Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Worms Security

Has Mass-Mailed Malware Peaked? 221

Ant writes "Broadband Reports posted a CRN article about researcher saying mass-mailed worms have reached their peak. Six years ago, on March 26, 1999, Melissa, the first virus that spread by mailing copies of itself to e-mail addresses it found on infected machines, swept the Internet. Today, the researcher who led authorities to the hacker who wrote Melissa, says that mass-mailed worms have reached their peak."
This discussion has been archived. No new comments can be posted.

Has Mass-Mailed Malware Peaked?

Comments Filter:
  • Ok... (Score:4, Insightful)

    by MankyD ( 567984 ) on Sunday March 27, 2005 @11:36AM (#12060216) Homepage
    What have we accomplished by making this statement? If nothing else, doesn't this just tempt virii/malware writers into trying harder?
    • by Doc Ruby ( 173196 ) on Sunday March 27, 2005 @11:45AM (#12060262) Homepage Journal
      They don't need any more encouragement. That's not the limiting factor on their productivity. While I don't believe this article, which is entirely based on the idea that worms will decline now that the spoofing upon which they depend is addressed by some new tech for sender authentication, I also know we can't live in fear. The other way to react, in that fear cage, is to be afraid to say that worms are increasing, because that will make them more attractive: be on the side that's winning. No, you can't get paralyzed by fear of the truth - the truth is essential in addressing the problem, and anyone interested must freely discuss it, if we're to use our superiority in numbers to win.

      This attitude goes to the heart of today's problems. Fear of terrorists, fear of criminals, fear of government, fear of people different from us, fear of big changes in the world economy, energy, politics. All of them have people who say we should just keep quiet, lest we make it worse by making it more "popular". We must talk about the realities, so we can confront them, resolve them. Otherwise, the fear has won, and we are defeated.
      • Harry potter (Score:2, Redundant)

        by badriram ( 699489 )
        Your post reminded me of harry potter. He-Who-Must-Not-Be-Named

        Always cracks me up
        • Your post reminded me of Hastur the Unspeakable. But I was really channeling the Kwisatz Haderach.
      • As long as there are retarded users there will be writers to take advantage of them. For god sakes, these are the people who ignore all the warnings on earth but still open pif files just to see whats inside.
        • For god sakes, these are the people who ignore all the warnings on earth but still open pif files just to see whats inside.

          The problem isn't that they open pif files. The problem is that their MUA run pif files.
          • by nchip ( 28683 ) on Sunday March 27, 2005 @05:38PM (#12062010) Homepage
            Don't count on that being the reason.

            We have seen viruses [f-secure.com] where user needs to jump through many hoops:

            1. open the .zip attachment
            2. enter the password for the zip (following the instruction in the email, embedded as .gif semicatchpa to prevent the virus scanners from using the the password to open the zip.
            3. saving .exe in zipfile
            4. running the .exe

            I thought the file was safe since it was password protected

            Tell me, how is this different from a virus telling user to save an ELF attachment, chmod a+x it and run it?

            Viruses rarely anymore exploit software flaws - they exploit the weakest link: user, via automated social engineering.

            Apart from disabling users ability to execute arbitary binaries and perl/python/shell scripts, there only alternative I see is chopping a finger from the infected user everytime they get themself a virus.

            Unfortunatly the first one creates practical problems and the second one legal.
        • They usualy have management jobs. Hey guess what, our Vice President just opened up an attachment in email and now our whole network is down while IT tries to remove the malware infections.

          I still see infected malware emails, my AV program detects them.

          Yet there exists a problem caused by a few factors:

          #1 Managers are usually given Administrative access to their machines. This increases the risk for infection.

          #2 AntiVirus software uses a subscription model. If Management is too cheap to renew licenses,
      • I am not, and have never been, afraid of Mass-Mailed Malware.

        Why? I don't use fscking brain-dead s/w like Outlook.

        This reminds me of the old saw:

        Doctor, it hurts when I laugh.

        So, stop laughing.
      • by value_added ( 719364 ) on Sunday March 27, 2005 @12:47PM (#12060579)
        [The heart of today's problems. Fear of terrorists, fear of criminals, fear of government, fear of people different from us, fear of big changes in the world economy, energy, politics.

        So then, choose not to be afraid. Choose something else.

        Choose life. Choose a job. Choose a career. Choose a family. Choose a fucking big television. Choose washing machines, cars, compact disc players and electrical tin openers. Choose good health, low cholesterol and dental insurance. Choose fixed interest mortgage repayments. Choose a starter home. Choose your friends. Choose leisurewear and matching luggage. Choose a three-piece suite on hire purchase in a range of fucking fabrics. Choose DIY and wondering who the fuck you are on a Sunday morning. Choose sitting on that couch watching mind-numbing, spirit-crushing game shows, stuffing fucking junk food into your mouth. Choose rotting away at the end of it all, pishing your last in a miserable home, nothing more than an embarrassment to the selfish, fucked up brats you spawned to replace you. Choose your future. Choose life.

        Alternatively, ... choose this [adminspotting.org].

      • We must talk about the realities, so we can confront them, resolve them. Otherwise, the fear has won, and we are defeated

        Mass fear allows the powerful to rise even higher. The problem isn't just terrorists, criminals etc... it's the people who use this fear as a distraction from their own agenda.
        • Infowar (Score:5, Insightful)

          by Doc Ruby ( 173196 ) on Sunday March 27, 2005 @02:18PM (#12061004) Homepage Journal
          The people using that fear *are* the terrorists. The people who planebomb buildings are *saboteurs*, a specific (and often shortlived) kind of terrorist. Without the media fear, it's just sabotage. It becomes terrorism when the event is spread through the media - electronic, word of mouth, or otherwise. Terrorism is infowar, and "we" are our own worst enemy. The only remedy is knowledge - the antidote to any kind of fear, which is incubated in ignorance, and spawns anger and violence.
          • I think you are absolutely right. The terrorists' most powerful weapon are the media. Possibly if the media were not telling us about those attacks, no one would be afraid of being blown up. But what solutions to this problem should there be? The media cannot just stop informing us. One might tend to say they should not report on terrorist attacks. But there would surely be some other way of keeping people afraid. And who would be to decide what to hush up? Government? No, this is a much too serious matter
            • The only way to address bad info, whether lies or just bad news, is for more information. Context, corollaries, connections, discussion. The world is a complex place, where constructive growth vastly outweighs the bad actions and structures. Free expression is much more powerful than propaganda, especially when interactive and independent. So people can talk amongst ourselves about info we're getting. We've got a nascent P2P culture, on a P2P-oriented infrastructure. But it's up against the traditional medi

              • It's always been my "utopian" dream that the internet will evolve into the answer that good men have been lacking through the ages. The minorities in power have always relied on misinformation, lack of information, and the physical suppression of ideas to retain their control. The distributed and instantaneous nature of the 'net make the suppression of information much more difficult. I want to believe that man has evolved to the extent that having access to accurate information and communication with other
    • Re:Ok... (Score:3, Insightful)

      by Spodlink05 ( 850651 )
      What have we accomplished by making this statement?

      It's called disseminating information.

      If nothing else, doesn't this just tempt virii/malware writers into trying harder?

      So we should hide this information? I thought that security by obscurity was A Bad Thing(TM).
      • So we should hide this information?
        I'm more wondering why they bothered figuring this out in the first place. What is gained by announcing to the world that an easily guarded threat might no longer be a threat?
    • Re:Ok... (Score:4, Insightful)

      by badriram ( 699489 ) on Sunday March 27, 2005 @11:52AM (#12060305)
      I think it just means that after 6 years, every major program blocks most executable attachments.(Outlook, OE, Thunderbird etc.)

      So there is not going to be a major outbreak of mass mailing worms, unless people start finding flaws in html rendering engines to execute code...But that is what auto updates is for.
      • Re:Ok... (Score:4, Insightful)

        by missing000 ( 602285 ) on Sunday March 27, 2005 @12:18PM (#12060424)
        Isn't there a flaw in that reasoning? If I was writing such a worm and took this seriously, I'd just target the auto-update mechanism.

        Sure, it's tough, but there are always holes. That's the reason for auto update, but it's also a vulnerability. If you can find out how to forge updates, you have a delivery mechanism that would be much more effective than email.
        • Re:Ok... (Score:3, Interesting)

          by badriram ( 699489 )
          well not really. Almost all worms that make use of vulnerabilities come after a patch has been released. So every that has auto updates are typically protected, the ones that dont are not.

          And if someone does disable auto update (it is enabled by default in ff, xp_sp2) well there really is no point in disabling their auto update is there.
      • Re:Ok... (Score:4, Interesting)

        by cgenman ( 325138 ) on Sunday March 27, 2005 @01:44PM (#12060849) Homepage
        I had thought they were just too busy switching over to the far more profitable phishing schemes to write more viruses. I'm getting about 4 phishers a day here, compared to zero e-mail viruses.

      • I think it just means that after 6 years, every major program blocks most executable attachments.(Outlook, OE, Thunderbird etc.)

        I don't quite understand what claim the article is trying to make. is the claim that viruses are no longer making use of the address book or that email viruses in general are no longer a threat?

        The first interpretation is kinda duuhh! That type of virus disappeared years ago after access to the address book was locked out. These days most viruses are blasted out from a botnet

      • Lots of things help. (Score:4, Informative)

        by davburns ( 49244 ) <davburns+slashdot.gmail@com> on Sunday March 27, 2005 @11:19PM (#12063682) Journal
        It's more than not running executables from email (Although that certainly helps!) In the last year or so:
        • Network operators have blocked outbound port 25 for large chuncks of the net -- protecting the net from their infectable, directly networked machines.
        • Mail admins have installed virus filters on most legitimate MTAs that touch the internet.
        • End users have figured out that they really do need virus protection. Even if they "just" use their computer for browsing and email.
        • Microsoft got lots of their users on Windowsupdate.
        • Legislators have passed some laws. Eg, making it a felony to use zombies for sending spam. (The virus writters might be hard to catch, but the spammers that buy/rent zombies are much easier, and they are the source of the money.)
        All of these help a little bit, and there's a network effect with some of them. For example, mail admins a year ago had trouble installing virus filters because there were so many viruses loading down their servers. Now with other mailservers dropping the viruses quicker, it's easier to add the filters. There's also a network effect for the virus/worm writers. If its harder for them to get new zombies (and many of the zombies can't be used for spam), there's less profit motive to write the viruses to get the zombies.
    • Looked at another way: It's as bad as it's gonna get.
  • I believe it. (Score:5, Interesting)

    by BaldGhoti ( 265981 ) on Sunday March 27, 2005 @11:37AM (#12060225) Homepage
    I believe it. Over the last three years I've seen mail-based virus infections disappear. I don't think I've seen a mail-based virus infection in the last year at all.
    • Re:I believe it. (Score:3, Insightful)

      by 1u3hr ( 530656 )
      I believe it. Over the last three years I've seen mail-based virus infections disappear. I don't think I've seen a mail-based virus infection in the last year at all.

      I'm sure then that they're being filtered before you get them. I get at least two a day, about 10% of my spam. And the author of TFA's reasoning was that "From" spoofing will be impossible because of some new mail standards touted by IBM and others (was he shilling for them?). But if spoofing is impossible, (something I rather doubt) the viru

  • Peaked... (Score:5, Funny)

    by fidget42 ( 538823 ) on Sunday March 27, 2005 @11:38AM (#12060231)
    or just reached a saturation point? I suppose that "peaked" sounds better.
    • Comment removed based on user account deletion
    • "Saturation point" implies it isn't getting any worse because it just can't. Which ignores all the anti-virus measures people are taking, some of which are actually effective.

      One big change is that Microsoft has simply thrown away a lot of features that introduced security holes. For example, you used to be able to customize Windows folders by editing the hidden web page that controlled folder layout. A cool idea, but a nasty breeding ground for viruses, given the vulnerability of ActiveX web objects. Now

  • New Virus (Score:5, Funny)

    by Anonymous Coward on Sunday March 27, 2005 @11:38AM (#12060232)
    Smith pleaded guilty to creating Melissa -- which was named after a topless dancer he knew from Florida -- in 1999, and in 2002 was sentenced to serve 20 months in federal prison.
    I hear that now he is working on a new virus in prison called Bubba that will exploit a backdoor.
  • by jrl87 ( 669651 ) on Sunday March 27, 2005 @11:39AM (#12060236)
    just like my stock prices did ... then of course they fell. So, cutting my losses, I sold them. An what do you know, it turns out that they are even higher now.
  • by Darkon ( 206829 ) on Sunday March 27, 2005 @11:39AM (#12060238)


    Could it be that more users are employing protection against these worms now? Thanks to ClamAV [clamav.net] I never see any in my inbox now, but my log messages would suggest there are still plenty of clueless people out there propagating them.

    • I'm sure that's part of it - however it's not simply that end-users are employing more protection. Many companies and ISP's are putting antivirus scanners on their mail servers, which provides a basic level of protection for all of the users of their mail service. So even many of the clueless are getting antivirus scanning without even knowing about it.

      I have in fact seen a few viruses get past our ISP's filters only to get caught by the antivirus scanner on the PC - most likely because the ISP only scan
      • My ISP, Rogers, has teamed up with Yahoo to provide their mail services. Mind you, they still have POP and SMTP if you want it, but don't push that one Joe User. For them, they have Yahoo mail with built-in virus and spam protection, not to mention it's a little hard to get webmail to execute on your computer. Plus they get the added bonus of user lock-in, when people keep all their mail on the internet, and won't be able to access it if they change ISPs.
  • by Anonymous Coward on Sunday March 27, 2005 @11:39AM (#12060239)
    I think that perhaps they might have reached their peak for propigating via email. IMs, P2P, IRC... pleanty of other mediums to play in.
  • by NitroWolf ( 72977 ) on Sunday March 27, 2005 @11:42AM (#12060250)
    So the whole premise here is that mass mail viruses are peaked because they are slowly being devoured by the phishes... err phishers.

    While I suppose that's true to an extent, we are still a long way from providing an environment where the From header can not be (easily) spoofed. The article makes it sound like we are going to throw a switch any day now and all will be right in the world of SMTP.

    In short, I wouldn't say we've reached a peak necessarily, but perhaps more of a plateau. But even then, I think that might be wishful thinking.
    • we are still a long way from providing an environment where the From header can not be (easily) spoofed

      Perhaps you need to look into GPG signatures then. As long as no one gets a hold of my GPG private key, no one can send an email claiming to be me. Sure, anyone could send an email with my address in the From header, but if they don't sign it correctly (and they can't), the receiver should have little to no trust in that header.

      That's not to say GPG signing is full proof (public key distribution and u
      • by NitroWolf ( 72977 ) on Sunday March 27, 2005 @03:09PM (#12061276)
        Now, you can argue that we're still a long way from getting people from using methods to ensure email sources are valid, but techincally we can do it today with existing infastructure.

        I never said the technology wasn't there. I said: "we are still a long way from providing an environment where the From header can not be (easily) spoofed."

        The net is built on the foundation of open SMTP. Switching that entire foundation over to something else is a long, LONG way off. GPG signatures are probably the last thing on the list of viable alternatives. It may be the best, but it's still the last thing. It has to be implemented at the server level with exactly ZERO user intervention, otherwise it won't get done. GPG signatures are great for the geek, but they are totally useless to the population at large.

        They won't implement them, and even if they do, they will click "Ok" on insecure documents anyway.

        With your example, it would be very, very easy to send mail as you. So the signature check fails, so what? It just takes a 5 second look at a website where the HTTPS certificate fails and people click "So what, give me the content anyway." If you believe that won't happen with email, you are terribly mistaken.

        So no, GPG signatures are not even remotely a possible solution to the problem.
        • The advantage to using GPG signatures is that it doesn't require changing the existing SMTP/DNS/etc infastructure of the Internet, which as you said would be very difficult. The biggest impediment to using GPG to filter spam and other nasty emails is a lack of mindshare of the idea in the anti-spam community. If GPG signatures were pushed as the way to filter spam, it would get implemented in a variety of clients and people would quickly learn that passed signature was "good" and failed signature was "bad
          • I still am failing to see what this has to do with my assertation that GPG signatures are not the solution. It's 2005, and SSL / signed certs have been available on the web for years. People STILL don't pay attention to the warnings, even with rampant malware/spyware/etc... on the web.

            Yet, somehow, magically, you think people are going to pay attention to them in email. An environment that is even more esoteric than web pages to the average user.

            Yeah, I can see it now... Grandma Jones champing at the b
  • by Anonymous Coward on Sunday March 27, 2005 @11:43AM (#12060254)
    New versions of windows could change this. Vast untapped markets remain for Mac and Linux.
    • While I agree with the MAC Version (I would say 70% of mac users are even MORE clueless than Win/PC users, while the other 30% are pretty adept *nic converts) , I dont think many linux users, for the most part, all relative of course. ARE STUPID enough to actually open a worm supplied in an email , and then EXECUTE it !

      Perhaps I give too much credit to much to my Unix brothers but I doubt it.
  • instead.. (Score:2, Interesting)

    by 0xbeefcake ( 672592 )
    There are still plenty of chat-based worms such as the recent W32.Serflog.C [sarc.com] worm, which is quite unpleasant.
  • peaked.. (Score:2, Insightful)

    Peaked : The highest figure

    So.. how do we know it's peaked untill we see clear evidence in a year or twos time?
    • Re:peaked.. (Score:3, Informative)

      by Night Goat ( 18437 )
      From the article:
      "The good news now," he said, "is that what Melissa ushered in is finally waning. Mass-mailed worms and viruses reached their peak last year."
      It has peaked because the numbers are declining, from their peak last year. RTFA.
    • I may be marked a troll for this but...

      This is the IT industry. Since when has "evidence" been important? It's mostly been about hype and FUD. It's either someone is hyping the "Next Big Thing(TM)" or is talking FUD about competition or just stuff in general.

      Hype - Dot Com businesses. .NET Initiative. Single Sign-on (Passport). Year of the Linux Desktop. Mobile Internet (WAP).

      FUD in general - Mobile Phone Viruses (currently via Symbian powered devices). PDA Viruses (initiated by a crack to a Palm Gameboy
  • by G4from128k ( 686170 ) on Sunday March 27, 2005 @11:46AM (#12060270)
    Changes in the gross volumes of malware mail are irrelevant. As long as the mean time to infection (receipt of the latest malware) is on the order of or less than the mean time to patching, computers will have problems. Only when patching is much faster than malware spreading rates can we claim even partial victory.

    The other issue is the damage done by the malware. One especially dangerous piece of malware, mailed once to all susceptible machines, will be far more serious than more innocuous malware mailed thousands of times.

    Besides, I suspect that malware creators have turned their attentions to more nefarious activities such as phishing. Owning someone's bank account is more valuable than owning their PC or corrupting their harddrive.
    • Only when patching is much faster than malware spreading rates can we claim even partial victory.

      To hell with patching. Stop using stupid software.
      • To hell with patching. Stop using stupid software.

        You and I are in total agreement on that one. Sadly, 96% or so of everyone else disagrees.

        There's also the problem of stupid users, especially where emailed malware is concerned. All it takes is one idiot to open the attachment and all their friends get an "Cool game!" email from that infected person -- viruses are good at social engineering.
      • "To hell with patching. Stop using stupid software."

        Because, as we know, there's such a thing as perfect software that's entirely flaw free.

        Get real. Mac OS X, Linux, Windows - they all have major security holes, and they will continue to have security holes indefinately.

        Bugs aren't going away. Neither will patching.
  • They've reached their peak because there are no more computers remaining send them too. All computers are already getting them!
  • by zulux ( 112259 ) on Sunday March 27, 2005 @11:48AM (#12060282) Homepage Journal
    Greetings,

    To check for malware please click on the link.

    Check for SPYWARE [slashdot.org]

    Panda Antivirus Has Scanned This Post.
    There are no viruses.
  • Analogs to HIV? (Score:5, Insightful)

    by antifoidulus ( 807088 ) on Sunday March 27, 2005 @11:50AM (#12060294) Homepage Journal
    Probably the #1 reason that these viruses have peaked is because people protect themselves better. If they use windows they (usually, yes there will always be idiots) know not to click on random attachments, have filters, and regularly run a virus/spyware checker. Why? Probably because they got burned before or know someone who got burned.
    Kind of reminds me of how in the late 90's people thought HIV was declining in the US because the rate of new infections was dropping. But then people got complacent and started doing stupid shit again and now the virus is making a comeback in the US as the rate of new infections is increasing once again.
    Lesson learned: Somoeone is always trying to fuck you, so be vigilant with your protection.
  • by Anonymous Coward
    As noted in the article, criminals will turn to other methods.

    The thing about Melissa was that they were on to it before it spread very much.

    The next big thing might be very complex and dreamed up by a complete brain box. On the other hand, it might be very simple and we'll all ask why we didn't think of it. My favorite example of simple was the Viet Cong with their dung covered stakes vs the greatest power in the history of the world. We all know how that one turned out. What I'm saying is that just
    • "My favorite example of simple was the Viet Cong with their dung covered stakes vs the greatest power in the history of the world. We all know how that one turned out"

      You are forgetting that the Viet Cong was a branch of the USSR...the 2nd greatest power at the time. The USSR wanted to conquer and crush South Vietnam more than the US wanted to protect it from the invasion. Hence, South Vietnam's being the loser in the Vietnam War despite having a powerful ally.

    • "My favorite example of simple was the Viet Cong with their dung covered stakes vs the greatest power in the history of the world. We all know how that one turned out."


      Yeah, they "won" the war, and today their children work in Nike factories for pennies per hour making shoes for Americans. Imagine how much it would have sucked for Vietnam if they'd lost the war.

    • > My favorite example of simple was the Viet Cong with their dung
      > covered stakes vs the greatest power in the history of the world.
      > We all know how that one turned out.

      Let us not forget the Pentagon saying that they were winning the war because they had less reports of Viet Cong infiltration in villages. A cynical reporter pointed out that the Viet Cong were notorious in not informing the Pentagon when they had infiltrated villages.

      This report of the decline of posted worms is little

  • by AaronH ( 698451 ) on Sunday March 27, 2005 @11:54AM (#12060309)
    The problem with statements like these is that they take the name, worms, too literal. A computer virus or worm, although they behave very much like the real organisms, cannot be eradicated like a real virus or worm. To the casual reader you would think the email worms and viruses have been wiped out of existence like polio and small pox. It just isn't the same. Our immune system has a memory and protects itself. For some reason, programmers don't seem to have a memory. How else can you explain buffer overflows still being the number one cause of exploited systems? We all know it, but we just don't do anything about it.

    What is funny though is that if we put as much proactive effort and money into combating preventing electronic viruses and worms as we did with polio and small pox, we could probably truly eliminate these things. What people don't appreciate about the diseases that we have 'wiped out' is that there are teams of very dedicated people (like the CDC) that respond to every reported outbreak of one of these diseases. If we tracked down every computer worm and virus the way we handle Ebola, I think this would all come to an abrupt end.

    But that would but too many antivirus firms and the like out of business. And we can't have that...
  • anecdotally... (Score:3, Insightful)

    by kisrael ( 134664 ) * on Sunday March 27, 2005 @11:54AM (#12060310) Homepage
    I kind of like how Gmail's policy of "keep suspected spam 30 days, than discard" makes it pretty easy to gauge your spamrate...from this summer, it was above 14K, but now it's closer to 8.5K. I don't know how much of that comes from zombie nets, or if there's some other factor (since I own a few domains, and receive any email sent to them, sometimes I get waves of bounces when someone hijacks my domain name as a from address) but it does seem like spam ain't as bad as it used to be.
  • by Doc Ruby ( 173196 ) on Sunday March 27, 2005 @12:03PM (#12060357) Homepage Journal
    This guy says worms have peaked because they depend on spoofing the sender, and IBM has introduced some sender authentication tech. He made a good call on Melissa in 1999, but I don't see the rigor of this latest pronouncement. He assumes that people will use sender auth, which I don't - people don't even use free firewall SW like Zone Alarm. He also assumes that sender auth use will grow faster than the hosts on the Net, and that the worms' growth is entirely limited by the number of address books infected. Melissa only used the first 50 addresses - what if new worms use all the addresses? And with so many more people in addresses books, the exponential infection growth could easily surpass the exponential authentication growth. He might have had as much hope in widespread spam/virus filtering, which obviously hasn't stopped the tide from rising.

    Sender auth is a great help, but it's not enough. And complacency like that in which these researchers indulge is a greater enemy than insecure protocols. Security is an intractable, NP-complete problem, where the pickers are up against the locksmiths every day. Declaring the war over is a sure way to lose.
  • don't celebrate yet (Score:4, Interesting)

    by khallow ( 566160 ) on Sunday March 27, 2005 @12:09PM (#12060382)
    As I recall, there was some sort of weird competition [msn.com] going on last year. So was there a "peak" or just an unusually high level of virus creation efforts that could repeat itself in the not so distant future?
  • caterpillar (Score:2, Funny)

    by treebeard77 ( 68658 ) *
    does it bother anyone else that the /. "icon" for worm stories is actually a caterpillar. I'll go back to picking my nits.
  • Peaked LAST YEAR (Score:4, Informative)

    by hugesmile ( 587771 ) on Sunday March 27, 2005 @12:13PM (#12060392)
    From the sensationalized Slashdot blurb: Today, the researcher who led authorities to the hacker who wrote Melissa, says that mass-mailed worms have reached their peak."

    From TFA: "The good news now," he said, "is that what Melissa ushered in is finally waning. Mass-mailed worms and viruses reached their peak last year."

    I think the blurb is a little misleading. The blurb should have said that the peak was last year and we are on the decline.

  • by gmuslera ( 3436 ) on Sunday March 27, 2005 @12:15PM (#12060404) Homepage Journal
    ... is still not solved, i.e. how trivial is for unaware users to launch a mail attachment, or how integrated is the html engine in the mail renderer that enables automatic or so launching of attachments. Ok, the main culprits here are Microsoft, and in particular Internet Explorer and Outlook, mail based worms are hard to be found for other plataforms or even mail clients, but the end users play an important role too.

    To be honest, i dont receive in my gmail account mail worms, but that is because gmail executable attachment filtering. But in a server i administer there are a constant flow of mail worms (that dont impact end users thank to anomy sanitizer [anomy.net] and ClamAV [clamav.net]) but the biggest part of them are not for especific individuals but for randomgeneratedname@mydomain.com, almost none hits a real account. Not sure what or how many worms of this kind are, but a few infected people generates a lot of mail traffic this way.

    • by dmaxwell ( 43234 ) on Sunday March 27, 2005 @01:29PM (#12060765)
      Well over 90% of what a ClamAV filter I administer catches is variants of HTML.Phishing.Bank. This seems to agree with the other posters who say that attention has shifted from 0wning machines to 0wning bank accounts. Netsky consistently comes in a poor second.
  • Even if it was possible to say anything has peaked while standing on the peak, I doubt this is true. I wish it was, but just wait until the next major hole in Outlook is found. More users. More windows boxes. More malware.
  • Mass mailed worms? (Score:2, Interesting)

    by pjbgravely ( 751384 )
    I thought that the definition of worms [bsu.edu] made them diffrent from viruses in that they don't need to pick up a ride on a file, they can come on there own. Maybe this is just another public misconception, like when people call crackers, hackers. We all should know that a statement like "I caught a worm from an email sent by a hacker" makes no sense at all.
    • Yep, you're right.

      A worm does not require human intervention to run, infect or replicate itself. Worms are most commonly seen infecting vulnerable services via open ports and then automatically scanning for more machines to infect. Again, worms do not require human intervention.

      The email "worms" or "viruses" are actually trojans.

      People think the trojan is a screensaver or picture or whatever, they click on it and it installs itself, then it sends copies of itself to other machines.

      A virus resides in mem
  • by flakac ( 307921 ) on Sunday March 27, 2005 @12:44PM (#12060566)
    I think the decline can be attributed to a few factors:

    1. Increased use of SPAM and virus filters on email, esp. at the provider level
    2. It's no longer really a challenge to write email worms, etc. So the only people writing them are the ones trying to work for spammers

    The new threat is going to be in viruses written for mobile phones with ever increasing OS capabilities, memory and CPU power. I'm not an anti-MS bigot, but I don't really want any version of windows at all on any mobile device that I store confidential info on. As more and more phones keep coming out that support advanced OS', you can expect more and more viruses for these devices.
  • Yes but, (Score:3, Informative)

    by Tribbin ( 565963 ) on Sunday March 27, 2005 @12:44PM (#12060567) Homepage
    On a graph that is increasingly climbing, today is always the peak.
  • Of course they peaked. After Slammer, mail is just way too slow.
    The next generation worms are spreading much faster than mail could ever allow, and will continue to pick up speed. I've done some research and a publication [web] more than a year ago on just how fast these beasts could be.

    Mail. Pah. Malware authors move with the time, too.
  • Now I can caclulate the *EXTACT* percentage of morons using the Internet.. being that anyone with a quarter of a brain knows not to open such stuff (or fixes it within a short time if they happened toopen something).. this "max" should give you a pretty good statistic of the clue-free using the internet.
  • While gathering such statistical data keeps someone employed and quite busy at that, it doesn't help to remedy the situation.

    Take for example the rise of free email services (ie. Hotmail, Yahoo!, etc) some years back: They were known to sell off email address in order to cover some operating costs. This was confirmed by researchers who created accounts on various systems (not limited to Hotmail or Yahoo!), and didn't disclose their address to anyone. Several weeks later, SPAM started appearing in their
    • Truly, this is the Post of the Beast. Behold the spelling! Behold the derogatories! And most sickly of all - the olde, olde, "M$" gag!

      Now watch, as this post shall slowly be moderated underground to the cheers of Slashdotians everywhere ...

      (Parent is actually quite funny, if you're into that sort of thing. "The rest is history"? But it only happened a couple of years ago! And "SPAM"? Geeks should know better ...)
  • Mass-mailed worms have reached a peak, so we're now just dealing with tons of the junk, and not increasing tons of the junk! Hmpf... I still wish there was some miracle cure for this that didn't negatively impact your own mail usage too much. :-/

    Electric shocks for people double clicking on attachements to blacklisted messages? :-)
  • ...Kuo also made a call to deal with the underlying problem that allows e-mail to serve as an attack vector for hackers and thieves.

    "The mechanism of mass-mailing viruses relies on spoofing the From: address, and that aspect has been taken over by the phishers. This spoofing is the singular point for mass-mailing viruses and worms, for spam, for all phishing attacks.


    For phishing attacks: maybe. For everything else: no. Once you have a process running with user privileges, you can impersonate that user w
  • In a recent interview, he says that he has not seen a single email virus for at least 3 years.....

  • "Six years ago, on March 26, 1999, Melissa, the first virus that spread by mailing copies of itself to e-mail addresses it found on infected machines, swept the Internet."

    Pshaw, Good Times had been doing that since 1994! Now there was a horror to behold! Back in the day, we all had to incinerate our computers whenever we got an email with the words "Good Times" in the subject! And even that wasn't enough sometimes!
  • ... months, certainly, years perhaps.

    My ISPs believe, correctly, that I don't wish to receive any emailed viruses, and throw them away for me. (Yep, there are even Linux server-side detectors for Windows viruses.)

    Now, if only I could get them to do the same for spam ...
  • When designing and coding software, it is extremely important to separate data that is produced internally in the program from data that comes from outside.

    Your program has control over data it produces internally. But there is no such control over data coming in from outside. User input, for example, can never be trusted, and must be verified for conformance to the requirements of your algorithms before it is used. Data coming in over the network is even worse... Not only does it come from outside of your

  • I forgot that there were such things as viruses, malware, etc. My Mac has never had an issue with them. In 1999 I was having fun while the rest of the world was worried about something called "Y2K"... hmmm... [/sarcasm]

    If anything, I've been helping more and more people rid their computers of viruses/malware that two years ago.

  • a pessimist says: it can't be any worse than that.
    an optimist replies: no, it will be, it will be.

  • that virus writers have turned to more lucrative malware such as phishing, working with organized crime, etc.

    As Don Rickles used to say, "What? That's better?"

    I suspect that Microsoft will now attempt to use this fact (if it is a fact) to say, "See? Our security is better now!"

    Bullshit.

Heard that the next Space Shuttle is supposed to carry several Guernsey cows? It's gonna be the herd shot 'round the world.

Working...