Slashdot Mirror

← Back to Stories (view on slashdot.org)

January 2006 Virus and Spam Statistics

Posted by ryuzaki0 on from the numbers-are-neato dept.

Ant writes "Commtouch reports the January 2006's virus and spam statistics. Its summary said there were four massive virus attacks (including a multi-wave attack of 7 variants) and the most aggressive attacks penetrated before the average antivirus (AV) solution could even release a signature. The data is based on information continuously gathered by the Commtouch Detection Center, which analyzed more than 2 billion messages from over 130 countries during the month of January 2006..."

7 of 115 comments (clear)

  1. Re:Problematic Signature Release Issue by GotenXiao · · Score: 2, Informative

    I take it you haven't heard of AVG. They already detected it (without releasing a new signature) on Janurary 16th. How? Simple. Heuristics. Oh, and they do a free version.

    http://www.grisoft.com/

    --
    Goten Xiao
  2. Re:Problematic Signature Release Issue by Bloater · · Score: 2, Informative
    Not very long ago, when the Kama Sutra (Nyxem.E, MyWife, whatever) worm was released to the world it seemed to take absolutely forever to find anyone with a solution for the removal or even the detection of the thing.


    The virus is reported to have first emerged on the 16th January 2006. Sophos says they provided protection from 16:03:20 GMT on that day. So while it may have taken ages for you to find an anti-virus vender with detection or removal, there *were* solutions on the same day. Trend Micro also says their pattern file was release on the 16th, and they give the time when the description on their website was written as 14:23:21 GMT, but they don't say what time their pattern file was released. Mcafee even claims that they detected the virus from 2nd December 2005 - presumably since this was a variation of an existing worm that their existing detection happened to also detect. I don't know how many of the other AV vendors *also* detected it due to happenstance before it even existed.

    There was also detection officially available from some other AV vendors on the 17th:
  3. Re:Email Spoofing by URSpider · · Score: 2, Informative

    Spammers are spoofing the return address as being one of the valid domains (i.e. google.com, yahoo.com, msn.com...)

    Nope. Not a single credible anti-spam solution out there today pays any attention to the return address on the e-mail (unless it's explicitly in your whitelist). The filtering is done based on the actual origin of the message, or failing that, the first trusted server that handled the message.

    The authors of the FA are saying that spam is ACTUALLY coming from gmail.com, which means it is probably being sent by legit gmail.com users (gmail requires a secure login to use their mail gateway).

    It would work like this ... get a gmail account, write a bot to send e-mail to other zombie gmail accounts for a while, wait until you have 100 invites to hand out, sign up for some more accounts, then spam like mad until gmail shuts you down.

    It would be really, really hard for Google to come up with a solution to prevent spammers from getting out one good bulk mailing before Gmail shuts them down.

  4. Oh yes it is! by code65536 · · Score: 2, Informative

    Anti-virus has become more or less snake oil in respect to their effectiveness. They are slow to respond to new threats and are too easily disabled by attacks. Knowledgeable users have no need for AV because they know how to avoid infections quite easily (I'm a Windows user who has never used AV in 15 years and I have never been infected). People who are not knowledgeable will get a false sense of security and feel that they do not need to bother with learning all the ins and outs of safety.

    I remember doing some maintenance on a small network once, and discovered that a number of the machines were infected. The boss was surprised. "But they all had anti-virus software!" And what a jolly amount of good that has done...

    Yes, there is certainly a limited benefit to AV, as I would imagine that knowledgeable users can sometimes make a mistake. But AV software causes so many problems of their own, from the slowdowns caused by on-the-fly scanning, to the system bogdown whenever it does its scheduled full system scan, to the various slew of compatbility and stability issues that it creates (*cough* Norton *cough*).

  5. Re:Problematic Signature Release Issue by arivanov · · Score: 3, Informative

    There was a brilliant signature for SpamAssassin to detect dodgy MSFT executables in 2.6x. The mainstream 3.x has removed it but it is still available out there in the bogus virus warning list towards the end of it (http://www.timj.co.uk/linux/bogus-virus-warnings. cf). Beware the owner of the page allows only one GET per IP address per day. You have one chance to download the ruleset. Combined with greylisting on the external gateway this has caught every single virus outbreak out there for the last 3 months. Not a single virus ladden email has gotten past the combination of this.

    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/
  6. Re:indemnification against viruses by v1 · · Score: 2, Informative

    Lets see, this'll get me modded +5 Troll (truthful)

    Why don't they make an OS that is immune from getting viruses just by clicking on a hot link or opening an attachment?

    Because software companies (most notably MS) prefer to sacrifice security to provide increased "ease of use". Or, "it's not a bug, it's a feature". Features sell. Bugs... well they do affect sales, but not to anywhere the same magnitude as new features. Company P.R. can spin the new features as wonderful and huge, and play down or totally ignore the problems.

    So if a new feature introduces a security risk, and it's not currently en vogue to exploit that particular feature, they include it. Then next year after that feature has gotten hundreds of thousands of their customer's boxes owned, they sell you another feature of a "more secure" xyz. See, they sell it to you broken, then they sell you the fix for it. And they call this "a good business model". The phishers make money, the software vendors make money, and you my friend, are the one that pays them, both.

    There ought to be a law that makes it illegal for a company to make a "feature" in computer software that automatically executes a program that was not "reasonably verified" to be executing with the knowledge and consent of the owner. In a nutshell, if someone sends you something through a public medium, and it contains instructions that can tell your computer to do something without your permission, it should never be allowed to execute.

    --
    I work for the Department of Redundancy Department.
  7. Antivirus isn't great, or even very useful by squidsuk · · Score: 2, Informative

    Antivirus isn't great, as it comes with a bunch of issues, such as resource implications, acting as a threat vector itself, and generally being a case of shutting the stable door after the horse has bolted (zero-day exploits).

    So add-on antivirus software isn't exactly *useful*, and isn't anything like running a sane operating system with pragmatically chosen security settings - which wouldn't include, by and large, anti-virus or anti-spyware scanning type software.