Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security The Internet

New Viruses Hit 30-Month High 252

Mz6 writes "InformationWeek reports that Sophos has analysed and protected against 959 new viruses in May, this is the highest number of new viruses discovered in a single month since December 2001. From Sophos' own TopTen list they continue on to say that the 'Sasser and Netsky worms may have captured the headlines. ...May has seen a noticeable spike in cybercriminal activity, suggesting that even the arrest of Sven Jaschan ...has done nothing to curb the problem.'"
This discussion has been archived. No new comments can be posted.

New Viruses Hit 30-Month High

Comments Filter:
  • Too bad (Score:5, Funny)

    by frankmanowar ( 583879 ) <frankmanowar&yahoo,com> on Thursday June 03, 2004 @08:12PM (#9330987) Homepage
    That Sophos antivirus has the somewhat incredible problem of not being able to remove and clean viruses on an infected host... but hey, at least we know they're there.
    • by Mz6 ( 741941 ) * on Thursday June 03, 2004 @08:13PM (#9330992) Journal
      as was stated in many after school specials back in my day...

      "Kowing is half the battle!"

      On a totally unrelated note.. is it bad when you post comments to your own stories?

    • ... is there, for example, a 'free' and/or 'free' antivirus tool that will run on *BSD and scan filesystems for PC/Windows virii? .
      • by docbrazen ( 785392 ) on Thursday June 03, 2004 @09:18PM (#9331384)
        You could try:

        ClamAV [clamav.net], A GPL virus scanner featuring:
        * command-line scanner
        * fast, multi-threaded daemon
        * milter interface for sendmail
        * database updater with support for digital signatures
        * virus scanner C library
        * on-access scanning (Linux and FreeBSD)
        * detection of over 20000 viruses, worms and trojans
        * built-in support for RAR (2.0), Zip, Gzip, Bzip2
        * built-in support for Mbox, Maildir and raw mail files

        I use ClamAV on my mail server and it works pretty good.

        There is also an open source windows version called ClamWin Antivirus [clamwin.com].
    • Re:Too bad (Score:2, Interesting)

      by docbrazen ( 785392 )
      Other anti-virus programs, like the open source ClamAV [clamav.net], can not disinfect files. According to them: "cleaning viruses from files is virtually pointless these days. It is very seldom that there is anything useful left after cleaning, and even if there is, would you trust it?"
    • Re:Too bad (Score:3, Informative)

      by ThePilgrim ( 456341 )
      I think your information is seriously out of date.
      Sophos Anti-Virus has been capable of disinfecting virus infections for years.
  • by Anonymous Coward on Thursday June 03, 2004 @08:14PM (#9330994)
    ... the school semester ends in May. What are all those CS graduates supposed to do in between being rejected for an interview and filling in a McDonald's application!
    • Re:Of course... (Score:5, Interesting)

      by Kithraya ( 34530 ) on Thursday June 03, 2004 @08:39PM (#9331156)
      Your comment sort of does make me think about how many of these new threats/problems are being produced simply because some CS graduate is having a hard time finding that $100,000 a year job and is looking to stick it to the society that fooled him into banking his future on IT...?
      • Well, at least one. Don't ask me how I know that.
      • Oh c'mon a little bit of a reality check here please! Sure IT people are having a hard time finding work, but in the current economic climate they are certainly not the only skilled professionals looking for a job!

        Sure it might be a bitter pill since we had a artificial high for a while and the streets seemed paved with gold and the sky was the limit, but didn't everyone know this was bound to end at some point?

        Sorry but there are very few educations that guarantee you a high paying job.. Welcome to the r
      • Re:Of course... (Score:3, Insightful)

        by Lshmael ( 603746 )
        Since so many new viruses, worms, and other examples of malware are being created by university graduates, instead of lonely immature teenagers, right?
    • What are all those CS graduates supposed to do in between being rejected for an interview and filling in a McDonald's application!

      apply for jobs at fry's electronics, of course.
  • gawd (Score:3, Funny)

    by abscondment ( 672321 ) on Thursday June 03, 2004 @08:14PM (#9330997) Homepage

    that explains the porn advertisement posts on my blog with IPs tracing back to infected machines all over the world...

    damn those script kiddies.

  • Security... (Score:5, Insightful)

    by case_igl ( 103589 ) on Thursday June 03, 2004 @08:15PM (#9331005) Homepage
    This is why security at the operating system layer is so important. How many homes and businesses are broken in to every day worldwide? Tens of thousands, I am sure. Computer crime will escalate in the future, to the point that virus software will probably barely be able to keep up.

    Laws aren't going to stop this kind of thing, we need better solutions for security that automatically adapt and defend the end user or system they are on.
    • Re:Security... (Score:5, Informative)

      by dealsites ( 746817 ) on Thursday June 03, 2004 @08:27PM (#9331088) Homepage
      Security at the hardware layer is definately important, but don't under-estimate the power of a cheap NAT router. If if you don't need one, it will still keep out many of the IP port scans and vulnerabilities. I have a linksys with logging enabled, and it's amazing to watch the port scan in real time. I'm sure most of them are from script kiddies, or people that have compromised machines. But it sure does the job. NAT routers can be picked up for next to nothing these days.

      Of course it doesn't help with email viruses or attacks from the LAN side (ie, dumb users), but it helps cut down on the worm and viruses that propagate over the web.

      New deal processing engine online: http://www.dealsites.net/livedeals.html [dealsites.net]
      • Re:Security... (Score:3, Informative)

        by PacoTaco ( 577292 )
        A simple NAT device also allows you to download security patches for fresh OS installs without getting infected in the process. This is especially handy for unsophisticated users who would have trouble making a patch CD.
      • Security at the hardware level.. such as TCPA/Palladium? That'd be great for corporations that want to lock down systems.
      • Re:Security... (Score:4, Informative)

        by pHDNgell ( 410691 ) on Thursday June 03, 2004 @10:04PM (#9331587)
        Security at the hardware layer is definately important, but don't under-estimate the power of a cheap NAT router.

        NAT is not a security device, it's only there to work around address limitation problems at the cost of making communication more difficult for legitimate services. What you're describing is the job of a basic firewall blocking ingres traffic.
    • Re:Security... (Score:3, Insightful)

      by Anonymous Coward
      So, are you going to be the first one in line to scream "Monopoly abuse!" when Microsoft bundles anti-virus software with Windows and puts MacAfee and Symantec out of business?

      (Don't think it's possible? Remember FTP Software? TCP/IP stacks weren't at one point "part of the OS", either. They were a third-party addon. IE is an 89 Kbyte program; the rest is all "part of the OS". Popup calculators and notepads were third-party tools. So were disk defragmenters. There is no hard and fast line.)
      • Internet Explorer. The only thing it is integrated with is the shell (ie explorer). Process Explorer [sysinternals.com] tells me that Internet Explorer is acutally implemented mostly in (on xpsp1)
        shell32.dll 7.85mb (5.5mb of which is pictures and AVIs)
        mshtml.dll 2.66mb
        shdocvw.dll 1.27mb
        browseui.dll .97mb
        sxs.dll 695kb
        wininet.dll 574kb
        shdoclc.dll 536kb
        shlwapi.dll 386kb

        TCP/IP has always been included with Windows NT. So has a FTP server and client. Notepad and Calculator, too.
    • Re:Security... (Score:5, Insightful)

      by pavon ( 30274 ) on Thursday June 03, 2004 @08:37PM (#9331146)
      Security at every layer is important because none of them will every be perfect. For example, there is an entire industry centered around properly securing networks, and it takes people years to become proficient at it. Yet we still give nearly all home users a raw connection to the internet, expecting them to do the job of a network administrator with no training or even an indication that they are even lacking in knowledge.

      This just silly. Most home users neither need, want, or are capable of administrating their own network connection. The ISP's should be doing this unless users specifically request to administer thier own connection. If we properly firewalled off hijacked machines it would cut spam and virus tremendously.
      • Unfortunately most ISPs don't qualify as much more knowledgable than most users. Therefore they'd find a cheap solution and deploy it. Period. I'm waiting fearfully for Cisco or somebody to introduce a cheap/powerful enough router or some piece of head-end gear that the ISPs will just turn on stateful packet filtering across the board, and deny all incoming connections.

        And of course this still won't stop the problems, because there will still be other disease vectors besides incoming connections. So I also
        • At least in terms of cable modem networks, the equipment is already there. In the last few years, there's been some steady advances in the silicon (Broadcom's cable modem and CMTS chips have added quite a few new features, which frees up software processing) of both cable modems and the CMTS. And, to top it off, most of the filtering is done on the individual cable modem side, which puts less load on the head-ends.

          Most configuration files for DOCSIS cable modems block at least a dozen ports nowadays (inc
  • HAZMAT (Score:5, Funny)

    by chaffed ( 672859 ) on Thursday June 03, 2004 @08:15PM (#9331007) Homepage
    I'm investing in a hazmat licence with all the infections I see on enduser computers.
  • by seanscottrogers ( 565312 ) on Thursday June 03, 2004 @08:17PM (#9331023)
    to boost virus levels 30 months ago to never before seen heights.
  • by mythosaz ( 572040 ) on Thursday June 03, 2004 @08:20PM (#9331047)
    The release of the Phatbot source made most of this possible. Agobot had over a thousand variants because any kid with GCC could change half a dozen strings, pick a new list of tasks to kill, pick a new IRC server to report back to for 'pwn3rship' and then pack the thing up with the executable compressor of his choice.

    Not everything should be released under the GPL, I'm afraid.
    • Not everything should be released under the GPL, I'm afraid.
      Why not? When we catch these guys, we can go after them for copyright and GPL violations for not distributing the source of their derivative works.
      • by mythosaz ( 572040 ) on Thursday June 03, 2004 @09:10PM (#9331336)
        I'm going to hope that violating the GPL copy[direction] rules is going to be the least of their problems.

        These Agobot variations wouldn't be a problem if half of the virus scanners in the world didn't only scan into UPX compressed [sourceforge.net] files.

        The problem is, if you search google for Executale Compressors [google.com] you get a hundred more that McAfee and Norton can't see until it's too late.

        Run PEID [google.com] and find a couple hundred things on your OWN executables that McAfee can't look inside.

        • I am sort of surprised to hear that this is still a problem. I was working at an anti-virus company before and they had a pretty convincing way of dealing with it: 1.) you check for the "compressed" property (not so difficult since most put in their signatures) 2.) decompress it with your specialized routine or use a 386 emulator to do it - slow, but effective, and you need it anyway to weed out those polymorph viruses...
  • Gee, I wonder why? (Score:2, Insightful)

    by QuantumG ( 50515 )
    Isn't it freakin' obvious that computer viruses are written by rebellious and outcast youth who (like most youths) consider themselves invincible? Anyone with the slightest incling of the rebellious mind will recognise that arresting someone for an act will encourage others to commit the same act. German kids used to consider it "kinda wrong" to write and release worms, now the government has gone ahead re-enforced the wrongness of that act. The fact that Microsoft ponied up a cash reward just broadcasts
    • Uhhhh...what?

      (whereas before worm writers had nothing but an assumption).

      They always knew that the government and MS didn't like worms. I mean, come on.

      And I'm sick of hearing people insist that it's "rebellion". What it is is lack of empathy; there's something wrong with these kids, they get pleasure from causing other people pain.
      • ummm no. Microsoft likes money and as much as people whine and complain about worms and viruses, there really aint too many people who blame Microsoft for these things so much so as to not buy their product. Trueth be told, Microsoft hasn't put up a reward because they hate worms and viruses, they've put up a reward because it's a cheap way to show that they're doing something about the security of their products. But the worm writers don't see it that way. They honestly think they've gotten under Bill
    • by js3 ( 319268 ) on Thursday June 03, 2004 @08:50PM (#9331216)
      Rebellion? wtf. It's sad that every stupid thing youths do is blamed on rebellion. The only reason worm writers and script kiddies exist is because there are millions of computers hooked to the net with no protection at all just begging to be hacked.

      or more to the point, if you leave your door open the thieves will come. We never learn from history. whatever we do it seems security is always an after thought. 9/11, worms, identity theft etc etc.
      • begging to be hacked

        She was asking for it.

        if you leave your door open the thieves will come

        Thieves have something to gain, worm writers have nothing to gain except how their rebellious act makes them feel.

    • by Anonymous Coward
      Laws stop very few crimes.

      This case is particularly clear - forget about punishing the behaviour - just fix the technical problems that allow worms and virii to exist.

      There may be no I or U in TEAM, but you can make meat out one.

    • IMHO they're written by anti-virus software companies. I'm sure that like any other business, they'd do anything to protect theirs.
    • by XryanX ( 775412 )
      Great point indeed. If I had mod points, I'd surely bump you up.

      Certainly it's a scary thought to think that an 18-year old kid in Germany caused billions of dollars worth of damage to the global economy without even leaving his house.

      It's been said before, but I wouldn't be surprised if terrorist groups started looking into the use of worms. They're ridiculously easy to write, and they could cause a ton economic damage.
  • by agwis ( 690872 ) on Thursday June 03, 2004 @08:20PM (#9331051)

    May has seen a noticeable spike in cybercriminal activity, suggesting that even the arrest of Sven Jaschan ...has done nothing to curb the problem.

    I doubt these arrests ever really curb the problem but instead add to it. Those that are captured get their names known world wide and are considered by many l33t hackers, although most are nothing more than script kiddies. Some (Mitnick for one) start successful security consulting businesses and become published authors afterwards.

    On the other hand, the monetary rewards for turning in a virus writer might be a better deterrent. I know people that would snitch on their own mothers for a reward!

  • by jellomizer ( 103300 ) * on Thursday June 03, 2004 @08:20PM (#9331052)
    With all these viruses out there you should use this as an advantage to show people Linux or at least install Mozilla on their system so they wont open as many possible viruses in the future. Right now I bet there is a record number of people who are sick of using their computer right now. So it is you chance to be the savior and show them linux (Just the simple stuff web browsing, word processing, Printing, playing MP3) if they are sick enough of windows they will let you give linux a try. If they won't then at least see if they are willing to run Mozilla instead of IE.
    • by Kris_J ( 10111 ) * on Thursday June 03, 2004 @08:30PM (#9331105) Homepage Journal
      I've been suggesting Mozilla as the answer to IE-hijacking [ad/spy]ware. Works every time. I also recommend Eudora as the answer to Outlook-exploiting viruses, but patching Outlook works just as well.
    • Unfortunatly most windows user dont know the difference. They know viruses are bad, and bad people create them. They think "BAD Ole people!". And then applaud Microsoft for their newfound interest in security and for offering rewards for the betrayal of the BAD,BAD people.
      They never once stop to think that all of those random popups and the like are not supposed to be a part of the internet, and that the machine they trust is a host to 10's or 100's of malware products. They just thank God it hasnt happened
  • by seanmcelroy ( 207852 ) on Thursday June 03, 2004 @08:21PM (#9331057) Homepage Journal
    Of course the sheer number of computers out there and various OS flaws makes for more virus targets, but as for actual viruses, I attribute this to more people just know how to code. Coding has steadily become something with a large 'entry learning cost', to something many more people could do. Whether intentional or not, the average joe is becoming more exposed to the methodology of writing functional pieces of code through macros, application-specific scripts, etc. And as more jobs are offshored and people in other countries learn and become proficient at it, it's as simple as with a larger base of people knowing how to write code, and a constant ratio of all people with bad intentions, it will just keep increasing.

    Anyway, my two cents.
    • by jellomizer ( 103300 ) * on Thursday June 03, 2004 @08:30PM (#9331100)
      Well unfortunately Microsoft made it really easy to make viruses. Back in the old days any virus that would do any real wide damage was made in assembly. Infected .EXE or .COM files and they did their thing then ran the rest of the program normally more or less. This took real skill to make a virus that would alter the code of the program and still run the application itself. Now any smuck can make a virus. Wait for a security release by Microsoft or check some hackers websites until you see a hole that you can exploit. Then make a server side program that copies itself to an other system using the same problem. No tricky coding no knowledge of the underlining architecture is involved. So back in the old days a virus writer was scum but at least he was respected for his intelligence. Now the modern virus writer is scum who is doesn't deserver any respect because what he is doing isn't that hard, an intro programming class could teach him the skills to do that.
      • Most viruses, like Bagel and Netsky, spread via user stupidity. They e-mail themselves to everyone on your list, and then people open them, and infect themsleves, etc. The exploit viruses are far rarer.
  • All of their top ten are W32 viruses. This isn't surprising at all- but my question is, is it because of W32 being an inherantly insecure platform (which it certainly IS) or is it because Sophos doesn't track anything else?
    • by Anonymous Coward on Thursday June 03, 2004 @08:36PM (#9331143)
      Give it time! 64 bit Windows isn't even widely available yet. Sheesh!
    • I'm intrigued to find out how they collect their 'reports' of viruses. Namely:
      1. How do they get their information, from human sources, software phoning home or guesswork?
      2. What constitutes a 'virus'? Is it a compromised machine, a hit machine (but not infected) or what?
      3. If it's compromised machines, how do they count machines without AV protection?

      I suspect it's probably a mix of all of them, but mostly some statistical massaging. It's also good to note that if you keep your Windows box patched, you wouldn't

      • Every virus software I've ever used, about 7 different products, phoned home. Either when updates are being downloaded or when a virus is removed. Every AV program keeps logs, and sends them away back home. Read your license next time you install it, you apparently give them permission to do this. Then out of these numbers they use some simple statistics to figure out the totals.
    • by Lehk228 ( 705449 ) on Thursday June 03, 2004 @09:05PM (#9331304) Journal
      no, W32/ is a standard prefix for virus names, it just exists so you know it is a virus name
    • All of their top ten are W32 viruses. This isn't surprising at all- but my question is, is it because of W32 being an inherantly insecure platform (which it certainly IS) or is it because Sophos doesn't track anything else?

      All top 10 viruses are win32 viruses because the win32 platform has the largest market share and thus the most retarded users. And that's also why you shouldn't bash win32. Linux right now has a fairly decent reputation regarding security. However, how do you think Linux would fare

  • by leshert ( 40509 ) on Thursday June 03, 2004 @08:24PM (#9331076) Homepage
    Based on the last few analyses I've seen, it appears that occurrences of real "new" viruses, meaning ones made from whole cloth that "advance the state of the art", as it were, haven't really been up that much.

    What does seem to be up are "copycat" viruses--viruses that seem to be made from the new viruses. Either people are getting hold of the source to viruses, making a few modifications (to 'set their thumbprint' on them), and releasing them, or else just reverse-engineering the viruses. These "copycat" viruses do appear to be on the upswing. On the other hand, from all reports, the copycats tend to be poorly written and have flaws that either limit their spread or else limit their effectiveness.

    The real innovators, though, are definitely getting better every year.

    Is anyone doing that kind of analysis: rate of increase of "innovative", more dangerous viruses vs. random, garbage mods of existing ones? That would be an interesting glimpse into the state of the virus "industry".

    • And I don't mean "will instantly wipe your hard drive".

      I mean ones that will randomly alter numbers in Excel spreadsheets and Access databases.

      At the moment, viruses are just a really huge annoyance and a means for spammers to grab more zombies.

      I think the copycat viruses are because it is far easier to copy what someone else has already proven than it is to do original work. I also believe that most virus writers aren't that great at writing code. But that's just my personal opinion. The majority of "vi
  • funny numbers (Score:5, Interesting)

    by pedantic bore ( 740196 ) on Thursday June 03, 2004 @08:25PM (#9331079)
    It turns out that of the top 10, six are netsky variants. Makes you wonder whether they're counting the number of new viruses, or the number of variations (or bit patterns). It's hard to believe that there were really 959 new viruses in one month. Actually almost all of these viruses seem to be rehashes of the same old ideas, just a few new bells and whistles. Not that much innovation from what I can see.

    (not that I want there to be -- I'd be happy if all these sociopathic virus writers found something more productive to do, or just f****d off and died.)

    • Re:funny numbers (Score:2, Insightful)

      by jellomizer ( 103300 ) *
      In a world of 6 billion people. You find it hard that 1000 of them will make a virus. Heck that is 0.00001.66% of the worlds population. I am actually surprised that the numbers are that low. I guess most people try to do the write thing. Or most people who would the real jerks and make and release a virus are to lazy to do it.
    • What I find funny is that Sophos - in all their infinite wisdom - seem to be struggling to understand that arresting one Sven Jaschan hasn't made a dent in the 959 viruses that appeared. Strange that... when you consider that at most he accounted for 35 or so of them (Sasser and Netsky variants), leaving the other 924 or so for the rest of the world to write...
    • Re:funny numbers (Score:3, Insightful)

      by Otter ( 3800 )
      Makes you wonder whether they're counting the number of new viruses, or the number of variations (or bit patterns).

      In any case, the _real_ issue is how many viruses have a noticeable effect, as a result of successful features, deception and propagation. The number of variants may be of interest to Symantec and the virus writers, but otherwise it's like keeping track of the number of nude bodies Beyonce's head is Photoshopped onto.

  • by Slashcrunch ( 626325 ) on Thursday June 03, 2004 @08:30PM (#9331108) Homepage
    What a joke!

    "...noticeable spike in cybercriminal activity, suggesting that even the arrest of Sven Jaschan, the German teenager who has owned up to writing Sasser and Netsky has done nothing to curb the problem."

    Oh right, so the arrest of Sven was going to solve the problem...? Maybe he wasn't the cybercrime boss after all..? Idiots.
  • Yes, but... (Score:5, Funny)

    by gillbates ( 106458 ) on Thursday June 03, 2004 @08:41PM (#9331166) Homepage Journal

    How many of these affect Linux?

    Oh, right.

    And how is this news? Windows users expect to get hit by viruses; this is nothing new.

    When Linux starts getting hit, then I'll take notice.

    All those people who claim that Linux is ready for the desktop conveniently forget that it still doesn't support anywhere near the number of viruses that Windows does. A single release of Windows contains more virus enablement than all releases of Linux combined. When it comes down to it, Linux won't ever break into the desktop mainstream until Linus improves support for viruses.

    • Re:Yes, but... (Score:3, Insightful)

      by Xenna ( 37238 )
      Linux *is* getting hit, the Internet *is getting hit.

      Our (linux) mailservers are being bombarded with ten of thousands of virusmails daily (double compared to 2 weeks ago) thanks to cable and DSL machines that are spewing virusmails as fast as they can.

      Viruses may not target the infrastructure but they're certainly starting to affect it.

      Think of it as an Internet wide DDOS attack...

  • by jellomizer ( 103300 ) * on Thursday June 03, 2004 @08:43PM (#9331184)
    I am sure most of them see it as a joke or some political statement. But the political statement is pretty lame because no one knows what your angry about, "I Made this virus to protest the war?", "I made this virus to protest the the treatment of X", "I Made this virus because I dont like X company". When you get a virus it doesn't seem to spur the ideas that the virus writer wanted to portray.
    • Nobody seems to be bringing up the possibility that the rise in viruses could be attempts at economic warfare. There are a lot of people disgruntled with the US and the West and some of them are probably good programmers.

      It would be interesting to compare the economic costs of losing the World Trade Center buildings to the economic cost of viruses and fighting them.

      It could be a case of "we are at war with you and I made this virus to cost you money and productivity."
    • If i was going to write a virus, it would be an oldschool virus, and would display a skull on the screen with "Fuck the RIAA" scrolling across the screen, then remove itself.
      • by Erwos ( 553607 ) on Friday June 04, 2004 @12:32AM (#9332306)
        At the risk of sounding like a bigger loser than I really am:

        One time, when I was bored a number of years ago (think, 10-12 years ago), I was browsing through the complete listing of viruses for the Mac that the virus scanner would catch. There were only a couple hundred at the time, and pretty much all of them were trojans.

        Something that struck me was the number of political ones. A rather significant percentage were designed to spread a message. I find this interesting, because nowadays, that political element seems to be totally gone. That's not to say they didn't have destructive payloads - I recall that more often than not, they did.

        I think it would be a fairly interesting study to hunt down early virus databases and compare them to ones today.

    • I wonder if virus writters know the damage they do...

      What damage are you talking about?

      I think viruses do more to strengthen the software business than cheap powerful and unbreakable software does.

      ie: Imagine someone who doesn't know a thing about computers, being able to go out and get a computer system, set it up, and have 0 problems with it. That would put 99% of I.T. businesses out of business!
  • by SamMichaels ( 213605 ) on Thursday June 03, 2004 @08:51PM (#9331226)
    Say this with me: EDUCATE THE PERSON.

    I can't even estimate the number of people with whom I've dealt that have expired, disabled or even damaged anti-virus programs on their computers. Their justification is "I don't know about spending that $X/yr...I don't need it."

    For those with Windows versions that have the auto update features available, I can't even estimate the number of people with whom I've dealt that have it disabled, inactive or just ignore it. Their justification is "it slows down my AOL and it keeps popping stuff up or tries to restart the PC."

    It's *GREAT* for business and part of me wants to thank the virus writers, spammers and spyware folks...you're providing me with a chance to make some beer money. However, what it boils down to is SOMEONE has to educate the masses...and that someone is all of us; even if we just remind our family and close friends.

    Before your little brother or sister [son or daughter] go back to college this fall, MAKE SURE THEIR PC IS SECURE. The college folk with whom I've dealt have epidemics happening on campus...the networks are so overloaded that it's difficult to even fix the machine without taking it home.
  • Buffer overflows (Score:4, Interesting)

    by fungus ( 37425 ) on Thursday June 03, 2004 @09:04PM (#9331294)
    Most of these worms exploit buffer overflows.

    Just like most exploits under Unix systems.

    I think we'll see less occurances of theses worms when NX-compatible processors [wikipedia.org] become common.

    Like AMD64 [xbitlabs.com] processors...

  • Social Engineering (Score:5, Insightful)

    by ThisIsFred ( 705426 ) on Thursday June 03, 2004 @09:24PM (#9331417) Journal
    I'd say that social engineering worms are superior to every other type of malware, no matter how elegantly written past viruses/worms may have been. Why bother with rewriting partition tables, privilege elevation exploits, or VB scripts that take over Outlook, when the user will willingly run the code based on a one sentence message from some stranger? If you had told me this 10 years ago, I would have laughed at the prospect that gullibility and ease-of-use would be the two greatest threats to computer security. Amazing.

    Sasser may have generated the most complaints for lazy [and/or clueless] admins, but these mailer worms are the biggest headache for me. Unlike Sasser (we have no cases of it), the social engineering ploy is going to continue to be effective until e-mail as we know it changes. Sender authentication + SMTP would fix both spam and virus problems, unfortunately at a great cost in convenience to users. Considering that almost everyone I know receives 90 per cent spam/viruses in their inboxes every day, that inconvenience is looking more trivial every year.
  • by gumpish ( 682245 ) on Thursday June 03, 2004 @09:48PM (#9331520) Journal
    Sophos, in case you've forgotten, are the same bunch of asshats who asserted to the media that Linux advocates were responsible for the MyDoom worm [sophos.com].
  • We all know it, but in some environments, virus and spam crap keeps some ITs in their jobs. So as much as we curse spam and virus authors, it does keep getting us our paycheck time and time again.
  • by azav ( 469988 )
    Get a mac, even a used one, and you won't have to worry about this crap.

  • by Esion Modnar ( 632431 ) on Thursday June 03, 2004 @11:20PM (#9331952)
    Speaking of viruses, etc. It seems that in an incredibly noisome network environment of viruses, spyware, malicious toolbars, the prudent computer user/administrator has to load up his computer with antivirus programs, adware removers/blockers , firewall software, etc.

    This serves to further complicate an already complicated system, and so strange side effects are more likely to pop-up (no pun intended). Such as between badly written printer drivers and firewall software, of all things.

    Foolishly, a couple weeks ago I volunteered to help a friend out with his home computer. Of course, it was practically locked up with all the crap he had on there. I re-installed it (XP Home), put on the cr. updates, got him set up with Mozilla, AdAware, Spybot S&D, and ZoneAlarm.

    I even talked him into getting his family members to use a limited account on the system, to hopefully keep the system as clean as possible for as long as possible. (However, I now realize that many games and other apps don't run properly under anything but an Admin account... so what's the use of that? Growl...)

    Printer was working, everything. So I handed it over to him, and a couple days later he calls me to tell me that the printer stopped working. In his effort to be helpful, he clumsily re-installed the printer drivers, but with the old version, not the new. I got it straightened out again, and after some research, discovered that his printer driver (for an HP Photosmart 7350), has some kind of funky problem with the latest version of the free Zone Alarm. But I managed a workaround to this by having him restart his printer driver service. That was yesterday.

    Now, something else has happened to the printer, the goddamned thing won't print at all, and re-installing the printer drivers makes not ONE fucking difference.

    So what's my point (other than the one under my hat ha-ha)?

    1) We have to try to protect ourselves from all the low-lifes trying to own our systems, and in so doing, make our systems even more complicated and difficult to get them to perform the tasks we have them for in the first goddamned place.

    2) No matter how much you straighten out somebody's system for them, they can balls it right up again within a short span. Only this time, it's YOUR fault. (I thought of keeping the admin password only to myself for the trial period, but as I mentioned, in order to use it for games, they have to log in as Admin. So they can change anything, install anything, and then play innocent when it breaks.)

  • my scifi worry is... (Score:4, Interesting)

    by Snafoo ( 38566 ) on Friday June 04, 2004 @12:17AM (#9332240) Homepage
    that once biotech takes off we'll see the same explosion in human virii that we currently see in their digital cognates.

    'Bitter, disillusioned teenager (or bitter, disillusioned terrorist) whips up new version of influenza, pictures and patches at eleven. If you live on the south side of the river, however, you're as good as dead, please try X brand tylenol for all your lethal-flu-related misery.'

    BTW, what would a human equivalent to 'Windows Update' look like?
  • by prandal ( 87280 ) on Friday June 04, 2004 @05:12AM (#9333080)
    There are several infection vectors used by the current round of viruses. I'm assuming that even fully patched versions of Windows, Outlook Express, and Internet Explorer are vulnerable to security exploits (they are).

    1: Executable attached to email, either auto-infecting or using the social engineering made possible by Microsoft's "virus-friendly" File Extension Hiding. So people click on what they think is a text file attachment (where even the icon makes them think that it is a genuine text file). As I've repeatedly said before, it is time that Microsoft released a patch to completely diasble and remove this dubious feature from Windows.

    Cure: Use a non-Microsoft email reader - Pegasus Mail, Thunderbird, whatever.

    2: Social engineering via email. Who in their right mind would open an attached password-protected .zip file where the password was given in the email body?

    Cure: User education.

    3: Seemingly innocent HTML emails which contain an OBJECT DATA exploit.

    Cure: Don't use Outlook. Use an email gateway box running MailScanner [mailscanner.info] to disarm dangerous HTML tags.

    4: Worms spread via direct connect to your PC.

    Cure: Proper firewalling, use application proxies and don't NAT anything to the net. This is more appropriate in a corporate environment.

    5: Web pages with dangerous HTML which, by exploiting IE or Outlook Express vulnernabilities, run malware on your PC.

    Cure: Use a proxy server which strips all dangerous tags; Dump Internet Explorer and use Mozilla Firefox instead.

    6: You are "Protected" by Antivirus software but the virus / worm got you before the vendor's weekly update came out. (Waving to McAfee and Symantec as I write this). This is the BIGGEST change I've seen in virus behaviour this year. Since February, we've been catching viruses/worms before some of the main vendors have had updated patterns out. (thanks ClamAV and Bitdefender).

    Cure: Antivirus vendors need to release patterns as soon as they've got the virus signatures tested, and not wait to see if an outbreak happens. Users need to update their virus patterns on an hourly basis, not weekly.

    That'll do for starters.

"For a male and female to live continuously together is... biologically speaking, an extremely unnatural condition." -- Robert Briffault