Computer Viruses Broke 100,000 In 2004 214
Sammy at Palm Addict writes "The count of known computer viruses broke the 100,000 barrier in 2004 and the number of new viruses grew by more than 50% according to news from the BBC. The BBC also reports that 'phishing attempts, in which conmen try to trick people into handing over confidential data, are recording growth rates of more than 30% with attacks are becoming increasingly sophisticated.'"
Easy enough (Score:3, Informative)
my confidential data (Score:5, Funny)
Re:my confidential data (Score:2)
Wow, not even I can get my own confidential data from my frozen Windows OS... stupid computer.
Re:my confidential data (Score:2)
Nerd (Score:2, Insightful)
Computer viruses? (Score:2)
Shouldn't these be called 'Windows viruses'? It's not clear what their count entails, but the viruses listed seem to all be Windows-centric.
And no, this is not a troll--I use Windows, too. But this language reinforces the idea that the problem is with any and all computers, which hinders adoption of alternatives. (C.f. the growth in non-IE browsers once the problems with IE were understood by more people.)
Re:Computer viruses? (Score:2)
I believe they are trying to say that the viruses that they are talking about in the article are indeed "Windows Viruses"
Re:Computer viruses? (Score:2)
I believe they are trying to say that the viruses that they are talking about in the article are indeed "Windows Viruses"
Indeed they are. I was looking for an 'except linux/OSX/etc' paragraph and missed the 'we're talking about Windows' one. It's the /. story that perpetuates the 'computer virus' language, not the article. Go figure.
Re:my confidential data (Score:2)
Then, I go through all of the HTML and JavaScript code, figure out exactly who's behind it, and notify each and every one of their ISP and/or upstream providers. Whee! Bye-bye Phish!
Quoth Strongbad (Score:3, Funny)
Computer Over (Score:2)
Re:Computer Over (Score:2)
When will it stop? (Score:1, Funny)
Could we have a distinction here? (Score:5, Insightful)
Re:Could we have a distinction here? (Score:1)
Re:Could we have a distinction here? (Score:2)
"Virii" is slang, just like "boxen." There's nothing wrong with using slang in certain contexts, however, and /. is certainly one of them. Elitism too often leads to downfall.
Re:Could we have a distinction here? (Score:2, Interesting)
Try to compare apples to apples...
Divide the # of viruses by the user base of the affected platform, see who is ahead at that point. I have no idea, my guess is it's probably fairly even, probably just a little slanted in favor of Linux.
Re:Could we have a distinction here? (Score:1, Insightful)
Re:Could we have a distinction here? (Score:3, Interesting)
Viruses don't need to do anything tricky to propagate, they're just programs that people run. If I want to make a virus, why the hell would I do X amount of work to make it run on Linux when I could expend the same amount of effort to make it run on Windows? Just by switching I can increase my target base by a huge amount.
Exploits are different, they are based on actual softw
Re:Could we have a distinction here? (Score:2)
As far as I know, (and I'm no expert) the PHP exploits are mainly caused by SQL and mod_php vulnerabilities, not necessarily the core server. Of course, if security is an issue, you may have to sacrifice a little performance by choosing an MPM such as Prefork instead of Worker to avoid unchecked buffer exploits taking advantage of the whole server, not just an individual thread.
Re:Could we have a distinction here? (Score:2)
Re:Could we have a distinction here? (Score:5, Interesting)
Try to compare apples to apples...
Divide the # of viruses by the user base of the affected platform, see who is ahead at that point. I have no idea, my guess is it's probably fairly even, probably just a little slanted in favor of Linux.
Last I heard, there were something like 100 known Linux viruses, and 20 known Mac OS X viruses. Assume the current desktop market share is 3-5% each for Linux and Mac, and Windows still comes out "ahead" by quite a large margin. On the server side, of course, things look even worse for Windows.
Re:Could we have a distinction here? (Score:2)
Last I heard, there were something like 100 known Linux viruses, and 20 known Mac OS X viruses.
Where did you hear that? My count is 3 trojans and no worms or viruses for MacOS X. 530 and worms and viruses (mostly slapper variants) for Linux and innumerable trojans.
What MacOS X viruses exist? I don't even know of any proof of concepts.
Re:Could we have a distinction here? (Score:2)
If desktop market share (ms) is around 5% as suggested in one of the GPs, there are about 10x as many infections per virus on a Windows system as there are on Linux. If it's closer to 10% ms (as suggested in several articles w/ Win @ 85% ms), then the ratio
Re:Could we have a distinction here? (Score:2)
According to Symantec, there is one [symantec.com] but I can't see why the classify it as a virus - it looks like a trojan horse.
At least we know people are trying to write one - just having a heck of a time at it.
Re:Could we have a distinction here? (Score:2)
Re:Could we have a distinction here? (Score:2)
Because that will give you a comparable number of machines per virus or viruses per machine. If the infection rate is the same between two OSes, it doesn't matter how much potential there is for either one, in terms of virus protection there's no advantage to using one versus the other.
Biodiversity will only help a little. The disadvantage is that it will bring security through obscurity (which is just as bad as no security) unless
Re:Could we have a distinction here? (Score:5, Informative)
Some things (from the article) worth noting:
To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it, writes SecurityFocus columnist Scott Granneman.
"There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory."
It says 60,000 viruses for Windows in 2003, which escalated to 100,000 in 2004. There haven't been that many major viruses released for Linux/Unix/Mac so let's add a modest 15 to each number listed in 2003.
So, the list comes to:
Windows: ~100,000
Mac: ~55
Unix: ~20
Linux: ~55
and that's being really generous to Windows. Also, keep in mind what it says above: "Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory."
Re:Could we have a distinction here? (Score:2, Insightful)
I'd believe the statistics in this article if it weren't for this last statement. Remember a famous worm, spread through unix sendmail, some time around 1988?
http://en.wikipedia.org/wiki/Morris_worm [wikipedia.org] - It exploited a number of unix vulnerabilities, along with guessing common passwords. Luckily for us, he supposedly made a mistake in the reproduction rate and the worm ended up spreading to every connected computer in a matter of days.
His intent was to mak
Re:Could we have a distinction here? (Score:3, Interesting)
The first link even links to an old
Nitpick? (Score:2)
Let's talk about Linux rootkits (Score:2)
What, you say? No viruses for Linux? If a rootkit doesn't count as "spyware", I don't know what does...
Do you have any exposed ports to the internet leading back to your UNIX box? Do you run old versions of php and apache?
Do the following:
Download ROOTKIT HUNTER [rootkit.nl] now.
run 'rkhunter --update'
run 'rkhunter -c' and scan your system
when rootkit is found, reinstall OS, and restore critical data from backups
Re:Could we have a distinction here? (Score:2)
Well, in Star Trek 2, 5p0c|
But... (Score:4, Funny)
microsoft's famous quote (Score:1, Interesting)
Inevitable (Score:1)
URGENT! (Score:5, Funny)
Phising scams are becoming more prevelant on the internet and world wide web. Unfortunately, they are now starting to show up on 'Blogs as well.
Do to the dedication of security we in the OSS community have, we are updating our servers and account information.
Please click the following link [slashdot.org] and verify your account information, password, and private PGP key.
In order to Verify your identity, please have your Visa or Mastercard account number ready
not suprising (Score:5, Informative)
"Can you please fix my computer".
"I accidently clicked something and my computer is slow".
Re:not suprising (Score:1)
Had to break the bad news to him that the machine had to be reformatted and reinstalled, and I was flying back that night.
Re:not suprising (Score:2)
My mother told me that they had just gotten a phone bill with calls to Germany on it but they didn't know anyone in Germany and didn't make the calls.. plus no one was home when the calls were made. I told her all about dialers and the such and sure enough there were some installed on their computers.
My mother is going to retire soon and needs a co
Re:not suprising (Score:2, Insightful)
As a fellow roaming techsupporter (parents, witless friends) let me give you a little advice:
Invest in one of them small USB-memory drives. 128 megs is fine, go for more if you feel like splurging.
I've quickly discovered that these things are solid gold when dealing with different computers in different locations. Just slap Ad-Aware, Spybot and whateve
Re:not suprising (Score:2)
Re:not suprising (Score:2)
Re:not suprising (Score:3, Insightful)
Have you noticed that when it comes to computers the relatives always replace had a major lapse of common sense and with accidentally?
"So, you accidentally received a piece of mail from someone you didn't know, you accidentally opened it up to see what it was, you accidentally moved the mouse over the attachment, and then you accidentally double-clicked on the attachment just because it was there? Oops! I accidentally just formatted your hard drive. Do you have your installation CD?"
Re:not suprising (Score:4, Insightful)
Unless you've been specifically told otherwise, it wouldn't seem dangerous at all. When you open junk mail at home, or mail from a sender you don't recognize, you don't expect it to take pictures of your house and mail them back to the sender. You don't expect the opened mail to leave dogcrap on your doorstep or make your refridgerator stop working. It seems like a fairly harmless thing to do.
It's only because of severe design flaws in e-mail programms and OSes that there's an issue.
Re:not suprising (Score:2)
Distinct virsues? (Score:5, Insightful)
I think it would be more interesting to know how many new virus/worm/trojan families were released year-to-year.
Re:Distinct virsues? (Score:2)
double counting? (Score:3, Insightful)
numbers and not the updates
How many of these viruses are linked to spam? (Score:3, Insightful)
obligatory comment (Score:5, Funny)
The Top 10 List reads like the leader board at a chess competition.
1) Netsky-P
2) Zafi-B
3) Sasser
4) Netsky-B
5) Netsky-D
6) Netsky-Z
7) MyDoom-A
8) Sober-I
9) Netsky-C
10) Bagle-AA
Symantec cheated me! (Score:5, Funny)
Re:Symantec cheated me! (Score:2)
Man, you need to run Live Update. Mine lists 68,603. You're missing out on 18 viruses!
When was the last time you ran Live Update? Yesterday? You've got to keep up to date with these things!
Deadly (Score:1)
Re:Deadly (Score:2)
It reminded me of this from a few years ago regarding solid programming.
If houses were built like software, then the first woodpecker that came along would destroy civilization. They were not too far off.. There has been a lot of repairs and patches applied just to keep it standing a few days longer.
Re:Deadly (Score:2)
complacency (Score:4, Interesting)
One of my buddies got his credit identity stolen a few months ago, he figures, by someone at a store who processed his credit application when he bought a home theatre system (Zero interest! Don't pay til way later!).
By the time collection agencies were knocking at his door, that store had closed.
They'll steal it from your mailbox. (Score:2)
All it takes is one punk to grab your mail and you have a problem.
Your mail can even be delivered to the wrong house and you can be compromised.
The fact is, we are not currently setup to deal with identity theft. We have a bunch of half measures that easily circumvented by anyone who thinks about it.
How many original viruses are there, though? (Score:1)
So it's kind of like MAME supporting umpteen billion different rom sets, when most of them are clones or revisions of an original game.
You could probably release 100,000 variants of NetSky if you wanted to, just by embedding random payloads.
Better headlines please. (Score:2, Insightful)
Re:Better headlines please. (Score:1)
Crossed 100,000 what?
Did they bless 100,000 pilgrims?
Did they anger 100,000 people?
Yeah, yeah, -1, offtopic
Hmm (Score:1)
(p.s. I put a router between my computer and my cable modem, and I don't click on executable links unless they're from a trusted source and confirmed as having been sent deliberately; I have never--not ever--had a virus or a break-in on this subnet.)
So, who's responsible? (Score:5, Insightful)
But quite frankly the ISPs and of course the individual users are to blame as well.
Why don't broadband ISPs require boradband firewalls? Only recently have some of them started to incorporate firewalled modems, and even then they're only sent to new customers. Would this mean that existing customers would have to spend money for a new router at the ISPs demand? You bet. But given the choice between disconnection or buying a $50 router, I'm sure that the vast majority would find a way to get that $50.
Additionally, most virii are sent over SMTP ports since they contain their own SMTP servers. I would not be against shutting down direct-from-client SMTP as long as those who run their own mail servers have the option of having their specific connection opened for SMTP traffic.
Finally, the users absolutely MUST be educated. There are enough free tools out there that no one should be unprotected. But again who should be responsible for teaching these end users?
At this point I would actually welcome something like a drivers license for broadband access. You don't gain the ability to use a broadband connection unless you prove to the ISP that you know the rules and that you are informed of how to be a responsible Netizen, including the use of firewalls, virus scanners, and alternate products like Mozilla, Eudora, Firefox, and others. If you break the "law" afterwards, your broadband privileges are revoked until you come into compliance.
If people were made aware that any virus or worm outbreak cause by them would mean the complete loss of their Internet connectivity, I think we'd see the number of virus infections drop dramatically.
But have an ISP do the responsible thing at the risk of pissing off customers? No, they'd rather spend billions of dollars a year on mail storage, spam-fighting hardware and software, increasing bandwidth usage, and always-rising amounts of mail to abuse@isp.net...and of course pass those charges onto us.
Re:So, who's responsible? (Score:2)
Nope. They would not. They would cancel their subscription and either switch to competiton who will give them a free router, or re-signup with the provider to get the 'firewall' enabled modem. Simple laws of economics.
Finally, the users absolutely MUST be educated. There are enough free tools out there that no one should be unprotected. But again who should be responsible for teaching these end users?
Noble goal.. What about AIDS or teen
Re:So, who's responsible? (Score:2)
Here in Canada I have never ever paid any sort of setup fee. At the very least if it exists, it is waived. Also there is no minimum time you have to wait between you re-signup for a new account. But if that is the case, I can see your point.
Again, you have a major flaw in that argument. Once you are educated on such topics, who is going to be around you to prevent you from havi
Re:So, who's responsible? (Score:2)
Amen, I finally got my wireless network up and running securely with the proper (at least the best I can do with a consumer grade device) security.
Windows really pisses me off, SP2 Crashed my computer after I tried to update. ARGHGHDFHZ, anyway, as soon as everything is running smoothly, Guess how many networks I see (just using windows utility) - five, including mine.
Guess How many of the 5 were secured: Mine
Gues
Stop being logical. (Score:2)
Gotta agree. But the firewall is only a band-aid to the real problem. If Microsoft fixed their security model, we wouldn't see the viruses in the first place. Look at how many Linux viruses there are then look at how many of them exist only on 5 machines or fewer. That's a lab.
Viruse
I don't see much of a problem. (Score:2)
But the ISP doesn't have to take the "lock down everything unless specifically requested to be open" approach.
They can monitor what ports are used by what customers and what ports are used by what viruses.
Example, the IRC controlled bots. If they see IRC activity on a line, they
Not a solution (Score:2)
Why not require they run Linux instead?
Knowing most ISP's, they'd implement a "broadband drivers license" in such a manner that it refused a connection to anyone who wasn't running the latest version of Windows, with all the system-slowing anti-virus, anti-spyware, anti-adware, firewalling software that is required of Windows users. Oh, and you can add DRM to that as requirement as well.
Re:So, who's responsible? (Score:2)
And even with SP2 it only works for incoming traffic, incredible they can get away with calling it a Fire Wall.
Re:So, who's responsible? (Score:2)
If you break the "law" afterwards, your broadband privileges are revoked until you come into compliance.
My idea is to give the users a certain amount of time to buy a router (either from the ISP or at your local store). After the time expires, face a larger reconnection charge if you are shut down for abuse. The ISP could even go as far as getting custom firmware for their routers. But it would only work i
what viruses? where? (Score:4, Interesting)
Until, that is, I open an MS Office document with macros, then the whole sense of dread and ire comes back; and I'm always surprised and annoyed when the latest worm brings local networks staggering to their knees.
Re:what viruses? where? (Score:2)
Hehe. I know exactly what you mean. At home it's all non-MSFT and I get spoiled by how fast my computers are. And I can focus on doing things with my system instead of endless patching and virus definitions and all the constant tweaking you have to do to a MSFT box.
Then going to the customer site and it's like running in sand. You catch yourself sitting there thinking, "Did i
I don't really care about viruses... (Score:4, Interesting)
I think all software should come with a self-signed key. By default it should allow upgrades by the same key (version 1.0->version 1.1), but not let other programs update eachother (e.g. explorer hooks, IE hooks, grab default applications, overwrite system libraries etc.)
I'm talking about all optional here, not DRM. I would love to have it such that I could install apache on my linux box, and not have it overwritten by anyone but apache (without my explicit permission) as well. Right now, once you have root, it is enough. But proper rights should be "need-to-have". Give a program permission to install itself, but don't fuck the rest of the system? Today, that can't be done.
Kjella
100k means unhappy customers (Score:1)
It's time Windows included a basic anti-virus tool (Score:3, Interesting)
What continues to blow my mind are the numbers of users who do not have anti-virus software installed or kept up to date on their systems. I really wish that Microsoft would include some basic type of anti-virus / anti-spyware utility with the operating system.
Yes, there would probably be a huge outcry about antitrust violations, but I believe the bottom line is that Microsoft has a duty to ship an operating system that is as reasonably secure as possible without including so many features as to push other vendors out of the market. I think the firewall in Windows XP SP2 is a good example of a compromise. The firewall includes enough basic features so that users aren't completely hanging out there in the wind, yet does not provide such a robust feature set so as to push third party firewall vendors out of the market. The disk defragmentation utility is another good example of a compromise. It has enough basic features to be useable, but not enough so as to push third party vendors out of the market.
Microsoft could do it if they wanted to, even if there was an outcry from vendors. Look at what they did with I.E. when they decided they wanted a piece of the browser market. For a more modern, post anti-trust trial example, look at what they are doing now with Windows Media Player. Yeah, the EU is calling them on it, but I think a real case could be made that a basic anti-virus / anti-spyware utility is as important a part of basic system security as a firewall.
Of course, if Microsoft just fixed I.E. and Outlook / Outlook Express, viruses and spyware wouldn't be as much of an issue, but we all know about how likely that is to happen.
Re:It's time Windows included a basic anti-virus t (Score:2, Insightful)
Windows 3.0 had MSAV, are any
Re:It's time Windows included a basic anti-virus t (Score:2)
Yeah... of course, they didn't forget "step 3" in the business model this time:
1) Integrate browser into OS so browser vulnerabilities are OS vulnerabilities
2) Halt development of browser for all platforms except Longhorn, and make some browser security patches available only to XP SP2 users
3) Make antivirus and anti-spyware software, and charge for it [cnn.com]
Re:It's time Windows included a basic anti-virus t (Score:2)
Re:It's time Windows included a basic anti-virus t (Score:2)
I've never had any antivirus software installed. Never. At home I've run Windows 2003, XP, 2000, NT, ME, 98, 95 and 3.1.
I've also never had a virus. Ever. Safe browsing habits, proper choice of application software and a hardware firewall are enough. Anti-virus is mainly for those who are not knowledgeable enough to perform the above. While this is a large num
What a moron. How do you know you have none? (Score:2)
If you are using only a hardware firewall you could already be owned and your computer could be seen by your firewall as an overactive mailer...
Re:What a moron. How do you know you have none? (Score:2)
It needs to somehow get installed on my machine before it can call home, and that hasn't happened. I know because I periodically use Symantec's online virus scanner, and it's never found anything. And it does work because I've used it to diagnose other peoples infestations.
How about (Score:2)
In other words, MS needs to focus on fixing the OS and the rest will fix itself.
strcpy, providing freedom to crackers since 1972! (Score:4, Insightful)
Please programmers, read the electronic paper "Smashing The Stack For Fun And Profit" (->Google).
zzz
Link to paper (Score:2)
Smashing the Stack for Fun and Profit [insecure.org]
The original link is here [phrack.org]. This was originally published in Phrack #49 on 08 November 1996. It is still a relevant and useful article.
In the wild? (Score:3, Insightful)
Re:In the wild? (Score:2)
How many of those are actually found in the wild?
Granted, 100,000 may not currently be in the wild, but I saw 33 different varieties of Windows viruses (over 3500 actual files) bouncing off my email gateway last week and not one Linux, Mac or other OS virus.
Number sounds like FUD (Score:2)
Viruses? Or spyware and malware? (Score:2)
But, I am fuck1ng sick of the AOL commercials that talk about you losing all of your data and photos due to a virus. I posted about this before, I feel this is just wrong, to my knowledge there hasn't been a widespread virus in years that formatted your HD.
Scarier than the number of virii is this stat... (Score:3, Informative)
On the positive side, Finnish security firm F-Secure said that 2004 was the best-ever year for the capture, arrest and sentencing of virus writers and criminally-minded hackers.
In total, eight virus writers were arrested and some members of the so-called 29A virus writing group were sentenced.
Eight? EIGHT??
(deep sigh)
Need? (Score:2)
"Sure sir, two AA batteries, now if I could just get your phone number, home address and date of birth for a survey we're conducting!"
Clever wording for DATA MINING...
Tom
eBay phishing scam I got (Score:3, Insightful)
Virus vs. Work (Score:2)
sophisticated phishing attack (Score:2, Funny)
Yeah, by sophisticated they mean its one where they put @citibank.com in the reply-to address of the email so you know its legit!
Accelerating for WIndows (Score:2)
I find it incredulous that insufficient efforts were made to for the Microsoft Dutch Boy's skinny fingers flailing in vain to stopping this rising tide against the proverbial leaking dike of viruses.
Hello? Microsoft? WHat do you say to that?
There aren't that many master strains. (Score:2)
Gaobot alone has what, ten thousand variants? Symantec's up to something like Worm.Gaobot.BGC to describe the strains now, which is 26^3 or something like that.
The real problem is the whiny little bratty script kiddies who make the damn knockoffs of the viruses and worms (ESPECIALLY the Bagle and NetSky groups), not
Re:My computer is acting weird (Score:2, Funny)
Re:Percentage of Windows Boxen (Score:2, Insightful)
The number of OS X viruses may be 0, but.. (Score:2)
That doesn't mean you still can't spread viruses for other operating systems.
I run Virex/OSX [networkassociates.com] and occassionally (though rarely) find something on my HD that's carrying a Windows payload.
The possibility of one of those files somehow winding up on Winboxen in my multi-platform network does exist, and if so, it could be as deadly a situation as if the Windows PC originated the file to begin with.
Re:The number of OS X viruses may be 0, but.. (Score:2)