on it?
Monstar L
Heh... that's not what they meant by "Use the force."
As usual, I'm not taking ANYONE to the emergency room.
I didn't notice any on my powerbook. Oh wait never mind
What's coming down our road is a lot more 0day exploits. WMF was the tip of the iceberg.
What's also coming is "multi facetted attacks". I.e. spyware and adware that is being used not only to display pesky ads but also used as a foot in the door to install malware on your PC (i.e. malware that's MORE destructive than just popups).
What I foresee as well is that trojan writers will make more and more use of crippleware that's installed by third party software (for example, software that's supposed to ensure you don't break copyrights). Simply because this kind of software is more or less omnipresent (or will be soon), while not going through the rather strict screening process that normal OS modules go through. Yes, no matter what you think of MS, their soft is one of the best tested in the world (in the non-open source world at least, screening in OS outmatches it by magnitudes).
The goal for virus and trojan writers isn't anymore the spreading and the rather masturbatory enjoyment of knowing your virus spreads like crazy. Money's made its way into the trojan biz. And 3 goals are predominantly present:
1. Spambots
2. DDoS sheep
3. Phishing
While 1 and 2 have already had their heydays, phishing is strongly on the rise. I can say without breaking any NDA agreements that we are currently facing very well organized, very strongly pushing phishing attacks targeted at passwords for the "usual" targets (amazon, ebay, paypal), as well as a lot of national and international banks (online banking is something I would not really do right now on a Windows-based system...).
The organization behind it is stunning. Ways to launder the money that makes some old mafia tactics look bland. Update cycles and update services for those trojans that rival or outmatch large corporations.
Teach your peers. Tell them about it. Tell them to friggin' install that damn antivirus tool. And to upgrade their Windows. And most of all, to finally abandon that insecure webbrowsing pest that comes with every MS System!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
It does seem that some virus attacks are occurring too quickly for traditional AV approaches to provide adequate protection. Perhaps an approach suggested by Israeli researchers, Distributive immunization of networks against viruses using the 'honey-pot' architecture [warning: PDF], has virtue. The basic idea is to automate virus recognition and immediately push a "vaccine" to potentially vulnerable machines.
Nice free advertising on Slashdot. Any chance of equal exposure for some competing sources?
There is news from Commtouch how the attacks are just too much they searched a lot of mail containing pictures of an adult male and found out that there was no such
11. Thou shall obey Da mighty Swing
First of all, spamfilters, no matter how good they are, won't solve it. Who has filters? You, me, the rest of the "clued" people. But we wouldn't click on a spam ad anyway, would we?
The people who do click on one simply have no clue what's going on and thus have no spamfilter. So spamfilters are simply for our convenience of not having to deal with junk.
Laws won't make spam go away. Unless you have a globally universal and most of all equal law concerning spam, all it does is to go to another place. And since making spam legal equals tax income for a country, I'd give a the possibility of the RIAA realizing that copycrippling their music isn't the right way a higher chance of coming to reality.
So Spam is here, and it's here to stay. It will maybe become more sophisticated, and it will most certainly become used by people wanting to plant other malware onto your system (e.g. the combination of spamming a link and planting a bogus WMF onto the referred site).
But Spam won't stop.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Ironport makes a product called Virus Outbreak Filters to address this problem and quarantine potential virus mail. http://www.google.com/search?q=VOF+IronPort
I wonder just how many of these reported virusses are either:
1) Developed and released by anti-virus companies themelves to sell more product
2) Non-existent myhts propagated by anti-virus companies to sell more product
3) Other software intentionally miscategorised as virusses by antivirus comapnies to sell more product.
If this report proves anything, is that running antivirus software is not good protection. You have to educate users not to open suspicious attachments, not to run IE, and to keep their systems updated (every modern OS does this automatically! Windows also does this since SP2). A firewall and/or NAT router is always a good idea too.
I don't run antivirus (except the occasional ClamWin run if I downloaded something I don't trust completely), and I manage to keep my computer clean just by following the above rules. Antivirus won't protect you from ad/spyware anyway, and these things have become worse than viruses.
If the antivirus vendors can't keep up with new viruses, you might aswell stop paying for antivirus. After all, it won't protect you.
Why don't the lawyers provide indemnification against getting "computer viruses".?
Why don't they make an OS that is immune from getting viruses just by clicking on a hot link or opening an attachment?
http://fudwatcher.blogspot.com/
davecb5620@gmail.com
Spammers are spoofing the return address as being one of the valid domains (i.e. google.com, yahoo.com, msn.com...)
the email addresses probably do not exist, or maybe they do
another tactic i've noticed is putting your own email surname as the sender but from a different domain.
IMAGE VERIFICATION IS EVIL!
"Commtouch Detection Center, which analyzed more than 2 billion messages from over 130 countries during the month of January 2006..."
...
nuff said.
never ever heard of that "company"
Pretty graphics, lots of "ooooo" factor. I find that they tell me nothing. This is a trend in the "network security" field:
Tufte would be ashamed.
It's just not the perfect cure. When you install an antivirus suit and consider yourself completely safe, click on everything you can because "hey, I have antivirus, I'm safe", you're in a very dangerous misconception.
I mean, you do wear a condom when having intercourse, right? But still you don't do it with people of "questionable background", right? Why?
The best protection is still having an antivirus suit and behaving like you don't.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Anti-virus has become more or less snake oil in respect to their effectiveness. They are slow to respond to new threats and are too easily disabled by attacks. Knowledgeable users have no need for AV because they know how to avoid infections quite easily (I'm a Windows user who has never used AV in 15 years and I have never been infected). People who are not knowledgeable will get a false sense of security and feel that they do not need to bother with learning all the ins and outs of safety.
I remember doing some maintenance on a small network once, and discovered that a number of the machines were infected. The boss was surprised. "But they all had anti-virus software!" And what a jolly amount of good that has done...
Yes, there is certainly a limited benefit to AV, as I would imagine that knowledgeable users can sometimes make a mistake. But AV software causes so many problems of their own, from the slowdowns caused by on-the-fly scanning, to the system bogdown whenever it does its scheduled full system scan, to the various slew of compatbility and stability issues that it creates (*cough* Norton *cough*).
and DON'T FORGET the first (?!) real mac virus.
The iMacs are dropping like flies. Save the mac!
Will some please think of the MAC???
I wish that Slashdot editors would not post stories about press releases! Did someone get paid under the table?
It's very common that press releases contain entirely invented "information". Certainly the people who write them can be expected to have NO technical knowledge, and not to care that they have no technical knowledge.
--
If they enjoy it or it makes them money, rich people and leaders can kill small animals and Iraqis?
i do not like spammmm
inbox constantly filling
please die cocksuckers
That's a given. Unfortunately it's not reality. Look around you amongst your peers, subtract the ones that have a clue when it comes to computers, and then try to teach them.
You'll get an answer akin to this: "Lemme alone, I don't wanna learn that, I just wanna surf and enjoy it."
People don't want to learn. You don't want to be a mechanic to drive your car, all you want is to turn the key and kick the throttle. It's the same way with computers.
Yes, you might actually not need an antivirus tool. Not something I'd recommend, since there are so many other ways to get infected and bugged even if you're careful, but that's your decision.
There are on the other hand people who don't want to learn the ins and outs of computers. They just want to use them and play around. And for them, having one is better than not having one. Simply 'cause they will cause havoc regardless, but at least some of those ancient worms would stop knocking against my firewall.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Technically, this system is prone to abuse: Think censorship.
You label something spam. That's allright, I don't care about the size of my penis (or breasts, or left pinky or whatever), and I certainly don't care that Mr. Mumbutu's wife needs a secure way to transfer her money.
On the other hand, some governments would definitly enjoy not delivering messages that points out their flaws. Or some companies to have some of their more questionable practices revealed.
Who gets to define spam? Who gets to make the filter rules?
Me? You? (snicker) Google?
Also consider the legal implications. Yes, Spamorama's mails are what everyone on this planet considers spam. But Spamorama sues BigBoxMails because BBM filtered out their mail, calling it censorship, violation of first amendment, or whatever the clever lawyers of Spamorama pull out of their hats.
Tread lightly on this subject. I don't just want to get "governmental and corporal approved" mail.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
they never note specifics on which anti-virus performed how well, Their tests are based on the AVERAGE time to detect and the AVERAGE number of viruses missed. Not all anti-viruses are created equal, and some are distinctly less equal than others. Symantec and McAfee in particular have abysmal response time in updating their definitions. Granted since they're much bigger than their competitors, and with size comes sluggishness, but I've personally submitted samples to them and had to wait weeks before the definitions were added. That kind of delay is inexcuseable (if it takes that long to review samples, hire more people!)
Also, when you take into account that McAfee detects fully half the files with any sort of file packer used (thats what they call 'heuristics', they've detected Hijackthis as a virus during 4 separate updates), you have to wonder how they can miss actual viruses with such a "shoot first and fix false positives later" mentality.
as a positive counter-example, NOD32 and Kaspersky generally detect a new threat within an hour after they first see it, if their heuristics dont already pick it up.
When it says that its the average of 21 major anti-virus vendors, I question whether the statistic is meaningful with so broad a spectrum of response times
To err is human, to really foul up requires a computer
...will at least make sure that no program gets executed without the expressed consent by the user (i.e. no automatic execution of possibly malicious code). Furthermore, it will inform its user who just clicked on an attachment, that said attachment is exectuable code.
If the user is dumb enough to STILL execute it, well, then he's the only one to blame. The biggest security problem of a system is still sitting in front of it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
3/4s or so of most tech related articles can be traced back to a rewritten press release. Go to any of the big science or IT websites and look, you'll see it. Even the mainstream pay per view places are just running press release type stories, based on the summaries, then make you pay to read the academic paper. I think it's better to just post the release and be done with it, let people know that's what it is. And I think we need to end pay per view on academic articles if there's so much as a penny of governmental grant money involved in it. Same with letting them take tax payer money and get a patent on stuff they research, that should be ended as well, make the results be free and available to anyone to use to develop useful products.
Mod the parent insightful. You gayphres keep modding him as troll, but he is NOT a troll. This comment is TOTALLY relevant and pertinent to the thread.
Eat my balls. GOOD DAY, SIR!
I wish, after all of this hyping, that we'd get a bug as well written as some of these (you know, that gets into everything and around all defenses) but gets old-school on its victims. None of this pussyfooting around, I mean like copy itself, mailing itself to all of your contacts, and delete everyone's hard drives. Or filling it with beastiality pron. Nasty stuff.
Show these kids what a real virus is about. Put that hype to good use. And make everyone stop acting like EVERY LITTLE BUG IS A RIDER OF THE APOCALYPSE. Because most of these, like even the Sober worm, aren't really that harmful. Most malware writers are really only out for money, not general misanthropia. I just want ONE killer bug to put all of this in perspective. And maybe get people to switch to a modern OS like Linus, BSD, or OS X.
Because no, not even Norton can save you.
The 'Net is a waste of time, and that's exactly what's right about it. - William Gibson
The only antivirus slution.
That is all.
kk thx
Antivirus isn't great, as it comes with a bunch of issues, such as resource implications, acting as a threat vector itself, and generally being a case of shutting the stable door after the horse has bolted (zero-day exploits).
So add-on antivirus software isn't exactly *useful*, and isn't anything like running a sane operating system with pragmatically chosen security settings - which wouldn't include, by and large, anti-virus or anti-spyware scanning type software.
Did anyone else find it interesting that they are hosting this on a Win2k iis server?
Funny choice given the stats...
A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
Wow, that's brilliant. AV is useless, but you think you need it? How did that ever get modded to +5 Insightful?
Getting past your idiotic/inconsistant statements, raincoats are useless if you stay indoors, condoms are useless if you don't have sex, and AV software is useless if you don't interact with the real world (and don't have kids).