Virus Creators Sharing More Code 205
arpy writes "The Washington Times is carrying a report on a 5% increase in publicly available virus code in 2003 (based on a Symantec report). There are now about seven versions of MyDoom, and at least 14 each of Netsky and Beagle. Explains why my email account is overloaded with these little bastards. PC World is reporting changes in the countries that virus are originating from: Australia shot from 14th place to 5th over the last six months of 2003! The source of these stories seems to be the March 2004 Symantec Internet Security Threat Report." (This last requires registration to download.)
Just because you don't see... (Score:3, Informative)
Re:Now that there is more code available... (Score:5, Informative)
Quick fix: (Score:5, Informative)
Stops unwanted mail dead.
Finally be able to stop bitching about your inbox.
100% Free.
Small catch: you need your own mailserver. Answer: add procmail to your recipie. Ha, get it?
MailScanner [mailscanner.info]
SpamAssassin [spamassassin.org]
ClamAV [clamav.net]
Re:Learning from nature (Score:2, Informative)
Re:never seen a virus in my entire life (Score:2, Informative)
Cooperation (Score:3, Informative)
But you have to wonder just what we're going to get next when some of these virus writers start working together. We've already seen multiple-vector viruses, better social engineering, and greater adaptability. It's certainly going to keep the anti-virus companies on their toes.
Re:Now that there is more code available... (Score:4, Informative)
As for cleaning out the mal-ware, can anyone tell the difference between the OS and 3rd party stuff?
Not without gaining a pretty good knowledge of Windows internals. Once you've been, um, blessed with such a gift, it becomes pretty obvious what's real and what isn't, at least as far as processes and services go.
That's only useful in diagnosing major problems, though. (Like when MSBlaster went around.) And cleaning things out completely is really tough: most malware automagically respawns all of its components unless you manage to remove all of them simultaneously, and I've even seen tricks played with filehandles that can't be closed without rebooting, upon which everything is reinstalled. Generally, I just run Ad-Aware about once a week. Why spend so much time scouring your machine and googling filenames when there's cheap or free software to do it for you?
Re:Now that there is more code available... (Score:4, Informative)
[KifKroker]Why indeed?[/KifKroker] Periodically, I start my work PC (they admin, but it's still vulnerable) and pull up a process list and printscreen it. From there, I compare to my last baseline to see if anything's changed and why.
Figuring out what was mal-ware and what 7 processes belonged to Novell was interesting. I learned about a couple of questionable services, and I learned more about what bloat-ware MS and Novell have foisted upon me. However, I *ALSO* run AA and Proxo (to keep crap from getting in via ActiveScript or JScript).
If I ever do get permission to admin this thing, I'll know where to swing the axe first!
GTRacer
- Restrictive noob-oriented SysPols suck!
Re:Time to update the antivirus model? (Score:2, Informative)
I've been using it since about May 2002 and my users are barely even aware of the whole wave of email viruses. Better yet, there have only been IIRC two cases (in two years!) where attachments were incorrectly quarantined, due to legitimate use of MS word macros.
Re:Time to update the antivirus model? (Score:3, Informative)
People are still getting a lot of mail because of virus, but they receive the text (not the dangerous part), and I can recover quarantined attachments if was the antivirus had a false positive or a banned extension file was really meant to be sent. Also happened several times that someone sent files from infected machines without being aware of that or joke programs that could make trouble, where i don't want to let pass the file but yes the text.
Re:Antivirus Advantage (Score:4, Informative)
I believe either the Melissa virus or Sircam already did that.
See Dan's Data [dansdata.com] for more info.
Too far the other way (Score:3, Informative)
My company has configured our PC-based/network-controlled Norton antivirus to be very aggressive in deleting possibly bad content. So aggressive, in fact, that it detected a virus signature in my Eudora
The reply from Data Security: "Eudora is not an approved application. Get rid of it." This was back when Outlook would still auto-execute from the preview pane.
Be careful what you ask for... you just might get it. Automatically deleting known bad content sounds fine, but it depends on a support department that's robust and flexible enough to distinguish the good from the bad. Ours was already overworked, starting from the day the VP opened that message from his secret admirer, with the subject "I love you!"