The Virus Squad 175
dncsky1530 writes "Sydney Morning Herald - The Virus Squad - 'A new species has been discovered. So new, it's still unnamed, but researchers are racing to tag it - before it spreads around the world. For the next 10 to 30 minutes, the computer virus or worm is dissected, analysed and identified... "On the day we detected MyDoom, we did another 18 viruses," says Paul Ducklin, Sophos's head of technology for the Asia-Pacific. "There are about 800 new viruses a month. And the unglamorous bit of our work is often the other 798."'"
I wonder (Score:3, Interesting)
Re:I wonder (Score:5, Insightful)
Re:I wonder (Score:5, Insightful)
Re:I wonder (Score:3, Interesting)
Re:I wonder (Score:5, Informative)
Some security companies do give back to the community. GRISOFT [grisoft.com] offers a free version of AVG Anti-Virus 6.0 [grisoft.com] for single home users. Zone Labs [zonelabs.com] offers a free version of the Zone Alarm [zonelabs.com] firewall.
Do you know of any other companies that offer free anti-viral or firewall software?
Re:I wonder (Score:5, Informative)
Re:I wonder (Score:3, Informative)
Re:I wonder (Score:5, Informative)
It's got auto-updates, Outlook add-on module, etc. All good. They want some info in lieu of registration, but it's non-spammy/invasive
You can download it from here [avast.com] if you're so inclined.
Disclaimer: I have nothing to do with Avast, beyond being a quite satisfied user of their software.
Re:I wonder (Score:3, Informative)
Re:I wonder (Score:3, Insightful)
Re:I wonder (Score:2, Interesting)
AVG is handling the antivirus for my entire company - but before it was purchased, I needed to test it and ensure it would fit our needs. I used the free version in the testing of a 98, 2k, and xp machine with zero problems.
After 3 months I felt confident enough to make it comapny policy. I purchased the server versions for my windows servers at the time and the client for everyone else. To this date, I have had one infected user and it was because a remote user in Singapore h
Re:I wonder (Score:2)
Re:I wonder (Score:2)
Slashdot needs to start carding its posters.
Re:I wonder (Score:2)
Re:I wonder (Score:2, Interesting)
IIRC several recent worms have left backdoors on the victim computers.
Does anyone know where a person could get accurate information requied to say, identify infected machines on a network with nmap or somehting similar? The published information from the AV vendors seems a littly "fluffy" in this respect, they would obviously rather sell me something.
I'm in a school setting and am not the Admin so I don't have full control our computers, thought I am trusted and given liberal leeway. I would like to
Re:I wonder (Score:3, Informative)
Re:I wonder (Score:5, Informative)
Smoothwall [sourceforge.net] is a "best-of-breed Internet firewall/router, designed to run on commodity hardware, and to give an easy-to-use administration interface to those using it. Built using open source and Free software, it's distributed under the GNU Public License".
Re:I wonder (Score:5, Interesting)
I have been working as a consultant for small office and home office users since being laid of from Intel in 2002. The view from the small office and home office is very different from the view from within the IT industry. I've been working to educate my clients on the importance of regular backups, anti-viral protection and firewall protection. I spent the last two weekends removing viruses from computers that were on cable modem connections with no ant-viral software installed and no firewall installed.
I am starting to think that I need to help my clients to protect their data and make their systems hard targets. I'd like to think that the virus problem will be addressed by operating system changes. However, the reality in the small office and home office is that operating system upgrades are almost always tied to the purchase of a new computer. Third party security products will continue to be important as long as users stick with what works for them today without worrying about what might be available tomorrow.
Re:I wonder (Score:5, Insightful)
But how often do you run across a computer you have to service with expired virus subscriptions? It seems to happen to me quite a bit. I suppose M$'s virus scanner mentioned earlier on /. might help, but that reeks even more of conspiracy than the current "protection money" setup does.
Rather than bundling a questionably legal virus scanner into their next service pack, Microsoft should perhaps add a tool that helps to lock down permissions on NTFS volumes, creates unpriveleged accounts for users and various services, etc. Even with the multitude of security holes, Windows can be made a lot harder to mess with, if you put a little work into. The key here is privelege seperation.
Re:I wonder (Score:3, Insightful)
Your other suggestions are sound, as far as they go, but unfortunately most people will deliberately run with administrator privilege if they can, and there is still the fundamental problem that the OS does not run if system files are write protected. OK they can be protected from regular users, and it helps, but is not sufficient. But, I think you are saying that it should defaul
Re:I wonder (Score:2)
Uh, if I just dropped $1000 on a new computer, I get rather pissed off at the suggestion that within a few months I need to start paying some not-insignificant amount of money a month just so the damned thing won't catch a virus and die.
Funny, I don't recall having to subscribe to a freakin' virus protection scheme with my Linux box.
Re:I wonder (Score:2)
I don't know about you, but the cars I buy tend to run 100,000 miles before they need major maintenance. Gas, oil change etc is one thing. But I don't have to subscribe to anything.
And the fact that Linux boxes pretty much don't suffer from viruses does pretty much show that you can mak
Re:I wonder (Score:2)
Fixing the problem instead of just treating the symptoms would be commercial suicide - why do you think drug companies spend so much money marketing "cold and flu" tablets instead of producing effective vaccines?
Re:I wonder (Score:3, Interesting)
Because it's basically impossible for the OS to tell the difference between the user deliberately performing $TYPICAL_VIRUS_ACTIVITY and a virus doing it ?
Re:I wonder (Score:3, Informative)
I am yet to be convinced that there is any integrity or sense of morality in the anti-virus industry. The big boys such as Symantec and McAFraud have lost the plot, they are led by marketing men, and their products are distinctly third-rate. Their support departments also lie. As for Panda, well if you want t
Ugh, these aren't viruses... (Score:5, Insightful)
If it can't infect any arbitrary EXE file, its not a virus, its a trojan or a worm, depending on wether or not its a moronic user or a security hole that allows it to enter the system.
Re:Ugh, these aren't viruses... (Score:5, Insightful)
Re:Ugh, these aren't viruses... (Score:4, Informative)
+Pete
Re:Ugh, these aren't viruses... (Score:5, Insightful)
I agree trojans aren't viruses, but worms are exactly the same thing as EXE viruses except at a bigger scale -- instead of merely infecting EXEs on one system, it infects systems on a network.
Re:Ugh, these aren't viruses... (Score:4, Informative)
Worms and viruses are both forms of malware, but they are not the same! They may have similar qualities, but they are not "exactly the same". Here's the critical difference -- a virus is not executable by itself. It is just some executable code that knows how to spread itself by infecting other executables (or in some cases, documents that contain executable code, like Word macro viruses). This is analogous to the biological world, where biological viruses are not full (as in independent) life forms (as I understand at least), but just a small amount of DNA in a container cell that knows how to infect a cell and replicate itself. A worm, like a parasite, is a distinct executable (organism) that just happens to need a host in order to run and spread. They are both bad, but they are distictly different.
And the original poster is right -- there hasn't been a large scale outbreak of a real virus in quite some time (probably a combination of malware authors getting lazy, virus scanners getting better, and viruses being more difficult to transmit over the Internet).
Re:Ugh, these aren't viruses... (Score:2)
But that's not really the point -- an e-mail worm can't spread by itself -- you need to get the e-mail and open it up and run the attachment (or have a brain-dead mail client that does this automatically). How is this any more "independent" than a computer virus that is only active when you run the infected program?
Re:Ugh, these aren't viruses... (Score:2, Informative)
However, you didn't take issue with my assertion that a biological virus is barely alive, and it essentially a bunch of specific DNA in a container. This is much like a computer virus and the biggest distinction between a virus and a worm (though at some point, this analogy becomes s
Re:Ugh, these aren't viruses... (Score:5, Insightful)
Now that the most common OS's support multiple processes at once, and the internet/web/email is the main thing that connects everybody (and writable network file systems are mainly only found in the workplace), viruses have naturally changed.
Re:Ugh, these aren't viruses... (Score:5, Interesting)
Re:Ugh, these aren't viruses... (Score:5, Interesting)
Old schoool viruses tended to be designed to do damage. They infected as many files on the system as possible often destroying the file in the process.
This approach is counterproductive if you want it to spread. Modern e-mail worms rarely show much evidence of their presence, if it seems like nothing is wrong then the user won't look for a problem. This leaves the worm free to mail itself to thousands of others and the system is added to the long list of compromised machines at the crackers disposal for DDoS attacks or spam relays.
This is the same reason you don't get any 'wipe your hard drive on a certain date' viruses anymore. It isn't about doing damage it is about infecting as many machines as possible either for the 'fame' or to build up nets of infected drone machines for another purpose.
I am surprised the article didn't mention the real reason MyDoom targeted SCO, it was a diversion. Spammers need new drone machines to send spam from but they don't want the backlash from being connected to a virus so they add in a diversion, the attack on SCO. This took the heat off the spammers and placed it firmly on the OSS community. And it worked, kind of, only recently has the spamming 'features' of MyDoom seen any press. For weeks all that was reported was how it was probably created by a OSS zealot lashing out at SCO.
Re:Ugh, these aren't viruses... (Score:5, Funny)
Slashdot could run a poll, but the answer would almost certainly be .. CowboyNeal.
Re:Ugh, these aren't viruses... (Score:2)
But believe me, I've seen docs compiled as exe's to provide their own reader back in the day.
But anyway, what's the diff?
Re:Ugh, these aren't viruses... (Score:2)
Re:Ugh, these aren't viruses... (Score:2)
The all want to control your computer, and by controlling your computer control you.
They are widespread enough that the virus known as "Norton Anti" comes preinstalled on new Dells.
I was wondering (Score:2, Interesting)
By the way virii also infect the boot sector and some only infect the boot sector.
But it's all the same.
A virii will attach itself (IE patch) existing software (usually any and all on your system).
A trojen is a self contained infection and dose not spread.
A worm hacks into the target.
I suspect about 90% of the "virii" found are actually trojens. They are the single easiest peace of malicous code that can be created. They are the essence of all the o
Half-life of Viruses (Score:5, Insightful)
This rings all too true. If forwarding ports for certain applications wasn't such a pain in the ass, I would say make ISPs require firewalls or find a way to have some sort of personal firewall for their connection that they can access from the internet and change the settings on. Just a thought.
This would bring up other problems, but it'd at least stop a lot of problems with trojans and open relays.
Re:Half-life of Viruses (Score:5, Insightful)
Re:Half-life of Viruses (Score:2)
Hell no. (Score:2, Insightful)
The ONLY thing they should be able to do is shut me off totally.
Re:Hell no. (Score:4, Interesting)
Your ISP has every business sense to control your hardware, depending on what kind of customer you are.
Road Runner, during the whole fiasco with some horrid worm I can't remember the name of. Started filtering at customer leased line routers, their own and their upstream provider to hold down the bandwidth consumption. They had red lined their bandwidth and it was effecting their entire customer base.
I'm not saying filtering everything at any point is a good idea, but when it comes to critical situations they have every right to slow the progression of an attack.
I used to get annoyed at Port 25 blocking, but after recent spam/virus hoopla has hit I'm rather glad some people are taking steps to curb the issue.
I dont agree. (Score:2)
I don't care what agreement, or policy they might have.. A lot of things go on that shouldn't be. People agree to things that are wrong all the time.
They have NO right to mess with MY equipment. That is a privacy and security invasion. Period.
They DO have the right to monitor, and if im broadcasting crap, to shut me off.. on their end.
Re:Half-life of Viruses (Score:5, Insightful)
>This rings all too true
That may be true for a Windows machine where controlling the number of open ports is difficult and where you have every piece of software calling home, but on my Linux laptop, I don't run a firewall. I just don't see the need. I've got ssh open and that's it. And X, from which I haven't heard anything since 4.0.
Re:Half-life of Viruses (Score:3, Interesting)
I find on linux you tend to have more need for a firewall. Linux will often be running RPC, and like you say X (and I know at least KDE) use ports too that should be firewalled.
Re:Half-life of Viruses (Score:2)
I find on linux you tend to have more need for a firewall. Linux will often be running RPC, and like you say X (and I know at least KDE) use ports too that should be firewalled.
I have to agree with the person you're commenting to.
Firewalls are not useful for an individual system if you don't have things running on ports that can be abused.
Windows does make this very hard, while Linux it is trivial and by defaul
Re:Half-life of Viruses (Score:3, Insightful)
Well, unless some evil program hits you and opens up another port. And that is were the firewall comes in - second line of defense. Even if someone evil manages to open up a rootshell, the packet filter will not allow any connections out or in.
How...
...does that evil program break in and get run if the ports are not in use?
...does the evil program abuse a port if the software using th
Re:Half-life of Viruses (Score:2)
Huh? (Score:5, Insightful)
How does that go?
"I AM PR3PAr3D T0 0ff3R TH3 2um 0F tHR33 BaGz 0f Ch33zY P00fS 4 a 3l33T P2Ych0!og!st!!!"
"While you clearly have abandonment issues, the practice has been hard up for money lately. Very well, I accept. But first, tell me about your mother."
Look, it doesn't take a psychologist to explain that when you sit the average person in front of a computer, they become a mouse-clicking fool. No amount of emergency IT sessions with the staff explaining precautionary tactics involving attachments is going to change that, and if any psychologist recruitment is necessary it's to explain why the average person keeps clicking attachments to messages in obviously broken English.
That's why blaming software vendors like Microsoft is stupid. Will four ARE YOU SURE YOU WANT TO RUN THIS warnings before allowing the execution of an attachment do any more than three?
Re:Huh? (Score:2, Funny)
Sure, it doesn't sound like a lot, but think of it in volume...
Re:Huh? (Score:2)
No, I'd put the blame squarely on software vendors like Microsoft. Four ARE YOU SURE YOU WANT TO RUN THIS warnings won't do any good. OneNo amount of emergency IT sessions with the staff explaining precautionary tactics involving attachments is going to change that
You must be doing something wrong. I've done one "emergency
Re:Huh? (Score:5, Informative)
Viruses don't die .. (Score:5, Interesting)
"You might think that there are some that will almost certainly never be seen again but it is surprising
There's a reason enough to be on your toes and patch your new install as soon as possible.
Re:Viruses don't die .. (Score:3, Interesting)
I wish that MS would make the service packs/updates in such a way that it would be
1- latest service pack
2- latest critical OS security patches
3- latest IE critical security patches
so that on a new install, all I would need to do is get a CD (burn one even) that contains the above three files.
Make the three files availible from a single location. Update #2 and #3 as soon as a new individual patch is released.
every 6-9 months,
Re:Viruses don't die .. (Score:2, Informative)
(Haven't tried it myself,just read it on news
Re:Viruses don't die .. (Score:2, Informative)
Windows Security Update CD [microsoft.com]
Obviously it will get out-of
Re:Viruses don't die .. (Score:3, Informative)
I know for sure you can Slipstream Service Packs and hotfixes, but I'm also pretty sure if you find the correct almost-undocumented-hidden-behind-a-door-that-has
Re:Viruses don't die .. (Score:2)
And they listen...
Microsoft Secuirty Patch CD [microsoft.com]
You do have to wait for it to be deliverd (its _free_ ), but it has the latest patches on one CD. Just re-install, and then run the patches from the CD before going online, grab a good firewall & virus scanner, and then do whatever.
NeoThermic
AV companies? (Score:3, Interesting)
Really, i can't imagine that there are so many (800 viruses/month is SO much) evil-programmers that prefer to spend their know-how writing code they will never get paid for, instead of selling their experience to someone who needs it and earn a lot of money..
Re:AV companies? (Score:5, Insightful)
Right, no one would ever write code for the joy of writing it. That's why this OSS fad will never take off...oh wait.
Re:AV companies? (Score:2)
Who is to say that they aren't doing both? Why wouldn't there be any talented IT professionals who create the very problems they are hired to solve? Provides job security, and you KNOW you can solve the problem quickly and look good; after all, you
Re:AV companies? (Score:2)
The same allegation was made against McAfraud some time ago, and I don't remember then taking anyone to court over it, which may suggest something.
Re:AV companies? (Score:2)
Boy I sure will sleep better tonight... (Score:5, Funny)
...safe in the knowledge that the VIRUS SQUAD are dissecting viruses for me AS WE SPEAK!
ACTIVATE TEAM VIRUS SQUAD! GO FOR GLORY!
Re:Boy I sure will sleep better tonight... (Score:5, Funny)
Re:Boy I sure will sleep better tonight... (Score:3, Funny)
"See Jimmy, this is what we call the CPU."
"Jeepers, its so big!"
"Nope, remember we're tiny."
"Jeepers I forgot!"
Glamorous? (Score:4, Insightful)
Anti-virus vendors that consider a mass outbreak of a worm to be 'glamorous', compared to the 'unglamorous' stuff that doesn't get as much publicity? It might sound daft, but consider that they (should) put the same amount of work into each and every virus - i.e. preventing it - there shouldn't really be an issue with how glamorous something bad is.
Analyse it, deal with it, out the door, next virus is how it should be. I'd hate to think how they'd deal with biological virus outbreaks...
Re:Glamorous? (Score:2, Insightful)
I think his point is that they do exactly what you say - analyze it, deal with it, get the fix out the door. Twice a month, though, yahoos outside their business decide that a worm/trojan/virus is "important" enough to cover in the mass media. I suspect they don't go looking for "glamour", but that it instead finds them. Incidentally feeding the ego of the virus writers, of course...
So very, very true. (Score:5, Informative)
This happened when I installed a (legal) copy of Windows 2000 on my GFs old machine. Boom! Infected with Blaster on the first five minutes on the net, trying to D/L a firewall. Not to speak of the servicepacks... It happened so fast, I thought there was something wrong with the modem drivers, I downloaded via an iBook. I spent a lot of time getting that machine up. But as the family of the GF saw what happened, three persons became Apple converts that evening.
My GF now has an iBook and is more productive on a computer than ever.
Re:So very, very true. (Score:3, Informative)
It's inexcusable that things like DCOM even listen to non-localhost connections by default, even moreso as windows NT/2k/XPproper firewalling. The times I've wished for ipchains on these things..
Re:But wait... (Score:4, Interesting)
Re:But wait... (Score:2)
Re:So very, very true. (Score:2)
No, I'm a Debian user. Right tools for the right job. At work I use Windows, but I'm buying a Powerbook, because it is a lot more powerful in Photoshop.
OK - so Microsoft installs NetBIOS over TCP/IP by default.
Seems like it. A little bit retarded if you ask me.
I guess I'm at fault for not turning it off. But, as a long time Linux user, I didn't realize exactly how dangerous a default install of w2k really is. I had heard about the Blaster worm, and t
Their effort doesn't scale well (Score:5, Interesting)
Re:Their effort doesn't scale well (Score:2)
If they all used the same signature files, they'd have to rely entirely on having the fastest scanning engine, the best update procedure, or some similarly irrelevant qualification for people to buy theirs above someone elses, or else go into a price war situation (which would inevitably lead to more outsourcing, and we don't want to increase that, do we??)
So while k
Re:Their effort doesn't scale well (Score:2)
Unsafe (Score:5, Interesting)
Re:Unsafe (Score:5, Informative)
Re:Unsafe (Score:2)
Re:Unsafe (Score:2)
Step one is never using a MS product for email.
Step two is filte
The Perfect Virus..? (Score:5, Interesting)
Here's what I've got so far...
1) Virus initially comes in as an attachment - user opens attachment (relies on non tech-savy people).
2) Virus scans through "Sent Items" and sends itself to every address that has been sent an attachment in the past. Uses a subject line like "Updated [whatever]" (Tech-savy folk might forget basic precautions)
3) Virus scans through every Excel / Word /
4) Virus wipes itself out after 6 hours (most people only update their virus checker >= 24hours. Once signs of the virus have gone it will be hard to know if you have been infected and which files have been compromised)
5) FBI come and arrest me
Seriously... one has to admire the "I Love You" virus, if only for getting so many tech-savvy people to click through... But what really worries me is the viruses we haven't discovered. What if, say, Winamp has a logic bomb in it? How would any of us know until all our data was corrupted?
Re:The Perfect Virus..? (Score:5, Interesting)
At each hop in the infection, a virus could gather PayPal and other account information from the hard drive. That would be passed along in all the mailings it sends out to other machines, gathering more account info along the way. Once it travelled five hops, it would use the information to send five dollars to the account at the top of its list, remove top account, move the others up, repeat.
The social engineering aspects are huge: "Gee, my computer has been infected, but if I wait until it's infected several other computers before removing it, I could make millions!" It could even come with a reassuring EULA: "This is really legal honest! The FTA said so!"
There are privacy concerns, of course, but if it only passed on the account information required to deposit and not to withdraw money, I'm sure people would feel so much better about it. :^P
Re:The Perfect Virus..? (Score:5, Informative)
(1) Virus intially comes in as an attachment. This is a decoy, we're not going for computers owned by retards this time.
(2) Virus tests for one of the recent linux vulnerabilities. If it gets in, this indicates that we've got someone with a default unpatched install of Mandrake or whatever, who probably imagines they're immune. Plenty of time to proceed.
(3) Virus has a look through the setup files of common FTP programs to obtain website passwords, connects to website, searches for
(4) Virus uploads a set of personal data to a hidden file on that website.
(5) Virus goes through the ~/Mail folder, looking for username/password combinations mailed to the person by clueless companies such as maplin.co.uk, who email peoples' passwords in cleartext. Stores a list of all the data it's collected so far.
(6) Virus sets up a backdoor, using port-knocking so that none of the "respond to virus with portscan" tools can find it.
Re:The Perfect Virus..? (Score:3, Insightful)
When the virus sends itself out, have it send an email containing a simulated conversation between two college students planning a weekend out. Have the conversation end with the comment of sending the pics of the weekend as a slide show or something. Have one of the email addresses (visible in half the replies) be one character off the target email address.
So now our victim sees a conversation bet
Re:The Perfect Virus..? (Score:2)
Anyone in a corporate situation where documents and source code have revision/version numbers, and isn't using a source control system is asking for trouble. Any source control system would point out exactly what lines have changed in the file the next time you go to do som
A couple of years ago... (Score:5, Interesting)
Sensationalist. As usual. Thanks Australia. (Score:5, Interesting)
"You mean, there's nearly 800 new viruses a month? Wow! I'm sure glad I have my copy of '_______' to protect me from having to know what's really going on in the dark and chaotic world just beyond my telephone/cable connection! And now those terrorists are recruiting psychologists, too? To know what I think in order to get me to click on the activate-virus button? Oi, Crikey! The FEAR!!!! Somebody should bomb somebody! Somebody should take away my rights! I'm sure glad I live in Australia which has the back-bone to support our two other brothers in the Axis of Assholes; the U.S. and the U.K.!"
I also noted that the article neatly throws the whistle-blower under the umbrella of suspicion;
Marvelous. If this meme gets out, the public will then, not be allowed, to police itself. Who wants to be the target of an anti-terrorist investigation, after all?
Modern Media is a joke. It takes a conscious effort to remain calm and light-humored while reading this kind of garbage.
-FL
Re:Sensationalist. As usual. Thanks Australia. (Score:2)
This weekend I had a discussion with a market researcher (who clicked on the wrong stuff too many times) and I asked him how the most effective way to sell an AV program would be. His said press releases kee
Virus story. Yawn. Scroll. (Score:4, Insightful)
Virus story. Yawn.
Wonder how people can still defend Windows with that "it does what I want" or "it gets the job done" excuse.
Scroll.
Get on with doing what I want and getting the job done.
(posting no bonus. mod off topic if you must. just an aside.)
Re:Virus story. Yawn. Scroll. (Score:2)
I have an anti-virus program, two firewalls, and I don't open strange email attachments. So yes, Windows does what I want and gets the job done.
Alarmist Rhetoric (Score:4, Interesting)
There may have been 800 new propagating malware programs out there, but I'd be willing to bet that 797 of them were just variants of some existing code. Perhaps anti- "virus" solutions vendors need to classify them this way internally because of their detection methods, but there's no need to feign panic just because some new variant has a different string in it.
I have a problem with the term "virus", because it causes people to view these malware programs as some sort of pathogen, which most are definitely not. The malware does not change its design on its own. Most don't intentionally harm the host computer, either. If I were to classify the most prevalent new malware programs out there, my list would be rather short:
Microsoft Word Macros: Story, Titch, etc. All the same thing. A VB script that attaches itself to an MS Office document. The solution is to either limit what functions can be called from inside MS Office, or give the user a real status and config utility to see what is inside an MS Office document. It's not a "virus", it's just a macro.
Mass-Mailer "Worms": Personally, I think don't like the designation "mass-mailer", I prefer "Outlook for Microsoft Windows Design Flaw Exploiter". These little malware scripts or binaries take advantage of Windows' flawed shell execute functions in conjuction with Outlook's flawed design choice to open automatically every possible data type, instead of just plain text. Every OE malware from Mailissa to Mydoom belongs to this category. Klez could be considered a minor variant because 1) it's binary instead of a script, and 2) it carries with it additional malware programs.
RPC/DOM Worms: Code Red 1 & 2 and the Admin worm (plus all the variants) are all malware programs that effect the same vulnerability. There was another one in this list that caused so much trouble recently, but I can't remember its name.
Internet Explorer as Gateway: All of the "spyware", "adware" and malware that appears in the form of either image formats that exploit vulnerabilities and load code, or malware binaries/ActiveX controls. The latter usually take control of IE and do various naughty things.
Stupid-ware: Sometimes incorrectly called "trojans". Those messages that did not originate from Microsoft but claimed to hold important security updates. It's not a trojan if it doesn't do something useful while it's doing something bad. Just social engineering. Would you take a "cure" from some crazy bum on the street claiming to be a doctor? Oh wait, I forgot, millions of people feed the penis-enlargement spam industry by actually buying those pills.
The only category that worries me is the third, because the vulnerability wasn't obvious to me. The operation of the others is easy to understand, and also easy to avoid. When Mailissa first made an appearance, I promptly banned the use of Outlook and OE as a mail client at work. When we started to get e-mail messages (with attached malware) from the outside, I configured our web-based e-mail client to never display images and to display a warning in big red letters above links to download certain types of attachments. The author of the web-based e-mail is my kind of guy- His program doesn't render HTML, and he steadfastly refuses to make it do so. Klez still managed to get through, but I still have to update our NAT/mail server to scan and dispose of those messages (if only for the fact that they're annoying). I now consider Internet Explorer as a tool only to interf
Violation of DMCA (Score:2, Interesting)
typical clueless journalist (Score:4, Interesting)
Re:Conflict of interest.. (Score:2)
Re:Conflict of interest.. (Score:5, Interesting)
Well, the article hints at some sort of collusion between spammers and the author of MyDoom, but it seems like this would be the exception, even if it's true. The virus writers are in it for the fun, of course (not to mention revenge).
It also seems possible that the antivirus companies themselves are writing the viruses, then charging to protect users against them, but this also seems unlikely, given the police investigations that inevitably follow major virus outbreaks.
Re:Conflict of interest.. (Score:3, Insightful)
The use of infected systems for spam, web mirrors, traffic laundering, and bases for attacks on others systems has been commonplace for quite some time now not even mentioning the rampant spyware and ad placements these worms make possible.
Re:One virus, many names... (Score:2, Insightful)
Say there are only 5 AV companies.
That's 5 * 800 = 4000 names/variants per month. That's good scaremongering, and more likely to get them a sale by increasing the whole market. Gran doesn't know the two viruses on the news are the same?
Also it would probably take longer to agree on a name than dissect the virus, where the valuable minutes mean money. Companies will go to the fastest response time and spend their money there.
The benefit of a standard name is so small it won't be e