Slashdot Mirror
January 2006 Virus and Spam Statistics
Ant writes "Commtouch reports the January 2006's virus and spam statistics. Its summary said there were four massive virus attacks (including a multi-wave attack of 7 variants) and the most aggressive attacks penetrated before the average antivirus (AV) solution could even release a signature. The data is based on information continuously gathered by the Commtouch Detection Center, which analyzed more than 2 billion messages from over 130 countries during the month of January 2006..."
Not very long ago, when the Kama Sutra (Nyxem.E, MyWife, whatever) worm was released to the world it seemed to take absolutely forever to find anyone with a solution for the removal or even the detection of the thing. I think it was almost a full week before the signatures were widely distributed. Even though this was a attack was very mild (as far as viruses are concerned), what would have been the outcome had this been "the Big One"?
Nam et ipsa scientia potestas est - Sir Francis Bacon
January was a horrible month for viruses. Take it from me: If you get an email from an Asian Bird, don't open it.
My Greatest Heist - Muisc partly inspired by the unbeatable Qwantz
Spammers have deduced that to avoid being blocked by the simplest mail server rules, they need to use a valid domain. However, if the domain that is used is unique and used only for spam, they would easily be blacklisted. The result - the use of popular domains that blacklists dare not touch. I would like to learn what the email domains listed in the article are doing to keep the number of spammers low. I mean if Google can churn out the world's best search engine, targeted ads, and other random applications of the week, then they surely have enough creative juices to flush out their own spam accounts.
I find that although many people are liberal in beliefs, they are conservative in actions.
That is some interesting research(only 5% of spam is porn?!), but where is spam headed long term? They have that little graph were you can see trends for 30 days, 100 days, or 12 months(though the 30 days and 12 months didn't work for me in Safari), but does anyone have reliable statistics that go back farther?
Is spam burning out, finding new markets, or are people just continuing to send spam even if they don't make a profit on it?
Monstar L
What's coming down our road is a lot more 0day exploits. WMF was the tip of the iceberg.
What's also coming is "multi facetted attacks". I.e. spyware and adware that is being used not only to display pesky ads but also used as a foot in the door to install malware on your PC (i.e. malware that's MORE destructive than just popups).
What I foresee as well is that trojan writers will make more and more use of crippleware that's installed by third party software (for example, software that's supposed to ensure you don't break copyrights). Simply because this kind of software is more or less omnipresent (or will be soon), while not going through the rather strict screening process that normal OS modules go through. Yes, no matter what you think of MS, their soft is one of the best tested in the world (in the non-open source world at least, screening in OS outmatches it by magnitudes).
The goal for virus and trojan writers isn't anymore the spreading and the rather masturbatory enjoyment of knowing your virus spreads like crazy. Money's made its way into the trojan biz. And 3 goals are predominantly present:
1. Spambots
2. DDoS sheep
3. Phishing
While 1 and 2 have already had their heydays, phishing is strongly on the rise. I can say without breaking any NDA agreements that we are currently facing very well organized, very strongly pushing phishing attacks targeted at passwords for the "usual" targets (amazon, ebay, paypal), as well as a lot of national and international banks (online banking is something I would not really do right now on a Windows-based system...).
The organization behind it is stunning. Ways to launder the money that makes some old mafia tactics look bland. Update cycles and update services for those trojans that rival or outmatch large corporations.
Teach your peers. Tell them about it. Tell them to friggin' install that damn antivirus tool. And to upgrade their Windows. And most of all, to finally abandon that insecure webbrowsing pest that comes with every MS System!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
It does seem that some virus attacks are occurring too quickly for traditional AV approaches to provide adequate protection. Perhaps an approach suggested by Israeli researchers, Distributive immunization of networks against viruses using the 'honey-pot' architecture [warning: PDF], has virtue. The basic idea is to automate virus recognition and immediately push a "vaccine" to potentially vulnerable machines.
First of all, spamfilters, no matter how good they are, won't solve it. Who has filters? You, me, the rest of the "clued" people. But we wouldn't click on a spam ad anyway, would we?
The people who do click on one simply have no clue what's going on and thus have no spamfilter. So spamfilters are simply for our convenience of not having to deal with junk.
Laws won't make spam go away. Unless you have a globally universal and most of all equal law concerning spam, all it does is to go to another place. And since making spam legal equals tax income for a country, I'd give a the possibility of the RIAA realizing that copycrippling their music isn't the right way a higher chance of coming to reality.
So Spam is here, and it's here to stay. It will maybe become more sophisticated, and it will most certainly become used by people wanting to plant other malware onto your system (e.g. the combination of spamming a link and planting a bogus WMF onto the referred site).
But Spam won't stop.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If this report proves anything, is that running antivirus software is not good protection. You have to educate users not to open suspicious attachments, not to run IE, and to keep their systems updated (every modern OS does this automatically! Windows also does this since SP2). A firewall and/or NAT router is always a good idea too.
I don't run antivirus (except the occasional ClamWin run if I downloaded something I don't trust completely), and I manage to keep my computer clean just by following the above rules. Antivirus won't protect you from ad/spyware anyway, and these things have become worse than viruses.
If the antivirus vendors can't keep up with new viruses, you might aswell stop paying for antivirus. After all, it won't protect you.
1. No, thank you. We got enough work analyzing and prodding viri, we don't need to write them. We get them, for free. Why bother working more than you really have to?
Detach yourself from the idea of the "fun" virus that spreads, displays junk or wipes your hard drive. Those are becoming fewer and fewer. The "new" generation of viri and trojans have a very defined goal: Making money for their creator. Either by using the infected machines for another attack (use it in a DDoS blackmail attack), gathering your passwords to steal from you directly (paypaling your money away or "making" you buy their stuff for horrible prices at EBay) or use you as a relay station for spam and other malware so it cannot be traced back to them (and spam being the most harmless of them).
2. I do admit, we sometimes exaggerate the threat. Not for our personal gain. People don't go out and buy antivirus soft just because the threat level is rising. There're a LOT of free antivirus solutions that are by no means worse than commercial products, and a lot of commercial products do have a non-commercial free version.
But, for example, because the trojan poses a threat to the net as a whole while the damage to the single machine infected would be minimal. Why should YOU care, if YOUR damage is low? People are selfish like that, unfortunately.
3. Something you won't see soon again. There was a quite nasty lawsuit against a German antivirus company for labeling some adware correctly as adware. I certainly wouldn't label anything that's not most certainly BAD BAD BAD software bad. The lawsuit is right at your tail if you do.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Pretty graphics, lots of "ooooo" factor. I find that they tell me nothing. This is a trend in the "network security" field:
Tufte would be ashamed.
It's just not the perfect cure. When you install an antivirus suit and consider yourself completely safe, click on everything you can because "hey, I have antivirus, I'm safe", you're in a very dangerous misconception.
I mean, you do wear a condom when having intercourse, right? But still you don't do it with people of "questionable background", right? Why?
The best protection is still having an antivirus suit and behaving like you don't.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Spammers are spoofing the return address as being one of the valid domains (i.e. google.com, yahoo.com, msn.com...)
... get a gmail account, write a bot to send e-mail to other zombie gmail accounts for a while, wait until you have 100 invites to hand out, sign up for some more accounts, then spam like mad until gmail shuts you down.
Nope. Not a single credible anti-spam solution out there today pays any attention to the return address on the e-mail (unless it's explicitly in your whitelist). The filtering is done based on the actual origin of the message, or failing that, the first trusted server that handled the message.
The authors of the FA are saying that spam is ACTUALLY coming from gmail.com, which means it is probably being sent by legit gmail.com users (gmail requires a secure login to use their mail gateway).
It would work like this
It would be really, really hard for Google to come up with a solution to prevent spammers from getting out one good bulk mailing before Gmail shuts them down.
Anti-virus has become more or less snake oil in respect to their effectiveness. They are slow to respond to new threats and are too easily disabled by attacks. Knowledgeable users have no need for AV because they know how to avoid infections quite easily (I'm a Windows user who has never used AV in 15 years and I have never been infected). People who are not knowledgeable will get a false sense of security and feel that they do not need to bother with learning all the ins and outs of safety.
I remember doing some maintenance on a small network once, and discovered that a number of the machines were infected. The boss was surprised. "But they all had anti-virus software!" And what a jolly amount of good that has done...
Yes, there is certainly a limited benefit to AV, as I would imagine that knowledgeable users can sometimes make a mistake. But AV software causes so many problems of their own, from the slowdowns caused by on-the-fly scanning, to the system bogdown whenever it does its scheduled full system scan, to the various slew of compatbility and stability issues that it creates (*cough* Norton *cough*).
I wish that Slashdot editors would not post stories about press releases! Did someone get paid under the table?
It's very common that press releases contain entirely invented "information". Certainly the people who write them can be expected to have NO technical knowledge, and not to care that they have no technical knowledge.
--
If they enjoy it or it makes them money, rich people and leaders can kill small animals and Iraqis?
Why don't they make an OS that is immune from getting viruses just by clicking on a hot link or opening an attachment?
Because it's very, very hard. First of all, users are constantly demanding that progams interact with each other, and with each other's data. This gives the web browser permission to pass that hotlink off to another piece of code and process it, sometimes without your intervention. It's these hand-offs that cause the problem. All it takes is one good buffer overflow error to drop some virus code into the instruction queue, and you can make all kinds of interesting things happen. Programmers are learning to add boundary checks to their code, but every now and again, someone's going to make a mistake. Not to mention, many viruses today are actually straight-up executable code or scripts that users are fooled into running.
And, if that attachment is an executable, then no operating system ever created, or that ever will be created, can stop you from clicking your way to oblivion (unless you completely remove the ability for users to execute programs other than some pre-existing sub-set, which is completely impractical).
All you Linux users out there, stop snickering from behind your keyboards. I'm willing to bet there are one or two good holes in Firefox that could be used to install malicious code on a Linux box. Sure, it would run as the individual user, not as root, but that's not going to matter much when your ISP cuts off your data pipe because 'dumbuser1' has a spam bot running in the background.
they never note specifics on which anti-virus performed how well, Their tests are based on the AVERAGE time to detect and the AVERAGE number of viruses missed. Not all anti-viruses are created equal, and some are distinctly less equal than others. Symantec and McAfee in particular have abysmal response time in updating their definitions. Granted since they're much bigger than their competitors, and with size comes sluggishness, but I've personally submitted samples to them and had to wait weeks before the definitions were added. That kind of delay is inexcuseable (if it takes that long to review samples, hire more people!)
Also, when you take into account that McAfee detects fully half the files with any sort of file packer used (thats what they call 'heuristics', they've detected Hijackthis as a virus during 4 separate updates), you have to wonder how they can miss actual viruses with such a "shoot first and fix false positives later" mentality.
as a positive counter-example, NOD32 and Kaspersky generally detect a new threat within an hour after they first see it, if their heuristics dont already pick it up.
When it says that its the average of 21 major anti-virus vendors, I question whether the statistic is meaningful with so broad a spectrum of response times
To err is human, to really foul up requires a computer
Lets see, this'll get me modded +5 Troll (truthful)
Why don't they make an OS that is immune from getting viruses just by clicking on a hot link or opening an attachment?
Because software companies (most notably MS) prefer to sacrifice security to provide increased "ease of use". Or, "it's not a bug, it's a feature". Features sell. Bugs... well they do affect sales, but not to anywhere the same magnitude as new features. Company P.R. can spin the new features as wonderful and huge, and play down or totally ignore the problems.
So if a new feature introduces a security risk, and it's not currently en vogue to exploit that particular feature, they include it. Then next year after that feature has gotten hundreds of thousands of their customer's boxes owned, they sell you another feature of a "more secure" xyz. See, they sell it to you broken, then they sell you the fix for it. And they call this "a good business model". The phishers make money, the software vendors make money, and you my friend, are the one that pays them, both.
There ought to be a law that makes it illegal for a company to make a "feature" in computer software that automatically executes a program that was not "reasonably verified" to be executing with the knowledge and consent of the owner. In a nutshell, if someone sends you something through a public medium, and it contains instructions that can tell your computer to do something without your permission, it should never be allowed to execute.
I work for the Department of Redundancy Department.
I wish, after all of this hyping, that we'd get a bug as well written as some of these (you know, that gets into everything and around all defenses) but gets old-school on its victims. None of this pussyfooting around, I mean like copy itself, mailing itself to all of your contacts, and delete everyone's hard drives. Or filling it with beastiality pron. Nasty stuff.
Show these kids what a real virus is about. Put that hype to good use. And make everyone stop acting like EVERY LITTLE BUG IS A RIDER OF THE APOCALYPSE. Because most of these, like even the Sober worm, aren't really that harmful. Most malware writers are really only out for money, not general misanthropia. I just want ONE killer bug to put all of this in perspective. And maybe get people to switch to a modern OS like Linus, BSD, or OS X.
Because no, not even Norton can save you.
The 'Net is a waste of time, and that's exactly what's right about it. - William Gibson
Antivirus isn't great, as it comes with a bunch of issues, such as resource implications, acting as a threat vector itself, and generally being a case of shutting the stable door after the horse has bolted (zero-day exploits).
So add-on antivirus software isn't exactly *useful*, and isn't anything like running a sane operating system with pragmatically chosen security settings - which wouldn't include, by and large, anti-virus or anti-spyware scanning type software.
Did anyone else find it interesting that they are hosting this on a Win2k iis server?
Funny choice given the stats...
A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips