Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Mail Worms Gang War?

CmdrTaco posted more than 10 years ago | from the that-makes-sense dept.

Security 609

cuzality writes "The media is now beginning to suggest that this recent onslaught of new viruses (with new versions of major-impact viruses being found daily) the result of a virus gang turf war, kinda like the India/Pakistan virus conflict, in which official Pakistani sites were savaged by such infamous groups as Indian Snakes and Indian Hackers Club. The gangs are shooting fast and loose: variations of the big ones are being discovered daily (as of March 4, we are up to MyDoom.H, Netsky.F, and Beagle.K), and in the space of three hours on Wednesday morning, five variants of these three were first discovered. Typically these viruses (or more correctly, worms) do little damage to the infected computer, intent mostly on spreading far and wide, and sometimes inflicting DoS on some poor evil empire."

cancel ×

609 comments

Sorry! There are no comments related to the filter you selected.

first? (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8466800)

nah.....couldn't be

FP (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8466803)

FPFPFPFPFPFPF

Re:FP (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8466819)

you fail it! i'd like to shit in your cereal.

fp (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#8466804)

FP

Gang War (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8466805)

= Johnny Thunders + Wayne Kramer

well... (5, Funny)

Savatte (111615) | more than 10 years ago | (#8466806)

Since Microsoft is in Seattle, this could be a real West Side Story.

How is this an "ask slashdot"? (4, Insightful)

epsalon (518482) | more than 10 years ago | (#8466809)

Where's the question?

Re:How is this an "ask slashdot"? (5, Funny)

FrostedWheat (172733) | more than 10 years ago | (#8466884)

Where's the question?

Dunno, but the answer's 42.

Re:How is this an "ask slashdot"? (1)

WormholeFiend (674934) | more than 10 years ago | (#8466942)

JINX!

Re:How is this an "ask slashdot"? (0)

Anonymous Coward | more than 10 years ago | (#8466887)

Must have been a mistake

Re:How is this an "ask slashdot"? (-1, Redundant)

WormholeFiend (674934) | more than 10 years ago | (#8466905)

The answer is 42.

Insightful? (1)

crawdaddy (344241) | more than 10 years ago | (#8466907)

Pffft...it's in the subject. Sheesh...I've heard of people replying before reading articles, but replying before reading the parent?

Re:Insightful? (2, Insightful)

dinivin (444905) | more than 10 years ago | (#8467010)

Except that the subject isn't a grammatically correct question. Hell, it's not even a grammatically correct statement.

Dinivin

Re:How is this an "ask slashdot"? (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#8467084)

1) Slashdot users don't RTFA
2) Slashdot moderators don't RTFA
3) ...
4) Slashdot effect!

If this is not the first post... (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8466810)

I will shave my genitals with lyme.

As always, links to pictures and videos will be posted!

Re:If this is not the first post... (-1, Offtopic)

nicedream (4923) | more than 10 years ago | (#8466852)

That's gonna be pretty painful!

I would like to point out... (5, Informative)

chrisopherpace (756918) | more than 10 years ago | (#8466814)

MyDoom.F does destroy word, excel, access, jpg, and other files.
SARC [sarc.com]
This was a major headache for me the past few weeks. Backup tapes suck. Worms suck harder.

Re:I would like to point out... (4, Insightful)

captainstupid (247628) | more than 10 years ago | (#8466895)

Yeah, the article poster mentioned that they did "little damage". I don't think destroying .sav files with 95% probability on local and remote drives constitutes little damage.

Re:I would like to point out... (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8466976)

And your mother sucks the hardest!

Re:I would like to point out... (4, Funny)

tcd004 (134130) | more than 10 years ago | (#8467049)

My god! Look what it did to my website! [lostbrain.com]

Tcd004

Won't be over soon, either (5, Funny)

Matey-O (518004) | more than 10 years ago | (#8466816)

"Plenty of letters left in the alphabet" - J. L. Picard

Re:Won't be over soon, either (1)

pilgrim23 (716938) | more than 10 years ago | (#8467055)

Oh so THAT is what all those letters were that my Mac's junk filter dumped. I assumed they were all offical Microsoft advertisements...

oops (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#8466821)

hehe

and the question is...? (-1, Redundant)

blue_adept (40915) | more than 10 years ago | (#8466824)

what's the question?

Turf? (1)

CrazyClimber (469251) | more than 10 years ago | (#8466825)

How is my computer their turf? I can understand competition, but turf war? Lame.

Re:Turf? (5, Informative)

glen604 (750214) | more than 10 years ago | (#8466864)

since some of these viruses involve opening back doors, it's a turf war in the sense of who owns more zombie computers, I guess.

Re:Turf? (2, Interesting)

Volmarias (705460) | more than 10 years ago | (#8466935)

How is my computer their turf?

If you have to ask a question like that, a better one might be "How ISN'T my computer their turf?" Here's a tip: If you suddenly find all of your ports open, you may want to consider running a virus scanner. :)

Re:Turf? (1, Funny)

Anonymous Coward | more than 10 years ago | (#8466955)

Think of your WinBlows as your house with all doors locked, but with all Windows (too funny)opened. Pretty pointless and very tempting target.

I could not resists...

Your friendly non-WinBlows user.

so, where's the question? (0)

Anonymous Coward | more than 10 years ago | (#8466828)

why exactly is this posted as an "ask slashdot" when there isn't even a question posed in the submission?

It was bound to happen... (5, Insightful)

Pig Hogger (10379) | more than 10 years ago | (#8466829)

It was bound to happen, given that more and more worms are written for criminal spammers. And since spammers AND criminals are stupid, they will fight each others.

And your question is... (0, Troll)

saderax (718814) | more than 10 years ago | (#8466830)

For an ask slashdot article, i saw no questions... just a list of vague statements that could maybe comprise a rumor...

The Sharks and The Jets... (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8466831)

...are just a bunch of script kiddie punks.

Re:The Sharks and The Jets... (1)

carolchi (129848) | more than 10 years ago | (#8466869)

I'd rather they stuck to breaking my wing mirrors and slashing tyres. The damage islimited, and the insurance company pays...

tyres? (0)

Anonymous Coward | more than 10 years ago | (#8466984)

What are you, the fucking King of England?

Re:The Sharks and The Jets... (0)

Anonymous Coward | more than 10 years ago | (#8467008)

What is a wing mirror?

First Message! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8466836)

Ah Yeah!!

Yeah, it's a gang war alright... (5, Insightful)

oldosadmin (759103) | more than 10 years ago | (#8466844)

and the bullets are the stupidity of most windows users. No matter how much we tell people "don't open attachments unless you know the person!" they still won't listen.

I mean, seriously, how hard is it to write malicious code if you can get the person to run any program. Heck, here's my virus:
@echo off

c:\windows\command\deltree /y c:\windows
@echo You've been 0wn3d!


This is NOT hacking... it's taking advantage of stupid people...

How is this a troll post? (0)

Anonymous Coward | more than 10 years ago | (#8466876)

nt

Re:Yeah, it's a gang war alright... (5, Interesting)

TCaptain (115352) | more than 10 years ago | (#8467017)

you're not kidding.

At my office, we are using a non-standard email client that doesn't allow execution of code in any way and we still got nailed.

why?

The moron in the next cubicle (a PROGRAMMER no less) did this:

1) viewed the email (after receiving 5 memos specifically saying to just delete it)
2) clicked on the attachment
3) selected save as
4) opened up explorer, went LOOKING for the attachement
5) executed it by doubleclicking.

I mean seriously! his defense when confronted?
"Well I wasn't sure...so...hum...we'll I wouldn't have done that at home!"

I wanted to beat the crap out of him...

FP (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8466848)

f1r5t p05t!!!!!

Poor evil empire (4, Funny)

NetDanzr (619387) | more than 10 years ago | (#8466851)

"...intent mostly on spreading far and wide, and sometimes inflicting DoS on some poor evil empire."

Actually, the evil empire isn't all that poor; it's got several billion dollard in cash. And the poor wannabe empire isn't poor either; apparently it got a $86 million cash injection [slashdot.org] , thanks to the evil empire.

Warnings... (5, Informative)

ackthpt (218170) | more than 10 years ago | (#8466853)

I'm getting some forged emails lately, badly forged at that, which look like they're coming from my ISP, "warning viruses being sent from your account", "warning immenent suspension", etc. They have a pif file atteched (which I never open) and have been coming from .lt or .gr servers (my ISP would not likely be using these.) Looks to me like another brand of worm on the rounds and there's a morbid sense of humor behind it.

Re:Warnings... (5, Funny)

Dave2 Wickham (600202) | more than 10 years ago | (#8466949)

You mean like...
Dear user of "Co.uk" mailing system,

We warn you about some attacks on your e-mail account. Your computer may
contain viruses, in order to keep your computer and e-mail account safe,
please, follow the instructions.

Further details can be obtained from attached file.

Cheers,
The Co.uk team http://www.co.uk
?

Re:Warnings... (5, Informative)

Hayzeus (596826) | more than 10 years ago | (#8466951)

I doubt humor is involved -- the point is to get people to open the zip and run the archived file -- which you have to go to some trouble to do, given that the zip is password protected (to get by email scanners). I've had a couple of users here contact me about these, but nobody has run them yet. Of course I only have a few users, most reasonably clueful. This would probably suck for larger outfits.

Re:Warnings... (1)

cubic6 (650758) | more than 10 years ago | (#8467043)

That worm's running rampant on our campus email system, thanks mostly to the campus mailing lists. One person on the list gets it, and suddenly there's 10 in everybody's inbox. Proof that you really don't need a brain to get into college...

Re:Warnings... (1)

porkUpine (623110) | more than 10 years ago | (#8467059)

Simple solution... Block all password protected zip files. If we can't see what's inside and scan it, we block it. Now I just have to deal with 2000 users asking "why did I get this?" and "I don't know who these people are".

Re:Warnings... (0)

smu johnson (309071) | more than 10 years ago | (#8467029)

> ...They have a pif file atteched (which I never open) and have been coming from .lt or .gr servers (my ISP would not likely be using these.) ...Windows 3.1 viruses :)

Re:Warnings... (0)

Anonymous Coward | more than 10 years ago | (#8467075)

Am getting similar mails from my Univ's mailing lists.

So does not seem to be an isolated phenomenon.

"some poor evil empire..." (1)

big_knuckles (754446) | more than 10 years ago | (#8466854)

is getting gangbanged. sux.

Re:"some poor evil empire..." (3, Funny)

ackthpt (218170) | more than 10 years ago | (#8466915)

is getting gangbanged. sux.

Yeah, but they've been secretly building their own Deathstar, which is hidden behind the Moon, for years now. I'm not so worried about the Evil Empire using it as when it gets 0wn3d.

Re:"some poor evil empire..." (1, Funny)

Anonymous Coward | more than 10 years ago | (#8466920)

SCO?

the reason being (0)

Anonymous Coward | more than 10 years ago | (#8466855)

these worms are made by sociopathic 'cool' 15yr olds who've learned BASIC and think they're the bee's knees because they've got a fast CPU. Truly pathetic, with the same social dynamics as street gangs. The real world is spilling into the 'virtual world'.

Re:the reason being (1)

Professr3 (670356) | more than 10 years ago | (#8467074)

I actually wrote several polymorphic viruses in QBasic (not stupid enough to release them though, but they did eat one of my computers by accident once) The problem with BASIC is it's hard to get any good infection rate when the only reproduction method involves floppy disks...

Ah, the power of /. spelling! (4, Interesting)

Daniel Dvorkin (106857) | more than 10 years ago | (#8466860)

From the article:

Most of the comments tucked inside the latest bugs are brief, unprintable and poorly spelled. "Bagle -- you are a looser!!!" opined the author of the sixth version of Netsky.

Hmmm, where have I seen that misspelling before? Let me think ...

latest breed (4, Informative)

A moron (37050) | more than 10 years ago | (#8466870)

What's interesting/annoying is that the latest variants of the Bagle/Beagle virus use password protected encrtypted zip attachments which has caught quite a few mail gateways and virus companies off guard. Our mail gateway (mailscanner/f-prot/spamassassin) was unable to deal with the encrypted zip attachments and passed them on through.

The virus companies better hurry the heck up and come up with a solution. (Looks like ClamAV and Sophos have already done so.)

Re:latest breed (1)

geoffspear (692508) | more than 10 years ago | (#8466947)

Anyone want to bet on how long it takes a major ISP to ban its users from using any encryption because of this?

Re:latest breed (1)

cubic6 (650758) | more than 10 years ago | (#8467082)

More likely they'll ban people from sending ZIP files. Of course, then the worms will just have a "rename attachment to .zip" step, but that's the way it goes.

Re:latest breed (5, Funny)

leifm (641850) | more than 10 years ago | (#8467007)

Yeah we apparently got that. Seems a bit odd to me that a worm can propagate when you have to enter a key to run it, for god's sake that's like getting a grenade in the mail with a note saying 'Pull this pin and hold'.

Re:latest breed (3, Funny)

gregarican (694358) | more than 10 years ago | (#8467066)

My company's mail server is running Norton Antivirus Corporate Edition. Although it couldn't scan the password-protected (hence encrypted) ZIP attachments of the latest Beagle variant it did report these failures as errors and quarrantined the attachments as a result. Thank God.

What's pitiful is how the AV service automatically updates its virus definitions daily. But at the rate these variants are coming out I am manually updating in the middle of the workday as well. I almost get misty eyed back when Microsoft-based threats were just relatively minor nuisances like Word macro viruses!

The mind of a Kiddie? (2, Insightful)

Cpl Laque (512294) | more than 10 years ago | (#8466871)

I always wondered what motivated these people. Is it as simple as recognition? Its not like they can tell anybody it was they who did it. Really it isn't even "neat" on a technical scale. So they don't do it for a challege. They don't do for noteriety. They just do it to cause trouble.
Seems like the internet version of the street vandalizer has come to pass. Sad really.

Re:The mind of a Kiddie? (1)

Professr3 (670356) | more than 10 years ago | (#8467000)

I have written several viruses (not released into the wild), and the reason I did was because it was an act of creation. If you ever build something, and watch it go out on its own and do things, you'd know that it feels good, sort of like being a parent. The feeling of having created something is quite intense. Now, on the other hand, for kiddies the motivation is recognition/bragging rights, plain and simple. For a real virus writer/artist, the goals are much more altruistic.

Wild, wild west (5, Insightful)

Rick the Red (307103) | more than 10 years ago | (#8466872)

In the late 1800's in the American west there was a boom in illegal activities (Billy the Kid, Butch and Sundance, etc.). The citizenry had enough and banded together (i.e., paid taxes) to fight back (i.e., hired police). Cyberspace is in the equivalent of the late 1800's in terms of working out who controls what. Now we, the citizenry, must decide if we want to hire the Pinkertons or establish a proper police force. Just remember, the Pinkertons were often as dirty-dealing as the crooks they were after, and the Sheriff was usually a former badguy with a badge.

Re:Wild, wild west (2, Insightful)

chrisopherpace (756918) | more than 10 years ago | (#8466956)

I don't have a link, but crime rates in the "wild west" are actually lower than most cities in the U.S. It was that small feature of everyone having a gun ;)

Re:Wild, wild west (1)

Eberlin (570874) | more than 10 years ago | (#8467073)

I've prepared a handout for a "Basic Computer Security for Home Users" class using the same analogy. The Internet is at its "Wild West" stage where pie-in-the-sky meets desperados and we're not exactly sure how to enforce laws (our sheriff supposedly has no jurisdiction over another country).

Them 'puter users should be more skeptical because you have pickpockets, safecrackers, and train robbers around.

Re:Wild, wild west (1)

Unoti (731964) | more than 10 years ago | (#8467080)

I hope we don't make a new digital version of The Patriot Act.

Of course these viruses are for posturing (4, Insightful)

krog (25663) | more than 10 years ago | (#8466878)

The only reason anyone writes a virus these days is to do it. Even when there's an added payload (like a DDOS to www.sco.com), the virus is out there solely to be out there. The fact that it's due to rivaling gangs makes perfect sense.

If someone were to write a truly destructive virus (you open it, it sends itself to everyone in your inbox, then promptly writes random data over your hard drive) then we'd really see people start to take viruses seriously.

Even the most "destructive" viruses in recent history have wimped out in some way -- just consider Michelangelo, which was hard-coded to become destructive at a much later date, long after it would be discovered and patches written.

Re:Of course these viruses are for posturing (1)

Volmarias (705460) | more than 10 years ago | (#8467060)

Mod parent up.

The boot sector on most computers usually ends up being Very Well Protected, but I doubt that the rest of the system is quite so lucky. Besides, all someone needs to do is hit priviledged mode on the processor, and you may well end up to see "j00 |-|@\/3 833|\| 0\/\/|\|3D" repeat endlessly across your machine on start up.

Virus gangs (5, Funny)

Zangief (461457) | more than 10 years ago | (#8466879)

...kinda like the India/Pakistan virus conflict, in which official Pakistani sites were savaged by such infamous groups as Indian Snakes and Indian Hackers Club...

Seems like virus writers also got oursourced to India!!

I Was Just Thinking A Few Days Ago... (0)

Anonymous Coward | more than 10 years ago | (#8466880)

...about how boring the MS virus nightmare stories had become.

Remeber folks, MS's virus fiasco is only because 'teh is most poplar'

The Real Question is (0)

Anonymous Coward | more than 10 years ago | (#8466886)

[Does] Microsoft mail worms gang war?

Similar to:

Do you email me spams?

Maybe...maybe not (5, Insightful)

FunWithHeadlines (644929) | more than 10 years ago | (#8466896)

Remember the first MyDoom variant had programmer comments in them and people were speculating that it was an attack on SCO because of the DDoS that was set in motion. Later we found out more details and it seemed that the DDoS was just the misdirect designed to fool the media. It worked, and all the media stories faithfully reported the SCO angle. But the real purpose of MyDoom is to create zombie machines for spamming. That angle was mostly overlooked, but is the most important part of the story. Investigation seemed to point to Russia as an origin point, and possibly organized crime behind it all.

With that in mind, those programmer comments being reported now, although they do seem to show a gang war, may just be more misdirection and once again the media fell for it. If it really is the spammers behind it all, and criminal elements doing it (yeah, I know, "spammers" and "criminal elements" are redundant), this gang war idea may just be more cover.

Meanwhile there are millions of zombie Windows boxes around the world with clueless owners not realizing they are 0wn3d. That's the real story the media should be following up on.

little damage (2, Interesting)

stonebeat.org (562495) | more than 10 years ago | (#8466897)

Typically these viruses (or more correctly, worms) do little damage to the infected computer,
maybe little damage to the computer itself, but they definitely cost a company in terms of IT support calls, and loss productivity. Even though this cost is not easy to measure, but is certainly not a small amount.

Is anyone else seeing this and thinking (5, Insightful)

Anonymous Coward | more than 10 years ago | (#8466900)

Of Neal Stephenson's thing about how in the future when you go outside you'll have to breathe through a hankerchief, a la 19th-century london, because the air will be filled with millions of malicious nanobots, and millions of helpful nanobots neatly neutralizing the malicious ones, and millions of meta-malicious nanobots that only exist to disable the neutralizers... just one big no-net-effect hacker arms race.

I wonder how long it will be and how much futher adoption of windows server operating systems we'll have to see before internet traffic starts to look like that.

So move to a better neighborhood (4, Insightful)

Daniel Dvorkin (106857) | more than 10 years ago | (#8466902)

If being the victim of a Microsoft worm is like being caught in the crossfire of a gang war, there's a simple solution: stay out of the line of fire. If you had a choice between one house in a safe neighborhood, and another house of roughly the same price in a neighborhood where bullets from the local crack dealers were coming through your walls at three in the morning, where would you choose to live?

Re:So move to a better neighborhood (1)

scumbucket (680352) | more than 10 years ago | (#8466967)

Agreed. I recently switched to a Linux box running sendmail. Sendmail took a while for me to configure but now that it's up an running smoothly I don't have to worry about MS-directed worms.

I'm longer caught in the crossfire and that suits me just fine.....

Re:So move to a better neighborhood (2, Insightful)

Anonymous Coward | more than 10 years ago | (#8466970)

Well, pookie-kins, it's not always possible to move to a better neighborhood. Moving to a better neighborhood costs money, as does the higher rent one would pay in the aforementioned 'better neighborhood'.

What, you think people in the ghetto *want* to live there?

Re:So move to a better neighborhood (1, Funny)

Anonymous Coward | more than 10 years ago | (#8467003)

So you're saying I should move to Mars?

Too many patches (2, Flamebait)

superpulpsicle (533373) | more than 10 years ago | (#8466927)

This commercial IT market is becoming too patch-dependent.

Can anyone make products out-of-the-box any more? Viruses need daily patch updates. The OS need daily patch updates. This is ridiculous.

Re:Too many patches (0, Offtopic)

System.out.println() (755533) | more than 10 years ago | (#8467064)

Can anyone make products out-of-the-box any more?

<insert Apple reference here>

Viruses? (4, Insightful)

ThisIsFred (705426) | more than 10 years ago | (#8466929)

Are these really viruses? Only two are actually mass-mailing worms that don't rely on Outlook's address book to send themselves. All of them rely on the user to open and run the malware program. Some of the MyDoom variants I'm seeing don't even make a feeble attempt at social engeering. Apparently most users are just downloading and executing attachments without even thinking. This despite all the warnings and hype surrounding e-mail containing "viruses".

Imagine if e-mail was just plain old ASCII text with no attachment support. *sigh*

Virus Activity (5, Interesting)

Eberlin (570874) | more than 10 years ago | (#8466931)

Wouldn't this much virus activity raise the chances of being caught? Pride has been the downfall of a great many "1337 d00dz" who can't seem to avoid bragging about their 5|i77z. Then again, if you did stage such acts, it does nothing for your ego unless people know you did so.

These are not your stealth haxorz, these are the works of script kiddies. But of course everyone here already knew that.

Re:Virus Activity (1)

LostCluster (625375) | more than 10 years ago | (#8467083)

It seems like there are a lot of script-kiddie level virus writers who can't find their own security hole, but are glad to copy Virus.A's homework to release Virus.B through Virus.Z...

oh great (2, Funny)

Anonymous Coward | more than 10 years ago | (#8466933)

all your computers are belong to us, no US, NO US, NONO US!!!

Damn virii (2, Insightful)

Epyn (589398) | more than 10 years ago | (#8466948)

Well, what are you sposed to do, when you've got thousands of users doing menial stuff all day long, and the people who have to deal with this crap arent the people who can implement change? I fix virus infected machines at the state all day, but that doesnt mean i can just call someone up and ask them to block .bat files at the server, or kill msn messenger ports. They just don't care, because they have 'bigger' concerns.

blah blah blah (1)

tomstdenis (446163) | more than 10 years ago | (#8466972)

I run Gentoo linux with Mozilla. If I do ever catch some lamo win32 virus I'll bow down in respect to the master who figures that out.

Tom

Gangs have names (2, Interesting)

Jotaigna (749859) | more than 10 years ago | (#8466973)

The Pakistany/Indian conflict is well determined as clubs have names.
Besides the "sorry but i had to" message in one of the MyDoom variants, no one has claimed authory on this "gang" attacks to evil empires. As far as we know it could be a single programmer with lots of free time and a bad temper.
Maybe is many ppl, but they are merely common intrested in a visible evil empire rather than a gang.

Server-side filters? (4, Interesting)

Dominic_Mazzoni (125164) | more than 10 years ago | (#8466992)

Can anyone recommend a good server-side tool to block viruses and worms? I'm using procmail now with a bunch of handwritten rules, and they work well on a bunch of older viruses, but there are so many new variations now that I can't keep up! On the client side, Bayesian filters (in Mozilla Mail and Apple Mail.app, for example) work reasonably well with spam, but they have a harder time with viruses and worms. It's also more annoying because viruses and worms are so large (30k or 100k, typically) and my local mail client has to download the entire message before filtering it out.

Note that I don't want to just block all messages containing attachments with certain extensions. There are many legitimate reasons for someone to send me a zip file as an attachment.

norton.. (1)

SQLz (564901) | more than 10 years ago | (#8467013)

Typically these viruses (or more correctly, worms) do little damage to the infected computer, intent mostly on spreading far and wide, and sometimes inflicting DoS on some poor evil empire.

Damn, the guys at Norton have been busy lately. They should get paid more for all this overtime.

What's more likely... (4, Interesting)

Kyouryuu (685884) | more than 10 years ago | (#8467020)

What I think is more likely is that some spam mail company is commissioning virus writers to create these worms in order to spread their operations. Sobig's objective, after all, seemed to be based on setting up infected machines as peer-to-peer drones for use by the author. It is a logical extension of the "monolithic" approach I'm certain most spammers follow of having several powerful computers running at all hours of the day, consuming electricity, bought and maintained, stashed away in a basement. Why not take advantage of a peer-to-peer system and infect the computers of careless Internet users and exploit their ignorance to become spam drones?

That's where I think this is all ultimately headed. The spammers are in bed with the virus writers, who have taken the penis enlargement pills as commission. :P

Instead of a pissing contest (5, Insightful)

spidergoat2 (715962) | more than 10 years ago | (#8467027)

Why don't these "hackers" use their skills to do something productive. With the time and effort they're putting into this programming, they probably could have written some utility software that would have earned them bags of money. But where's the fun in that.

Re:Instead of a pissing contest (1)

stratjakt (596332) | more than 10 years ago | (#8467078)

They really don't have any skills.

The "viruses", more appropriately called trojans or worms, are just simple visual basic scripts which spread by way of clueless users running them.

Their skills are limited to, at best, an intermediate understanding of Visual Basic.

Why are there no linux worms? bash, perl, python, et al are all too hard for them.

What good are the top 10 lists? (4, Insightful)

LostCluster (625375) | more than 10 years ago | (#8467038)

TechTV's The Screen Savers last night suggested that one of the motivations of competitive virus writers is because the anti-virus companies put out rank-order lists such as the one shown on SARC's homepage [sarc.com] . Maybe those lists should be discontinued to at least knock down some of the motivation?

Terrible coverage by media (2, Insightful)

lotus87 (620338) | more than 10 years ago | (#8467047)


The coverage by the media on these viruses is just outright terrible. There's always the assumption that all users are affected, when in reality a number of users are completely unaffacted by these viruses (reduced internet bandwidth aside). The growing number of Linux, MacOS X, BSD, and various other unix-based flavors are largely unaffected by these attacks. Furthermore, those Windows users who keep up with patches & fixes and use firewalls are also largely unaffacted.

This piece by MSNBC is a prime example that never once clarifies that some people may not even be affected by these viruses.

For the "cyber" reporters out there: get a clue and portray more than one perspective.

"Microsoft" mail worms? (4, Insightful)

Temporal (96070) | more than 10 years ago | (#8467052)

Did Microsoft create them? No.

Do they exploit any vulnerability that Microsoft is responsible for creating? No. (They spread by tricking users into running the attached executables.)

I know it's fun to pretend that everything bad is Microsoft's fault (and I'm no fan of Microsoft myself), but come on... how does it make any sense to prefix something with "Microsoft" when Microsoft had absolutely nothing to do with it? What's next? "Microsoft OpenSSL vulnerability discovered"? "Microsoft recording industry sues 12-year-old kid"? "Microsoft PATRIOT act renewed"? "Hacker charged with violating the Microsoft DMCA"?

There is only one solution to the virus problem: (1, Insightful)

That's Unpossible! (722232) | more than 10 years ago | (#8467054)

Class action lawsuits. Hear me out.

This virus mess could be solved very rapidly: Anyone that provides internet service needs to monitor outgoing port 25 connections, and do attachment scanning. You don't even need to scan the attachments for viruses. Just look for all Windows executable file extensions (including inside .zip files), and if you find one, you quarantine your likely-infected customer so that the only webpage they can see is one served from your network explaining that they are infected. Until they take steps to clean their machines, you quarantine all outgoing traffic on their connection.

This is drastic, but unavoidable. The people that are causing these viruses to spread are (by and large) too ignorant to ever keep their machines disinfected by themselves, unless forced to. The only people that can force them to do this are the ones providing them with internet service.

Now back to the lawsuits. The ONLY way you are ever going to get the ISP's to spend money to implement this filtering/quarantine is if you sue them for allowing their infected customers to cause harm to your business. A class action lawsuit against ISP's on behalf of people doing business on the internet.

Care to join me?

People Love Drama (3, Insightful)

ch-chuck (9622) | more than 10 years ago | (#8467056)

If evil didn't exist, humans would have to invent it. Face it, computers are boring, but "Rival Hacker Gangs Virus Turf War" is the lifeblood of pop media newstertainment.

Here are some more down to earth email worms [dakotablueworms.com] .

On goes the war... (0)

Nightreaver (695006) | more than 10 years ago | (#8467057)

Might the term "worms of mass destruction" be appropriate in this case? Now we just need our hero Bush to save us all...

Symantec: GOOD, Unpopular social outcasts: BAD (0)

Anonymous Coward | more than 10 years ago | (#8467058)

Theories abound about how Symantec and Mcafee are feeding themsleves by intentially releasing viruses, but I don't believe this to be true.

Seems to me that most, if not all, of the virus writing menace seems to come from immature, insecure, petty young white men. The popular conception of the brooding, unpopular dork who is just trying to cause trouble and to brag and impress others of his ilk is quite true.

Just examine the lifestyles of the people they do actually catch. Who will be the next 18 year old fat-kid loner they capture and you slashbots try to make a martyr of?

suing Microsoft (3, Interesting)

segment (695309) | more than 10 years ago | (#8467067)


It's surpring no consortium (like an ISP group) has come together and filed a lawsuit against MS for having to mop up their work. It's definitely costing to pass the traffic, having to explain 12! times a day to customers that we didn't send them a moronically written "Your account is suspend for virus activity" (yes I know it's a typo). MS should definitely be dishing out some money for this. After the first 100 or so viruses from the years 2000-2002 you would figure they would get their act together, but it's the same old story. And for the users (non geek users) of MS, the grandmothers, housewives, and non techies, you would figure they would wise up to the same shit different day. Instead they still open attachments, and rather altogether, still use the same chopperating system they often have to reinstall after having been infected 12! per year.

Seriously mind boggling. As for the virus creators they too need to be punished for their actions, and severely at that. I'm skeptical about the entire 'cybercrime' terrorist approach the DOJ and others have taken on this, but this is definitely something that's getting out of hand. And if you too also work in an ISP, you would know the guys of headaches one deals with on these virus issues. Hopefully our 3rd party antispam/virus filter mail provider gets their act together. Think about the costs for a mid sized ISP on something like technical support alone. 1000 calls a day to explain why someone should not open those emails multiplied by the salaries. Wasted money.

Little damage? (3, Interesting)

dillon_rinker (17944) | more than 10 years ago | (#8467085)

MyDoom installs a back door on every machine it is run in. If that constitutes "little damage" then I guess we should all set our root password to "root" .
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>