The virus problem is huge, but its effects can't easily be seen because most viruses are not destructive. Want proof? Just do this simple test. Take an unneeded Windows 9x box (is that redundant?), install a current virus detection program, share the 'C' drive with no password and drop it on the Internet. Your mileage may vary, but I collected dozens of instances of Nimbda.A, Nimbda.E, Bymer and Slim.A (a rare one) in just a few days. And the number of virus packets really starts to add up. For example, my humble viral Honeypot (http://www.honeypot.org) once logged 38 megs of Nimbda traffic in just one day (although 100-300K of viral traffic is more typical).
If you were about to say 'what idiot shares their 'C' drive with no password,' you would be surprised. I did an unscientific poll (read 'port scan') of several class C addresses neighboring my own DSL IP address range. I typically find one or two Win 9x systems per class C with a shared drive and no password! Sure this is a bone-headed move by computer newbies, but if so many people are sharing drives on the Internet, how many people practice safe email attachment handling or keep their virus scanners up to date (if they even have one)?
Slashdot Mirror
The correct URL for the HoneyNet Project is:
http://project.honeynet.org/
The virus problem is huge, but its effects can't easily be seen because most viruses are not destructive. Want proof? Just do this simple test. Take an unneeded Windows 9x box (is that redundant?), install a current virus detection program, share the 'C' drive with no password and drop it on the Internet. Your mileage may vary, but I collected dozens of instances of Nimbda.A, Nimbda.E, Bymer and Slim.A (a rare one) in just a few days. And the number of virus packets really starts to add up. For example, my humble viral Honeypot (http://www.honeypot.org) once logged 38 megs of Nimbda traffic in just one day (although 100-300K of viral traffic is more typical).
If you were about to say 'what idiot shares their 'C' drive with no password,' you would be surprised. I did an unscientific poll (read 'port scan') of several class C addresses neighboring my own DSL IP address range. I typically find one or two Win 9x systems per class C with a shared drive and no password! Sure this is a bone-headed move by computer newbies, but if so many people are sharing drives on the Internet, how many people practice safe email attachment handling or keep their virus scanners up to date (if they even have one)?