Forgot your password?
typodupeerror
Security Operating Systems Software Windows

Virus Creators Sharing More Code 205

Posted by timothy
from the therefore-a-witch dept.
arpy writes "The Washington Times is carrying a report on a 5% increase in publicly available virus code in 2003 (based on a Symantec report). There are now about seven versions of MyDoom, and at least 14 each of Netsky and Beagle. Explains why my email account is overloaded with these little bastards. PC World is reporting changes in the countries that virus are originating from: Australia shot from 14th place to 5th over the last six months of 2003! The source of these stories seems to be the March 2004 Symantec Internet Security Threat Report." (This last requires registration to download.)
This discussion has been archived. No new comments can be posted.

Virus Creators Sharing More Code

Comments Filter:
  • by djeaux (620938) on Wednesday March 17, 2004 @10:29AM (#8588120) Homepage Journal
    ...when will someone write a worm that infects vulnerable Windows (or Linux, for that matter) boxen & surreptitiously applies all the latest security patches, cleans out the mal-ware & defrags the hard drive?

    The folks whose machines are that vulnerable probably need a little "housekeeping" help...

    • by Necrobruiser (611198) on Wednesday March 17, 2004 @10:34AM (#8588167)
      applies all the latest security patches, cleans out the mal-ware & defrags the hard drive?

      What? And put all of us MCSEs out of work?

      Damn. I knew my job was gonna get outsourced....
    • ...when will someone write a worm that infects vulnerable Windows (or Linux, for that matter) boxen & surreptitiously applies all the latest security patches, cleans out the mal-ware & defrags the hard drive?

      Didn't someone try that with This Worm [symantec.com]
      I dont like the idea of someone running code on someone elses machine, even if they are a clueless newbie

    • by PhrostyMcByte (589271) <phrosty@gmail.com> on Wednesday March 17, 2004 @10:39AM (#8588213) Homepage
      I've seen a few viruses that do this. One was written from the MyDoom worm, and patched the hole after using it to get in.

      While the person who wrote it had good intensions, the network traffic turned out to be devastating for some businesses, and caused more trouble than leaving it alone would have.

      Not to mention, it is still illegal. Just like going into a sub7 zombie to remove the trojan that is ddosing you is illegal.
    • by SpaceLifeForm (228190) on Wednesday March 17, 2004 @10:40AM (#8588224)
      Well, now Microsoft plans to have a Windows machine automagically download and patch itself. [informationweek.com]

      "The key for customers is getting these patches down," Muglia says. "The biggest issue right now is that when we issue a patch, it can take them weeks to get it installed after they're done testing it. We want it done right away."

      Yeah, right. The customer is not going to test first because Microsoft says it's ok?

      But it probably won't defrag the harddrive. As for cleaning out the mal-ware, can anyone tell the difference between the OS and 3rd party stuff?

      • by devnull17 (592326) on Wednesday March 17, 2004 @11:32AM (#8588674) Homepage Journal

        As for cleaning out the mal-ware, can anyone tell the difference between the OS and 3rd party stuff?

        Not without gaining a pretty good knowledge of Windows internals. Once you've been, um, blessed with such a gift, it becomes pretty obvious what's real and what isn't, at least as far as processes and services go.

        That's only useful in diagnosing major problems, though. (Like when MSBlaster went around.) And cleaning things out completely is really tough: most malware automagically respawns all of its components unless you manage to remove all of them simultaneously, and I've even seen tricks played with filehandles that can't be closed without rebooting, upon which everything is reinstalled. Generally, I just run Ad-Aware about once a week. Why spend so much time scouring your machine and googling filenames when there's cheap or free software to do it for you?

        • by GTRacer (234395) <gtracer308@@@yahoo...com> on Wednesday March 17, 2004 @11:48AM (#8588815) Homepage Journal
          Why spend so much time scouring your machine and googling filenames when there's cheap or free software to do it for you?

          [KifKroker]Why indeed?[/KifKroker] Periodically, I start my work PC (they admin, but it's still vulnerable) and pull up a process list and printscreen it. From there, I compare to my last baseline to see if anything's changed and why.

          Figuring out what was mal-ware and what 7 processes belonged to Novell was interesting. I learned about a couple of questionable services, and I learned more about what bloat-ware MS and Novell have foisted upon me. However, I *ALSO* run AA and Proxo (to keep crap from getting in via ActiveScript or JScript).

          If I ever do get permission to admin this thing, I'll know where to swing the axe first!

          GTRacer
          - Restrictive noob-oriented SysPols suck!

        • Not without gaining a pretty good knowledge of Windows internals. Once you've been, um, blessed with such a gift, it becomes pretty obvious what's real and what isn't, at least as far as processes and services go.

          Or just run the name through Google.
      • Yeah, right. The customer is not going to test first because Microsoft says it's ok?

        Yep, that's the "automagically" part.
      • >Yeah, right. The customer is not going to test first because Microsoft says it's ok?

        Wait a second, windows users are wrong for not updating and Microsoft is wrong for providing yet another downloadable tool to help people stay patched?

        Oh please, this knee-jerk MS bashing is going too far. Yes, you are still free to test your home machine and no one running a server is going to do this. Yes, heaven forbid windows users get patched so I dont get days of network downtime when the next 'click me' virus
    • by O2n (325189) on Wednesday March 17, 2004 @10:42AM (#8588240) Homepage
      Actually the danger is not the 5% more virus code available, it's more about the 35% more windows [slashdot.org] code on the loose.
    • You said "surreptitiously" ... how do you know it hasn't been done? Maybe just one of the good guys floating around can't clean up PCs faster than the bad guys release new viruses.
    • by segment (695309) <sil AT politrix DOT org> on Wednesday March 17, 2004 @11:01AM (#8588430) Homepage Journal

      It's been done. What I don't understand is, why most Antivirus software does not scan after installing update by default. It would also be nice if Microsoft were to take the time to make some form of "Joe Average" tutorial explaining to their users why they become infected, often leaving up to sysadmins, network engineers, etc., who deal with the users often taking on the role of "Microsoft Antivirus Engineer". I would be curious to see some statistics on how much money is lost (real hard facts) from business such as Internet Service Providers, and other vendors who have to waste time explaining to people what is going on, what is a spoof, and why it's pretty much delegated to 99.999999% of the times, Microsoft.

      MS should spend some money doing some quick media for the not-so-clueful to explain why management@whitehouse.gov wants them to open foo.zip. Sure people should be more aware, but that's not going to happen to avgjoe, and sally homemaker who spends a total of 2 hours a week on a machine to answer an email from her son in college.

    • Well, sounds like a good idea but I think such a program would more aptly be called a retro virus.

      Nick Powers
    • by Alien54 (180860)
      I suppose the next thing is the Open Source Virus

      Which means that certain marketing drones will run around in circles screaming "See! See! We told you so!"

    • The folks whose machines are that vulnerable probably need a little "housekeeping" help...

      I went over to the house of one of the "higher up" people in my organization to set up some VPN software on her Windows 2000 computer. She had no virus software, no firewall, a cable connection, and left her computer on all of the time without patching. Needless to say, her laptop was completely compromised. Oddly enough, the hard drive was being defragged every day and some sort of background running software firewall had been installed. The attacker had actually secured her box and was doing routine maintenance!

  • Antivirus Advantage (Score:5, Interesting)

    by ziondreams (760588) <ziondreams@ g m a i l . c om> on Wednesday March 17, 2004 @10:30AM (#8588126) Homepage

    Wouldn't the open source of these viruses be an advantage to the Antivirus folks? (Symantec, Norton, etc.) I mean, if they know the basics of the virus, wouldn't it be easier to defend against them? (I don't have much experience in the realm of viruses...just curious!)
    • by millahtime (710421) on Wednesday March 17, 2004 @10:33AM (#8588154) Homepage Journal
      "Wouldn't the open source of these viruses be an advantage to the Antivirus folks? (Symantec, Norton, etc.) I mean, if they know the basics of the virus, wouldn't it be easier to defend against them?"

      I don't bvelieve it's a problem where the antivirus software can't detect and do something about them but more of a fact that many computers aren't up to date on virus definitions, have many security holes and the like. If you keep norton antivirus up to date sure it can detect them but if it hasn't been updated in 2 years your screwed and there are many people with computers like that.
      • by whaley (6071) <slashdot@hilvare ... minus herbivore> on Wednesday March 17, 2004 @10:50AM (#8588313) Homepage
        there's probably more script kiddies out there who could create a 'new' virus from the source code than there are antivirus analyzers who have trouble unpacking & disassembling a new virus.

        About not updating antivirus, well when people get a Norton Antivirus (with 60-day subscription) with their new pc, they're bound to assume it will still do its job after those 60 days.

        The good thing is that more and more ISPs are using scanners like ClamAV to scan mails before they reach the customer.
        • there's probably more script kiddies out there who could create a 'new' virus from the source code than there are antivirus analyzers who have trouble unpacking & disassembling a new virus.

          I'm waiting for the virus that, in addition to spreading itself, will email out random Word docs found on the hard drive. This is more than a nuisance, it could potentially damage 1000s of companies. Imagine a Word doc getting out that contained corporate secrets.

        • well when people get a Norton Antivirus (with 60-day subscription) with their new pc, they're bound to assume it will still do its job after those 60 days.

          which is why I tell EVERYONE that norton and all pay-for viris scanners are utter crap and hand them a copy of antivir [free-av.com] and or install it for them right there.

          Yes, you have to manually update it (yes it will nag you to death if you dont after 2 months)

          but it is a free Antivirus scanner that is one of the best available and has FREE definiton file updat
          • ...making home users PAY for dat file updates.

            That pretty much sums up why the files aren't being updated. I bought a copy of Nortons once, and stayed with it until they decided to change the rules (which is their right, I suppose, but the book said "lifetime free updates"). I wish we could disallow arbitrary changes in licenses like that. Otherwise, I should be able to change the terms of the EULA at will, also. Alas, coming from me, this mens nothing, since I don't believe in any of this "license" crap
    • by RailGunner (554645) on Wednesday March 17, 2004 @10:38AM (#8588198) Journal
      Wouldn't the open source of these viruses be an advantage to the Antivirus folks? (Symantec, Norton, etc.) I mean, if they know the basics of the virus, wouldn't it be easier to defend against them? (I don't have much experience in the realm of viruses...just curious!)

      Well, yes, the open source nature of the virus would help the anti-virus folks. Just like a compressed-air nail gun can help you build a house faster. But.. what good is any tool if you don't know how to use it? Why is my inbox flooded with the "I send you this file" virus? Because, even though the AV folks do a good job of killing viruses, most people are too stupid to realize that they need to update the signature files for the scanner to remain effective. These same folks are the ones that are too stupid to realize that you shouldn't open up email attachments without scanning it first, and making sure it was expected.

      The blame of virus propogation tends to exist between the chair and the keyboard...

      • by Baron_Yam (643147) on Wednesday March 17, 2004 @10:55AM (#8588367)
        Users are generally like people who leave their car unlocked and then complain that their radio is missing when they get back.

        Yes, they're stupid, but in the end the thief is the guilty one.

        Virus writers are a great justification for the total elimination of privacy on the Internet. Imagine if you could use ISP logs to trace a virus right back to the first transmission, and then to the source. You could find the prick, drag him to the city limits, and dangle his corpse from a tree as a warning.

        Sadly, while I wouldn't mind executing the jerks who assault our information infrastructure, I do value my semi-privacy.
        • Users are generally like people who leave their car unlocked and then complain that their radio is missing when they get back. Yes, they're stupid, but in the end the thief is the guilty one.

          I fully agree with this. When I was in high school, I forgot to lock my (piece of shit) car one day in the school parking lot. I didn't see any real reason to lock it anyway, it had no radio, or anything else of value in it. However, somebody opened the door and took my school parking permit.

          The school wanted to su

    • This is basically just looking at a file and seeing if it has the same fingerprint as a known virus. Just like fingerprints it only works when a match is found in your database/virus definition file. If I take your fingerprints I can match them against the police database to see if you are known. It tells me if you are a known criminal. It does not tell me if you are a new criminal/virus.

      So a new virus can only be detected when it is discovered and its signature put into your database. This takes time. Sin

      • Some virus variants can be detected if it is close. I know some can scan a more generic fingerprint and still catch new ones because of components that are similar. They can also make specific signatures of the variants for more security.
  • by Anonymous Coward on Wednesday March 17, 2004 @10:30AM (#8588131)
    Open Source software really is viral!
  • I for one (Score:3, Funny)

    by Anonymous Coward on Wednesday March 17, 2004 @10:31AM (#8588133)
    salute our new scr1pt k1dd13 overlords
  • by Talence (4962) on Wednesday March 17, 2004 @10:31AM (#8588142) Homepage
    Looks like we found at least one area where going the Open Source route is bad :-)
  • by moberry (756963) on Wednesday March 17, 2004 @10:32AM (#8588144)
    Any little kiddie who is going to copy a virus and change some code around isnt going to get very far, because the virus scanner is still going to pick it up. It would involve magor changes to change the virus enough for the scanner not to pick it up as the orignal virus. Just look at the last few varients of MyDoom, they hardly made a dent. As long as end users have updated scanners it should not pose as much of a problem.
    • you're wrong (Score:5, Insightful)

      by segment (695309) <sil AT politrix DOT org> on Wednesday March 17, 2004 @10:49AM (#8588301) Homepage Journal

      they hardly made a dent. As long as end users have updated scanners it should not pose as much of a problem Obviously you probably are not in the system administration field, ISP field, or anything similar. Right now I work in the ISP field, and you have no idea of the nuisances cause by the same repetitive viruses going on right now. Try explaining to Joe Blow common users why they're receiving messages from management, staff, security@someisp.com telling them their account will be terminated if they don't open foo file. Most don't know what a spoof is, and most don't understand why their dial up connections are now giving them errors.

      Along with antivirus sofware which - some go through autoupdates, try explaining to users why they need to run their antivirus software after an update. See most people outside of the geek world would believe that an autoupdate from Symantec, or McAfee or others is automagically going to take care of itself, and it's not. Sure people here may know, but not everyone is Top Geek.

      Whenever I talk to friends who don't know much about computing I try to liken it to human diseases and medicine, and those vaccination shots Americans have to take as kids going to school: "If you had diabetes you need insulin, if you go to the pharmacy and get that insulin but bring it home and put it on the table, your doing nothing. Think of an autoupdate from an antivirus company as doing just that. You got the medicine now, why leave it on the table. You have to use it." Most of the times they understand afterwards and ask silly things like well why doesn't the program do it itslef. Some antivirus software does after some configuration some doesn't.

      For anyone to think that; someone outside of the computing - is going to have an understanding of this, you're wrong. If this were the case, there would be no more viruses. People are too trusting and naive sometimes, and no antivirus software is not going to detect anything. Has anyone not seen viruses that disable firewalls, antivirus software altogether, because I know I have dealth with people becoming infected with such. You can't base your experience with that of Joe Blow, it's apples and oranges.

      • just waking... (Score:3, Insightful)

        by segment (695309)

        Let me clarify this since I'm just waking up...

        no antivirus software is not going to detect anything. I meant to type, no antivirus software is going to detect EVERYTHING. If this were the case, newer versions of Netsky and Bagel would get by, which is why most virus makers tweak code little by little, and another variant becomes a nuisance. Netsky and Bagle prove this. Right now there are who knows how many variants of it.

  • uh oh ... (Score:5, Funny)

    by Average_Joe_Sixpack (534373) on Wednesday March 17, 2004 @10:33AM (#8588156)
    "Virus Creators Sharing More Code"

    Does this mean Norton and McAfee are going to merge companies ?
  • For the creators of an original virus. It might be a little incentive for these people to at least come up with something new......... Nah, never mind.
    • In other news, Microsoft has announced a new competition for who can send out the most spam mail in a 24-hour period...

      Each team will be allowed 48 hours to hack the hell out of every machine on the planet, followed by a 24 hour period when the mailing must actually occur.

      Prizes are yet to be determined.

  • Download Linux. It's one virus you'll be glad you caught.
  • by 31415926535897 (702314) on Wednesday March 17, 2004 @10:35AM (#8588173) Journal
    The nature of most viruses and worms means that they are shared quite ubiquitously. If you have received any of these viruses, then you have the code that makes them work. It's not hard to reverse engineer most code, and it's even easier if the language is something like VB script.

    I remember getting the Anna Kornukova virus 4 years ago and just inspecting the script to see exactly how it worked. It would not be tough for a script kiddie to take that and modify it enough to get past virus filters. I'm sure there is virus code sharing, and I'm sure it's increasing, but if you really want to get your hands on the code, the author doesn't even need to intend to share it, he already has!
  • by henrygb (668225) on Wednesday March 17, 2004 @10:37AM (#8588192)
    5% is not very much in one year. "Virus code will double in 14 years" does not make much of a stunning headline compared with Moore's Law or spam rates of increase.

    It suggests that anti-virus programs should be able to cope (if people bothered to use them).

  • Learning from nature (Score:5, Interesting)

    by dpilot (134227) on Wednesday March 17, 2004 @10:38AM (#8588203) Homepage Journal
    Over the past several years we've learned that bacteria (and even plants?) can be 'promiscuous' about sharing useful genes, such as antibiotic resistance. Software is just catching up.

    To continue to stretch the metaphor, apparently the immune system is keyed to stereochemistry of surface molecules. Change surface molecules, fool the immune system until it adapts. Spam has been taking this approach, injecting random text in an attempt to fool Baysean filtering. No doubt virii will learn the same trick. (Break code into mini-object modules, and use a randomizing link-edit step, for instance.)
    • by mjh53 (186864)
      polymorphic viruses did this many many years ago. worms on the other hand, and the recent VB junk presumably are relearning what the ASM writers thought up all that time ago.
  • by dj245 (732906) on Wednesday March 17, 2004 @10:38AM (#8588205) Homepage
    Explains why my email account is overloaded with these little bastards.

    You must have lots of friends and or family. I suggest you get a lesser life form companion and lose all ties to other sentient beings. Especially dumb ones with computers.

    • I know you're joking =) However, I haven't gotten ONE single Beagle, Netsky or MyDoom. And I do know lots of people.

      Neither have our clients, though we do have thousands [virus] reported blocked on our e-mail server. I guess it just depends on how well you configure your mail server and antivirus.

      On a side note, I also have several accounts on hotmail and yahoo, and I haven't gotten any on them either. OTOH, maybe all my complaining to my friends/family about stupid people opening attachments indiscrimina
  • I wonder... (Score:2, Funny)

    by lofoforabr (751004)
    if this "virus writers sharing more code" has something to do with the recent windows source code leak.
    I mean... if windows source is leaked and widespread, that's gotta be the ultimate virus source code spread in the latest years.
  • by Anonymous Coward on Wednesday March 17, 2004 @10:39AM (#8588217)
    It's so obvious.. all we have to do is trick these virus writers into putting some SCO code into one of these viruses. They can put it between /** **/.. it doesn't matter. If they do that, SCO will pursue them to the ends of the earth!
  • No.. (Score:2, Funny)

    Explains why my email account is overloaded with these little bastards.

    Your account is overloaded because your mail server sucks. Don't you have a virus scan?

    I don't get any virus emails at all. Hmm.
  • by serene.geek (674420) on Wednesday March 17, 2004 @10:44AM (#8588255)
    Slightly OT, but part of the frustration of this huge spike in virus activity for me is the fact that our antivirus product is still based on a model that is becoming outmoded. The old model strives to protect against situations in which viruses are piggybacking on legitimate content that someone actually wants. As a result, it's strength is:

    1. Detect

    2. Clean

    3. Deliver if cleaned

    4. Quarantine if not

    Problem is, about 99% of viruses that have come into our firm in the last 6 months have been nothing but virus - no legitimate content. Despite this, our antivirus tool has no option to use its 'knowledge' of the 100% illegitimate messages and simply delete these outright.

    In order to avoid the possibility of quarantining legitimate content, we are still detecting and cleaining, which still lets hundreds of confusing messages through to the users.

    I know there are other products which will eliminate this kind of traffic altogether, but it seems to me that a few minor changes to (at least our) current antivirus products could dramatically improve the situation for us.

    Are the other major mail-server based "pure" antivirus products any better than Mcafee?

    • Very easy to use, and integrates nicely with Postfix. NOD32 is an awesome virus scanner. I just checked the list of features on amavisd and it doesn't seem to have a "clean" option, although most folks don't want it anyway... BUT it's written in Perl, so you could add it fairly easily I expect.
    • Try the Procmail Sanitizer [impsec.org]. It works by redirecting suspicious-looking mail to a "quarantine" mailbox so the admin can scan over it and make sure nothing important was lost. It's fast (it manages a pretty heavy email load on a k6/300) and rarely makes mistakes.

      I've been using it since about May 2002 and my users are barely even aware of the whole wave of email viruses. Better yet, there have only been IIRC two cases (in two years!) where attachments were incorrectly quarantined, due to legitimate use of

    • I use Anomy Sanitizer [anomy.net] for mail gateways. It just put in quarantine and remove from the original mail what have a banned extensions (.pif/.scr/etc), or are detected by an antivirus (but not cleaned, detection is enough for the automatic part), do some cleanings in the text like removing in the html the dangerous tags, and the end user gets the original messages with a warning for each quarantined attachment.

      People are still getting a lot of mail because of virus, but they receive the text (not the dangerou

    • by RobertB-DC (622190) *
      Problem is, about 99% of viruses that have come into our firm in the last 6 months have been nothing but virus - no legitimate content. Despite this, our antivirus tool has no option to use its 'knowledge' of the 100% illegitimate messages and simply delete these outright.

      My company has configured our PC-based/network-controlled Norton antivirus to be very aggressive in deleting possibly bad content. So aggressive, in fact, that it detected a virus signature in my Eudora .mbx file before Eudora had a ch
  • by tangent3 (449222) on Wednesday March 17, 2004 @10:48AM (#8588292)
    ...when Symantec puts out a report that viruses are on the decline. I'm not saying that viruses are on the rise or on the decline or are not a danger to users, but I will definitely take such reports with a punch of salt, coming from a company which stands a lot to gain by scaring internet users with predictions of rise in virus attacks.

  • by andy666 (666062) on Wednesday March 17, 2004 @10:50AM (#8588320)
    I think that open source viruses are the way to go. GPL them and apply modern ideas from software engineering. Well documented viruses would be handy, both for filtering and to aid future virus designers.
  • by ATAMAH (578546) on Wednesday March 17, 2004 @10:52AM (#8588339)
    "Explains why my email account is overloaded with these little bastards."

    Well, partially it could also be to do with the fact that you are not careful about where your email address ends up. I have been as strict as possible about people not including me in their outlook/outlook expresss address books, or not including me on the mailing lists if i knew that participants are not security minded people. And i never had any sobigs, mydooms or the likes in my inbox yet i did use that account for emailing :). I know its not a 100% protection but it helps, obviously.
    • by Macka (9388)

      It only has to get out there once and you're (my)doomed! I started my own consulting business 4 years ago. I got a new domain so I had a virgin email address. For 2 years I was very careful about who I gave it to, and whenever i had to give out email addresses online (like for cinema or flight bookings) I'd create an alias and give that out instead. If I started to get spam on that address, I could roast the culprit and then delete the alias. However, one day I went online and posted into an internet
    • I'm intrigued by how you stop people putting you into their address books...?
  • I first read the artile title as 'Virus Creators Sharing Morse Code' --- As a ham radio operator, I was appalled. First BPL, now this! :)
  • Quick fix: (Score:5, Informative)

    by KodaK (5477) <{moc.liamg} {ta} {kadokas}> on Wednesday March 17, 2004 @11:00AM (#8588417) Homepage
    MailScanner + SpamAssassin + Clamav.

    Stops unwanted mail dead.

    Finally be able to stop bitching about your inbox.

    100% Free.

    Small catch: you need your own mailserver. Answer: add procmail to your recipie. Ha, get it?

    MailScanner [mailscanner.info]
    SpamAssassin [spamassassin.org]
    ClamAV [clamav.net]

  • by HarveyBirdman (627248) on Wednesday March 17, 2004 @11:01AM (#8588421) Journal
    It's so wonderful when people share and allow those less fortunate to benefit from their own hard work and experience. This must one of the thousand points of light of which the President's dad spoke.

    This must be a direct result of Mel Gibson's "The Passion Of The Christ". This holy movie has inspired a new culture of charity that is reaching down even to the virus writers, who so selflessly test the security of the world's computers so that we may all sleep more soundly, or... something.

    *sniff* It gets me right here.

    No, here. A little to the left. A little more.

    Now scratch.

    Aahhh....

  • by galen (24777) on Wednesday March 17, 2004 @11:01AM (#8588422)
    ...legitimate programmers continue to reinvent the wheel.
  • Open Source (Score:4, Funny)

    by OSgod (323974) on Wednesday March 17, 2004 @11:06AM (#8588460)
    at it's best -- these things have been peer reviewed quite well by now :)
  • by WormholeFiend (674934) on Wednesday March 17, 2004 @11:09AM (#8588479)
    I have a message for you:

    Screw you and the trojan horse you rode in on.
    -
  • by Seoulstriker (748895) on Wednesday March 17, 2004 @11:13AM (#8588505)
    One was written from the MyDoom worm, and patched the hole after using it to get in.

    That sounds freakishly like some biological viruses that recombine its genetic information into the host chromosomes which effectively seals off the cell from further attack by viruses, so that it can do its work safely without interference.

    If virus makers actually learn how to recombine their code into standard windows libraries and the code is then free to work without interference, the Windows users wouldn't know that they are actually infected until some future date when their credit card numbers are stolen/hard drives reformatted/etc.


    In fact, the whole idea of sharing the code of viruses is similar to the idea of recombinatorial DNA in viruses and bacteria: effective code from one virus can be transferred and incorporated into another virus/bacterium (plasmids) to make an even stronger pathogen. Scary stuff.
  • Cooperation (Score:3, Informative)

    by mdielmann (514750) on Wednesday March 17, 2004 @11:15AM (#8588520) Homepage Journal
    I'm always glad to see programmers cooperating, and even occasionally competing for market share. After all, that will only bring us better products.

    But you have to wonder just what we're going to get next when some of these virus writers start working together. We've already seen multiple-vector viruses, better social engineering, and greater adaptability. It's certainly going to keep the anti-virus companies on their toes.
  • Sharing (Score:2, Funny)

    by FiskeBoller (536819)
    Gee, and I always heard that re-use is a good thing!
  • Pfft... (Score:2, Funny)

    by Vampyre_Dark (630787)
    People can come up with statistics to prove anything. 7 percent of all people know that.
  • by g0bshiTe (596213) on Wednesday March 17, 2004 @11:30AM (#8588659)
    It's natural selection.

    Those PC's that succumb and die from infections, leave only the strongest PC's to repopulate the earth. It's happened all throughout nature since time began. Consider this the "electronic black plague".

  • by chrysalis (50680) on Wednesday March 17, 2004 @11:30AM (#8588661) Homepage
    That's great news.

    Viruses is closed-source, proprietary software that only runs on Windows.

    A lot of nice guys are trying all day long to send me ".pif" files so that I can have fun, but I keep clicking and clicking again, nothing happens on my OpenBSD box. It's so disappointing.

    Thanks to these opensource virus, I will probably soon be able to enjoy a /usr/ports/virus/ directory with viruses that will run natively on my operating system.

    Great, I will now be able to chat with friends "hey what ? You still don't have Baggle 8.3XP ? Haha sucker, I got it for 3 days !".

  • by martin (1336) <maxsec@@@gmail...com> on Wednesday March 17, 2004 @11:43AM (#8588770) Journal
    Maybe the virus writers are getting older, going to university and the lectures on software engineering and code reuse are hitting home??? :-)
  • Hotmail (Score:3, Insightful)

    by weatherguy48 (757755) <{ten.tencissalc} {ta} {84yugrehtaew}> on Wednesday March 17, 2004 @11:47AM (#8588801) Homepage Journal
    Strangely Enough...Hotmail's Junk Mail filter was enough to keep malicious emails out of my inbox, though I had to block some legitimate emails in the process.
  • by kd4evr (712384) on Wednesday March 17, 2004 @11:51AM (#8588843)
    Once, ignoring viruses and anti-virus software, relying on good practices only was a cool hobby; nowdays, it's a disaster waiting to happen, in a large part M$ is to blame.

    I retired a box I used from 90-95 and I'm now in the process retiring the 95-04 one. Amazingly, I was able to run MS DOS and Windows 95 without much hassle and without permanent anti-virus-come-to-the-rescue operations.

    People borrowing my diskettes (remember the 5 1/4 " floppies ?) did all sorts of things:
    - have infected the floppies,
    - have goten themselves infected,
    - detected viruses on them, etc;
    while my back yard remained clean. However, I've had a few strict policies:
    - frizbee network: never stick anything into your floppy drive that's "been around" unless you plan to 'format';
    - email: do not use MS Outlook, do not open unexpected attachments from people you know, do not touch stuff from people you don't know etc., etc.

    Nowdays, using both W2k and Linux, I claim the (don't-check-for-viruses-and-don't-have-any) policy DEAD. At least for MS w/ Outlook and Explorer, a prompt anti-virus solution is a must.

    If nimda was the ultimate lesson for typical corporate intranet environments, the Netsky & Bagle definitely break barriers in the category of private, spam-free, home user addresses.

    And it's all probably because of this wrong (viruses-happen-to-losers-not-me) additute of just one of my otherwise cool e-mail-buddies that made it all possible for me: watching a bogus email w/ a virus dropping every 2-3 hrs into my private inbox, without a clue who really the sender is or whose set of contacts would correspond to the addresses in the spoofed TO: fields.

    I haven't had any trouble with any of the non-M$ boxes I work with. But like it or not, I still have to use some M$ platform and sadly, no prevention is helpful - it cure, cure, cure, all the time...

  • by chrysalis (50680) on Wednesday March 17, 2004 @12:05PM (#8588969) Homepage
    A lot /. readers are not familiar with Windows and may ask what "virus" means in computer science. So in order to better understand this article, here's a short presentation.

    Virus are popular peer-to-peer sharing systems designed and optimized for Windows platforms.
    Great features of these systems over other P2P systems :
    - It's free software, although the license is often missing.
    - They are very well maintained. New versions are released almost every day.
    - They are easy to use : no need for a GUI, no need for a CLI, everything is fully automated.
    - Updates are also automatic.
    - No need to tweak your firewall, popular viruses can work on port 25 using a SMTP-like protocol.

    In order to join this community, you just have to run an installer called "outlook.exe". To improve your experience, the "internet explorer" add-on is also recommended.

    And how handy, the installer and its add-on are part of the vanilla "Windows" installation CD set. No need to download anything and no registration is required. Very convenient.

    Once the installer ("outlook.exe") has been started, an Evolution-like interface pops up. This is bloat, it can be safely ignored. Directly go to the "add contact" panel and fill in email addresses of friends you want to share executable with. Wait a few minutes (check the internet link is ok) et voila, viruses are automatically downloaded, installed and configured.

    You know understand why this p2p system is so popular in the Windows world : easy to install, easy to use, and the operating system keeps a lot of unfixed security holes in order to avoid breaking backward-compatibility with older viruses.

  • by Anonymous Coward on Wednesday March 17, 2004 @12:18PM (#8589088)
    What someone really needs to do is make a virus that consists of several parts. Each part by itself would have no effect upon an infected computer except to run at startup and check for the existence of the other pieces.

    If the final piece to run determined that all pieces were in place it would abort the startup process and display a dialog box with a button titled "I want to format my hard drive now" and a message saying something like:

    "You are a bloody idiot and your computer has been infected with a virus. Not once. Not twice. Not thrice, but FOUR times!

    You are too stupid to operate this computer further until you take it and have it professionally cleaned of viruses, trojans, spyware and other malware, have proper antivirus software and a firewall installed, receive some sort of training on keeping the antivirus software updated, and finally, are told in no uncertain terms to not immediately open each and every email attachment and to no longer download and install each and every cute little gorilla, gator, monkey or other furry or scaly creature that promises to make your internet experience ever so much better."

    When they then click the "I want to format my hard drive now" button the activated virus would display a second dialog that says "You did not read the button at all did you?" and shut the computer off.
  • virus.c 1:
    // This Virus is Released Under the GPL
    // If you violate the license, you will be infected
  • With the increase in viruses, the chance of flase positives rises substantially.

    With the false positives, and the delays in identifying new viri, the virus writers have a gap in time and a gap in confidence that the detector is both timely and accurate.

    For example McAfee Virus Scan reports a false positve for a development file SetCVSShellCommands.exe [sourceforge.net] from NSIS [sourceforge.net] (the installation program used by WinAmp and other programs). McAfee has been unresponsive on adapting Virus Scan so that it does not trigger a

  • After years of the Brits sending criminals down to Australia, this is the best they can do?

    The number of virus attacks originating in Australia leaped last year, putting it among the top five countries for virus generation, a new report claims.

  • by Peter H.S. (38077) on Wednesday March 17, 2004 @03:48PM (#8591214) Homepage
    Our street runs a "community based ISP.". Approx. 320 users on a switched 100 Mbit LAN. We run some Linux servers for standard services like mail, ftp, www, proxy, monitoring, firewall, etc).
    19 October last year, we deployed RAV anti-virus from www.ravantivirus.com (now owned by Microsoft, who promptly announced that all RAV anti-virus software for Linux will be terminated).

    Since October the 19th, 18.500 email viruses has been detected.
    Dec 2003: 1700 viruses detected
    Jan 2004: 3635 ""
    Feb 2004: 7819 "",just slightly below one virus per day per user.
    Mar 2004: (per 17 marts) shows a slightly downward trend with 4430 viruses detected (223 per day).

    Only 8% of the viruses originate from within our network.
    37% are Mydoom viruses
    21% are Netsky variants
    7% are Mymail viruses

    Now, viruses are a problem. Everybody I talk to know to some extent that viruses are "bad". You sometimes read about high profile arrests of virus writers. Fine.

    But spyware is IMHO an even bigger problem for a lot of users. They have a hard time understanding the concept, why they got it, and how to get rid of it, and why it seems to be totally legal to plant stealthy spyware on their PC. To me, and the people I explain what spyware is, spyware is hacking (cracking) in its most criminal sense, since the spying are done for clearly economic reasons.

    If spyware were manufactured by pimple faced teenagers for no economic reason, I am sure they would be busted by the police as evil hackers. But since spyware hacking are made by so called businesses, it seems to be a totally OK practice by politicians and law enforcement agencies.

  • Yay! (Score:3, Funny)

    by cfuse (657523) on Wednesday March 17, 2004 @06:16PM (#8592834)
    Australia shot from 14th place to 5th over the last six months of 2003!

    Yay! exports are up. I knew all the toadying to the US would pay off for us eventually.

I judge a religion as being good or bad based on whether its adherents become better people as a result of practicing it. - Joe Mullally, computer salesman

Working...