New Viruses Hit 30-Month High 252
Mz6 writes "InformationWeek reports that Sophos has analysed and protected against 959 new viruses in May, this is the highest number of new viruses discovered in a single month since December 2001. From Sophos' own TopTen list they continue on to say that the 'Sasser and Netsky worms may have captured the headlines. ...May has seen a noticeable spike in cybercriminal activity, suggesting that even the arrest of Sven Jaschan ...has done nothing to curb the problem.'"
Too bad (Score:5, Funny)
Yeah, but... (Score:5, Funny)
"Kowing is half the battle!"
On a totally unrelated note.. is it bad when you post comments to your own stories?
Re:Yeah, but... (Score:3, Informative)
This website [joeheadquarters.com] has a list of the ends of these episodes where this phrase is used.
Re:Yeah, but... (Score:2, Funny)
the other half is killing.
That's all very nice, but Sophos is 'moneyware'... (Score:2)
Re:That's all very nice, but Sophos is 'moneyware' (Score:5, Informative)
ClamAV [clamav.net], A GPL virus scanner featuring:
* command-line scanner
* fast, multi-threaded daemon
* milter interface for sendmail
* database updater with support for digital signatures
* virus scanner C library
* on-access scanning (Linux and FreeBSD)
* detection of over 20000 viruses, worms and trojans
* built-in support for RAR (2.0), Zip, Gzip, Bzip2
* built-in support for Mbox, Maildir and raw mail files
I use ClamAV on my mail server and it works pretty good.
There is also an open source windows version called ClamWin Antivirus [clamwin.com].
Re:That's all very nice, but Sophos is 'moneyware' (Score:2, Funny)
I use ClamAV on my mail server and it works pretty good.
When you think mediocrity, think ClamAV
Mediocrity! (Score:3, Interesting)
That might actually help it penetrate the corporate and academic markets.
Seriously though, the names of some OSS projects totally preclude their penetration in some markets. I asked my boss if we could put 'the GIMP' on the image for the summer, and only purchase a Photoshop seat when requested; she laughed at me and said 'no', then asked what the GIMP was.
Re:That's all very nice, but Sophos is 'moneyware' (Score:2)
Thanks, that looks excellent, just what the doctor ordered. I love slashdot, it's every bit as helpful as usenet, but faster! :-)
Re:That's all very nice, but Sophos is 'moneyware' (Score:2, Informative)
Re:Too bad (Score:2, Interesting)
Re:Too bad (Score:3, Informative)
Sophos Anti-Virus has been capable of disinfecting virus infections for years.
Re:Too bad (Score:2, Funny)
Is that like they theory that if you drink too much and don't remember, you can insist that the previous night's events never happened?
I've had nights like those...
Very sloppy...um...Sloppy.
Re: who modded parent post insightful?? (Score:2)
http://www.avast.com/i_idt_154.html
But that fact aside, the real point to antivirus software is to prevent a virus-infected piece of code from being run on a previously uninfected machine. If a scanner works properly, it will identify the malicious code BEFORE the computer gets a chance to run it and allow it to cause damage. Why is this concept "doomed" from the start?? In my experience, it's
Re:Too bad (Score:5, Interesting)
Lots of people use antivirus software for the simple purpose of scanning files introduced to their machine BEFORE they are executed, viewed, etc.
And guess what? They're not doomed. Well, technically death comes for us all, but you actually CAN use antivirus software effectively without being relegated to the realm of the imbecile.
If someone believes a single antivirus package is the be-all, end-all of virus prevention, then they're in trouble simply because they're cloaked by a false sense of security.
On the other hand, a user who is conscientious about the code run on their machine, even if the OS isn't one of the most secure, is better off scanning then not.
Of course... (Score:5, Funny)
Re:Of course... (Score:5, Interesting)
Re:Of course... (Score:2)
Re:Of course... (Score:2)
Sure it might be a bitter pill since we had a artificial high for a while and the streets seemed paved with gold and the sky was the limit, but didn't everyone know this was bound to end at some point?
Sorry but there are very few educations that guarantee you a high paying job.. Welcome to the r
Re:Of course... (Score:3, Insightful)
Re:Of course... (Score:2)
apply for jobs at fry's electronics, of course.
gawd (Score:3, Funny)
that explains the porn advertisement posts on my blog with IPs tracing back to infected machines all over the world...
damn those script kiddies.
Stopping comment spam (Score:2)
Security... (Score:5, Insightful)
Laws aren't going to stop this kind of thing, we need better solutions for security that automatically adapt and defend the end user or system they are on.
Re:Security... (Score:5, Informative)
Of course it doesn't help with email viruses or attacks from the LAN side (ie, dumb users), but it helps cut down on the worm and viruses that propagate over the web.
--
New deal processing engine online: http://www.dealsites.net/livedeals.html [dealsites.net]
Re:Security... (Score:3, Informative)
Re:Security... (Score:2)
Re:Security... (Score:4, Informative)
NAT is not a security device, it's only there to work around address limitation problems at the cost of making communication more difficult for legitimate services. What you're describing is the job of a basic firewall blocking ingres traffic.
Re:Security... (Score:3, Interesting)
Assuming you're talking SNAT, which most people are, then where would you forward the packets?
You'd have to specifically enable it so you could tell the router which one of the machines it's masquerading for gets the forwarded packets....
Re:Security... (Score:3, Insightful)
(Don't think it's possible? Remember FTP Software? TCP/IP stacks weren't at one point "part of the OS", either. They were a third-party addon. IE is an 89 Kbyte program; the rest is all "part of the OS". Popup calculators and notepads were third-party tools. So were disk defragmenters. There is no hard and fast line.)
Re:Security... (Score:2)
shell32.dll 7.85mb (5.5mb of which is pictures and AVIs)
mshtml.dll 2.66mb
shdocvw.dll 1.27mb
browseui.dll
sxs.dll 695kb
wininet.dll 574kb
shdoclc.dll 536kb
shlwapi.dll 386kb
TCP/IP has always been included with Windows NT. So has a FTP server and client. Notepad and Calculator, too.
Re:Security... (Score:5, Insightful)
This just silly. Most home users neither need, want, or are capable of administrating their own network connection. The ISP's should be doing this unless users specifically request to administer thier own connection. If we properly firewalled off hijacked machines it would cut spam and virus tremendously.
ISPs should be doing this unless (Score:2, Insightful)
And of course this still won't stop the problems, because there will still be other disease vectors besides incoming connections. So I also
Re:ISPs should be doing this unless (Score:2)
Most configuration files for DOCSIS cable modems block at least a dozen ports nowadays (inc
Re:Security... (Score:2, Interesting)
In fact didn't most of the virus in May require the user to unzip the email with a password before it ran?
My point is that we are past the access that Outlook has to the OS. We are way into the users proving they will jump through hoops to run a program from an unknown source.
Although I will admit that some of them actually were faking coming from a trusted source (your ISP) pretty well.
Re:Security... (Score:2, Informative)
Huh? Outlook has the same privileges as the user running it.
Re:Security... (Score:2)
Re:Security... (Score:4, Insightful)
Re:Security... (Score:2)
I run as root and I assure you that my web browser and email program most certainly do NOT do whatever they want.
Grandparent's point is that even if I choose to run as root (unpatched NT4 no less), there is no reason I should forfeit all my rights to some program just because I choose to run it.
HAZMAT (Score:5, Funny)
Or did a new virus hit virus tracking databases (Score:3, Funny)
Phatbot/Polybot/Gaobot/Agobot... (Score:5, Interesting)
Not everything should be released under the GPL, I'm afraid.
Re:Phatbot/Polybot/Gaobot/Agobot... (Score:3, Funny)
Re:Phatbot/Polybot/Gaobot/Agobot... (Score:4, Informative)
These Agobot variations wouldn't be a problem if half of the virus scanners in the world didn't only scan into UPX compressed [sourceforge.net] files.
The problem is, if you search google for Executale Compressors [google.com] you get a hundred more that McAfee and Norton can't see until it's too late.
Run PEID [google.com] and find a couple hundred things on your OWN executables that McAfee can't look inside.
Re:Phatbot/Polybot/Gaobot/Agobot... (Score:3, Interesting)
Gee, I wonder why? (Score:2, Insightful)
Re:Gee, I wonder why? (Score:2)
(whereas before worm writers had nothing but an assumption).
They always knew that the government and MS didn't like worms. I mean, come on.
And I'm sick of hearing people insist that it's "rebellion". What it is is lack of empathy; there's something wrong with these kids, they get pleasure from causing other people pain.
Re:Gee, I wonder why? (Score:2)
Re:Gee, I wonder why? (Score:4, Insightful)
or more to the point, if you leave your door open the thieves will come. We never learn from history. whatever we do it seems security is always an after thought. 9/11, worms, identity theft etc etc.
Re:Gee, I wonder why? (Score:2)
begging to be hacked
She was asking for it.
if you leave your door open the thieves will come
Thieves have something to gain, worm writers have nothing to gain except how their rebellious act makes them feel.
Laws are not the answer. (Score:2, Insightful)
This case is particularly clear - forget about punishing the behaviour - just fix the technical problems that allow worms and virii to exist.
There may be no I or U in TEAM, but you can make meat out one.
Re:Gee, I wonder why? (Score:2)
Re:Gee, I wonder why? (Score:2, Interesting)
Certainly it's a scary thought to think that an 18-year old kid in Germany caused billions of dollars worth of damage to the global economy without even leaving his house.
It's been said before, but I wouldn't be surprised if terrorist groups started looking into the use of worms. They're ridiculously easy to write, and they could cause a ton economic damage.
arrests won't stem the tide... (Score:5, Interesting)
May has seen a noticeable spike in cybercriminal activity, suggesting that even the arrest of Sven Jaschan ...has done nothing to curb the problem.
I doubt these arrests ever really curb the problem but instead add to it. Those that are captured get their names known world wide and are considered by many l33t hackers, although most are nothing more than script kiddies. Some (Mitnick for one) start successful security consulting businesses and become published authors afterwards.
On the other hand, the monetary rewards for turning in a virus writer might be a better deterrent. I know people that would snitch on their own mothers for a reward!
Re:arrests won't stem the tide... (Score:4, Informative)
Damn, where is that undo button?
Use it to an advantage. (Score:5, Insightful)
Re:Use it to an advantage. (Score:4, Informative)
Re:Use it to an advantage. (Score:3, Informative)
Re:Use it to an advantage. (Score:4, Interesting)
Re:Use it to an advantage. (Score:2, Insightful)
They never once stop to think that all of those random popups and the like are not supposed to be a part of the internet, and that the machine they trust is a host to 10's or 100's of malware products. They just thank God it hasnt happened
Re:Use it to an advantage. (Score:2)
And that's why the "developers on Linux kernel for desktop" don't worry about printers, video cards, network cards and audio cards. They ask the companies for the programming details on the cards, and either don't get an answer, or are refused access to the specifications. Therefore, the developers tend to focus on things that they actually have documentation on.
Perhaps if hardware vendors actually opened up to the i
Why I Believe It's Rising (Score:5, Insightful)
Anyway, my two cents.
Re:Why I Believe It's Rising (Score:5, Insightful)
It's not even that (Score:3, Funny)
Do they not track anybody other than Win32? (Score:4, Interesting)
Re:Do they not track anybody other than Win32? (Score:4, Funny)
Re:Do they not track anybody other than Win32? (Score:2)
I suspect it's probably a mix of all of them, but mostly some statistical massaging. It's also good to note that if you keep your Windows box patched, you wouldn't
Re:Do they not track anybody other than Win32? (Score:2, Informative)
Re:Do they not track anybody other than Win32? (Score:4, Funny)
Re:Do they not track anybody other than Win32? (Score:3, Insightful)
All top 10 viruses are win32 viruses because the win32 platform has the largest market share and thus the most retarded users. And that's also why you shouldn't bash win32. Linux right now has a fairly decent reputation regarding security. However, how do you think Linux would fare
Copycats and innovators (Score:5, Insightful)
What does seem to be up are "copycat" viruses--viruses that seem to be made from the new viruses. Either people are getting hold of the source to viruses, making a few modifications (to 'set their thumbprint' on them), and releasing them, or else just reverse-engineering the viruses. These "copycat" viruses do appear to be on the upswing. On the other hand, from all reports, the copycats tend to be poorly written and have flaws that either limit their spread or else limit their effectiveness.
The real innovators, though, are definitely getting better every year.
Is anyone doing that kind of analysis: rate of increase of "innovative", more dangerous viruses vs. random, garbage mods of existing ones? That would be an interesting glimpse into the state of the virus "industry".
There aren't many damaging viruses out there. (Score:3, Insightful)
I mean ones that will randomly alter numbers in Excel spreadsheets and Access databases.
At the moment, viruses are just a really huge annoyance and a means for spammers to grab more zombies.
I think the copycat viruses are because it is far easier to copy what someone else has already proven than it is to do original work. I also believe that most virus writers aren't that great at writing code. But that's just my personal opinion. The majority of "vi
funny numbers (Score:5, Interesting)
(not that I want there to be -- I'd be happy if all these sociopathic virus writers found something more productive to do, or just f****d off and died.)
Re:funny numbers (Score:2, Insightful)
Re:funny numbers (Score:2)
Re:funny numbers (Score:3, Insightful)
In any case, the _real_ issue is how many viruses have a noticeable effect, as a result of successful features, deception and propagation. The number of variants may be of interest to Symantec and the virus writers, but otherwise it's like keeping track of the number of nude bodies Beyonce's head is Photoshopped onto.
Re:funny numbers (Score:2)
Don Sven, cybercriminal (Score:5, Insightful)
"...noticeable spike in cybercriminal activity, suggesting that even the arrest of Sven Jaschan, the German teenager who has owned up to writing Sasser and Netsky has done nothing to curb the problem."
Oh right, so the arrest of Sven was going to solve the problem...? Maybe he wasn't the cybercrime boss after all..? Idiots.
Re:Don Sven, cybercriminal (Score:3, Insightful)
Yes, but... (Score:5, Funny)
How many of these affect Linux?
Oh, right.
And how is this news? Windows users expect to get hit by viruses; this is nothing new.
When Linux starts getting hit, then I'll take notice.
All those people who claim that Linux is ready for the desktop conveniently forget that it still doesn't support anywhere near the number of viruses that Windows does. A single release of Windows contains more virus enablement than all releases of Linux combined. When it comes down to it, Linux won't ever break into the desktop mainstream until Linus improves support for viruses.
Re:Yes, but... (Score:3, Insightful)
Our (linux) mailservers are being bombarded with ten of thousands of virusmails daily (double compared to 2 weeks ago) thanks to cable and DSL machines that are spewing virusmails as fast as they can.
Viruses may not target the infrastructure but they're certainly starting to affect it.
Think of it as an Internet wide DDOS attack...
X.
Re:Yes, but... (Score:2, Funny)
I wonder if virus writters know the damage they do (Score:5, Insightful)
Re:I wonder if virus writters know the damage they (Score:2, Insightful)
It would be interesting to compare the economic costs of losing the World Trade Center buildings to the economic cost of viruses and fighting them.
It could be a case of "we are at war with you and I made this virus to cost you money and productivity."
Re:I wonder if virus writters know the damage they (Score:2)
Re:I wonder if virus writters know the damage they (Score:5, Interesting)
One time, when I was bored a number of years ago (think, 10-12 years ago), I was browsing through the complete listing of viruses for the Mac that the virus scanner would catch. There were only a couple hundred at the time, and pretty much all of them were trojans.
Something that struck me was the number of political ones. A rather significant percentage were designed to spread a message. I find this interesting, because nowadays, that political element seems to be totally gone. That's not to say they didn't have destructive payloads - I recall that more often than not, they did.
I think it would be a fairly interesting study to hunt down early virus databases and compare them to ones today.
-Erwos
Re:I wonder if virus writters know the damage they (Score:2)
What damage are you talking about?
I think viruses do more to strengthen the software business than cheap powerful and unbreakable software does.
ie: Imagine someone who doesn't know a thing about computers, being able to go out and get a computer system, set it up, and have 0 problems with it. That would put 99% of I.T. businesses out of business!
Re:I wonder if virus writters know the damage they (Score:3, Funny)
How to curb the problem... (Score:5, Insightful)
I can't even estimate the number of people with whom I've dealt that have expired, disabled or even damaged anti-virus programs on their computers. Their justification is "I don't know about spending that $X/yr...I don't need it."
For those with Windows versions that have the auto update features available, I can't even estimate the number of people with whom I've dealt that have it disabled, inactive or just ignore it. Their justification is "it slows down my AOL and it keeps popping stuff up or tries to restart the PC."
It's *GREAT* for business and part of me wants to thank the virus writers, spammers and spyware folks...you're providing me with a chance to make some beer money. However, what it boils down to is SOMEONE has to educate the masses...and that someone is all of us; even if we just remind our family and close friends.
Before your little brother or sister [son or daughter] go back to college this fall, MAKE SURE THEIR PC IS SECURE. The college folk with whom I've dealt have epidemics happening on campus...the networks are so overloaded that it's difficult to even fix the machine without taking it home.
AV in XP SP2 (Score:2)
At least MS will be adding better Anti-Virus integration support for 3rd party anti-virus developers in Windows XP SP2. Article [microsoft.com]
Re:How to curb the problem... (Score:2)
> now, then why don't they include free virus
> scanning software with Windows?
Did MS include it with DOS? If I recall, there were quite a few nasty viruses that destroyed networks and businesses back in the 80s and early 90s.
> I just continue using my virus-infected
> computer until it no longer works at all,
> at which time I simply reinstall Windows.
> Works for me!!!
Exactly. That's the problem and the entire point of my post. I'm telling
Buffer overflows (Score:4, Interesting)
Just like most exploits under Unix systems.
I think we'll see less occurances of theses worms when NX-compatible processors [wikipedia.org] become common.
Like AMD64 [xbitlabs.com] processors...
Social Engineering (Score:5, Insightful)
Sasser may have generated the most complaints for lazy [and/or clueless] admins, but these mailer worms are the biggest headache for me. Unlike Sasser (we have no cases of it), the social engineering ploy is going to continue to be effective until e-mail as we know it changes. Sender authentication + SMTP would fix both spam and virus problems, unfortunately at a great cost in convenience to users. Considering that almost everyone I know receives 90 per cent spam/viruses in their inboxes every day, that inconvenience is looking more trivial every year.
Sophos, in case you've forgotten... (Score:5, Informative)
What IT Won't Admit (Score:2)
Call me a troll but... (Score:2, Informative)
Re:Call me a troll but... (Score:2)
Raging at the Machines (Score:5, Insightful)
This serves to further complicate an already complicated system, and so strange side effects are more likely to pop-up (no pun intended). Such as between badly written printer drivers and firewall software, of all things.
Foolishly, a couple weeks ago I volunteered to help a friend out with his home computer. Of course, it was practically locked up with all the crap he had on there. I re-installed it (XP Home), put on the cr. updates, got him set up with Mozilla, AdAware, Spybot S&D, and ZoneAlarm.
I even talked him into getting his family members to use a limited account on the system, to hopefully keep the system as clean as possible for as long as possible. (However, I now realize that many games and other apps don't run properly under anything but an Admin account... so what's the use of that? Growl...)
Printer was working, everything. So I handed it over to him, and a couple days later he calls me to tell me that the printer stopped working. In his effort to be helpful, he clumsily re-installed the printer drivers, but with the old version, not the new. I got it straightened out again, and after some research, discovered that his printer driver (for an HP Photosmart 7350), has some kind of funky problem with the latest version of the free Zone Alarm. But I managed a workaround to this by having him restart his printer driver service. That was yesterday.
Now, something else has happened to the printer, the goddamned thing won't print at all, and re-installing the printer drivers makes not ONE fucking difference.
So what's my point (other than the one under my hat ha-ha)?
1) We have to try to protect ourselves from all the low-lifes trying to own our systems, and in so doing, make our systems even more complicated and difficult to get them to perform the tasks we have them for in the first goddamned place.
2) No matter how much you straighten out somebody's system for them, they can balls it right up again within a short span. Only this time, it's YOUR fault. (I thought of keeping the admin password only to myself for the trial period, but as I mentioned, in order to use it for games, they have to log in as Admin. So they can change anything, install anything, and then play innocent when it breaks.)
my scifi worry is... (Score:4, Interesting)
'Bitter, disillusioned teenager (or bitter, disillusioned terrorist) whips up new version of influenza, pictures and patches at eleven. If you live on the south side of the river, however, you're as good as dead, please try X brand tylenol for all your lethal-flu-related misery.'
BTW, what would a human equivalent to 'Windows Update' look like?
What's important is HOW they infect (Score:4, Interesting)
1: Executable attached to email, either auto-infecting or using the social engineering made possible by Microsoft's "virus-friendly" File Extension Hiding. So people click on what they think is a text file attachment (where even the icon makes them think that it is a genuine text file). As I've repeatedly said before, it is time that Microsoft released a patch to completely diasble and remove this dubious feature from Windows.
Cure: Use a non-Microsoft email reader - Pegasus Mail, Thunderbird, whatever.
2: Social engineering via email. Who in their right mind would open an attached password-protected
Cure: User education.
3: Seemingly innocent HTML emails which contain an OBJECT DATA exploit.
Cure: Don't use Outlook. Use an email gateway box running MailScanner [mailscanner.info] to disarm dangerous HTML tags.
4: Worms spread via direct connect to your PC.
Cure: Proper firewalling, use application proxies and don't NAT anything to the net. This is more appropriate in a corporate environment.
5: Web pages with dangerous HTML which, by exploiting IE or Outlook Express vulnernabilities, run malware on your PC.
Cure: Use a proxy server which strips all dangerous tags; Dump Internet Explorer and use Mozilla Firefox instead.
6: You are "Protected" by Antivirus software but the virus / worm got you before the vendor's weekly update came out. (Waving to McAfee and Symantec as I write this). This is the BIGGEST change I've seen in virus behaviour this year. Since February, we've been catching viruses/worms before some of the main vendors have had updated patterns out. (thanks ClamAV and Bitdefender).
Cure: Antivirus vendors need to release patterns as soon as they've got the virus signatures tested, and not wait to see if an outbreak happens. Users need to update their virus patterns on an hourly basis, not weekly.
That'll do for starters.