Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Unprecedented level of Virus Alerts

CmdrTaco posted more than 10 years ago | from the as-microsoft-focuses-on-security dept.

Security 424

arpy writes "iTnews reports that according to Trend Micro (makers of PC-cillin), there was a record-breaking level of virus alerts in the first quarter of 2004. In Q1 2003, Trend issued 35 virus warnings. During the same period this year, it issued 232. According to the company's annual virus round-up and forecast (PDF), the number of alerts was pretty much steady for 2001-2003. Particularly noteworthy is that so many of the viruses are variants, not original. Trend's April 2 Weekly Virus Report reveals that of the "Top 10 most prevalent global malware", the top five are all variations of Worm_NETSKY. This would seem to confirm Virus creators are sharing more code."

cancel ×

424 comments

Sorry! There are no comments related to the filter you selected.

There are some nasty ones (3, Insightful)

Anonymous Coward | more than 10 years ago | (#8777175)

Especially on IRC. Quite a few IE/mIRC trojans/viruses. Too bad so many users are so clueless and will click anything that looks like it might be porn.

Re:There are some nasty ones (2, Funny)

Anonymous Coward | more than 10 years ago | (#8777187)

I tried clicking on your post, but all I got were cached pics from goatse. I want my money back!

Re:There are some nasty ones (0, Funny)

sirsnork (530512) | more than 10 years ago | (#8777215)

Since when was 35 greater than 232? While I suspect it's a typo one would think (hope?) Taco may have picked it up

Re:There are some nasty ones (1)

black mariah (654971) | more than 10 years ago | (#8777241)

"In Q1 2003, Trend issued 35 virus warnings. During the same period this year, it issued 232."

I'm not sure what you're talking about. Last year they issued 35 warnings in Q1, this year they issued 232 in Q1.

Re:There are some nasty ones (0)

Anonymous Coward | more than 10 years ago | (#8777248)

don't worry, he's just a spooge monkey.

Sharing code (3, Interesting)

Anonymous Coward | more than 10 years ago | (#8777317)

Viruses reply on several points of entry, and now use specialised code with predictable behaviour, that cause measurable damage to systems and networks.

One thing, the companies who make money off this certainly do not want this to stop. This isn't a put a tin foil hat on message. Just correlate the line, viruses and profit for these companies. Now, of course, chicken and egg.

Security is going nowhere, patching holes isn't going to save a sinking ship, and myself, I do not want to let the 'everybody else' flaot the security boat for too long now, else they will have enough power just to pay their own people to write the next netsky.

What do you think can be done to remove the threat of viruses trojans and worms in the near future?

Something simple, like an email client that runs with no provileges, in a sandbox, unable to harm the host computer.

Or idiotic employees working *in* a sandbox, with no network connection, and a fisherprice computer.

Yeah, that'd be more useful.

Lets just all keep in our minds these people *profit* from this, and we cannot altogether trust anything they say.

*puts on tin foil hat* erm.

Oh the point, yeah, maybe anti-virus writers should SHARE CODE.

Re:There are some nasty ones (2, Funny)

Anonymous Coward | more than 10 years ago | (#8777338)

it might be porn

well, where's the link dammit?

Unprecedented level of gayness (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8777177)

Wait, nevermind.

It's quite precedented.

Virus scanners suck (3, Insightful)

Anonymous Coward | more than 10 years ago | (#8777178)

Its reactionary, they cant predict what people will code. Its sad that they give people a false sense of security.

Re:Virus scanners suck (5, Insightful)

Anonymous Coward | more than 10 years ago | (#8777267)

I would like to elaborate on that thought. Virus Scanners worked when there wasn't a vast connected network such as the internet. Trojans/worms took a helluva lot more time to propagate where now-a-days they spread extremly fast, a good example would be the DCOM worm. It was a lot more difficult to be infected by a virus such as michelango than today's malware if for no other reason than companies having more time to react.

Heuristic antivirus (4, Funny)

core plexus (599119) | more than 10 years ago | (#8777280)

I remember years ago some were touting heuristic antivirus as the way of the future. Obviously, it didn't work. The idea was to look for certain patterns rather than the actual virus.

On the plus side, we can hope that if The Machines ever get away from us, we can get Jeff or Data or NEO or Ahhnold to load a virus and save us. On the minus side, one of these days someone is going to write something really nasty, and even those of us who don't use Windows will be affected, either through the drag in traffic, bringing down nodes, or the phone calls and other messages.

It would be great to have a system that looks for changes and reports them...oh wait, I already have that.

-cp-

Alaska Bugs Sweat Gold Nuggets [alaska-freegold.com]

Re:Virus scanners suck (1)

JPriest (547211) | more than 10 years ago | (#8777290)

This comment rings very true, most security software intentionally misleads the user into hiding behind it ($$), rather than trying to educate the user in the proces.

e.g. "you got the ___ virus, this probably happened becasue you opened an unsage type of email attatchment... etc..."

Re:Virus scanners suck (2, Insightful)

pfraser (651313) | more than 10 years ago | (#8777308)

Enter heuristics.

I don't think it gives a false sense of security, either. I for one know I'd rather have an updated AV scanner running on my machine for when the worm/virus/whatever the hell it is finally starts to propogate through MY network!

Virii (-1)

djcreamy (729099) | more than 10 years ago | (#8777181)

Around here we know which women to avoid, that keeps the viruses pretty much contained. But still...you have to wonder about the people that still catch them.

Ummmm (5, Funny)

soundsop (228890) | more than 10 years ago | (#8777182)

This would seem to confirm Virus creators are sharing more code.

So, do they prefer GPL or BSD license?

GPL, duh (5, Funny)

Anonymous Coward | more than 10 years ago | (#8777199)

It's a viral license, remember?

Re:Ummmm (1)

markan18 (718118) | more than 10 years ago | (#8777203)

shared source of course

Re:Ummmm (2, Funny)

Alcohol Fueled (603402) | more than 10 years ago | (#8777216)

Any license as fine, so long as its not a SCO license. :-)

Maybe they were getting ready for.. (1)

Achoi77 (669484) | more than 10 years ago | (#8777218)

the first of April? After all, that would be SO original...

Windows Virus End User License Agreement (5, Funny)

Anonymous Coward | more than 10 years ago | (#8777235)

The Windows Virus License, of course, since they're all Windows viruses, of course! ;)

Windows Virus End User License Agreement

Licensor, Skrip T. Kidie hereby licenses to you, the licensee, the ability to be infected on a single machine with not more than eight (8) processors by this Windows Virus (hereafter "the Virus").

By reading this, you agree to allow your machine to become infected. We reserve any and all rights without limitation, while you disclaim any purported rights you might have so much as thought you had, including "fair use" rights, and agree to hold licensor harmless for the inevitable destruction of your PC.

In the event you are found in possession of more copies of the Virus than you have license for, you will owe us $699 per violation. Furthermore, ...

(10 more pages of legalese here)

Re:Windows Virus End User License Agreement (2, Funny)

Alcohol Fueled (603402) | more than 10 years ago | (#8777356)

Only 10 more pages!? What is this, the short version!? I want my rainforest sized WVEULA!

Re:Ummmm (0)

Anonymous Coward | more than 10 years ago | (#8777256)

license?! maybe an anarchist licence, but that would be somewhat contradictory.

And it's not going to go away soon... (5, Insightful)

heironymouscoward (683461) | more than 10 years ago | (#8777184)

A quote from a journal entry from last September [slashdot.org] :

And so we come to the nightmare scenario. A relatively benign
parasite has infiltrated the general population and suddenly a very
"hot" parasite discovers how to piggy-back that infection. In the
blink of an eye - a day, an hour - 50% of Windows PCs around the
world are destroyed. It can happen, and therefore, it most probably
will.

Good (0)

Anonymous Coward | more than 10 years ago | (#8777186)

Clueless people deserve it.

Re:Good (4, Insightful)

LostCluster (625375) | more than 10 years ago | (#8777202)

Clueless people deserve it. It's not just going to be the clueless... even those running AV software won't be protected from a super-fast-moving virus...

Re:Good (5, Insightful)

YetAnotherDave (159442) | more than 10 years ago | (#8777243)

I've seen some pretty fast-moving viruses get past the very expensive virus-scanner we have at work, but the only one to get by the simple, free, procmail-based one I use at home is the stupid one where you have to open an encrypted zipfile.

http://impsec.org/email-tools/procmail-security. ht ml

Now I have to ask, if users are dumb enough to open a password-protected zipfile in what sure looks like an obvious virus-generated message to me, aren't those users dumb enough to be convinced to chmod +x && ./runMyVirus

I think this is evidence that no security system can realy be foolproof. The fools are just too persistent!

Re:Good (5, Funny)

JPriest (547211) | more than 10 years ago | (#8777327)

Information wants to be free.
Joe user wants to be infected.

Make something idiot-proof and someone will build a better idiot.

My approach is virtually 100% secure.... (2, Interesting)

iamcf13 (736250) | more than 10 years ago | (#8777407)

The program I wrote and use (see sig) treats all email file attachments as 'text files'.
This renders malware safe to handle and/or delete.
For the 'zipped up' malware, one could patch the filename in the zip file to something harmless then extract it.

However, this approach hinges on the requirement that the registry setting for text file processing (.txt) remains uncompromised. Unfortunately, there is one known malware that 'hijacks' that setting when it runs....

On top of that, one must have some sort of firewall program running at all times.

About a week ago or so, my firewall program detected some intrusion attempts from some rather eye opening IP addresses!

Re:Good (2, Insightful)

zcat_NZ (267672) | more than 10 years ago | (#8777276)

Clueful people don't run AV software. Clueful people (even if they use Windows for a desktop) keep important files backed up on a different server, running a different OS from their regular desktop.

Most of my files from the Linux machines are backed up on my FreeBSD machine; neither Linux nor FreeBSD are guaranteed secure, but the chances of both machines being vulnerable at the same time is exceptionally remote.

Re:Good (1)

idiotnot (302133) | more than 10 years ago | (#8777409)

"[T]he chances of both machines being vulnerable at the same time is exceptionally remote."

Except things like OpenSSL, apache, zlib, etc. etc. etc......

People deserve it? (3, Insightful)

heironymouscoward (683461) | more than 10 years ago | (#8777413)

Hardly. This is just blaming the victim. A poor policy.

Relying on education and technological cures assumes that malware is a static target, but it's not. If you rely on improving people's understanding of viruses, you simply get viruses that act smarter and look like official emails. If you improve technology, you get viruses that actively target that technology itself (look at the BlackIce incident).

Technological solutions just create an arms race, and we've seen how well that works. Look at your inbox... the grim rise of noisemail is hardly a sign of success.

The solution is to acknowledge the nature of the problem: it follows the same laws as those of organic parasites, and the same solutions may be the only ones that work: perpetual change for the sake of change; trading of resistance; variety in place of standardization.

Re:And it's not going to go away soon... (5, Funny)

tim_mathews (585933) | more than 10 years ago | (#8777209)

Wait, 50% of Windows PCs being destroyed is a nightmare scenario? I thought that would be more a breath of fresh air?

Re:And it's not going to go away soon... (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#8777211)

lol its funny because m$ software sucks and its insecure am i rite guyz?

Re:And it's not going to go away soon... (2, Redundant)

dj245 (732906) | more than 10 years ago | (#8777311)

You base your conclusing on a broad sweeping assumption that "it can happen". This theory is flawed. Viruses and worms are combated on many fronts, using multiple strategies. Many college campuses do not allow attatchments of any kind any more, I've heard some companies do the same. Corporate and home firewalls filter out the really nasty stuff at the gateway, before it gets to your precious PCs. A whole lot of companies and K-12 schools still run Windows98 for petes sake; completely immune to the latest round of worms. I used to think they were old fashioned, but it makes a lot of sense now. Varius virus scanners scan e-mails and all downloaded files before they are run. Dell, HP, etc all preinstall this stuff. Sure, it expires after a while, but it nags so much that generally what happens is the clueless people get a relative who knows better to give them a copy of Avast or other free scanner.

I hate to sound like the virus companies PR guy, but we've covered the problem of exposed permanent internet connections (routers with NAT), campus and company security, (server-side stuff and e-mail attatchment limits), and PC protection (preinstalled virus protection with autoupdate for the really clueless people).

Blink of an eye? A Day? An Hour? Doubtful. People are wiser now. Maybe not average Bob, but Bob's ISP admin, and Bob's computer salesman, and Bob's router company.

Re:And it's not going to go away soon... (0)

Anonymous Coward | more than 10 years ago | (#8777343)

and on the day that happens look for a lot of obnoxious laws to get passed.

Or it could prove... (3, Insightful)

Anonymous Coward | more than 10 years ago | (#8777188)

that there are lots of pissed off wanna be script kiddies, who are not happy with the way the world is heading, and see it as their duty to try and throw a spanner in the works.

Re:Or it could prove... (2, Interesting)

Simple-Simmian (710342) | more than 10 years ago | (#8777315)

Mod the above as insightful. I know lots of crap is just trojans to rip off cc info and act as spam relays but the poster is right about the script kiddies and their motivations. It's vandalism. My Wifes box usually gets at least one anti viral update a day (she runs Trend PCcillin.) I use Mandrake 9.2 99.9% of the time but have PC cillin on my W2K partition.

I also think the Anti Virus companies hype this crap too much. But looking at the firewall logs shows to many people just don't get it.

But, sharing code is GOOD! (-1)

Can it run Linux (664464) | more than 10 years ago | (#8777191)

I mean, that's the point of Open Source, am I right guys?

Who cares? (2, Interesting)

pantycrickets (694774) | more than 10 years ago | (#8777197)

I just block everything that isn't a document of some sort. Haven't had any problems at my company since.

Re:Who cares? (0)

Anonymous Coward | more than 10 years ago | (#8777213)

What about the moron who insists on zip files?

Re:Who cares? (2, Informative)

LostCluster (625375) | more than 10 years ago | (#8777214)

Any form of Microsoft Office document can contain VBA code, and therefore possibly a virus.

VBA can even be in complied form within an Access Database.

Re:Who cares? (0)

Anonymous Coward | more than 10 years ago | (#8777404)

Newer versions of MS require VBA macros to be signed or it complains mightly.

When was the last time anyone's seen a MSO macro virus? It's been years for me.

Re:Who cares? (3, Insightful)

omicronish (750174) | more than 10 years ago | (#8777240)

I just block everything that isn't a document of some sort. Haven't had any problems at my company since.

The unfortunate reality is that some viruses may affect you even if you aren't infected. Massive virus outbreaks are like spam: both generate large amounts of junk traffic that slow everyone's connection.

Re:Who cares? (1)

pantycrickets (694774) | more than 10 years ago | (#8777249)

Yes, unfortunately.. we still get tons of the crap coming in, and all of the bounced mail that was never sent. What can you do about it?

Re:Who cares? (1)

JPriest (547211) | more than 10 years ago | (#8777377)

Start writing more harmful virii?

Re:Who cares? (0)

Anonymous Coward | more than 10 years ago | (#8777266)

Good thing you don't work in photographic or video production.

"making" a virus is not hard (2, Insightful)

Justin-Ti (766948) | more than 10 years ago | (#8777224)

Well, there are even program's that can "make" a virus for you. So it is not strange you get more and more every day. I see it also on my box. How many times i have seen "Netski"... But it's good that the virusses aren't getting any "better". Like screwing up your bios or something like that.

Re:"making" a virus is not hard (1)

bersl2 (689221) | more than 10 years ago | (#8777289)

Where did all the good low-level viruses go? Goddamnit! You don't impress me with VBScript; you do with assembly! Hell, you could probably even combine the two! Just put the binary data payload in your script, (over)write an executable, and voila! the best of both worlds.

Not that I condone doing such a thing...

Re:"making" a virus is not hard (0)

Anonymous Coward | more than 10 years ago | (#8777322)

whats sad is that the learning curve for viruses is soooo low. VB, come one, thats not a virus.

but th ats probably good since two major bios'es (sp?) exist. whereas in the past it was quite a bit of different flashing apps, mfg's etc.

Re:"making" a virus is not hard (1, Funny)

Anonymous Coward | more than 10 years ago | (#8777357)

I dunno about that... some viruses cost millions to make [microsoft.com] ... ;)

two questions... (4, Insightful)

vena (318873) | more than 10 years ago | (#8777227)

don't many of these viruses use the same vulnerabilities? if that's the case, doesn't that mean a statistic like this should be pointed to not as an indicator of rising numbers of viruses, but as an indicator of the lack of response from the applications being exploited?

i'm not certain that these viruses use the same vulnerabilities, so my second question is pretty heavily weighted on the first :)

Re:two questions... (1)

Nerd With Nalgene (740915) | more than 10 years ago | (#8777262)

If these viruses really are variations of one another, which seems perfectly reasonable, then they are using the same vulnerabilities. That seems to imply that for some reason virus scanners are unable to pick up on these repeat vulnerabilities.
As far as I know, that is a new problem. In the past, virus protection software has been able to protect against that sort of thing--why would it have suddenly gotten harder to protect against new viruses?

Re:two questions... (1)

Gogo Dodo (129808) | more than 10 years ago | (#8777351)

don't many of these viruses use the same vulnerabilities?

Yes, they do... the recipient of the virus opening up the attachment because they either got fooled ("new virus warning", "mail bounce", etc.) or enticed (porn stuff). Netsky, Bagle, MyDoom didn't exploit a Windows vulnerability. It did the "social engineering" thing to spread.

if that's the case, doesn't that mean a statistic like this should be pointed to not as an indicator of rising numbers of viruses, but as an indicator of the lack of response from the applications being exploited?

Unfortunately, the "application" being exploited is the user.

Odd.. (2, Insightful)

zcat_NZ (267672) | more than 10 years ago | (#8777231)

A record number of viruses, and yet I've had no trouble with any viruses on my main machine (FreeBSD), my laptop (Debian) or the family computer (Redhat).

Re:Odd.. (0)

Anonymous Coward | more than 10 years ago | (#8777300)

I would also like to add that I haven't had any viruses on my computer (Windows XP). I don't use IE or Outlook or any of the other programs that are often the main targets. My ISP also run a spam and virus checker on all email. Thus I rarely get a virus to begin with. I also check my downloads with a virus scanner.

I know people don't always have the ability to run the software that they want, for work or other reasons. But I simply don't have problems with viruses simply because I don't have a vulnerable setup. This is really very litte effort.

Re:Odd.. (1)

JPriest (547211) | more than 10 years ago | (#8777349)

I don't have any on my Windows box using outlook or IE either. It is the same stupid people that keep getting them, now they just have more. My friend scanned a computer the other day that had 300 infections!

Re:Odd.. (0)

FROGGYJ (591413) | more than 10 years ago | (#8777386)

good point that it's the same "stupid" people...but doesn't this tell you something? Instead of putting them down as stupid it would make more sense to better educate...although the thought of that scares me. Well it's only gonna get worse. No different then the same stupid people who can't figure out the VCR or always have the car troubles. Hope for the best I guess.

Re:Odd.. (0)

Anonymous Coward | more than 10 years ago | (#8777411)

> My friend scanned a computer the other day that had 300 infections!

She [centennialofflight.gov] must have really been sleeping around!

First Quater? (2, Funny)

Limburgher (523006) | more than 10 years ago | (#8777236)

I wonder what the numbers will be for the second quater. :)

Re:First Quater? (0)

Anonymous Coward | more than 10 years ago | (#8777257)

I for one welcome our new computer virus overlords. :oP


Sry, I haven't seen one of those for a while.

I, for one, welcome .... (0)

Anonymous Coward | more than 10 years ago | (#8777367)

I, for one, welcome our Virus creators, as long as they Open Source and GPL.

Word.

pi

PC-cillin - two updates per day! (1)

KNicolson (147698) | more than 10 years ago | (#8777252)

Our company mandates it on all PCs. For about the last month, we seem to have had new virus definition files at least once a day, often twice a day.

Of course, we've still managed to get viruses through, both from not having the latest update (one Bagle variant got through), and from people not running the virus scanner - on Monday someone who had his/her portable at home at the weekend connected to the office network with NetSky-Q loaded.

Calling wolf? (4, Interesting)

dj245 (732906) | more than 10 years ago | (#8777254)

When you have 232 virus warnings in a year, you have a wee bit of a problem. When you have 232 alerts in a fourth of a year, you have an industry gone markebonkers. Thats 2 and a half alerts per day. Is it any wonder Joe Average isn't paying attention any more and is getting fried? 232 virus warnings doesn't say to me that there is a problem with viruses, it tells me that there is a problem with whomever is issueing them. They need to re-evaluate what constitutes a warning, and what doesn't. Does BobWanky'sWhoopieWorm_A, BobWanky'sWhoopieWorm_B, and BobWanky'sWhoopieWorm_C, all need separate alerts? Its doubtful. We need to reign in these virus companies, who appear to have gone quite literally bananas, and give them a good smiting.

Re:Calling wolf? (0)

Anonymous Coward | more than 10 years ago | (#8777320)

Who the hell moded this troll? a moderator on crack?

Now if we could only fix the cause... (2, Interesting)

kgasso (60204) | more than 10 years ago | (#8777260)

I'm not horribly surprised by the number of viruses and worms flying around right now... and I do see quite a few of them as a Systems Admin for a wholesale ISP.

What does surprise me is WHY these spread. I thought we had taught people time and time again, over and over, "don't open non-document attachments"... "keep your antivirus software updated"... "if you're ever in doubt, call us". Our advice is taken in and actually used once in a while, but it always seems to be thrown aside and forgotten.

I'm still on the search for that magic bullet that won't involve horribly restrictive mail filters or a lobotomy to remove the "OPEN EVERY EMAIL ATTACHMENT I RECEIVE" lobe...

Re:Now if we could only fix the cause... (1)

Tongo (644233) | more than 10 years ago | (#8777288)

Whoa whoa whoa....lets not be to hasty with this lobotomy idea.

Question about AV software (5, Interesting)

ObviousGuy (578567) | more than 10 years ago | (#8777264)

AV software seems to do a lot of scanning in a minimum amount of time. Considering the thousands upon thousands of viruses running around the wild, how is AV software able to scan each file so quickly, even if it only looks for specific signatures, it seems that each file would take an inordinate amount of time to scan. However it doesn't.

Can someone give a brief explanation of how anti-virus software is able to scan so many files so quickly?

Re:Question about AV software (4, Informative)

bersl2 (689221) | more than 10 years ago | (#8777324)

Heuristics (probably)

Viruses which have similar mechanisms leave similar signatures (in the case of true viruses; I'm not exactly certain how (or if) it's done for worms).

IANA Anti-Virus Specialist

Re:Question about AV software (0)

Anonymous Coward | more than 10 years ago | (#8777345)

Public Sub checkforvirus()
ha:
y = 0
Do
If strFile(x) = strVirus(y) then
MsgBox "uh oh you have a virus!"
Kill strFile(x)
x = x + 1
GoTo ha
else
y = y + 1
end if
loop until strVirus(y) = strVirus(Ubound)
if strfile(x) = strfile(Ubound) then
MsgBox "All done!"
end if
x = x + 1
GoTo ha
End Sub

Re:Question about AV software (4, Informative)

X (1235) | more than 10 years ago | (#8777410)

It's really not as bad as you think. A relatively naive approach is to build an automaton based on the virus definitions. It's very much like using Perl regexps to search a ton of documents. You'd be amazed how fast you can do these scans once all you do is read a byte, transition to the next state in the automaton, rinse, repeat.

Of course, you can always look at the source [clamav.net] to figure it out.

Clam AV (1)

ohzero (525786) | more than 10 years ago | (#8777268)

Amidst all this, anyone know how clam AV (open source virus scanning engine, and 3rd fastest updater) is holding up?

Re:Clam AV (4, Informative)

ag0ny (59629) | more than 10 years ago | (#8777363)

Amidst all this, anyone know how clam AV (open source virus scanning engine, and 3rd fastest updater) is holding up?

Quite well from my point of view. A virus went through the scanner three days ago, but the definition file was updated and I haven't seen any other virii go through it again.

This is the "Catched virus top 20" in my mail server for the last few days:
ares:/var/spool/qmailscan# cat quarantine.log |awk -F"\t" '{ print $5 }' |sort |uniq -c |sort -nr |head -20
27111 Worm.SomeFool.P
19574 Worm.SomeFool.Gen-1
11220 Worm.SomeFool.Gen-2
3967 Worm.SomeFool.Q
1233 Worm.Dumaru.A
1078 Worm.SCO.A
751 Worm.Sobig.F
329 Disallowed characters found in MIME headers
315 Worm.Bagle.U
275 Worm.SomeFool.I
274 Disallowed breakage found in header name - potential virus
164 Disallowed content found in MIME attachment - potential virus
127 Worm.Dumaru.K
123 Worm.Mydoom.F
104 Worm.Bagle.Gen-zippwd
101 Worm.Klez.H
93 Worm.Bagle.Gen-zippwd-2
85 Worm.Bagle.N
76 Worm.Bagle.Gen-1
51 Worm.VB.C

viruses hold only part of the blame (2, Insightful)

ErichTheWebGuy (745925) | more than 10 years ago | (#8777269)

... the top five are all variations of Worm_NETSKY. ... Virus creators are sharing more code.

It also indicates a couple of other things:
  • Outlook/Outlook Express need to die (or at the very least patched properly)
  • Internet Explorer suffers the above affliction (and by implication, so does Windows as a whole)
  • People never patch their boxes, even when patches are released
Since I am the "nerd" of the family, I get to make regular house calls to cleanse this shit from people's computers. I gotta say, the article is absolutely right. The number of worms, viruses, etc is insane this year.

It's only a matter of time until one of these is truly destructive... Perhaps a fortunate side-effect would be the world waking up to why Microsoft software is so horrible.

Re:viruses hold only part of the blame (2, Insightful)

schwaang (667808) | more than 10 years ago | (#8777395)

Since I am the "nerd" of the family, ...

Dude, no need for the "quotes" when you actually are a nerd.

Re:viruses hold only part of the blame (1)

ErichTheWebGuy (745925) | more than 10 years ago | (#8777417)

Dude, no need for the "quotes" when you actually are a nerd.

yea, true. it's late. my bad.

Re:viruses hold only part of the blame (2, Informative)

Gogo Dodo (129808) | more than 10 years ago | (#8777400)

It wasn't until the P & Q variants of the Netsky worm that it exploited the MIME header flaw in Outlook. Before variants P & Q, the worm relied on the recipient opening the attachment.

Netsky.B write-up [symantec.com]

How do Microsoft do it? (0)

Anonymous Coward | more than 10 years ago | (#8777402)

How do Microsoft keep people from thinking Microsoft == Massive Virus attacks?

Because people think Microsoft == Computers, Computers == Viruses.

They assume they shoud live with this. Plus Joe nobody gets a kick out of not working for a day because his computer is shot. He misses d/l the pr0n though. Poor joe.

The biggest worry is, when people do make the change, how many viruses will make it to Linux, because all linux software is written by people who know about mime-types, executables and user privileges.

Lets assume mr maliscious virus will not got root access on machine, which is highly plausible and a great achievement for the OS, but still, Joe Nobody stuck everything he ever worked on in ~/joes-stuff and now it is all gone.

Of I forgot, they put you in charge, the mail server strips executables and nightly backups are in a fireproof safe...

Hang on! Joe Nobody brings in his l33t UessB stick from home. somehow he edits the fstab and mounts the media, hurray, well done joe.

Well, not even Joe is gonna be that stupid, is he?

I agree, stop AV companies executing alerts, less alerts means less notoriety for the gimps who write this junk. There is one thing to write an exploit to demonstrate a security flaw, and also write the patch (an exploit without a patch, that always gets me) that is good. Writing piggy back script kiddie code, and emailing it to your schoolfriends, that is bad. /rant

Re:viruses hold only part of the blame (1)

kidgenius (704962) | more than 10 years ago | (#8777418)

To save yourself some time, you could always VNC into their boxes and admin remotely. Hell, you probably could set up a script that would connect to all your families boxes in subsequent order, look if a patch is present, and apply if not. You could just click and run and go do something else.

Re:viruses hold only part of the blame (0)

Anonymous Coward | more than 10 years ago | (#8777420)

Outlook/Outlook Express need to die

"Worm_NETSKY" appears to come as a PIF file. Any version of Outlook or Outlook Express produced this century will block these things.

In other words, stop being such a bot and just repeating what you've heard.

Should we still call them Virus alerts? (4, Insightful)

Chairboy (88841) | more than 10 years ago | (#8777275)

There are few large virus threats in the past few years. Most of the stuff we see every day is technicall a worm.

Why are we married to calling everything virus related when it is actually the flash-spread of worms that pose the most risk?

The Morris worm was a wakeup call. It was the first large worm, and simultaneously the first Warhol attack. Today, the 'growing threat' is the idea of Warhol-type worms, even though the first such attack was back in the 1980s.

The future of security is probably in the department of protecting against blended threats. AntiVirus software that only deals with stuff on your disk isn't enough anymore. You need, in order of importance:
1. to adopt safer computing practices.
2. Have some type of firewall that limits external access to services you don't actively use.
3. A behavior based IDS (or similar technology)
4. Disk and memory AV (eg, a typical antivirus program)
5. Signature based IDS.

Signature based IDS is least important, especially if you have the firewall in slot 2 that negates most of the use of an IDS. Disk and memory AV is important, but since 99% of all user-originated content comes over the wire these days, the smart money is on 1, 2, and 3.

I suppose step 6 should be "Demand accurate coverage from technically competent news professionals that know the difference between the various threats". If your local anchorman said "Earthquake warning!" and it turns out it was a flood emergency, would you find that acceptable?

simplicity (1)

SweetAndSourJesus (555410) | more than 10 years ago | (#8777375)

Not everyone needs to make that distinction. Miss Suzy Q. User doesn't care or need to know if it's a virus, worm, or trojan. It's all malware. As unfortunate as it is that "virus" got chosen as the catch-all term, there's just no compelling reason to differentiate.

Plus, this way people like yourself get to feel smart pointing out which ones aren't actually viruses.

Unknowing bot hosts (0)

Anonymous Coward | more than 10 years ago | (#8777277)

The worst part is some people are so out of it they don't even know they are infected and their system is being used to send out the same thing that infected it everytime they go online.

Just Cuz (-1, Troll)

JZlives (677468) | more than 10 years ago | (#8777279)

Just to be a troll, I'll say it. Buy a Macintosh. Are you all happy now.

Re:Just Cuz (0)

FROGGYJ (591413) | more than 10 years ago | (#8777334)

You should have at least suggested a nix box instead of the silly apple :) FROGGYJ http://www.BackupYourPC.com

Cyberterrorism? (0)

davew2040 (300953) | more than 10 years ago | (#8777292)

Does anyone suppose there are links to organized cyberterrorism at play?

Re:Cyberterrorism? (1)

Nerd With Nalgene (740915) | more than 10 years ago | (#8777302)

If there were organized cyberterrorism involved, I think the viruses would be more effective.

Where's... (4, Interesting)

TechnologyX (743745) | more than 10 years ago | (#8777301)

...the data regarding AntiVirus software purchases, firewall purchases, patch downloads, etc for the same period?

Since there was an unusually high number of viruses and alerts, it would be nice to see just how it's being handled on the user end. Were there spikes in Norton Anti-Virus purchases? Or are people getting nailed with virus after virus ( a big clue is that it's mostly just a slightly altered form of the virus ) because they're being typical Joe User and not trying to guard themselves?

Sharing code (4, Insightful)

buss_error (142273) | more than 10 years ago | (#8777303)

This would seem to confirm Virus creators are sharing more code."

And writing them for the same reason for the same people. Money from spammers. Look how many of those new viruses open back doors for proxies and steal email addresses. I don't think that it is so the virus writers can send love notes anonymously.

need help fast (5, Funny)

segment (695309) | more than 10 years ago | (#8777321)


I run a website called politrix of which is my own Sun machine. I recently received the following email and am confused of what to do
Date: Mon, 06 Apr 2004 12:43:28 -0800 (PST)
From: root <root! @ politrix.org>
To: root! @ politrix.org
Subject: Your Account

Your account has been suspended due to massive amounts of spam and Mountain Dew spillage on your machine. If you do not open this zip file and click on the password protected zip file you generated, you will suspend your own account.

Act now this is not a joke of virus! It is as real as Iraq's Weapons of Mass Destruction.

Sincerely,
Me
root! @ politrix.org

U.S. and Canada: (800) 555-1212
Outside the U.S. and Canada: +1 (212) 555-1212
Can someone please link a book on common sense so I can buy it to figure out why I am suspending my own account. Please hurry! Currently I am writing to this poor man in Africa who's promising me a couple of cool millions, so when I become rich, I will reward you handsomely.

go figure (0, Offtopic)

ilmdba (84076) | more than 10 years ago | (#8777331)

time passes, records break.

imagine that!

There are a lot of bored engineer out there (0)

Anonymous Coward | more than 10 years ago | (#8777332)

What else, a lot of software engineers and students are without a job. What else but to look at another virus and improve it. Who knows, maybe all those bored Indian programers are writing the virii in India and release it to the world.

Sharing code (1, Funny)

Anonymous Coward | more than 10 years ago | (#8777333)

This would seem to confirm Virus creators are sharing more code.

See? Open source works. :/

Antivirus Software Makers vs. Arms Dealers (5, Insightful)

henrypijames (669281) | more than 10 years ago | (#8777337)

In a way, the antivirus industry always reminds me of the nobel profession of arms dealing. On the table you provide your clients weapens to "defend" themselves and to archieve and maintain peace. Off the table you know the business only flourishes when there is a war. Of course there is always a war, but your interest is in an all-out war. So what do you do if there is no such an all-out war going on? Don't panic, you simply make your clients believe there is one indeed. As soon as they believe you, you win.

If you don't know what I'm talking about, you shoudl read Vmyths [vmyths.com] more often.

Update youre EI for CS (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8777381)

Wel, if you update youre system you don't have this problem. This vulnerability dates from the year 2001.

Just do an update, and youre in.

An introduction to viruses (4, Funny)

chrysalis (50680) | more than 10 years ago | (#8777396)

A lot /. readers are not familiar with Windows and may ask what "virus" means in computer science. So in order to better understand this article, here's a short presentation.

Virus are popular peer-to-peer sharing systems designed and optimized for Windows platforms.
Great features of these systems over other P2P systems :
- It's free software, although the license is often missing.
- They are very well maintained. New versions are released almost every day.
- They are easy to use : no need for a GUI, no need for a CLI, everything is fully automated.
- Updates are also automatic.
- No need to tweak your firewall, popular viruses can work on port 25 using a SMTP-like protocol.

In order to join this community, you just have to run an installer called "outlook.exe". To improve your experience, the "internet explorer" add-on is also recommended.

And how handy, the installer and its add-on are part of the vanilla "Windows" installation CD set. No need to download anything and no registration is required. Very convenient.

Once the installer ("outlook.exe") has been started, an Evolution-like interface pops up. This is bloat, it can be safely ignored. Directly go to the "add contact" panel and fill in email addresses of friends you want to share executable with. Wait a few minutes (check the internet link is ok) et voila, viruses are automatically downloaded, installed and configured.

You know understand why this p2p system is so popular in the Windows world : easy to install, easy to use, and the operating system keeps a lot of unfixed security holes in order to avoid breaking backward-compatibility with older viruses.

Related to Spy/Adware? (5, Interesting)

Boinger69 (673392) | more than 10 years ago | (#8777397)

I work in the 'PC Repair' industry, so this article really is of no news to me, as 90% of my business is pulling this garbage, and SPYWARE out of people's systems. I ask you, slashdot, are virus writers slowly getting in bed with these spyware writing scum suckers? More and more I see systems infested with a few nice worms, especially stuff along the lines of "Trojan.Startpage", the usually nastiness (B(e)agle, Netsky,) and TONS of spyware. Is this a sign that the two are going hand-in-hand, or just a giant example of the general idiocy of users. (I'm betting on both) Spybot/Ad-Aware/AVG only go so far. How are the tech-savvy supposed to protect these people? I've even had people try to claim that ad-aware or AVG INFECTED them a second time, because it wasnt there before, and they're system was working fine aside from mass mailing their friends viruses and throwing popups in their faces.

Will we reach a point when the constant pushing of garbage in users faces will make the internet worthless to the common man?

This is because of one simple thing... (3, Insightful)

mabu (178417) | more than 10 years ago | (#8777401)

SPAMMERS...

The worm/virus explosion is because RBLs are WORKING, and spammers are finding less IP space they can operate from. Their only alternative is to infect client PCs and turn them into proxies. Any mail admin can tell you this is what's happening. RBLs are working. Now if we can get the ISPs to enforce their Terms of Service and shut down compromised PCs, along with the authorities who may at some point get off their lazy asses and start putting some of these spammers in jail, we'd have 99% less virus/worm propagation. Occam would agree. Lobby your District Attorneys to stop prosecuting Tommy Chongs and do something in the public interest and the world will be a better place.

blame spammers (2, Insightful)

mankei (248730) | more than 10 years ago | (#8777405)

As more people get broadband, it makes sense for spammers to pay someone to write viruses/worms so that more spam can be sent via the infected computers with fat pipes. It's harder to close down the offenders as there are so many, and difficult to trace back to the culprit. As a bonus they can use the zombies to initiate DDoS attacks against anti-spam sites.

It makes me wonder. (4, Interesting)

LoveTheIRS (726310) | more than 10 years ago | (#8777416)

I am running Fedora Core 1 w/ kernel 2.6.4 ... There have been these forrester research findings that linux distributions have about the same amount of dangerous vulnerabilities as Windows. When I took a peek at linuxsecurity.com all I found were vulnerabilities in server services like Open SSL, Squid and etc. Though I know those services are important to Linux's current most successful market (Enterprise Server Market). As a user running Fedora and runing services like: X server, cups, vmware and not having any other users but myself. Do I even need to patch? I mean, like X-server has been around for 20 yrs, can't I assume that it pretty much is safe from an external network attack?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>