Slashdot Mirror
Top Viruses, Worms and Malware in 2006
An anonymous reader writes "HNS is running an article with a list of those malicious codes which, although they may not have caused serious epidemics, stood out in one way or another. Some of the categories are: the biggest snooper, the most moralistic, the worst job applicant and the most tenacious. From the article: 'The most competitive. Once the Popuper spyware has installed itself on a computer, it runs a pirate version of a well-known antivirus application. Far from trying to do the user a favour, it is actually trying to eliminate any possible rival from the computer. It seems that the fight for supremacy has also reached the world of Internet threats.'"
I notice there's no mention of ANY of the Apple viruses/worms or malware out there. You only have to search back through the last year of security news to see the exploits taken advantage of in OSX to see a few examples of this, yet there's still no "FIRST VIRUS ON MACS" headline in the mainstream press.
Especially the one released on a popular mac rumors forum earlier this year that hit a few people hard.
Or will we have to wait for next years list to see our new friend Toddy included? :-)
None of which affected me simply because I chose to run linux. When will the rest of the world catch on... *sigh*
I heard it made a few other lists as well.
Cleansing home PCs, I've seen some of the more exotic exploits become commonplace, including:
.DLL as a print monitor; .DLL, registered in a CLSID key, warning of SPYWARE!!! from the system tray; .DLL's.
Direct Revenue hiding its core
one lone
launching executables from Group Policy subkeys;
populating subkeys of Winolgon\Notify with self-renaming
Hiding malware so it launches before Explorer (and even before the antivirus app) is sneaky, underhanded, and ensures a steady stream of income so I don't need to get an actual job. Editing the Registry hives from WinPE is the only cost-effective way to remove many of these things, and Suzy Homeuser wull never be ready for that.
So here's to you, scumbag malware writers... and here's to Microsoft for leaving soooo many ways to launch your malware: Thanks for paying my mortgage. Without security holes, and the slimeballs who exploit them, I'd be back selling auto parts.
That's all I got so far.
I think that initiatives like these only make the problem much worse and that the people writing them are mere idiots who don't bother to think about the possible consequences. Yes, some people may consider this informative as a way of being kept up to date as to what has happened in the past year. The people who created and spread all this garbage may very well look upon this with a whole different attitude: "Look at that, see, I R teh l33t coder! My h4xkZ r made teh top!" resulting in some other lame clueless kiddie who has but one single goal: get into the position his fearsome "I R Kiddie" mentor is or was.
When it comes to controversial topics like virii and such I think you need to be very carefull and also use some form of self-moderation just to make sure the news you're presenting doesn't start to lead a life in itself. You see the same thing happening when a kiddie breaks into a computer system and the marks of a rootkit are all over the place. Ofcourse you inform your superiors and other staff, but you also try to keep the news low profiled just to make sure that if it was an inside job (which is always possible) you don't create situations like: "Whatever crap he can do I can do better!".
So when it comes to lists like these I can't help seriously question the sanity of the people creating them. IMO you're only creating a competition platform for morons who can't do much more than find a rootkit on google and need help from IRC channels to actually install and use it. Quite frankly thats the kind of attention I really don't need at all.
"I'm not much interested in interoperability. I want substitutability. I want to be able to throw your software out."
Well, the GP said the spyware "monitors whether users access certain web pages with pornographic content". Sexual matters being involved, the expression "voyeuristic tendencies" is appropriate. If I want to know what kind of motor my neighbor has in her car, I'm being "curious", if I want to know what kind of panties she's wearing, then I'm a "voyeur".
Well ok I laughed.
The time is ripe for a beneficial virus, one that does no harm to the host computer, but acts as a keylogger that will play a very loud annoying buzing noise and kill all open apps if the user types: "misa campo", "made of win", "internets", "begs the question", or any other word or phrase from a list of current phrases used by morons.
Nor does the average joe take the steps necessary to slow the onslaught:
Chalmer
The severity of the virus, the spread of the virus, and the stupidity of the users necessary for the the first two.
The few viruses (they were actually non self-replicating trojans -- most were modified versions of Opener) that affected people on rumour forums required people to give the trojan/script admin (sudo) privileges. I'm sorry, but no matter what OS you're on, giving a virus sudo means game over.
The real litigious bastards...
Any ideas how much malware has gone undetected?
That bit of malware is installed on users machines without their knowledge of what it really means.
It may monitor what you are up to, We don't really know yet.
It may pop a message onto your computer suggesting that you go to a certain website and pay money to some questionable organisation.
A new version is reputed to disable your computer if you do not submit to its blackmail...
I'll see your Constitution and raise you a Queen.
"I notice there's no mention of ANY of the Apple viruses/worms or malware out there"
. shtml
Where are the reports of thousands of OS X desktops being compromised and bank accounts being emptied.
http://www.macobserver.com/editorial/2003/08/29.1
was Re:A bit of bias from the press?
davecb5620@gmail.com
I see a lot of machines with multiple infestations, but I rarely rebuild 'em.
.DLLs (hint: sort the list by Manufacturer)
My usual algorighm:
Start up in Safe Mode
Use AutoRuns.exe to identify most of the offenders; delete those that don't self-reinstall
Open IE and then System Information; look at Loaded Modules to find the vx2
Boot to Windows PE; back up and load the Software and System hives & clean them up; do the same with the user hive(s)
Boot into Windows and check for stragglers.
Lots of fun, especially for $1.25/minute.
i have a uselessly pretty interface :(
but its beryl on ubuntu, is that ok?
They say that Gatt.A can infect any platform like "omg noes Linux and Mac!" but according to http://www.pandasoftware.com/virus_info/encycloped ia/overview.aspx?IdVirus=122900&sind=0 the IDA (which it exploits) is present on multiple platforms, but there are other things about windows that made the virus function.
I don't know about everyone else, but this damages the credibility of the article for me.
For anyone who wants to see the original article, which is without ads, and with links, there's always the original site:
Panda Software Virus Yearbook 2006
"I just use my Dell."
When I was the alpha geek on a four-geek Help Desk, we had to ask each caller for the computer name (we later used bginfo for that). We would ring a bell every time we got the answer "Dell," then patiently explain that the computer is a Dell, but the computer has a name on the network, and we need to figure out what that is...
one woman interrupted me: "Trinitron?"
I slapped the mute switch just in time, and ROTFLMAO.
by Charles Gaba, 11:00 AM EDT, August 29th, 2003
So, another week, another Windows virus. Ho-hum.
Computer viruses--Windows-based computer viruses, for the most part--have been around for a long time now, but it's really only since the explosion of the Internet (the modern, commercialized Internet, that is) that they've caught the public eye, and it's only within the past 2-3 years (since the first "rock star" viruses, Melissa, AnnaKournikova and ILOVEYOU) that the media has made a fuss over it.
[...] //Who actually reads the whole article?
6. This is where things start to get very interesting. You see, out of those 579 total viruses which affect some versions of the Mac operating system, you'll notice that the vast majority of their names start with a WM/ or XM/. I checked these out, and sure enough, this means that they're a Macro virus which runs exclusively on some versions of--you guessed it--Microsoft Word or Microsoft Excel (there are a few Word/Excel Macro viruses which don't have WM/ or XM/ in their names as well). In fact, over 95% of these so-called "Mac" viruses are actually directly made possible by Microsoft software. If you take these out of the equation, which seems reasonable to me since there are solid alternatives on the Mac to Word and Excel, just as there are alternatives to Windows itself, you're left with the following number of viruses that affect the Mac and can't be blamed on Microsoft in any way, shape or form: 26.
Yes, that's right: 26 out of a total of over 71,000.
However, I've left out one of the most important factors here: All 26 of these, along with the other 553 Word/Excel Macro viruses, were designed for the OLDER versions of the Mac OS (and the older versions of Word/Excel, to be fair). None of this has anything to do with Mac OS X, which is the relevant system to look at.
If you remove the viruses which don't affect OS X, you know what you're left with--at least, as of this writing, and to the best of my knowledge?
Zero. None. Zip. Zilch.
blah blah blah