Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Future Trends of Malware 179

An anonymous reader writes "What are the driving forces behind the rise of malware? Who's behind it, and what tactics do they use? How are vendors responding, and what should organizations, researchers, and end users keep in mind for the upcoming future? All these questions and more are answered in the well written (MHO) Future Trends of Malware"
This discussion has been archived. No new comments can be posted.

Future Trends of Malware

Comments Filter:

    • money

      Look, money is a perfectly fine motivation for script kiddies and Nigerian scam artists and ex-KGB Russian/Ukrainian mafiosi.

      But there's an outfit sitting behind a router in the PRC that has a different motivation; something along the lines of "Geopolitical World Dominance":

      The Invasion of the Chinese Cyberspies
      (And the Man Who Tried to Stop Them)

      ...The hackers he was stalking, part of a cyberespionage ring that federal investigators code-named Titan Rain, first caught Carpenter's eye a year

      • TIME's so-called reporting has often been so bad that if they said the sky was overhead, I'd look up to make sure. But your comment reminded me of the old jape about comparative intelligence techniques:

        Objective: obtain a sample of American sand.

        The Soviets send a stealth submarine, which spits forth a scuba diver equipped with all the latest camoflage, who sneaks ashore in the dead of night.

        The Chinese send a million tourists to the beach.

  • by CrazyJim1 ( 809850 ) on Wednesday January 11, 2006 @10:18AM (#14445314) Journal
    It seems like parents everywhere trust their AntiVirus to stop everything. When they get spyware, and you tell em you got to remove it, they'll retort,"Oh, just run Mcaffee". The funny part that we all know here is that there are too much malware out there for one Antivirus software to stop and they keep coming. To me, Antivirus software seems a lot like SnakeWater.
    • If they run Mcaffee, they deserve it. ;)

      note: I can too make fun of all antivirus companies. I run debian.
      • by dc29A ( 636871 ) on Wednesday January 11, 2006 @12:21PM (#14446209)
        note: I can too make fun of all antivirus companies. I run debian.

        I haven't installed an anti-virus software on my home PC and laptop for over 3 years now (both running Windows). Never had any problems either. I just follow a few paranoid steps:
        - Firewall the machines router + laptop has software firewall.
        - Avoid IE like the plague.
        - Avoid Outlook Express like the plague.
        - Try as much as possible using a limited rights account instead of root. For some games and apps it doesn't work but for most mundane tasks like browsing, video, mp3 playback it works great.
        - VMware or VirtualPC is your friend if you want to run code from ugh *cough* warez sites *cough*, but as a general step, I refuse to open any email attachment that isn't an image, video or hyperlink from a trusted source (ie: someone emailing a funny image to group of friends). I treat every email attachement that I receive on my home PC as a virus. I then lower the severity of it based on file type.
        - Firefox + Adblock = golden.

        Is it perfect? Nope but paranoid surfing habits as in don't click on "OMG YOUR PC IS SLOW SPEED IT UP" flashing crap helps, or when you get to a pr0n site and it offers you a plugin.exe it might also be a bad idea to execute it.
        • Actually, I downloaded a suspicious attachment to see what it would do. I run as a non-privileged user. It couldn't write to the WINNT directory or the registry. But what was funny was that when executed, it said,"Cannot find vbrun64.dll".
        • I've been saying (and doing) the same thing with my WinBoxen for nearly a decade, and have zero infections to show for it. A resident AV is necessary mainly for users who can't resist clicking that attachment, or who use IE/Outlook. If you use a firewall, Some Other Browser, and an email client that doesn't execute attachments no matter what the user clicks, 99% of such problems go away without the need of a resident AV.

          But DO remember to manually AV-scan anything you save to disk (from an attachment or a d
    • Antivirus software seems a lot like SnakeWater.
      SnakeWater? Is that a cross between Snake Oil (a quack remedy or panacea - OED) and Bong Water?
    • by igb ( 28052 ) on Wednesday January 11, 2006 @12:15PM (#14446159)
      I'm not quite sure what `parents' has to do with it. A huge proportion of the population, with or without children, falls into one of three categories:
      • They don't know spyware or viruses from a hole in the ground, and they either re-install or buy a new computer every time their machine gets too slow
      • OR they believe their firewall and/or AV product is total protection, and they convince themselves that their machine isn't slow and isn't behaving badly, even when it it
      • OR they simply accept that computers are shit and tolerate it running badly.
      A certain sort of quasi-autistic geek then makes snotty comments and plays ``blame the victim'' by pointing out all the measures that the victim could have taken. The real solutions are:
      • For operating system vendors to sort out their problems. Oh, OK, for one particular OS vendor to sort out its problems.
      • For law enforcement to stop treating the perpetrators as cute kids, and actually do something serious about the issue.
      Blaming the victim just isn't on. `We' (ie people who provide computer and telecommunication services) sold them a machine. It's up to us to make sure it behaves reasonably. There's an ``Unsafe at Any Speed'' brewing, if but we could see it.

      ian

  • by orthogonal ( 588627 ) on Wednesday January 11, 2006 @10:19AM (#14445320) Journal
    I'm sure it's a great paper. But when it's presented as black and sky blue text on a purple background, reading it is almost like having my eyes infected with malware.
    • It's not a great paper. A great paper would have been written clearly (and not submitted by it's author: that's how I'm interpreting the Anon's "All these questions and more are answered in the well written (MHO) Future Trends of Malware").
  • by millwall ( 622730 ) on Wednesday January 11, 2006 @10:23AM (#14445344)
    Key summary points
    --------------
    Malware authors update their multi-vendor anti virus signatures faster than most end users and enterprises do altogether

    The high pressure put on malware authors by the experienced vendors is causing them to unite efforts and assets, and realize that it's hard to compete on their own. Yet this doesn't stop them from waging a war in between

    Intellectual property theft worms have to potential to dominate in today's knowledge-driven society acting as tools for espionage

    Don't matter what you always wanted to do to ecriminals, in case of a cryptoviral extortion, you'll be the one having to initiate the contact

    The growing Internet population, E-commerce flow, and the demand for illegal/unethical services, would fuel the development of an Ecosystem, for anything, but legal

    The "Web as a platform" is a powerful medium for malware attackers understanding the new Web

    The unprecedented growth of E-commerce would always remain the main incentive for illegal activities

    7.0 Conclusion
    --------------

    I hope that the points I have raised in this research, would prove valuable to both end users, businesses and anti-virus vendors. The Internet as a growing force shaping our ways of thinking and living is as useful, as easy to exploit as well. The clear growth in E-commerce, today's open-source nature of malware, the growing penetration of the Internet in respect to insecure connected PCs, are among the main driving factors of the scene. Do your homework and stay ahead of the threats, most of all, less branding when making security decisions, but high preferences! Please, feel free to direct your opinions, remarks, or any feedback to me, at dancho.danchev AT hush.com or at ddanchev.blogspot.com where you can directly comment on my publication. Nothing is impossible, the impossible just takes a little while!

    • Biometrics & RFID (Score:3, Insightful)

      by TFGeditor ( 737839 )
      I think the ultimate future of malware will encompass biometric and RFID. Rather than key loggers, we will see biometric image capture (e.g. a scan/image capture of the user's thumbprint). Or capturing RFID patterns.

      I still say purveyors and criminal users of malware should be subject to life prison sentences if not death.

      • No! (Score:3, Interesting)

        by Belial6 ( 794905 )
        If fingerprints ever start being widely used, muggers will just hit you over the head and cut off your fingers. They can check to see if you have a bank account later. If you think that there are not plenty of people that would cut your fingers off for the chance of a couple of hundred dollars, you are sadly mistaken, and a danger to the rest of society.
        • It all depends on where the level of desperation lies in a society. In the middle ages, and again during the Great Depression of less than a century ago, you had a small but finite chance of being killed for your boots. Not too likely at present in the civilized world, but in third world countries, there are still people in low enough straits to have no qualms about killing you for as little as your fingerprint.

          Occurs to me that not only could biometric logins be captured by a program similar to a keystroke
    • So, basically, he is just telling us a bunch of stuff that we already know.
  • Daemon Tools (Score:1, Offtopic)

    by barik ( 160226 )
    Greed. Free products like Daemon Tools [daemon-tools.cc], when the author suddenly decides that free doesn't pay the bills, and includes spyware. Daemon Tools is a great product, but I refuse to ever use it again. I don't care if the setup lets you uncheck the option to install the spyware; it shouldn't be there in the first place.
    • Re:Daemon Tools (Score:3, Interesting)

      by Matt2k ( 688738 )
      Greed? You mean the selfless devotion of time to a project that no one will pay you for?
    • I don't care if the setup lets you uncheck the option to install the spyware; it shouldn't be there in the first place.

      Not that i'm defending the inclusion of (mal|spy|shit)ware with genuinely useful software (I also use a slightly out of date version of Daemon Tools) but you have absolutely no right to say what the author can and can't include in his software package.

      The fact that you can choose not to install the crud is a blessing (saves you ripping it out with Spybot afterward). Does an extra setup scre
      • Re:Daemon Tools (Score:3, Interesting)

        by badfish99 ( 826052 )
        Absolutely no right?

        So (for example) did nobody have any right to say that Sony should not include a rootkit in the software on their CDs? Does nobody have the right to say that Microsoft Windows should be better quality? If some software destroyed your hard disk, would you just say "it's a blessing that I could have chosen not to install it"?

        • Re:Daemon Tools (Score:3, Insightful)

          by HappyDrgn ( 142428 )
          "did nobody have any right to say that Sony should not include a rootkit in the software"

          You're comparing apples to oranges here. The difference with Daemon Tools is that it gives you an option to not install additional software and when you tell it no thanks that is the end of it. In the case of Sony's rootkit however there was no option to not install this extra software. The problem most people have with this is not that the software was there in the first place, but that the installer used vague wordin
        • Re:Daemon Tools (Score:3, Insightful)

          by baadger ( 764884 )
          Installing Daemon Tools and then being given the option to opt out of crapware is not the same as, nor does it even compare to:
          • Sony BMG's rootkit installing itself without user intervention
          • The software being of a poor quality. You're Windows analogy suggests essentially that Daemon Tools is now a totally useless or inferior, or somehow less valuable, product just because it is now bundled with some optional junkware. If the software was of a poor quality you wouldn't be installing it, crapware or not.
          • Some
          • The Linux kernel on the other hand, I believe, is explicitly distributed with "absolutely no warranty, whatsoever".

            I believe that the microsoft EULA [microsoft.com] essentially states the same thing:

            15. LIMITED WARRANTY FOR SOFTWARE ACQUIRED IN THE US AND CANADA. Microsoft warrants that the Software will perform substantially in accordance with the accompanying materials for a period of ninety (90) days from the date of receipt. If an implied warranty or condition is created by your state /jurisdiction and federal or st

      • Re:Daemon Tools (Score:2, Interesting)

        by barik ( 160226 )
        Yes, it does annoy me that much. If an author is willing to include spyware in the first place, what else are they willing to do with their software? When you download a piece of software, you expect that software, and not random bundles of non-related software.

        You are correct that I have no right to say what the author can and cannot do. I can simply choose not to use the software anymore, which I have done. And in this case, since it for corporate use, I can vote with my wallet as well.
    • > when the author suddenly decides that free doesn't pay the bills

      I don't think he decided it as much as he *realised* it.
  • by IAAP ( 937607 )
    FTFA: Hundreds of thousands of fully controlled Internet connected hosts, with amazing bandwidth, storage and sensitive information stored within could be easily utilized to perform the majority of security attacks we are witnessing these days.

    Would it be possible, if for instance, an ISP sees a shit load of traffic from a customer's address directed at another address to start blocking that traffic? Or at the very least notifying the customer that there may something wrong. I bet just about everyone whose

    • Funny you mention that, because once they're infected, the spam barrage usually comes next. At our company, (an ISP) it takes less than a day to see the complaints from these people. They're then notified that *something* is wrong, and they need to look at it. If it isn't fixed, we usually call them then. If they continue to ignore the problem, they're disconnected until we can look at the computer. At that point, it's a willful TOS violation for spamming, even if they aren't the real spammer since the
    • At my company, when we see virus/spyware activity, we call the customer and give them instructions on how to fix it. If it recurs or doesn't get fixed--or if we can't get in touch with them and it's particularly nasty--we'll shut off service and require that we verify the computer is clean before turning their service back on.

      Which sounds pretty strict, except that we'll clean their computers for free.
    • " if for instance, an ISP sees a shit load of traffic from a customer's address directed at another address to start blocking that traffic? Or at the very least notifying the customer "

      Notification is fine, but I would be very pissed if my ISP decided on their own to block traffic from my address based on an incorrect assumption that the traffic from my address was from an exploited host. My ISP actually did notify me once about their concern for traffic volume from my address and after I explained the situ
  • by Anonymous Coward
    From TFA, re: effects of Sasser worm... "British Airways, 20 flights delayed by 10 minutes".

    In the UK, flights being delayed by only 10 minutes is a cause for celebration. By this metric, French Air Traffic Control on a public-holiday-strike is more damaging to world commerce than a piddly little computer worm!
  • ... you know, my Uncle Jim used to say that a lot of problems in the world could be solved with a .22 to the back of the head...
  • by digitaldc ( 879047 ) * on Wednesday January 11, 2006 @10:25AM (#14445363)
    I counted 45! exclamation points in that article!

    Now after reading it, I have become so depressed that I have decided not to connect my computer to the internet ever again!!!
  • ...they forgot VoIP. Amazing oversight really. How long before someone hacks Skype and manages to insert malware code into the VoIP data stream? You place a call to someone and somewhere along the way extra data is inserted and finds its way onto your machine. I'm not that knowledgeable about VoIP's inner workings, but it seems to me that anything that allows data to be moved back and forth from your computer unfettered is a doorway for malware to be lodged on your machine.
    • I'm not that knowledgeable about VoIP's inner workings, but it seems to me that anything that allows data to be moved back and forth from your computer unfettered is a doorway for malware to be lodged on your machine.

      On the whole, no. If you have a buffer overflow or something then yes, you will get malware coming in. But most problems are caused by computers stupidly executing data they get, due to stupid design, the most common form of which is deciding to allow remote plugins (activex, I'm looking at yo

  • In my opinion, and the article concludes with almost the same point, the 'future trends of malware' will be determined in response to the future trends in software, such as the focus on cracking down on browser phishing, the rise in popularity of open source and the totally net integrated space age home the world has always been promised, but just hasnt happened yet.

    Conclusion: more of the same but general software reacts to malware much more slowly than the counter reaction.
  • by kook44 ( 937545 ) on Wednesday January 11, 2006 @10:27AM (#14445371)
    Horribly written, lots of (mostly) un-referenced statistics without any analysis. Rambles on without any real point. Anything groundbreaking here?
  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Wednesday January 11, 2006 @10:32AM (#14445412)
    Comment removed based on user account deletion
    • by bhima ( 46039 ) <Bhima.PandavaNO@SPAMgmail.com> on Wednesday January 11, 2006 @10:40AM (#14445466) Journal
      Over the course of the past 2 years my entire extended family has switched to Apple products. I find it interesting that well over half of them have not installed a single package beyond what is on them to begin with. And *ALL* of them objected to the useless and annoying crap on their previous big name WinTel boxes.

      Why is it that Apple can figure out what regular people want and HP & Packard Bell saddle people with crap?
      • Why is it that Apple can figure out what regular people want and HP & Packard Bell saddle people with crap?

        And this is one of the big reasons why Apple machines tend to cost a bit more. Bear in mind that HP and Dell and whoever else get paid to include the trialware and crippled versions of apps on their machines. They then turn around and pass the savings on to you, the consumer! They call it "adding value" to the machine. I call it loading it up with useless crap.
      • Apple are charging enough for their product that they don't need to do deals on the side with crapware manufacturers who want their stuff included on their machines. And Apple's product is of sufficient quality that they don't have to pad it out with "1000 dollars worth of software free" in order to make it look attractive in the adverts.
      • I think the real answer to this is because Apple is both a hardware and software company, while HP and Dell (with some minor exceptions) are basically hardware-only outfits. That is, they need to go out and find software to include on their machines. This makes them much more receptive to an outside company's offer to give them a few hundred grand if they include a trial offer of their software. Apple, with minor exceptions, loads computers up with their own software, and thus there isn't the 'foot in the d
        • That's why there isn't nearly the shareware market on the Mac that there is for Windows (not that all Win shareware is crappy, but quite a bit of it is, or is stuff that you can get for other platforms for free).

          I do not find this to be the case.

          There's a huge warez market for PCs. There's not much of a warez market for Macs.

          OS X shareware is widespread; there's a huge amount of it out there.
    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Wednesday January 11, 2006 @10:46AM (#14445510)
      Comment removed based on user account deletion
      • the companies will either find a "compromise" solution that infuriates people less (for instance, a rootkit without horrific security flaws), or simply establish rootkits and other malware as the "industry standard", critics (read: angry geeks) be damned.

        As long as there are geeks, and they get angry, there will be free software and operating systems, which you can't inject copy spy^H^H^Hprotection onto, but can use to play music. Geeks may not buy the CDs if they require said software to play. But they s
  • P2P worms? (Score:5, Insightful)

    by sczimme ( 603413 ) on Wednesday January 11, 2006 @10:34AM (#14445428)

    From the article:

    modular - new features are easily added to further improve its impact, want it to have P2P propagation capability, add it, want it to disseminate over IM, done.

    Okay, malware can be modular - makes sense.

    The lack of P2P worms is, I think, a logical consequence of the RIAA's busts around the U.S, and the global response towards P2P networks copyright infringement.

    How did the author manage to come to that "logical" conclusion? How is the presence (or !presence) of malware related to the "global response... copyright infringement"?

    Given today's P2P concepts, and the disruptive BitTorrent technology, it is not longer required to on purposely slow down transfers to hide the activity on a user's host.

    And where the heck is he going with this??

    Submitter, if this is your idea of "well written", I respectfully suggest you broaden your literary scope.

  • We already put servers in their own groups (e.g. an httpd running as "www-data" or something). What if we made similar limitations for user-level apps. Something like this [google.com].

    user1 is member of group "users" and "user1group", "user1Firefoxgroup", etc.

    Firefox is user "user1Firefox" and a member of "user1group" and "user1Firefoxgroup".

    Thunderbird is user "user1Thunderbird" and a member of "user1group" and "user1Thunderbirdgroup".

    In /home/user1 is a directory called "protected_applications" owned by user1:user1group with "rwxr-x---" permission. General config information common to all apps goes in here, probably only readable, not writable, by "user1group". Below it are subdirectories like "Firefox" (owned by "user1Firefox:user1Firefoxgroup" with permissions "rwxrwx---". Maybe some sticky bits set.

    This way the apps can only write to and read from their own little subdirectory tree, and not any of the others, but the main user can read and write to any of the subdirectories.

    It wouldn't solve everything, but it would help limit further the damage malware could do. It could access (and corrupt) the data for the particular application it suborned, but without exploiting secondary holes it couldn't do more. This would prevent, say, a hole in Firefox from allowing malware to get at your Gnucash data. It also doesn't require much any new permission-checking code, the kernel already does file-access checks anyway.

    • So you'd have a firefox account for each human user! In other words you want:
      number_of_users * number_of_apps accounts. Doesn't seem like a nice, simple, elegant solution. Perhaps we need something like subusers - which would be a user within a user.
      • So you'd have a firefox account for each human user! In other words you want: number_of_users * number_of_apps accounts. Doesn't seem like a nice, simple, elegant solution.

        But it could be managed behind the scene, by scripts and such. The real human users wouldn't need to see the 'virtual' users. And it requires zero changes to the existing Unix security model. Admittedly, at large installations with a lot of users, you might get close to the limits of a 16-bit uid_t, but even if you had, say, 2,000 users

    • Yeah. One flaw: You're assuming that the host operating system has support for UNIX-style user account restrictions. Windows could do something similar if they were to add an "Always Run As..." option, and users were smart enough to set it up, but it would be a hack at best. My guess is that as soon as support for this approach is implemented, even if the security part itself were *bug-free*, it would be a week at most before someone found an exploit to allow them to march out of the sandbox and into th

      • Well put -- I like the analogy.

        Actually I think what people are doing today, is practically building another guest house out back for the foreman and the rest of his work crew to live in while they're patching up your house. Remember the discussion a few months ago here on Slashdot about why the average joe needed a dual-core or multiprocessor Windows box? It was so one processor could run his actual application, and the other one could run all the anti-virus/spyware/adware/intrusion programs.

        The situation
    • (A) You are trying to kludge Unix Permissions onto a siutation where a new model is required. Unix Groups are already a nightmare and this sort of thing would just makes it worse. How would you save a file from your web browser without a nightmare of permission settings?

      Furthermore it doesn't do what you want: Exploiting "user1Firefox:user1Firefoxgroup" is good enough to send spam and DoS attacks.

      Check "Capabilities"-based systems that do what you really want. They've been around for a while.

      (B) Users want
      • How would you save a file from your web browser without a nightmare of permission settings?

        To a "downloads" directory like "/home//Firefox/Downloads". The user can retrieve the file from there easily; as noted, they have the permission to do so.

        Furthermore it doesn't do what you want: Exploiting "user1Firefox:user1Firefoxgroup" is good enough to send spam and DoS attacks.

        I never said it did - in fact I said the opposite, "It wouldn't solve everything". Linux separates normal user activity from adminis

    • Instead of inventing something new, why not just use an SElinux policy? Pretty much every distro has SElinux now (it's a standard part of the kernel), and RedHattish-type distros already come with SElinux policies and SElinux turned on by default.
    • This is a big step in the right direction, and it's been proposed before by many people. The problem is that it takes coordinated work in the OS and the browser to make it work. If you get it wrong, you block some current attack vectors but create new ones.

      The right answer for security purposes is to run the renderer component of a browser in a kind of jail, with each page (or at least each site) rendered in its own jail. An instance of the renderer should be launched with a connection to a window, a c

      • This is a big step in the right direction, and it's been proposed before by many people. The problem is that it takes coordinated work in the OS and the browser to make it work. If you get it wrong, you block some current attack vectors but create new ones... Would you give up tabbed browsing and browser toolbars to get security? Ask your users that.

        Maybe it wouldn't solve all the problems, but just making things a bit harder has a dramatic effect on the prevalence of malware. Apache is far from vulnerabi

        • Maybe it wouldn't solve all the problems, but just making things a bit harder has a dramatic effect on the prevalence of malware.

          Not any more. Read the original article. Malware now has enough of a profitable ecosystem that people are being paid for writing it. It's not just some kid in their parent's basement any more. Malware is far more complex than it was even two years ago. Just plugging holes one at a time isn't working any more. Patch-based security and signature-based detection are routine

          • Malware now has enough of a profitable ecosystem that people are being paid for writing it. It's not just some kid in their parent's basement any more. Malware is far more complex than it was even two years ago.

            Yes, I acknowledge that. But defense-in-depth is the way to deal with that. My personal web server takes that to an extreme, and is virtually unhackable. It's running an undisclosed version of a relatively obscure httpd in a chroot jail on a relatively obscure OS on a relatively obscure processor a

        • Comment removed based on user account deletion
          • Hey, five years ago called and wants that statement back.

            That's really clever. It's a reflexive statement on itself, isn't it?

            But if it makes you happy, how about: "Apache has had more vulnerabilities than IIS 6 and yet, despite its popularity, it hasn't been subjected to any major worms the way IIS 5 has."

  • by Nephroth ( 586753 ) on Wednesday January 11, 2006 @10:37AM (#14445453)
    They put an an awful lot of effort into saying something that could be summed up in just a few words:

    Malicious software can make money now, that which makes money attracts sellers.

    It's that simple, whereas in the past malware was mostly out of a quest for fame or percieved revenge, the malware of today is business malware, the nasty programs of old all dressed up in suit and tie and making someone filthy rich.

    This problem is exacerbated by the fact that nearly everyone runs Windows XP these days and Microsoft wasn't very attentive to security when they designed it. The sheer number of critical vulnerabilities that the operating system has is mind boggling. Recently, it was stated by some firm or another that Linux had released more patches than any other OS this year. Now, aside from the obvious problem with that statement (the patches weren't patches for Linux itself but for software in common Linux distributions, which is vastly greater in number than that of a Windows installation) if you look at the things patched, they aren't terribly dangerous. They are things like "potentially vulnerable to DNS attack" or "Local user can gain partial root privileges" and such, they are not like "Someone on the other side of a planet can send you a magic packet that makes your computer their bitch permanently," which is what the vast majority of Windows vulnerabilities allow.

    In short, malware has grown because malware is like any pathogen, it lies in wait until conditions are optimal for its growth and when they are it takes over quite rapidly. Remove one of its primary growth factors, and you'll slow it down. Remove more, and you'll potentially kill it.

  • by account_deleted ( 4530225 ) on Wednesday January 11, 2006 @10:41AM (#14445477)
    Comment removed based on user account deletion
  • simple solution (Score:4, Insightful)

    by g-to-the-o-to-the-g ( 705721 ) on Wednesday January 11, 2006 @10:43AM (#14445486) Homepage Journal
    Its really easy to fix: don't use winders
    • That works for a while. Once any alternative becomes popular, unless it was designed specifically to resist malicious software (and no shipping desktop ready OS today is) then it'll just have the same problems. Malware authors these days react *very* fast. So I don't think this is a solution I'd push strongly.
  • by Mr.Fork ( 633378 ) <edward DOT j DOT reddy AT gmail DOT com> on Wednesday January 11, 2006 @10:45AM (#14445501) Journal
    From my point of view, a security specialist, is that only 20-30% of the attacks on businesses and corporations are done electronicly from the outside, the rest (70-80%) are inside, mostly disgrunted employees. With the current trend of money/public focused companies treating employees like crap, all it would take is a vicious malware application to take them down.

    Malware is also becoming intelligently designed, no longer the 'see-this-famous-tennis-star-naked so-I-can-use-built-in-vbs-code to-email-everyone-in-your-addressbook' stupid-is-as-stupid-does tricks. They're pointed, direct, and very very scary.

    Here's to paying and treating your geek employee well!
  • by gkuz ( 706134 ) on Wednesday January 11, 2006 @10:47AM (#14445515)
    FTFA: "Do your homework and stay ahead of the threats, most of all, less branding when making security decisions, but high preferences!"

    Could the person who called this article "well-written" be so kind as to tell me what this means? The article is filled with crap like this; I'd give it a C-, at best, as a freshman paper.

  • Categories by goal (Score:5, Interesting)

    by G4from128k ( 686170 ) on Wednesday January 11, 2006 @10:51AM (#14445537)
    Malware can be categorized by the goal of the creator. This can include:
    1. Marketing: Redirecting browser windows or overlaying pop-ups to promote a product or service
    2. Phishing: attacking an individual to extract passwords that let a criminal access the victim's accounts or identity
    3. Vandalism: Wanton destruction of a PC or network
    4. Spam Broadcasting: creating and controlling a botnet for spamming
    5. Extortion: Forcing a company to pay a ransom to avoid a DDoS or the triggering of an embedded bit of malware.
    6. Vilgilantism: Attacking P2P, spamming, or phishing networks to forestall perceived illegal activity
    7. Espionage: Illegally accessing company or country's secrets
    8. Military: Damaging an opponent country's IT infrastructure

    Note that some of these goals target individuals and their PCs whereas other target larger organizations. One key commonality of nearly all of the goals is that they target large numbers of PCs or require large numbers of infected machines to achieve the goal. Thus immunological approaches that look for the spread of unusual code or data packet patterns can help address this problem. On the other hand, immunological approaches won't work if the malware attack targets a single individual or company -- e.g. implanting a unique virus in one computer in a company for purposes of espionage or extortion.

    Note that half of the goals are very different from the stereotypical destructive virus or worm of yesteryear. With the exception of vandalism, extortion, vigilantism, and military, the other goals are essentially non-destructive. The malware creator's goals are not achieved if the malware crashes the target machine.
  • Anti Virus companies will always be slower than malware writers. The whole signature-based antivirus approach is fundamentally flawed. The solution? Either by using heuristics (could get pretty difficult), or don't allow the malware to get onto your machine in the first place. That shouldn't be too difficult, if you think about it.

    With a multiuser system that actually enforces permissions, it's your fault if you click on that attachment. And the only thing that happens is you lose your home dir. I agree tha
    • With a multiuser system that actually enforces permissions, it's your fault if you click on that attachment. And the only thing that happens is you lose your home dir.

      Agreed. And to mitigate that, the system could have a script running (as a different user) that backs up your home directory to another partition every so often, where the original user does not have any write permissions.

      And if you have files that you wish no one else to see, then chmoding them 600 is not sufficient. They should be encrypted
    • The whole signature-based antivirus approach is fundamentally flawed.

      It seems to me that a signature-based antivirus system (that needs to be updated continuously via subscription) is a more steady and lucrative form of business model than a final solution to all computer security.

  • by FishandChips ( 695645 ) on Wednesday January 11, 2006 @11:42AM (#14445905) Journal
    So far, malware has been treated as an IT/commercial problem (which is what this article does), but it has become so pervasive and costly that it is also now a political problem. The barely fettered growth of malware - its sheer scale, organization and the amounts of money involved - raises a lot of questions about privacy, international cooperation and what to do about the internet itself. I don't think it's something that the IT industry can tackle on its own. You can have as much protection as you like, but so long as malware outfits can slip through 1001 transnational loopholes and exploit safe-haven jurisdictions there will always be a serious problem.

    I don't pretend to know the answers, but waving a copy of Norton Internet Security at the bad boys isn't it, for sure. Perhaps there is an element of deliberate wimping out going on here. The IT industry doesn't want to admit it cannot solve things alone, because it doesn't want politicians and regulators muscling in. And politicians like to pretend that malware is purely an IT problem because they don't want the headache of involvement in sorting out the mess.

    As one result, perhaps, domains ending in letters like .ru or .ro can apparently do what they like, and some notorious spammers and phishers remain on Top 50 lists for years without anyone so much as slapping their wrist. In previous centuries, the whole thing was called "piracy" and states tackled it with, erm, "extreme prejudice". Sometimes, I feel they may have been on to something.
  • Took a freshly installed WindowsXP machine, service pack nothing. Started up IExplore and set out to infect myself.

    I'll tell you what, there's a site I hit, that the second I got there, the computer seemed to lock up (the VMWare session went to 99%) for about 20 seconds. Then it came back to reality, the browser closed, the MS Picture viewer rendered a file called 892f98lkf43.WMF and then it closed. All of a sudden, I had about 10 toolbars, SpySheriff, my desktop changed to a "YOUR COMPUTER IS INFECTED W
  • Yawn. (Score:3, Insightful)

    by TheLink ( 130905 ) on Wednesday January 11, 2006 @01:16PM (#14446665) Journal
    That's what they call future trends? If that's right we're pretty safe then.

    What would be interesting would be malware written in popular high level scripting or bytecode languages - e.g. perl, python, lisp. These do and will run on windows - with broadband becoming widespread it doesn't take long to download and run the relevant packed perl/python/lisp executable, and such executables do have legitimate uses anyway.

    You can very easily write games/utils in such languages to help them spread as trojans.

    It'll be interesting to see how the AV people will cope with these.

    An attacker should be able to rapidly generate multiple versions of the malware faster than the AV people can generate signatures.

    The malware can search for updates and download them with the help of search engines like google (google groups) and various blog/discussion sites. They might even be able to communicate with each other via spam email.

    I'm not even sure if the code signing stuff will help.

    After all the initial code could be innocuous with perhaps one or two really terrible "bugs". But subsequent code could be totally different. Because with such languages once the first bit is in, fetching and executing new code isn't as hard as downloading a new executable binary (which may require passing checks by the O/S and AV software), it's just downloading/finding the correctly identified/tagged string and running the equivalent of "eval" on it. Heck, one could just blindly run a string and catch the resulting exceptions if it's not proper code.

    I'm not a malware author, but I think most malware is rather primitive (esp those on windows[1]). I'm wondering how advanced the malware detection and prevention stuff really is.

    [1] I guess they don't need to be very sophisticated when the users actually do stuff like help enter the right passwords to unzip the malware and then voluntarily run the payload! Even better those users usually run as admin.
  • ...Perhaps by Slashdot standards.
  • Has anybody looked into the idea that companies (such as pharmaceutical marketers) are paying Microsoft to not fix vulnerabilities? This is something that I've wondered about often, but never read anything about. A "Halloween Document" on this would be very interesting...
    A lot of users have asked me over the years if Microsoft is paid by antivirus companies not to fix vulnerabilities. This is apparently an easy leap of logic for the most untechnical folks. We know that pharmaceutical marketers are using

It is easier to change the specification to fit the program than vice versa.

Working...