Slashdot Mirror

← Back to Stories (view on slashdot.org)

Top Viruses, Worms and Malware in 2006

Posted by Zonk on from the and-the-losers-are dept.

An anonymous reader writes "HNS is running an article with a list of those malicious codes which, although they may not have caused serious epidemics, stood out in one way or another. Some of the categories are: the biggest snooper, the most moralistic, the worst job applicant and the most tenacious. From the article: 'The most competitive. Once the Popuper spyware has installed itself on a computer, it runs a pirate version of a well-known antivirus application. Far from trying to do the user a favour, it is actually trying to eliminate any possible rival from the computer. It seems that the fight for supremacy has also reached the world of Internet threats.'"

9 of 74 comments (clear)

  1. Great year for malware... by spywhere · · Score: 5, Funny

    Cleansing home PCs, I've seen some of the more exotic exploits become commonplace, including:

    Direct Revenue hiding its core .DLL as a print monitor;
    one lone .DLL, registered in a CLSID key, warning of SPYWARE!!! from the system tray;
    launching executables from Group Policy subkeys;
    populating subkeys of Winolgon\Notify with self-renaming .DLL's.

    Hiding malware so it launches before Explorer (and even before the antivirus app) is sneaky, underhanded, and ensures a steady stream of income so I don't need to get an actual job. Editing the Registry hives from WinPE is the only cost-effective way to remove many of these things, and Suzy Homeuser wull never be ready for that.
    So here's to you, scumbag malware writers... and here's to Microsoft for leaving soooo many ways to launch your malware: Thanks for paying my mortgage. Without security holes, and the slimeballs who exploit them, I'd be back selling auto parts.

    1. Re:Great year for malware... by Barny · · Score: 4, Informative

      /raises glass

      That one that warns of "your pc is infected with malware" from system tray, known some places as smitfraud others as VX2, now uses several hundred reinfection methods, from infected active script desktop images, to the old favourite, making itself the default program to open files of type .exe

      In fact, all those tricks you list are used by one version or the other (or if you are unlucky and get the latest updated version, all of them).

      Faster now just to backup data, format and re-install than try and debug each and every method used by the particular version you have, I have tried auto remove tools, all of them end up out of date less than 24hrs after launch (someone is making enough from this thing that paying lots of money to a few programmers is not a problem).

      The pay-off is of course when the user clicks that task bar balloon and it installs the "protection racket" software of choice onto your PC, which says it found 4366724 virus' and spyware, and to please pay them for a full licence to remove them. Of course if you pay them, it does NOT remove even its own malware, at least yesteryears organised crime DIDN'T break stuff if you paid.

      The real kicker is, the 3-4 times I have seen it infect a pc (had user, on a fresh pc, do what they did when it first happened) it was through an IE "unpatched code execution" bug of the week.

      When I tell people to use firefox, and then pre-install it on their new PC/repair, do they think it is a joke?

      --
      ...
      /me sighs
  2. Re:Top Viruses of 2006... by TerminalSpin · · Score: 5, Informative

    Apparently it only works properly on Windows... http://www.pandasoftware.com/com/virus_info/encycl opedia/overview.aspx?lst=det&idvirus=122900&sitepa nda=particulares

    --
    :wq
  3. Re:Top Viruses of 2006... by Klaidas · · Score: 4, Insightful

    Well, you see, there are viruses for linux. However, they don't spread a lot (because if someone uses linux, he has enough knowledge not to open an attachment/install an unknown file.)
    And well, saying that WIndows is bad because almost all viruses are designed for them is like saying that houses are bad, because thieves might try to break in...

  4. Re:Top Viruses of 2006... by LainTouko · · Score: 5, Insightful

    Well, that's only part of the truth. There are three reasons why Linux viruses don't get around like Windows viruses; better security, lower population (also encompasses the lack of monoculture in network applications), and more careful users. And none of those reasons is the "real reason", they work in combination with each other to make the difference really really big.

  5. Re:Top Viruses of 2006... by bl8n8r · · Score: 4, Insightful

    It sure seems to have come down to a matter of simple denial with the Windows platform. Vista has barely been released yet, and there are exploits[0] out for it. How can anyone claim to be concerned about system integrity[1] *and* be a windows advocate at the same time? It is a blatant contradiction. There are so many different alternatives with a better overall design that it makes no sense to run Windows unless you have been locked-in to the platform. If you are not yet locked-in, it seems Vista will help you with that[2].

    [0] http://www.google.com/search?hl=en&q=vista+virus
    [1] http://www.google.com/search?hl=en&lr=&q=vista+sec urity+lacking
    [2] http://it.slashdot.org/article.pl?sid=06/11/16/011 2214

    --
    boycott slashdot February 10th - 17th check out: altSlashdot.org
  6. What the world needs by Anonymous Coward · · Score: 5, Funny

    The time is ripe for a beneficial virus, one that does no harm to the host computer, but acts as a keylogger that will play a very loud annoying buzing noise and kill all open apps if the user types: "misa campo", "made of win", "internets", "begs the question", or any other word or phrase from a list of current phrases used by morons.

  7. One repair strategy by spywhere · · Score: 4, Informative

    I see a lot of machines with multiple infestations, but I rarely rebuild 'em.
    My usual algorighm:

    Start up in Safe Mode
    Use AutoRuns.exe to identify most of the offenders; delete those that don't self-reinstall
    Open IE and then System Information; look at Loaded Modules to find the vx2 .DLLs (hint: sort the list by Manufacturer)
    Boot to Windows PE; back up and load the Software and System hives & clean them up; do the same with the user hive(s)
    Boot into Windows and check for stragglers.

    Lots of fun, especially for $1.25/minute.

  8. Re:Top Viruses of 2006... by bmo · · Score: 4, Insightful

    "The first time someone's running as root and downloads an untrustworthy file..."

    But that's not really an issue is it? What Linux distribution has the default user as Root these days? In fact, it's more difficult to run as root in some distributions instead of as a normal user, in that the "root account" is never enabled. Attempt to login to (X,K,Ed)Ubuntu as root at the login screen and it won't work.

    How to get a Windows computer infected:

    Connect to the 'net without a firewall or run IE and visit a bad page. Or, run OE (interesting that Outlook Express has the same initials as "Operator Error") for your mail. Or run p2p software and download a "song" that doesn't play (but is instead an executable file). In fact, I've got a friend whose daughter did exactly the latter, and I'm going to fix it after the weekend. I beginning to think that these days, that's the most common vector of infection, as I see it time and time again.

    Windows gives execute permission based on the file name extension. For this utterly stupid idea held over from the frickin' CP/M days, users are being hosed left, right, up, and down. This bogosity should have died with Windows 3.1 or at least after Bill Gates discovered the 'net and put out Win98. However, the concept is still with us in Vista, so techs everwhere are going to be guaranteed a paycheck for at least the next 5 years.

    How to infect a Unix or Linux machine:

    Automatically through mail? Impossible to do without user interaction, since everything that comes down the pipe doesn't have the execute bits turned on. Anyone who writes an MUA that does that autmatically will be taken out back and hit with the clue bat.

    Visit a web page? There's no such thing as a drive-by install. The user has to download the file and manually set the execute bits high again, through chmod or by right-clicking on the file.

    Use p2p? Everything downloaded has no execute bit. What data file _ever_ deserves an execute bit? Indeed, I have yet to ever receive a file from the wire that has execute bits turned on except when they're contained within an installation package, and for that to work, I need to pause and use root permission if it's an install for the whole machine and I still have to unpack it even if it's going in my home directory.

    In fact, the simple act of user interaction, even if it's the typing of the current user's password (OS/X) prevents a whole lot of evil. It's that short pause that gives the user the chance to _think_, if even for half a second, and say _no_ to random malware. If you're a malware writer and you give your victims the chance to think, your bit of evil goes nowhere. There are only so many times that people are going to install a fucking purple gorilla.

    This ignores the population that will run silly "cupholder" executables and trojan filled "free screensavers," at every opportunity whether in Linux, Unix, or Windows, but then real stupidity trumps artificial intelligence every time. You can only do so much if a user is determined to blow each toe off his foot with a .44 one by one.

    If this means that Unix and Linux are more difficult, (as if typing the current user's password is complex) so bloody what? It's damn inconvenient when a computer gets infected, isn't it?

    --
    BMO