Virus Creators Sharing More Code 205
arpy writes "The Washington Times is carrying a report on a 5% increase in publicly available virus code in 2003 (based on a Symantec report). There are now about seven versions of MyDoom, and at least 14 each of Netsky and Beagle. Explains why my email account is overloaded with these little bastards. PC World is reporting changes in the countries that virus are originating from: Australia shot from 14th place to 5th over the last six months of 2003! The source of these stories seems to be the March 2004 Symantec Internet Security Threat Report." (This last requires registration to download.)
Doesnt mean too much trouble (Score:5, Insightful)
Re:Antivirus Advantage (Score:5, Insightful)
I don't bvelieve it's a problem where the antivirus software can't detect and do something about them but more of a fact that many computers aren't up to date on virus definitions, have many security holes and the like. If you keep norton antivirus up to date sure it can detect them but if it hasn't been updated in 2 years your screwed and there are many people with computers like that.
Perhaps there should be an award (Score:2, Insightful)
They don't have to give it away to share (Score:5, Insightful)
I remember getting the Anna Kornukova virus 4 years ago and just inspecting the script to see exactly how it worked. It would not be tough for a script kiddie to take that and modify it enough to get past virus filters. I'm sure there is virus code sharing, and I'm sure it's increasing, but if you really want to get your hands on the code, the author doesn't even need to intend to share it, he already has!
Re:Now that there is more code available... (Score:5, Insightful)
Didn't someone try that with This Worm [symantec.com]
I dont like the idea of someone running code on someone elses machine, even if they are a clueless newbie
5% increase in publicly available virus code (Score:5, Insightful)
It suggests that anti-virus programs should be able to cope (if people bothered to use them).
Re:Antivirus Advantage (Score:5, Insightful)
Well, yes, the open source nature of the virus would help the anti-virus folks. Just like a compressed-air nail gun can help you build a house faster. But.. what good is any tool if you don't know how to use it? Why is my inbox flooded with the "I send you this file" virus? Because, even though the AV folks do a good job of killing viruses, most people are too stupid to realize that they need to update the signature files for the scanner to remain effective. These same folks are the ones that are too stupid to realize that you shouldn't open up email attachments without scanning it first, and making sure it was expected.
The blame of virus propogation tends to exist between the chair and the keyboard...
Re:Now that there is more code available... (Score:5, Insightful)
While the person who wrote it had good intensions, the network traffic turned out to be devastating for some businesses, and caused more trouble than leaving it alone would have.
Not to mention, it is still illegal. Just like going into a sub7 zombie to remove the trojan that is ddosing you is illegal.
Re:never seen a virus in my entire life (Score:2, Insightful)
Please wake me up... (Score:5, Insightful)
you're wrong (Score:5, Insightful)
they hardly made a dent. As long as end users have updated scanners it should not pose as much of a problem Obviously you probably are not in the system administration field, ISP field, or anything similar. Right now I work in the ISP field, and you have no idea of the nuisances cause by the same repetitive viruses going on right now. Try explaining to Joe Blow common users why they're receiving messages from management, staff, security@someisp.com telling them their account will be terminated if they don't open foo file. Most don't know what a spoof is, and most don't understand why their dial up connections are now giving them errors.
Along with antivirus sofware which - some go through autoupdates, try explaining to users why they need to run their antivirus software after an update. See most people outside of the geek world would believe that an autoupdate from Symantec, or McAfee or others is automagically going to take care of itself, and it's not. Sure people here may know, but not everyone is Top Geek.
Whenever I talk to friends who don't know much about computing I try to liken it to human diseases and medicine, and those vaccination shots Americans have to take as kids going to school: "If you had diabetes you need insulin, if you go to the pharmacy and get that insulin but bring it home and put it on the table, your doing nothing. Think of an autoupdate from an antivirus company as doing just that. You got the medicine now, why leave it on the table. You have to use it." Most of the times they understand afterwards and ask silly things like well why doesn't the program do it itslef. Some antivirus software does after some configuration some doesn't.
For anyone to think that; someone outside of the computing - is going to have an understanding of this, you're wrong. If this were the case, there would be no more viruses. People are too trusting and naive sometimes, and no antivirus software is not going to detect anything. Has anyone not seen viruses that disable firewalls, antivirus software altogether, because I know I have dealth with people becoming infected with such. You can't base your experience with that of Joe Blow, it's apples and oranges.
Re:Antivirus Advantage (Score:5, Insightful)
About not updating antivirus, well when people get a Norton Antivirus (with 60-day subscription) with their new pc, they're bound to assume it will still do its job after those 60 days.
The good thing is that more and more ISPs are using scanners like ClamAV to scan mails before they reach the customer.
email account management (Score:4, Insightful)
Well, partially it could also be to do with the fact that you are not careful about where your email address ends up. I have been as strict as possible about people not including me in their outlook/outlook expresss address books, or not including me on the mailing lists if i knew that participants are not security minded people. And i never had any sobigs, mydooms or the likes in my inbox yet i did use that account for emailing
just waking... (Score:3, Insightful)
Let me clarify this since I'm just waking up...
no antivirus software is not going to detect anything. I meant to type, no antivirus software is going to detect EVERYTHING. If this were the case, newer versions of Netsky and Bagel would get by, which is why most virus makers tweak code little by little, and another variant becomes a nuisance. Netsky and Bagle prove this. Right now there are who knows how many variants of it.
The blame for viruses (Score:5, Insightful)
Yes, they're stupid, but in the end the thief is the guilty one.
Virus writers are a great justification for the total elimination of privacy on the Internet. Imagine if you could use ISP logs to trace a virus right back to the first transmission, and then to the source. You could find the prick, drag him to the city limits, and dangle his corpse from a tree as a warning.
Sadly, while I wouldn't mind executing the jerks who assault our information infrastructure, I do value my semi-privacy.
Re:Learning from nature (Score:1, Insightful)
Re:Now that there is more code available... (Score:5, Insightful)
It's been done. What I don't understand is, why most Antivirus software does not scan after installing update by default. It would also be nice if Microsoft were to take the time to make some form of "Joe Average" tutorial explaining to their users why they become infected, often leaving up to sysadmins, network engineers, etc., who deal with the users often taking on the role of "Microsoft Antivirus Engineer". I would be curious to see some statistics on how much money is lost (real hard facts) from business such as Internet Service Providers, and other vendors who have to waste time explaining to people what is going on, what is a spoof, and why it's pretty much delegated to 99.999999% of the times, Microsoft.
MS should spend some money doing some quick media for the not-so-clueful to explain why management@whitehouse.gov wants them to open foo.zip. Sure people should be more aware, but that's not going to happen to avgjoe, and sally homemaker who spends a total of 2 hours a week on a machine to answer an email from her son in college.
Hotmail (Score:3, Insightful)
Mod parent up (Score:3, Insightful)
There hasn't been a real security-hole based epidemic since the Day the MSSQL Servers Died. All of these recent worms are still based on the tried and true Stupid User vulnerability: there are apparently still people who will actually double-click on an unrequested screensaver file they got in the email.
As much as I am a Linux snob, the fact remains that you could just as easily do that to stupid Linux users: if they're using their computer for anything useful, they're able to send mail and run executables; that's the only requirements for a worm like this.
Re:Mod parent up (Score:2, Insightful)
I also voluntarily used IE, surfed porn, and my homepage got changed, all my bookmarks were modified, and various "safe" activex exploits were used.
Some stats from our network (and a small rant) (Score:4, Insightful)
19 October last year, we deployed RAV anti-virus from www.ravantivirus.com (now owned by Microsoft, who promptly announced that all RAV anti-virus software for Linux will be terminated).
Since October the 19th, 18.500 email viruses has been detected.
Dec 2003: 1700 viruses detected
Jan 2004: 3635 ""
Feb 2004: 7819 "",just slightly below one virus per day per user.
Mar 2004: (per 17 marts) shows a slightly downward trend with 4430 viruses detected (223 per day).
Only 8% of the viruses originate from within our network.
37% are Mydoom viruses
21% are Netsky variants
7% are Mymail viruses
Now, viruses are a problem. Everybody I talk to know to some extent that viruses are "bad". You sometimes read about high profile arrests of virus writers. Fine.
But spyware is IMHO an even bigger problem for a lot of users. They have a hard time understanding the concept, why they got it, and how to get rid of it, and why it seems to be totally legal to plant stealthy spyware on their PC. To me, and the people I explain what spyware is, spyware is hacking (cracking) in its most criminal sense, since the spying are done for clearly economic reasons.
If spyware were manufactured by pimple faced teenagers for no economic reason, I am sure they would be busted by the police as evil hackers. But since spyware hacking are made by so called businesses, it seems to be a totally OK practice by politicians and law enforcement agencies.
yes auto-patch joe sixpack (Score:3, Insightful)
Wait a second, windows users are wrong for not updating and Microsoft is wrong for providing yet another downloadable tool to help people stay patched?
Oh please, this knee-jerk MS bashing is going too far. Yes, you are still free to test your home machine and no one running a server is going to do this. Yes, heaven forbid windows users get patched so I dont get days of network downtime when the next 'click me' virus hits. Heaven forbid Joe User's computer just doesnt update and firewall itself.
These people chose microsoft over apple, let them live with the consequences. On top of that MS patches have been very good of late and are not the patches and service packs of the NT4 era.
Parallel to Real Viruses (Score:2, Insightful)
I am amazed the similarity between computer viruses and real viruses.
These computer viruses are evolving just like real ones. Albeit, these viruses need deliberate input from hosts, they are changing.. What scares me is what happens when a coder learns how real viruses (like Nesseria gonorrhea ) can change their 'signature' randomly and constantly. Then we all will be screwed..
So lets keep CompSci people out of the Bio labs!