Forgot your password?
typodupeerror
Security

When Malware Attacks Malware 135

Posted by kdawson
from the internecine dept.
PetManimal writes "Researchers say that the Storm Trojan/Peacomm worm has been tweaked to spread via IM programs and attack rival malware. Symantec sounded the alarm, and says that the exploit launches in AOL, Google Talk, and Yahoo Messenger windows that are already open, making it appear to be a legitimate message from a known user. The worm has modified the code from last year's Nuwar worm, and when activated, enables a DDoS attack against any site, including antispam services and servers supporting rival malware: 'Systems hijacked by Peacomm have also conducted DDoS attacks against at least five domains used by the creators of the noted Warezov (or Stration) worm. After a busy September and October, Warezov was credited by some analysts as the genesis of 2006's massive fourth-quarter spike in spam volume.'"
This discussion has been archived. No new comments can be posted.

When Malware Attacks Malware

Comments Filter:
  • that's... (Score:3, Funny)

    by User 956 (568564) on Tuesday February 13, 2007 @03:07PM (#18001000) Homepage
    When Malware Attacks Malware

    You get total protonic reversal.
    • That's bad, right?
      • Re: (Score:3, Funny)

        by geeksdave (799038)
        OK important safety tip.. thanks Egon..
      • It is if the Bussard Collector and Main Deflector Dish are down for repairs or if you can't find some exotic substance to reverse its polarity.
    • by queenb**ch (446380) on Tuesday February 13, 2007 @03:45PM (#18001624) Homepage Journal
      Will someone please write a worm that 1) turns Windows Update on, 2) turns the Windows Firewall on, 3) turns off the keyboard & mouse ports for Windows 3.1, 95, 98, and ME machines thus forcing the retarded end users running on these platforms to upgrade, 4) installs ClamWIN and scans the hard drive, 5) installs SpyBot Search & Destroy and scans the hard drive, and 6) administers an electric shock to the aforementioned retarded end user for not taking care of this themselves?

      If your dog was running around the neighborhood barking at people and biting them, they'd make you do something about the dog. I don't see why your computer gets to the do the same thing on the internet with such impunity.

      2 cents,

      QueenB.
      • by operagost (62405)

        Most of these worms don't work on those old versions of Windows. It's the 2000 and XP machines that are vulnerable. Also, installing software requires that one download it first, and that's a cure that's worse than the disease (see Welchia).

        I like the idea of turning on Windows Update, though.

      • When Windows XP / 2000 had that buffer overflow two summers ago we found a "virus" that did almost what you're proposing. It downloaded the patch, forced a reboot and had the install waiting for next startup. It was a clever idea I had, but then we found somebody else had beaten me to the punch.
      • by Tony Hoyle (11698) <tmh@nodomain.org> on Tuesday February 13, 2007 @05:19PM (#18003294) Homepage
        I wouldn't use Spybot - it's getting kinda out of date now, and doesn't detect some of the worst ones. I've *never* seen Windows Defender successfully detect a spyware infestation - it's 100% useless.

        I recently had to fix a machine that was declared 100% clean by Spybot, Hijackthis, Windows Defender, etc. - and still kept throwing up random porn popups*. Turns out it was a virtumundo variant... the checker (forget the name) recommended by the hijackthis people could see it, but wanted money to remove it - eventually found an app that does it by doing some clever stuff and forces a bluescreen to stop it reinstalling itself (which it does in realtime.. you *can't* delete it manually). That's now in my machine fixing arsenal for the next time I see it.

        Makes me wonder how many of the bleats that 'my machine is clean therefore it must be blizzard being hacked' posts on the Wow forums have variants of similar crapware on there.. and they've fallen into the trap of believing the scanners despite the overwhelming evidence to the contrary.

        * And that was a machine without IE on it and fully patched.. the thing apparently got on in a trojanned version of Acrobat Reader.
        • Re: (Score:3, Informative)

          by dosquatch (924618)

          I wouldn't use Spybot - it's getting kinda out of date now, and doesn't detect some of the worst ones.

          Spybot regularly updates both signatures and detection methods. No, it's not perfect, but I've yet to meet the perfect scanner. I find that a combined dose of Spybot, AdAware, and a good AV program does a very good job of keeping Windows systems clean.

        • Re: (Score:3, Informative)

          by MaufTarkie (6625)

          I recently had to fix a machine that was declared 100% clean by Spybot, Hijackthis, Windows Defender, etc. - and still kept throwing up random porn popups*. Turns out it was a virtumundo variant... the checker (forget the name) recommended by the hijackthis people could see it, but wanted money to remove it - eventually found an app that does it by doing some clever stuff and forces a bluescreen to stop it reinstalling itself (which it does in realtime.. you *can't* delete it manually). That's now in my mac

        • I find that Bazooka is an awesome detector, but doesn't have an automatic repair capability. It usually finds what the others miss.
      • Whats stopping the Zero day flaws?

        You know there will always be at least one unpatched zero day flaw active at any time.
      • by kabocox (199019) on Tuesday February 13, 2007 @06:38PM (#18004504)
        I've found somethings that you asked for, but not all. I did don't know how to string them all together. ClamWin, and SpyBot, both say that they'll run from a bootCD. I didn't find any easy to follow admin install instructions for them. Mainly everything else is some reg files. I didn't find anything on keyboard or mouse ports of earlier versions of windows. I also didn't find anything about how to shock users. In the spirit of open sourceness, I expect someone else to actually do the real work of building a self installing zip file of ClamWin & Spybot, setting your fav. reg. settings, and having all of them autorun after a shutdown -r. I know that "it should possible." I don't know enough windows scripting in order to do it.

        net stop wuauserv

        Start -> Run -> gpedit.msc -> Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update -> Re-prompt for restart with scheduled installations. They hid it well but it's there :^)

        [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi ndows\WindowsUpdate\AU]
        "RebootRelaunchTimeoutEnabled"=dword:00000000
        "NoAutoRebootWithLoggedOnUsers"=dword:00000001

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer
        NoDevMgrUpdate value to 0

        HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ WindowsFirewall

        Set these to "not configured"
        * Windows Firewall: Protect all network connections
        * Windows Firewall: Do not allow exceptions
        * Windows Firewall: Define program exceptions
        * Windows Firewall: Allow local program exceptions
        * Windows Firewall: Allow remote administration exception
        * Windows Firewall: Allow file and printer sharing exception
        * Windows Firewall: Allow ICMP exceptions
        * Windows Firewall: Allow Remote Desktop exception
        * Windows Firewall: Allow UPnP framework exception
        * Windows Firewall: Prohibit notifications
        * Windows Firewall: Allow logging
        * Windows Firewall: Prohibit unicast response to multicast or broadcast requests
        * Windows Firewall: Define port exceptions
        * Windows Firewall: Allow local port exceptions

        http://sourceforge.net/docman/display_doc.php?doci d=28367&group_id=105508 [sourceforge.net]

        Preparation

        Start by installing the latest version of ClamWin, and download the latest virus definitions. See the ClamWin manual for full details on how to do this. Note that, if you are going to create a CD, you will not be able to update the virus definitions without creating a new CD, since a CD is read-only.
        Copy Folders

        Create a working folder in a convenient location to hold the files that are to be copied onto CD/USB, eg C:\ClamWin-CD.
        In the working folder, create a folder named ClamWin.
        Copy the contents of the ClamWin program folder into C:\ClamWin-CD\ClamWin. By default, the ClamWin program folder is installed to C:\Program Files\ClamWin
        Create folders named log, db and quara
      • Re: (Score:3, Informative)

        by dosquatch (924618)

        4) installs ClamWIN and scans the hard drive,

        What, install by force a package without a realtime scanner 'cause the user can't be bothered, and then think they'll bother doing manual scans? Methinks you've suffered an oversight...

        I've taken to suggesting AVG to all of my friends and family. Free, autoupdates, realtime scanner, scheduled daily full scan. Routinely outperforms both Norton and McAfee in lab catch tests. Otherwise, I'm all for your list.

        • In all honesty, I can't recommend AVG anymore. They don't update the free customers nearly as often as they update their paid products. This leaves the free customers vulnerable or infected for weeks-months at a time.

          2 cents,

          QueenB.
          • by dosquatch (924618)

            AVG updates definitions almost daily. The scanning engine, maybe not as often as the paid product, but I'm alright with that. In fact, I more or less expect that - they are a business, after all. I find that the regularly updated free product works much, much better than the, say, 18-month out of date copy of Norton I found on my Mom's machine because, "it keeps wanting me to pay it, but I never use that program."

            I've gotta visit more often.

            At any rate, AVG isn't the only free-AV game in town. Avast!, Ant

    • NEXT ON NON STOP FOX!
    • When Malware Attacks Malware

      This sounds like a really bad Fox special

  • Stronger malware (Score:5, Insightful)

    by eviloverlordx (99809) on Tuesday February 13, 2007 @03:12PM (#18001070)
    It just means that, in a few years, all of the malware will be significantly harder to kill. All of the weaker 'species' will have been driven to extinction (via changes in coding). It had to happen eventually. We may even see 'anti-viral resistant' strains.
    • Re: (Score:2, Informative)

      by frosty_tsm (933163)

      We may even see 'anti-viral resistant' strains.
      Uh, don't we already see this?
    • Nah, its all easy to kill if you use a ROM based OS.

      Just reboot.
      • Re:Easy to kill (Score:4, Insightful)

        by maxwell demon (590494) on Tuesday February 13, 2007 @03:50PM (#18001702) Journal
        Given that today's ROMs are typically flash, how long until some malware just reflashes it? This would also allow the malware to take control even before the OS boots up.
        • by nurb432 (527695)
          If the flash requires a hardware jumper to reset, then no worries.. If its software controlled, then ya, you are screwed.

          I think you could set a flash IDE drive to read only, and use it for your boot/OS. Sure it could trash your data, but at least the system is ok after the reboot. If not, I think there is a market for this.
    • by morgan_greywolf (835522) on Tuesday February 13, 2007 @03:31PM (#18001402) Homepage Journal
      No way. Malware is made by an Intelligent Creator. It is what it is. Intelligent Malware Design is just as good a theory as Malware Evolution.
      • Re: (Score:1, Offtopic)

        by Bryansix (761547)
        I know you were trying to be funny but seriously ID and Evolution theories can co-exist. The only thing adherents to ID have a problem with is the idea that life (or code in this case) was spontaneously created by natural processes. This in fact has nothing to do with the theory of Evolution. I for one take as fact that bacteria mutate and are weeded out by natural selection and that malware code is mutated in much the same fashion although not so randomly.
      • Re: (Score:1, Insightful)

        by Anonymous Coward
        huh, i suppose you're right! this malware's been created by storm trojan/peacomm.. intelligent creators indeed!

        good point, even if it wasn't your intention.
    • by GigG (887839)
      Without a doubt one of these will turn into Skynet one day.
  • by creimer (824291) on Tuesday February 13, 2007 @03:14PM (#18001096) Homepage
    So is there going to be a screen saver that will show the good and bad malware attacking each other as the computer keeps waving a white flag?
    • Yes, the rival malware attacks are Germany and the Soviet Union and the Windows PC is Poland. Mac would be England and Linux is the United States. If this was a World War II scenario.
    • Someone probably could but then they'd need to identify the myriads of unknown processes running in the Windows background (and the ps list on Linux isn't becoming much easier to keep track of, either). With the complexity of modern operating systems, and the prevalence of vendor loaded junkware, it's probably a task of cataclysmic proportions to try and figure out what's legit, what's not, and what was legit (from the vendor) but has since become exploited. Vendor junkware probably isn't the highest qual
    • Actually, isn't it about time for an updated version of the old game "Core Wars?" That one had assembly-language programs battling each other in a sandboxed memory space. Why not a more complex simulation that runs offline, on one PC, simulating a vulnerable network and the programs attacking it?
  • Old News (Score:4, Funny)

    by 140Mandak262Jamuna (970587) on Tuesday February 13, 2007 @03:14PM (#18001098) Journal
    The well known malware Internet Explorer has been attacking another well known malware WinXP for quite sometime. So why get worked about these obscure ones?
  • http://blanu.net/curious_yellow.html [blanu.net] This has been predicted for while now. I think I first read about Curious Yellow (above) 4 years ago. Still relevant today.
  • by phrostie (121428)
    so what OSs does this apply to?
    • by nurb432 (527695)
      Today or tomorrow?

      Any OS would is vunerable to an extent, since 90% of the problems are caused by the users allowing things to be installed. No OS can guard against that.
      • Any OS would is vunerable to an extent, since 90% of the problems are caused by the users allowing things to be installed. No OS can guard against that.

        This is not true. Most problems are caused by people running software combined with the fallacious assumption by OS developers that software people run is trustworthy because the user is running it. An OS certainly can be created that accounts for running untrusted software and software with differing levels of trust and access. In fact, the bitfrost secu

      • Any OS would is vunerable to an extent, since 90% of the problems are caused by the users allowing things to be installed. No OS can guard against that.

        That's wrong. The only problem is that an OS which doesn't allow you to install any software would probably a big failure ...
        • by nurb432 (527695)
          Ok, well you got me on that, but i agree, if you cant install *anything* it would pretty much be a embedded device relegated to control your toaster for eternity.
        • Re: (Score:3, Insightful)

          The real problem is security models that assume very few levels of security. Either you install it and it can hose your machine and kill babies, or you don't run it and don't know if it was malware or not. That's just crazy. Back in the day MS Word used to pop up a dialogue box and say something along the lines of "this .doc file contains macros that may be viruses (ok)(cancel)." I knew a manger who offered $1000 to anyone who could add a button that said "open the file but don't let it infect my computer w

  • And the Dept of Homeland security is doing what? exactly!
  • It begins (Score:5, Interesting)

    by inviolet (797804) <slashdot@ideasma ... g minus caffeine> on Tuesday February 13, 2007 @03:34PM (#18001466) Journal

    esearchers say that the Storm Trojan/Peacomm worm has been tweaked to spread via IM programs and attack rival malware.

    Thus begins the ecology of internet software. CPU cycles are simply too valuable (en masse) for one piece of malware to share with others.

    Eventually, look for malware to get better and better and rooting out rival malware in order to take its place. As well, look for malware to be more cautious about consuming host resources, lest it get noticed by a user or antivirus package.

    It's no different than Earthly biology. We think nothing of the colossal number of parasitic microorganisms currently hitching a ride on our metabolism. Some like E. coli are so useful that we even enthusiastically encourage (Yoplait anyone?). Symbiosis carries major advantages along the lines of "division of labor". How many years before real symbiosis is realized among internet-connected computers?

    It would also evolve the antivirus landscape. The "OMG sterilize all machines!!!1!" mantra would change into a more relaxed problem: calculate the most efficient amount of CPU cycles to allocate among the competing tasks of:

    • detect malware through behavior analysis (the current cutting edge)
    • detect malware through recognition scanning (the tried and true way)
    • tolerate malware as long as it doesn't eat up too much CPU

    That's how our bodies do it, anyway.

    • Not yet, first we need the self replicating code to modify itself. The CPU is a harsh mistress, though, so it would have to be very small mutations, possibly to the point of making it irrelevant in the long run. Right now, it's just tic-tac-toe with overwritting Xs and Os.
    • Re: (Score:2, Informative)

      by Anonymous Coward
      Ummmm... well right idea, wrong microorganisms!

      Some like E. coli are so useful that we even enthusiastically encourage (Yoplait anyone?).


      The stuff in yogurt is Lactobacillus acidophilus [wikipedia.org].

      The stuff you DON'T want in your (upper) GI is Escherichia coli [wikipedia.org].
    • by Ravear (923203)

      [..]
      That's how our bodies do it, anyway.
      Yeah but with the body you don't get the option of backing up documents & re-imaging. I don't dick around anymore when I get some malware. It just isn't worth the time/effort.
    • Some like E. coli are so useful that we even enthusiastically encourage (Yoplait anyone?).

      Where do you buy yogurt, the public restroom???
    • Re:It begins (Score:4, Insightful)

      by AeroIllini (726211) <aeroillini.gmail@com> on Tuesday February 13, 2007 @07:42PM (#18005318)
      That's an interesting analogy, and I agree that malware will get consistently more advanced, eventually creating mutatable (and thus evolvable) strains that will evade anti-malware programs without the intervention of the programmer.

      However, there's a rather glaring flaw in the analogy, and it's this: in the biological world, the various bacteria that live in or on us do not have purpose. They are simply life forms, doing the things that life forms do (which is eat, shit, and make babies) in an environment that suits them. If they end up overrunning that environment and making us sick, it's not because they wanted to make us sick. If our bodies happen to be the perfect environment for them, and they happen to eat things in a way that is beneficial to us, it's not because they decided to help us out. They are just being bacteria. Symbiosis and infection are merely products of parallel evolution and happy coincidence.

      In contrast, malware is written by people, and people do have motives for the things they do. Bacteria don't do this; they just do their thing with the eating and the shitting and the baby-making, and any macroscopic results are not due to the decisions of the bacteria.

      Malware is written with purpose. That purpose could be to show the user ads, or participate in a botnet, or collect spammable email addresses, or whatever. But saying that anti-virus programs will ignore the "harmless" malware overlooks the fact that there is no harmless malware. There doesn't exist any malware that's going to go to the trouble of infecting your machine and propogating, and then not do anything. No one would program one. That means that all malware is either black hat (adware, botnet, spyware, etc.) or white hat (attacks other malware). Even if it's not using CPU resources, it is doing some other damage, such as annoying the user or enabling spam (in the case of black hat) or violating the freedom of a user to choose what software they have installed on their machine (in the case of white hat). Either way, all malware should be cleaned by anti-malware programs. In the world of software programmed by people, there's no such thing as harmless piggybacking.

      ****
      Note: I am aware of the parallels of my argument with Intelligent Design. It was not my intent to start a flamewar.
      • by inviolet (797804)

        But saying that anti-virus programs will ignore the "harmless" malware overlooks the fact that there is no harmless malware. There doesn't exist any malware that's going to go to the trouble of infecting your machine and propogating, and then not do anything. No one would program one. That means that all malware is either black hat (adware, botnet, spyware, etc.) or white hat (attacks other malware). Even if it's not using CPU resources, it is doing some other damage, such as annoying the user or enabling s

    • by hyfe (641811)
      CPU time is, by itself atleast, is inconsequencal.

      Time Used by User isn't. Malware adds to this in in primarely three different ways, choked connections and laggy internet, direct intervention like pop-ups, and lastly, by bogging the machine down, either through hooking into places it shouldn't hook into, or through eating CPU-cycles.

      In my experience atleast, the first two are way more prevailent than the latter.

    • Just 'cause you paint that stuff white doesn't make it yogurt, pal. But if it contains e. coli, I'd certainly market it as probiotic as well. The taste is probably the same, after all. At least ... I imagine, I do NOT want to participate in an empirical experiment!
  • In Soviet Russia, malware attacks... malware?
  • Regardless of the operating system or the applications which run upon it, the ultimate weakness at the end of the day lies upon the end user. You can only secure a system to a certain point until the user begins losing functionality, until the end user becomes more educated...well expect to see evolution in Malware.
    • Re: (Score:3, Insightful)

      Regardless of the operating system or the applications which run upon it, the ultimate weakness at the end of the day lies upon the end user. You can only secure a system to a certain point until the user begins losing functionality, until the end user becomes more educated...well expect to see evolution in Malware.

      Your comment is factually correct, but also very misleading. Users are the hardest element to harden in the chain of security, but right now they are by no means the weakest link. The OS devel

      • by operagost (62405)

        This means if a user downloads some program via IM or the Web and if they run it the OS will look at the included ACL and cert and see what permission it wants and who will certify it as trustworthy, if anyone. Then, if it tries to exceed its authority, the OS will present a warning such as, "The program 'Storm' is not verified as trustworthy and would like to connect to the internet on a port normally used for sending instant messages. (Stop it from sending messages)(let it send messages once)(always let

        • Gee, that sounds like every client-based firewall on the market (including XP's). The only wrinkle is the application signing, which is ALSO already being done but with a crappy UI as you mentioned.

          In a way. A client based firewall is insufficient because it is too easy for something to escalate privileges and get around it. A MAC ACL is built into the core of the OS and deals not only with network access, but also access to hardware resources, system services, and files. With a client based firewall a w

      • The security of a system is the minimum of the machine's security and the user's ability.
        • The security of a system is the minimum of the machine's security and the user's ability.

          I mostly agree, but it is a bit more complex than that. The machine's security includes its ability to inform the user and do what the user wants by making the right controls available to the user in a convenient way. Users are willing, for the most part, to spend a few hours learning the rules to safe computer use, provided they can still accomplish their normal tasks while following the rules. Right now they don't

          • The ultimate first problem is that you SHOULD NOT run code from an unverified source. Period. A computer cannot make the decision what to trust and what not to (at least, in my opinion, it should not make that decision. MS and the whole TCPA bunch think otherwise, but ... I digress).

            You cannot "sandbox" an all purpose system to the point where the execution of a binary cannot cause harm to any part of it. At the very least, every file accessable with the account's privileges is in danger. Even if it's only
            • The ultimate first problem is that you SHOULD NOT run code from an unverified source. Period.

              Tasks are not defined by what people should do in some mythical fairyland, but need to be based upon what people actually do. People want to run binaries they don't trust. Binaries are all trusted to differing degrees. I trust Photoshop because I have little choice. I need to use it. That does not mean Adobe should have the ability to do anything they want on my machine. I might want to run Halo, but I sure as he

  • by UnknowingFool (672806) on Tuesday February 13, 2007 @03:57PM (#18001850)

    Systems hijacked by Peacomm have also conducted DDoS attacks against at least five domains used by the creators of the noted Warezov (or Stration) worm. After a busy September and October, Warezov was credited by some analysts as the genesis of 2006's massive fourth-quarter spike in spam volume.

    What isn't generally reported is that Peacomm uses "Your momma's so fat" insults in the DDOS attacks. By far the most devasting and hilarious DDOS this year.

  • just make spamvertising illegal?

    They could simply prosecute the companies that are advertising their products via spam, after all they must have either directly been the originators of the spam, or at least know who they are funding to do the dirty work.

    The businesses that exist solely to send spam would dissapear overnight if their client base dissapeared.

    I'm sure any government could easily be able to determine who is ultimately behind spam, simply by buying some advertised product then either tracking th
    • yeah, they could.

      but somehow - i guess, murder is illegal in most of the countries of the world, but wait - somewhere somehow people still get murdered. hell, why?

      lemme guess - some folks don't give a f* what's illegal? there HAS to be a reason.
      • by dreamlax (981973)
        The difference is that people who murder people and get caught go to jail. The people who spamvertise aren't even chased in the first place.
    • They could simply prosecute the companies that are advertising their products via spam, after all they must have either directly been the originators of the spam, or at least know who they are funding to do the dirty work.

      Great, then I can send spamvertisements for my competitor and they will be arrested. I can send spamvertisements for the company run by the jerk who is dating my ex-gf and he'll go to jail and she'll come to me for comfort. That's a great plan.

      I'm sure any government could easily be a

  • It's more than that (Score:4, Interesting)

    by httptech (5553) on Tuesday February 13, 2007 @04:14PM (#18002150) Homepage
    I'm the author of the technical writeup detailing the attack on the rival spam group. But the only reason I was investigating the DDoS attacks launched by the Storm Worm/Peacomm/Nuwar is due to my own site being attacked [joestewart.org] after I detailed the pump-and-dump stock spam operation of the Rustock trojan. It is getting riskier to publish research on viruses and spam. I believe since spammers were able to take out Blue Security by DDoS attack, they are getting bolder in who they target. There's no downside for them.
    • Was it actually confirmed that spammers were able to DDoS Blue Security out of existence? Last I recall the evidence for that was weak.
  • I have visions of Tron-esque gladiators fighting for the right to make the mainframe belong to the penis enlargment spam zombie network or the penny stock spam zombie network.

    Also, it might be neat pitting malware against each other in a Code War [wikipedia.org] type of visible environment.
  • The aplore [symantec.com] worm used the same trick in 2002 except it setup a web server on each computer and sent a URL pointing to it in IM windows. I'm sure there are earlier examples but that is the first one off the top of my head.
  • I vote they make a spinoff of Robot Wars

    I can see it now...

    Malware wars... watch rival malware rip each other apart!

    "Oh my god, Malwarior just executed an amazing kill maneuver!"

    "it looks like Spymaster is only hanging on by a thread!

    "Oh... and he's done for. Spymaster is terminated... add him to the hexdump!"

  • that a large percentage of malware is designed to turn the user's PC into a mail spamming bot. I, for the life of me, do not understand how this can be effective if ISPs took even moderate precautions.

    1. Don't allow your users to send port 25 traffic to any address but your own mail server.
    2. Don't allow any one user to send massive quantities of email. Most user's won't need to send thousands of emails in a single day.
    3. Use blackhole lists to prevent SPAM from networks that don't follow the abo
    • 1. Don't allow your users to send port 25 traffic to any address but your own mail server.

      Repeat after me... the internet is not the web, the internet is not the web. I'd kind of rather ISPs did not arbitrarily block ports because one OS is so unbelievably insecure that it does not even inform users before it starts spamming e-mail to the world, when that is a common occurrence on that platform.

      Here's a counter-suggestion. How about if MS gets off their butts and makes their OS reasonably secure so that

      • by rossz (67331)
        My isp (http://www.sonic.net) puts limits on ports by default, but you can easily change this via a web interface. Most users will never need to change the default (and secure) settings. Some, myself included, are technically competent enough to know where they're doing and will open up the ports. Simple and effective.
      • How about opening up liability laws to make software manufacturers as responsible as any other manufacturer? Build a car with a known, or should have reasonably known, flaw and get sued hard. Build an OS with security holes everywhere and get sued hard. It is time to stop coddling them.
        • How do you want to prove it was the OS that caused the problem? The system can be as solid and stable, as secure and tight as can be, if the user is dumb enough to execute the spambot with administrator privileges, the system can't (and should not!) keep him from doing that.

          If you want to make OS manufacturers liable, I want users liable for their sheer idiocy as well!
          • How about OS's or browsers that are vulnerable to javascript hacks, etc?
            • Fine. Now prove (as a layman, or as someone who cannot afford hiring a professional to actually verify the flow of the infection) that it was a hack and not user stupidity. And keep in mind that many viruses and trojans destroy a system after they had their fun.

              Good luck. You're the one suing, so the burden of proof is on you.
      • Well, the only problem to your suggestion is that waiting on Microsoft to secure its OS is about as productive as pissing into the wind. Other than that I totally agree.
    • "1. Don't allow your users to send port 25 traffic to any address but your own mail server."

      Yeah maybe i'd use my ISP's mailserver if they didnt tag all my mail, forward me shittonnes of spam and have a roundtrip time measured in hours.

      Maybe I should pay $300 for a break pad change too eh? Instead of doing it myself properly. I obviously should leave it up to the 17 year old "professional" trainee down at speedy.

  • hasn't... (Score:4, Funny)

    by Anonymous Coward on Tuesday February 13, 2007 @04:41PM (#18002632)
    Hasn't norton a/v been doing exactly this for years? Malware, fighting malware? :)
  • by Zantetsuken (935350) on Tuesday February 13, 2007 @04:53PM (#18002810) Homepage
    I'm not really sure, and depending on how vicious this is, but sometimes maybe 2 wrongs do make a right... For those of you who haven't seen the movie "Swordfish" they pretty much use terrorism to dissuade other terrorist actions. Perhaps this type of virus/worm/etc could be a good thing for us, that for most virus/worm/spam creators it will become such a pain in the ass to wreak their havoc, it won't be worth it for them (would you keep intentionally making/distributing virus/etc if it meant you got DDoS'ed so hard your server melts every month, costing you money on hardware?)

    But then again, perhaps 2 wrongs don't make a right...
  • Seeing as it's being totally abused don't you think it's time to disable it.

    In this year 2007, why are we still talking about viruses, spam and malware. Why don't they make a desktop OS that don't get 'malware' merely by opening an email attachment or clicking on a web link.

    IM programs and malware .. (Score:-1, Troll)
    http://slashdot.org/comments.pl?sid=222234&cid=18 0 01072 [slashdot.org]
    • by Vegeta99 (219501)
      I have mod points, but I'm not modding your post back up.

      What you said is the same as replying to an article about a homicide and saying "Well why don't we lock up all the murderers?"

      Don't state the obvious in a discussion and expect not to be squelched.

Nobody said computers were going to be polite.

Working...