Has Mass-Mailed Malware Peaked? 221
Ant writes "Broadband Reports posted a CRN article about researcher saying mass-mailed worms have reached their peak. Six years ago, on March 26, 1999, Melissa, the first virus that spread by mailing copies of itself to e-mail addresses it found on infected machines, swept the Internet. Today, the researcher who led authorities to the hacker who wrote Melissa, says that mass-mailed worms have reached their peak."
Ok... (Score:4, Insightful)
Fear Is the Mind Killer (Score:5, Insightful)
This attitude goes to the heart of today's problems. Fear of terrorists, fear of criminals, fear of government, fear of people different from us, fear of big changes in the world economy, energy, politics. All of them have people who say we should just keep quiet, lest we make it worse by making it more "popular". We must talk about the realities, so we can confront them, resolve them. Otherwise, the fear has won, and we are defeated.
Harry potter (Score:2, Redundant)
Always cracks me up
Re:Harry potter (Score:3, Funny)
If the shoe fits... (Score:4, Funny)
Due to the distinct lack of thinking machines and robots at Hogwarts School, there might be something to claims of a Dune/Potter connection. Surely the blast-ended skrewt must be related to the Sandworm.
Re:Fear Is the Mind Killer (Score:3, Insightful)
Re:Fear Is the Mind Killer (Score:2)
The problem isn't that they open pif files. The problem is that their MUA run pif files.
Re:Fear Is the Mind Killer (Score:4, Interesting)
We have seen viruses [f-secure.com] where user needs to jump through many hoops:
1. open the
2. enter the password for the zip (following the instruction in the email, embedded as
3. saving
4. running the
I thought the file was safe since it was password protected
Tell me, how is this different from a virus telling user to save an ELF attachment, chmod a+x it and run it?
Viruses rarely anymore exploit software flaws - they exploit the weakest link: user, via automated social engineering.
Apart from disabling users ability to execute arbitary binaries and perl/python/shell scripts, there only alternative I see is chopping a finger from the infected user everytime they get themself a virus.
Unfortunatly the first one creates practical problems and the second one legal.
I must bend like a reed in the wind (Score:3, Interesting)
I still see infected malware emails, my AV program detects them.
Yet there exists a problem caused by a few factors:
#1 Managers are usually given Administrative access to their machines. This increases the risk for infection.
#2 AntiVirus software uses a subscription model. If Management is too cheap to renew licenses,
Re:Fear Is the Mind Killer (Score:2)
Why? I don't use fscking brain-dead s/w like Outlook.
This reminds me of the old saw:
Re:Fear Is the Mind Killer (Score:2)
Re:Fear Is the Mind Killer (Score:4, Funny)
So then, choose not to be afraid. Choose something else.
Choose life. Choose a job. Choose a career. Choose a family. Choose a fucking big television. Choose washing machines, cars, compact disc players and electrical tin openers. Choose good health, low cholesterol and dental insurance. Choose fixed interest mortgage repayments. Choose a starter home. Choose your friends. Choose leisurewear and matching luggage. Choose a three-piece suite on hire purchase in a range of fucking fabrics. Choose DIY and wondering who the fuck you are on a Sunday morning. Choose sitting on that couch watching mind-numbing, spirit-crushing game shows, stuffing fucking junk food into your mouth. Choose rotting away at the end of it all, pishing your last in a miserable home, nothing more than an embarrassment to the selfish, fucked up brats you spawned to replace you. Choose your future. Choose life.
Alternatively, ... choose this [adminspotting.org].
Caveat (Score:2)
Mass fear allows the powerful to rise even higher. The problem isn't just terrorists, criminals etc... it's the people who use this fear as a distraction from their own agenda.
Infowar (Score:5, Insightful)
Re: Infowar (but how to stop it?) (Score:2, Insightful)
Re: Infowar (but how to stop it?) (Score:3, Interesting)
Re: Infowar (but how to stop it?) (Score:3, Insightful)
It's always been my "utopian" dream that the internet will evolve into the answer that good men have been lacking through the ages. The minorities in power have always relied on misinformation, lack of information, and the physical suppression of ideas to retain their control. The distributed and instantaneous nature of the 'net make the suppression of information much more difficult. I want to believe that man has evolved to the extent that having access to accurate information and communication with other
Re:Ok... (Score:3, Insightful)
It's called disseminating information.
If nothing else, doesn't this just tempt virii/malware writers into trying harder?
So we should hide this information? I thought that security by obscurity was A Bad Thing(TM).
Re:Ok... (Score:2)
Re:Ok... (Score:4, Insightful)
So there is not going to be a major outbreak of mass mailing worms, unless people start finding flaws in html rendering engines to execute code...But that is what auto updates is for.
Re:Ok... (Score:4, Insightful)
Sure, it's tough, but there are always holes. That's the reason for auto update, but it's also a vulnerability. If you can find out how to forge updates, you have a delivery mechanism that would be much more effective than email.
Re:Ok... (Score:3, Interesting)
And if someone does disable auto update (it is enabled by default in ff, xp_sp2) well there really is no point in disabling their auto update is there.
Re:Ok... (Score:4, Interesting)
Re:Ok... (Score:2)
I don't quite understand what claim the article is trying to make. is the claim that viruses are no longer making use of the address book or that email viruses in general are no longer a threat?
The first interpretation is kinda duuhh! That type of virus disappeared years ago after access to the address book was locked out. These days most viruses are blasted out from a botnet
Lots of things help. (Score:4, Informative)
- Network operators have blocked outbound port 25 for large chuncks of the net -- protecting the net from their infectable, directly networked machines.
- Mail admins have installed virus filters on most legitimate MTAs that touch the internet.
- End users have figured out that they really do need virus protection. Even if they "just" use their computer for browsing and email.
- Microsoft got lots of their users on Windowsupdate.
- Legislators have passed some laws. Eg, making it a felony to use zombies for sending spam. (The virus writters might be hard to catch, but the spammers that buy/rent zombies are much easier, and they are the source of the money.)
All of these help a little bit, and there's a network effect with some of them. For example, mail admins a year ago had trouble installing virus filters because there were so many viruses loading down their servers. Now with other mailservers dropping the viruses quicker, it's easier to add the filters. There's also a network effect for the virus/worm writers. If its harder for them to get new zombies (and many of the zombies can't be used for spam), there's less profit motive to write the viruses to get the zombies.Re:Ok... (Score:2)
Re:For the last time people ... (Score:2, Insightful)
I believe it. (Score:5, Interesting)
Re:I believe it. (Score:3, Insightful)
I'm sure then that they're being filtered before you get them. I get at least two a day, about 10% of my spam. And the author of TFA's reasoning was that "From" spoofing will be impossible because of some new mail standards touted by IBM and others (was he shilling for them?). But if spoofing is impossible, (something I rather doubt) the viru
Peaked... (Score:5, Funny)
Re: (Score:2)
Re:Peaked... (Score:2)
One big change is that Microsoft has simply thrown away a lot of features that introduced security holes. For example, you used to be able to customize Windows folders by editing the hidden web page that controlled folder layout. A cool idea, but a nasty breeding ground for viruses, given the vulnerability of ActiveX web objects. Now
New Virus (Score:5, Funny)
Yeah, it peaked ... (Score:4, Funny)
anti-virus protection (Score:4, Insightful)
Could it be that more users are employing protection against these worms now? Thanks to ClamAV [clamav.net] I never see any in my inbox now, but my log messages would suggest there are still plenty of clueless people out there propagating them.
Re:anti-virus protection (Score:3, Interesting)
I have in fact seen a few viruses get past our ISP's filters only to get caught by the antivirus scanner on the PC - most likely because the ISP only scan
Re:anti-virus protection (Score:2)
Peak Of Email, perhaps (Score:4, Insightful)
So the whole premise is... (Score:5, Insightful)
While I suppose that's true to an extent, we are still a long way from providing an environment where the From header can not be (easily) spoofed. The article makes it sound like we are going to throw a switch any day now and all will be right in the world of SMTP.
In short, I wouldn't say we've reached a peak necessarily, but perhaps more of a plateau. But even then, I think that might be wishful thinking.
Re:So the whole premise is... (Score:2)
Perhaps you need to look into GPG signatures then. As long as no one gets a hold of my GPG private key, no one can send an email claiming to be me. Sure, anyone could send an email with my address in the From header, but if they don't sign it correctly (and they can't), the receiver should have little to no trust in that header.
That's not to say GPG signing is full proof (public key distribution and u
Re:So the whole premise is... (Score:5, Insightful)
I never said the technology wasn't there. I said: "we are still a long way from providing an environment where the From header can not be (easily) spoofed."
The net is built on the foundation of open SMTP. Switching that entire foundation over to something else is a long, LONG way off. GPG signatures are probably the last thing on the list of viable alternatives. It may be the best, but it's still the last thing. It has to be implemented at the server level with exactly ZERO user intervention, otherwise it won't get done. GPG signatures are great for the geek, but they are totally useless to the population at large.
They won't implement them, and even if they do, they will click "Ok" on insecure documents anyway.
With your example, it would be very, very easy to send mail as you. So the signature check fails, so what? It just takes a 5 second look at a website where the HTTPS certificate fails and people click "So what, give me the content anyway." If you believe that won't happen with email, you are terribly mistaken.
So no, GPG signatures are not even remotely a possible solution to the problem.
Re:So the whole premise is... (Score:2)
Re:So the whole premise is... (Score:3, Insightful)
Yet, somehow, magically, you think people are going to pay attention to them in email. An environment that is even more esoteric than web pages to the average user.
Yeah, I can see it now... Grandma Jones champing at the b
Peaked on the windows platform (Score:3, Funny)
Re:Peaked on the windows platform (Score:2)
Perhaps I give too much credit to much to my Unix brothers but I doubt it.
instead.. (Score:2, Interesting)
peaked.. (Score:2, Insightful)
So.. how do we know it's peaked untill we see clear evidence in a year or twos time?
Re:peaked.. (Score:3, Informative)
"The good news now," he said, "is that what Melissa ushered in is finally waning. Mass-mailed worms and viruses reached their peak last year."
It has peaked because the numbers are declining, from their peak last year. RTFA.
Re:peaked.. (Score:2)
This is the IT industry. Since when has "evidence" been important? It's mostly been about hype and FUD. It's either someone is hyping the "Next Big Thing(TM)" or is talking FUD about competition or just stuff in general.
Hype - Dot Com businesses.
FUD in general - Mobile Phone Viruses (currently via Symbian powered devices). PDA Viruses (initiated by a crack to a Palm Gameboy
MTTI: Mean Time To Infection (Score:5, Insightful)
The other issue is the damage done by the malware. One especially dangerous piece of malware, mailed once to all susceptible machines, will be far more serious than more innocuous malware mailed thousands of times.
Besides, I suspect that malware creators have turned their attentions to more nefarious activities such as phishing. Owning someone's bank account is more valuable than owning their PC or corrupting their harddrive.
Re:MTTI: Mean Time To Infection (Score:2, Troll)
To hell with patching. Stop using stupid software.
Re:MTTI: Mean Time To Infection (Score:2)
You and I are in total agreement on that one. Sadly, 96% or so of everyone else disagrees.
There's also the problem of stupid users, especially where emailed malware is concerned. All it takes is one idiot to open the attachment and all their friends get an "Cool game!" email from that infected person -- viruses are good at social engineering.
Re:MTTI: Mean Time To Infection (Score:2)
Because, as we know, there's such a thing as perfect software that's entirely flaw free.
Get real. Mac OS X, Linux, Windows - they all have major security holes, and they will continue to have security holes indefinately.
Bugs aren't going away. Neither will patching.
exceed only by adding more computers (Score:2, Funny)
It depends... (Score:3, Funny)
To check for malware please click on the link.
Check for SPYWARE [slashdot.org]
Panda Antivirus Has Scanned This Post.
There are no viruses.
what the hell? (Score:2)
Analogs to HIV? (Score:5, Insightful)
Kind of reminds me of how in the late 90's people thought HIV was declining in the US because the rate of new infections was dropping. But then people got complacent and started doing stupid shit again and now the virus is making a comeback in the US as the rate of new infections is increasing once again.
Lesson learned: Somoeone is always trying to fuck you, so be vigilant with your protection.
It's like 'Spy vs. Spy' (Score:2, Interesting)
The thing about Melissa was that they were on to it before it spread very much.
The next big thing might be very complex and dreamed up by a complete brain box. On the other hand, it might be very simple and we'll all ask why we didn't think of it. My favorite example of simple was the Viet Cong with their dung covered stakes vs the greatest power in the history of the world. We all know how that one turned out. What I'm saying is that just
You are forgetting. (Score:2)
You are forgetting that the Viet Cong was a branch of the USSR...the 2nd greatest power at the time. The USSR wanted to conquer and crush South Vietnam more than the US wanted to protect it from the invasion. Hence, South Vietnam's being the loser in the Vietnam War despite having a powerful ally.
Re:You are forgetting. (Score:2)
The ravings of mean-spirited and ignorant people mean little, especially those who supported the Soviet aggression against South Vietnam. Invade China? Only if it attacked the US first and refused to stop. The only China invasion danger right now is that China might cross an international border and invade Taiwan.
Re:You are forgetting. (Score:2)
Why invade China?
From Taiwan, Okinawa, Japan and the 3 or 4 Carrier Battle Groups that we'd park nearby, any invasion could be easily repelled.
Remember, to invade, "they" have to send troops by ship or air across 50-100 very hostile miles of the Taiwan Straight. If the PLA does try a direct invasion, it's going to get it's ass kicked.
That's why they'll use saber-rattling and diplomatic/politica
Re:You are forgetting. (Score:2)
OK. That's a valid opinion, as long as you know that PROC and ROC are separate countries.
"We've bled enough in the mid-east already. Let the Asians handle their own disputes."
A minor technical point: do you even know where Iraq and Afghanistan are? They are in Asia. Your wording implies that you did not know that.
Re:You are forgetting. (Score:2)
Two rules of war you should never, ever break:
Re:You are forgetting. (Score:2)
Never invade "greater" Russia
Never invade China
Actually, China has been invaded successfully many times. The Mongols, for instance in the 13th C. The Great Wall couldn't keep them out. More recently, many European powers occupied various choice sites for trading, (silk, teas, opium), and held them for centuries, before withdrawing with fat profits. Japan did well for a while in the 20th C -- they held Taiwan for 50 years till the end of WWII, as well as swat
Re:You are forgetting. (Score:2)
Because they were already in what we now call China.
More recently, many European powers occupied various choice sites for trading
The key phrase is various choice, and, except for Peking, they were always near the Ocean.
they held Taiwan for 50 years
Oh come on. Since when is Taiwan the mainland?
as well as swathes of Manchuria for years
It was damned expensive, and they were constantly harried by the ChiComs.
only the
Re:It's like 'Spy vs. Spy' (Score:2)
Yeah, they "won" the war, and today their children work in Nike factories for pennies per hour making shoes for Americans. Imagine how much it would have sucked for Vietnam if they'd lost the war.
Re:It's like 'Spy vs. Spy' (Score:2)
> My favorite example of simple was the Viet Cong with their dung
> covered stakes vs the greatest power in the history of the world.
> We all know how that one turned out.
Let us not forget the Pentagon saying that they were winning the war because they had less reports of Viet Cong infiltration in villages. A cynical reporter pointed out that the Viet Cong were notorious in not informing the Pentagon when they had infiltrated villages.
This report of the decline of posted worms is little
Just not the same thing. (Score:5, Interesting)
What is funny though is that if we put as much proactive effort and money into combating preventing electronic viruses and worms as we did with polio and small pox, we could probably truly eliminate these things. What people don't appreciate about the diseases that we have 'wiped out' is that there are teams of very dedicated people (like the CDC) that respond to every reported outbreak of one of these diseases. If we tracked down every computer worm and virus the way we handle Ebola, I think this would all come to an abrupt end.
But that would but too many antivirus firms and the like out of business. And we can't have that...
anecdotally... (Score:3, Insightful)
And the worms ate into his brain (Score:3, Insightful)
Sender auth is a great help, but it's not enough. And complacency like that in which these researchers indulge is a greater enemy than insecure protocols. Security is an intractable, NP-complete problem, where the pickers are up against the locksmiths every day. Declaring the war over is a sure way to lose.
don't celebrate yet (Score:4, Interesting)
caterpillar (Score:2, Funny)
tis a worm (Score:2)
Peaked LAST YEAR (Score:4, Informative)
From TFA: "The good news now," he said, "is that what Melissa ushered in is finally waning. Mass-mailed worms and viruses reached their peak last year."
I think the blurb is a little misleading. The blurb should have said that the peak was last year and we are on the decline.
The base problem... (Score:5, Insightful)
To be honest, i dont receive in my gmail account mail worms, but that is because gmail executable attachment filtering. But in a server i administer there are a constant flow of mail worms (that dont impact end users thank to anomy sanitizer [anomy.net] and ClamAV [clamav.net]) but the biggest part of them are not for especific individuals but for randomgeneratedname@mydomain.com, almost none hits a real account. Not sure what or how many worms of this kind are, but a few infected people generates a lot of mail traffic this way.
Re:The base problem... (Score:5, Interesting)
I don't think so (Score:2)
Mass mailed worms? (Score:2, Interesting)
Bad definitions. (Score:2)
A worm does not require human intervention to run, infect or replicate itself. Worms are most commonly seen infecting vulnerable services via open ports and then automatically scanning for more machines to infect. Again, worms do not require human intervention.
The email "worms" or "viruses" are actually trojans.
People think the trojan is a screensaver or picture or whatever, they click on it and it installs itself, then it sends copies of itself to other machines.
A virus resides in mem
Mobile Phone Viruses New Threat (Score:3, Insightful)
1. Increased use of SPAM and virus filters on email, esp. at the provider level
2. It's no longer really a challenge to write email worms, etc. So the only people writing them are the ones trying to work for spammers
The new threat is going to be in viruses written for mobile phones with ever increasing OS capabilities, memory and CPU power. I'm not an anti-MS bigot, but I don't really want any version of windows at all on any mobile device that I store confidential info on. As more and more phones keep coming out that support advanced OS', you can expect more and more viruses for these devices.
Yes but, (Score:3, Informative)
Silly Users (Score:2)
The next generation worms are spreading much faster than mail could ever allow, and will continue to pick up speed. I've done some research and a publication [web] more than a year ago on just how fast these beasts could be.
Mail. Pah. Malware authors move with the time, too.
Wow, now I can calculate.. (Score:2)
Re:Wow, now I can calculate.. (Score:2)
The roots of the malware/spam problem.... (Score:2, Interesting)
Take for example the rise of free email services (ie. Hotmail, Yahoo!, etc) some years back: They were known to sell off email address in order to cover some operating costs. This was confirmed by researchers who created accounts on various systems (not limited to Hotmail or Yahoo!), and didn't disclose their address to anyone. Several weeks later, SPAM started appearing in their
Slashdot story #12060666? (Score:2)
Now watch, as this post shall slowly be moderated underground to the cheers of Slashdotians everywhere
(Parent is actually quite funny, if you're into that sort of thing. "The rest is history"? But it only happened a couple of years ago! And "SPAM"? Geeks should know better
Wohoo! (Score:2)
Electric shocks for people double clicking on attachements to blacklisted messages?
"From:" addresses? (Score:2)
"The mechanism of mass-mailing viruses relies on spoofing the From: address, and that aspect has been taken over by the phishers. This spoofing is the singular point for mass-mailing viruses and worms, for spam, for all phishing attacks.
For phishing attacks: maybe. For everything else: no. Once you have a process running with user privileges, you can impersonate that user w
That's exactly what Don Knuth said (Score:2, Funny)
That is because he uses a vMac. (Score:2)
You call *that* a virus? (Score:2)
Pshaw, Good Times had been doing that since 1994! Now there was a horror to behold! Back in the day, we all had to incinerate our computers whenever we got an email with the words "Good Times" in the subject! And even that wasn't enough sometimes!
Haven't seen one for ... (Score:2)
My ISPs believe, correctly, that I don't wish to receive any emailed viruses, and throw them away for me. (Yep, there are even Linux server-side detectors for Windows viruses.)
Now, if only I could get them to do the same for spam
Viruses. (Score:2)
Your program has control over data it produces internally. But there is no such control over data coming in from outside. User input, for example, can never be trusted, and must be verified for conformance to the requirements of your algorithms before it is used. Data coming in over the network is even worse... Not only does it come from outside of your
Did I miss something? (Score:2, Insightful)
If anything, I've been helping more and more people rid their computers of viruses/malware that two years ago.
reminds me a joke: (Score:2)
an optimist replies: no, it will be, it will be.
IIRC The Point Was (Score:2)
that virus writers have turned to more lucrative malware such as phishing, working with organized crime, etc.
As Don Rickles used to say, "What? That's better?"
I suspect that Microsoft will now attempt to use this fact (if it is a fact) to say, "See? Our security is better now!"
Bullshit.
ot: Tasmanian Wolf, not devil, is extinct. (Score:3, Informative)
Re:Good (Score:2)
I believe "below" and "down" denote the same direction.
You missed the word "stabilizes".
Re:Reached their peak? (Score:2)
As broadband technology extends down into every
aspect of our lives (video streams on cell phones
and internet-enabled toasters inclusive), the
malware (and undesirable commercialization) can
ONLY GET WORSE.
I know you. (Score:2)
I know you. You're that guy who refused to see that Tom Hanks movie "The Green Mile" because they did not call it "The Green Kilometer". And you always refuse if some friends ask you to go to the pub for a pint or two.