Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

January 2006 Virus and Spam Statistics

CmdrTaco posted more than 8 years ago | from the numbers-are-neato dept.

115

Ant writes "Commtouch reports the January 2006's virus and spam statistics. Its summary said there were four massive virus attacks (including a multi-wave attack of 7 variants) and the most aggressive attacks penetrated before the average antivirus (AV) solution could even release a signature. The data is based on information continuously gathered by the Commtouch Detection Center, which analyzed more than 2 billion messages from over 130 countries during the month of January 2006..."

cancel ×

115 comments

Sorry! There are no comments related to the filter you selected.

dj28 gnaa fp (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14755035)

you fail it kirk

Re:dj28 gnaa fp (0, Troll)

CommanderNacho (887836) | more than 8 years ago | (#14755046)

kirk more like klirk amirite?

I GOT A GREASED UP YODA DOLL SHOVED UP MY ASS! (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14755042)

Go Linux!

Re:I GOT A GREASED UP YODA DOLL SHOVED UP MY ASS! (0, Funny)

Anonymous Coward | more than 8 years ago | (#14755093)

Heh... that's not what they meant by "Use the force."

As usual, I'm not taking ANYONE to the emergency room.

Re:I GOT A GREASED UP YODA DOLL SHOVED UP MY ASS! (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14755298)

head first?

what about his cane?

Re:I GOT A GREASED UP YODA DOLL SHOVED UP MY ASS! (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14755373)

i wanna be the next CEO of sprint(tm), please!

From the article (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14755043)

The guys at Slyck talk to the developers of Azureus about the use of end to end encryption to defeat ISPs who use traffic shaping to throttle Bit Torrent bandwidth. "Over the months we have been getting more and more complaints from our users about their ISPs blocking BitTorrent downloads, often rendering Azureus (and BitTorrent in general) completely useless to them. Naturally, some sort of protocol encryption has been one of the top feature requests, which we have obliged, since people should be free to choose which programs to use, not their ISP." Slyck also recently chatted with the guys behind Torrent, which is also now offering encryption.

-=M-O-D Parent I-N-S-I-G-H-T-F-U-L Please=- (0)

Anonymous Coward | more than 8 years ago | (#14756209)

Mod the parent insightful. You gayphres keep modding him as troll, but he is NOT a troll. This comment is TOTALLY relevant and pertinent to the thread.
 
Eat my balls. GOOD DAY, SIR!

Ahem (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14755045)

How much longer until the Windoze-using populace comes out of their coma and ditches that piece of shit OS? How much more virii will it take? Ah hell, just enjoy your poison Windoze morons.

Is First Post.. (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14755050)

considered a spam or a virus?

omg gnaa j00 (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14755056)


   

    • YOU KNOW ITS RITE CUNT

      Score: 0 (Logged-in users start at Score: 1). Create an Account! To confirm you're not a script,
      Score: 0 (Logged-in users start at Score: 1). Create an Account! To confirm you're not a script,

Interesting... (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#14755057)

...but does it run Linux?

Problematic Signature Release Issue (5, Insightful)

wormnet.org (955561) | more than 8 years ago | (#14755058)

Not very long ago, when the Kama Sutra (Nyxem.E, MyWife, whatever) worm was released to the world it seemed to take absolutely forever to find anyone with a solution for the removal or even the detection of the thing. I think it was almost a full week before the signatures were widely distributed. Even though this was a attack was very mild (as far as viruses are concerned), what would have been the outcome had this been "the Big One"?

Re:Problematic Signature Release Issue (-1, Troll)

Commander Trollco (791924) | more than 8 years ago | (#14755097)

HOLY FUCK RUINED

GNAA releases AIDS/GRIDS virus into the wild motherfuckers. taint is tasty, live and learn it brick brick brick

cocks- this is a motherfucking FIRST POST

Re:Problematic Signature Release Issue (5, Funny)

Anonymous Coward | more than 8 years ago | (#14755171)

Your post is never going to compile dude. MyWife is supposed to be the first argument of KamaSutra().

Re:Problematic Signature Release Issue (3, Funny)

Pusene (744969) | more than 8 years ago | (#14755307)

You got it backwards, dude. KamaSutra is the first argument for any Wife-object. It's not that it doesn't compile, it is the Kernel Panic that's the problem...

Re:Problematic Signature Release Issue (3, Funny)

flabbergasted (518911) | more than 8 years ago | (#14755849)

Your post is never going to compile dude. MyWife is supposed to be the first argument of KamaSutra().

Yeah, but the second argument is PoolBoy

Re:Problematic Signature Release Issue (2, Informative)

GotenXiao (863190) | more than 8 years ago | (#14755206)

I take it you haven't heard of AVG. They already detected it (without releasing a new signature) on Janurary 16th. How? Simple. Heuristics. Oh, and they do a free version.

http://www.grisoft.com/ [grisoft.com]

Re:Problematic Signature Release Issue (2, Insightful)

wormnet.org (955561) | more than 8 years ago | (#14755239)

I take it you haven't heard of AVG. They already detected it (without releasing a new signature) on Janurary 16th.

Oh yeah, I tried that as well, but as far as I can tell, it was zero day and nothing was working. Of course this was an email worm and it was not on one of my own machines. First and foremost, the first line of defense for this sort of thing is education. If we didn't have people out there that would open any attachment they receive, we wouldn't have anywhere near the problem with this sort of attack. Unfortunately, relying on the end user to make sure their own computer is secure is a pipe dream at best.

Re:Problematic Signature Release Issue (0)

Anonymous Coward | more than 8 years ago | (#14755302)

Three Rules of End-User Security

The first rule of end-user security is to not talk about end-user security.
The second rule of end-user security is to not talk about end-user security.
The third rule of end-user security is to not talk about end-user security.

Re:Problematic Signature Release Issue (3, Informative)

arivanov (12034) | more than 8 years ago | (#14755869)

There was a brilliant signature for SpamAssassin to detect dodgy MSFT executables in 2.6x. The mainstream 3.x has removed it but it is still available out there in the bogus virus warning list towards the end of it (http://www.timj.co.uk/linux/bogus-virus-warnings. cf [timj.co.uk] ). Beware the owner of the page allows only one GET per IP address per day. You have one chance to download the ruleset. Combined with greylisting on the external gateway this has caught every single virus outbreak out there for the last 3 months. Not a single virus ladden email has gotten past the combination of this.

Re:Problematic Signature Release Issue (1)

Aranth Brainfire (905606) | more than 8 years ago | (#14756388)

But how many false positives?

Re:Problematic Signature Release Issue (1)

arivanov (12034) | more than 8 years ago | (#14756464)

None that I know of.

I do not bounce on matching the SPAMassassin signature. I only defang and users know that it is reversible. There has not been a single user requesting a reversal of the defang.

As far as the greylisting is concerned it has no false positives as far as viruses are concerned either.

Re:Problematic Signature Release Issue (1)

thogard (43403) | more than 8 years ago | (#14757007)

Got a name for the specific signature your referring to? There are plenty in that list that aren't too useful anymore.

Re:Problematic Signature Release Issue (2, Informative)

Bloater (12932) | more than 8 years ago | (#14755354)

Not very long ago, when the Kama Sutra (Nyxem.E, MyWife, whatever) worm was released to the world it seemed to take absolutely forever to find anyone with a solution for the removal or even the detection of the thing.


The virus is reported [bbc.co.uk] to have first emerged on the 16th January 2006. Sophos [sophos.com] says [sophos.com] they provided protection from 16:03:20 GMT on that day. So while it may have taken ages for you to find an anti-virus vender with detection or removal, there *were* solutions on the same day. Trend Micro also says [trendmicro.com] their pattern file was release on the 16th, and they give the time when the description on their website was written as 14:23:21 GMT, but they don't say what time their pattern file was released. Mcafee even claims [nai.com] that they detected the virus from 2nd December 2005 - presumably since this was a variation of an existing worm that their existing detection happened to also detect. I don't know how many of the other AV vendors *also* detected it due to happenstance before it even existed.

There was also detection officially available from some other AV vendors on the 17th:
  • Kaspersky (I think) [viruslist.com] - which seems to use GMT for their times,
  • Symantec [symantec.com] - I don't know what timezone they use.

Spyware & Firefox: HELP ME, PLEASE! (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14755478)

After 3 days of investigation, I discovered that Firefox has a spyware-related bug that might have been planted by a disgruntled employee. To see the bug, execute the following steps.

1. Create a sign-in account at Google.
2. Uninstall Firefox.
3. Sign out of AOL. (I am using AOL dialup.)
4. Shutdown your computer.

5. Power on your computer.
6. Start AOL and log into your dialup account.
7. Download Firefox. (The download takes about 20 minutes.)
8. Install Firefox.
9. Sign out of AOL.
10. Shutdown your computer.

11. Power on your computer.
12. Start AOL and log into your dialup account.
13. Start Firefox.
14. In the URL bar, type "groups.google.com/group/talk.politics.misc"
15. After you see the web page for "talk.politics.misc", click on
          "sign-in", which is located on the left side of the web page.
16. Log into Google.

17. Now, in the URL bar, type "socialize.morningstar.com/NewSocialize/asp/FullCo nv.asp?forumId=F100000015&convId=168149".
18. After you see the Morningstar web page for the conversation
          (titled "emerging markets AND international value??") in the
          "Vanguard Diehards" forum, you will notice about 100 randomly placed
          question marks (i.e., "?").

I have tested both Internet Explorer 6.0 and Opera 8.5. Neither of these browsers suffers the above problem.

Clearly, there is some spyware (integrated into Firefox) that is triggered by
an authenticated logon into a Google Usenet discussion group. The Morningstar
discussion thread then causes the spyware to act.

If anyone knows how to fix this problem, please tell me. I like Firefox. Although Opera is more reliable than Firefox, the user interface of Firefox
is the best (for me).

How do I notify Mozilla of this spyware-related problem with Firefox?

Re:Problematic Signature Release Issue (1)

Heembo (916647) | more than 8 years ago | (#14756708)

Viral infections are easy to prevent, you just dont click on bad shit. Most security conscious IT guys are there already. It's the worm that finds a holes in the windows firewall that I think will be the big one (ala blaster).

Tell me about it. (5, Funny)

MutantHamster (816782) | more than 8 years ago | (#14755062)

January was a horrible month for viruses. Take it from me: If you get an email from an Asian Bird, don't open it.

Spam Gestapo (3, Interesting)

PipeIsArt (800028) | more than 8 years ago | (#14755067)

Spammers have deduced that to avoid being blocked by the simplest mail server rules, they need to use a valid domain. However, if the domain that is used is unique and used only for spam, they would easily be blacklisted. The result - the use of popular domains that blacklists dare not touch. I would like to learn what the email domains listed in the article are doing to keep the number of spammers low. I mean if Google can churn out the world's best search engine, targeted ads, and other random applications of the week, then they surely have enough creative juices to flush out their own spam accounts.

Re:Spam Gestapo (1)

gtwilliams (738565) | more than 8 years ago | (#14755144)

Actually, Gmail does a remarkably effective job of filtering spam from my in-box.

Re:Spam Gestapo (0)

Anonymous Coward | more than 8 years ago | (#14755252)

That wasn't the question. The question was more "How am I going to keep spam purporting to be FROM gmail.com out of my Inbox?" spamassasin and other tools do help, but the impact of a "joe-job" in terms of bounces can still cause damage.

In some cases, the best tactic is to "poison the water hole". I.e. "Mortgage" spams are still popular. However, when you "sign up", you are not signing up with a mortgage company, but a "lead aggregator", who sells your information to mortgage company as a "lead". Sign up for every mortgage offer you get - using false, but reasonable, information. This will hurt the spammer, since finance companies are not going to continue to pay the spammer money for bogus leads. Different spams many require different methods of "poisoning" - it's a matter of figuring out how the spammer is making the money, and doing things to eleminate what slender margins there are.

Email Spoofing (1)

lordsid (629982) | more than 8 years ago | (#14755330)

Spammers are spoofing the return address as being one of the valid domains (i.e. google.com, yahoo.com, msn.com...)

the email addresses probably do not exist, or maybe they do

another tactic i've noticed is putting your own email surname as the sender but from a different domain.

Re:Email Spoofing (2, Informative)

URSpider (242674) | more than 8 years ago | (#14755403)

Spammers are spoofing the return address as being one of the valid domains (i.e. google.com, yahoo.com, msn.com...)

Nope. Not a single credible anti-spam solution out there today pays any attention to the return address on the e-mail (unless it's explicitly in your whitelist). The filtering is done based on the actual origin of the message, or failing that, the first trusted server that handled the message.

The authors of the FA are saying that spam is ACTUALLY coming from gmail.com, which means it is probably being sent by legit gmail.com users (gmail requires a secure login to use their mail gateway).

It would work like this ... get a gmail account, write a bot to send e-mail to other zombie gmail accounts for a while, wait until you have 100 invites to hand out, sign up for some more accounts, then spam like mad until gmail shuts you down.

It would be really, really hard for Google to come up with a solution to prevent spammers from getting out one good bulk mailing before Gmail shuts them down.

Re:Email Spoofing (1)

ianalis (833346) | more than 8 years ago | (#14759159)

Gmail can block or ask confirmation if the user is sending a lot of emails in a short span of time (staggered or not). If it will only ask for confirmation, it may use a captcha to make it harder for the bots.

Re:Spam Gestapo (1)

m50d (797211) | more than 8 years ago | (#14755557)

Of course they do. But where's the profit in that? Especially when one of the main features of their mail service is their antispam.

Re:Spam Gestapo (1)

xiong.chiamiov (871823) | more than 8 years ago | (#14756600)

Though, y'know that they aren't charging for their anti-spam, so I fail to see why they would want more spammers...

Re:Spam Gestapo (1)

m50d (797211) | more than 8 years ago | (#14759027)

They're making money indirectly from it by advertising - if there wasn't so much spam, people might go for services with less advertising but without the antispam.

Re:Spam Gestapo (1)

dodobh (65811) | more than 8 years ago | (#14756755)

Maintaining abuse desks. Not fun. I know, I work at one. Pulling 12 hour+ workdays, reading tons of email, and never catching up to the flood of spam and complaints.

Differentiating between spam and complaints is a non-trivial problem. Most clued administrators don't block by domain, but by IP address. This reduces the problem of blockages considerably.

What are the long term trends of spam? (4, Insightful)

antifoidulus (807088) | more than 8 years ago | (#14755075)

That is some interesting research(only 5% of spam is porn?!), but where is spam headed long term? They have that little graph were you can see trends for 30 days, 100 days, or 12 months(though the 30 days and 12 months didn't work for me in Safari), but does anyone have reliable statistics that go back farther?

Is spam burning out, finding new markets, or are people just continuing to send spam even if they don't make a profit on it?

I HAVE A GREASED YODA DOLL SHOVED UP MY ASS (0, Troll)

Commander Trollco (791924) | more than 8 years ago | (#14755119)

HOLY FUCK RUINED

GNAA releases AIDS/GRIDS virus into the wild motherfuckers. taint is tasty, live and learn it brick brick brick

cocks- this is a motherfucking FIRST POST and you know it. You --> jewshowers

DON'T STEAL MY LINE, NIGGER! DRINK MY PISS NOW! (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14755128)

From my FATTY FAT cock. DICK JUICE!

Re:What are the long term trends of spam? (5, Funny)

mctk (840035) | more than 8 years ago | (#14755138)

Actually, I do have research that goes back further. Please, post a reply that contains your email address and I'll be sure and send you my spam-research-installer. After clicking "yes" to all of the options, you'll be granted access to a huge database containing thousands of research papers 6arranteed t o maek ur Pennis HU6E!!!!!1!!!111!

ahem, sorry.

Re:What are the long term trends of spam? (1)

Eightyford (893696) | more than 8 years ago | (#14755153)

Is spam burning out, finding new markets, or are people just continuing to send spam even if they don't make a profit on it?

Well I'm pretty sure someone is making a profit out of it. It costs next to nothing to send a million emails, and there are a lot of dumbasses out there.

Spam is here to stay (4, Insightful)

Opportunist (166417) | more than 8 years ago | (#14755194)

First of all, spamfilters, no matter how good they are, won't solve it. Who has filters? You, me, the rest of the "clued" people. But we wouldn't click on a spam ad anyway, would we?

The people who do click on one simply have no clue what's going on and thus have no spamfilter. So spamfilters are simply for our convenience of not having to deal with junk.

Laws won't make spam go away. Unless you have a globally universal and most of all equal law concerning spam, all it does is to go to another place. And since making spam legal equals tax income for a country, I'd give a the possibility of the RIAA realizing that copycrippling their music isn't the right way a higher chance of coming to reality.

So Spam is here, and it's here to stay. It will maybe become more sophisticated, and it will most certainly become used by people wanting to plant other malware onto your system (e.g. the combination of spamming a link and planting a bogus WMF onto the referred site).

But Spam won't stop.

Re:Spam is here to stay (1)

jacksonj04 (800021) | more than 8 years ago | (#14755261)

However, lots of people use services like gMail and Hotmail, which come with increasingly more accurate spam filters.

Perhaps they should get together to build an antispam service. Think about it, they can analyse every incoming mail. If more than X% of the message text matches Y% of total messages recieved over a time period (i.e. most spam is sending chunks of identical text to lots of people in very little time) then it's automatically flagged as spam, the SMTP server is blocked, and a bayesian pattern is updated. Congratulations, you've just booted an entire spammer's distribution network from two of the biggest email providers.

Include other mail providers, get talking to honeypot projects, and make an application for 3rd party servers. Yes the central network required to support the system would be a bit on the chunky side, but the benefits of having a central "This message is spam, don't even consider it" would outweigh the cost in transit fees.

Re:Spam is here to stay (1)

timeOday (582209) | more than 8 years ago | (#14755452)

However, lots of people use services like gMail and Hotmail, which come with increasingly more accurate spam filters.
Exactly... spam is forcing the decline of traditional email. I doubt if an email sent from one gmail user to another even uses SMTP at all. When we think of software as a subscription-based service, with no locally installed special-purpose software, we should look to email as the model for a smooth transition.

Good idea. But there's one problem (1)

Opportunist (166417) | more than 8 years ago | (#14755673)

Technically, this system is prone to abuse: Think censorship.

You label something spam. That's allright, I don't care about the size of my penis (or breasts, or left pinky or whatever), and I certainly don't care that Mr. Mumbutu's wife needs a secure way to transfer her money.

On the other hand, some governments would definitly enjoy not delivering messages that points out their flaws. Or some companies to have some of their more questionable practices revealed.

Who gets to define spam? Who gets to make the filter rules?

Me? You? (snicker) Google?

Also consider the legal implications. Yes, Spamorama's mails are what everyone on this planet considers spam. But Spamorama sues BigBoxMails because BBM filtered out their mail, calling it censorship, violation of first amendment, or whatever the clever lawyers of Spamorama pull out of their hats.

Tread lightly on this subject. I don't just want to get "governmental and corporal approved" mail.

Re:Good idea. But there's one problem (1)

jacksonj04 (800021) | more than 8 years ago | (#14756370)

Depends how algorithmic it is. If the whole thing is based purely on statistical volume + bayesian filter based on the same and not on any manual intervention then it should be fine. If BigBoxMail didn't specifically censor that from Spamorama and it just happened to fall into the 'spam' statistics then Spamorama don't have a legal leg to stand on, First Amendment or no.

Re:What are the long term trends of spam? (1)

NewbieProgrammerMan (558327) | more than 8 years ago | (#14755585)

only 5% of spam is porn?!
Well, since emails in these categories:
Pharmaceutical (52.46%): Medical offering (as in "V1@6ra!!!1! with0ut doktor vi5it!!!")
Enhancers & Diets (13.38%): Show her how; (as in 3nl@rge uR M3mber!11!)
sometimes come with porn-like pictures, I don't think the free advert^H^H^H^H^H^H^H^Hresearch article shows that porn traffic has really dropped to 5%.

Re:What are the long term trends of spam? (1)

thogard (43403) | more than 8 years ago | (#14757122)

The interesting thing is the medical spam already has many state and federal laws that could be used by defense attorneys.

Remember, its still highly illegal to offer drugs to kids inside 1000 ft of a school. People have been busted when the dealer was outside of the area but the buyer was inside.

That is odd with all of those viruses o ut here (0, Funny)

Anonymous Coward | more than 8 years ago | (#14755103)

I didn't notice any on my powerbook. Oh wait never mind

Re:That is odd with all of those viruses o ut here (0)

Anonymous Coward | more than 8 years ago | (#14756657)

Nor did I on my Windows XP machine, but then I'm not an idiot.
Viruses and spyware are mainly a PEBKAC.

A brief summary of my experience (3, Insightful)

Opportunist (166417) | more than 8 years ago | (#14755109)

What's coming down our road is a lot more 0day exploits. WMF was the tip of the iceberg.

What's also coming is "multi facetted attacks". I.e. spyware and adware that is being used not only to display pesky ads but also used as a foot in the door to install malware on your PC (i.e. malware that's MORE destructive than just popups).

What I foresee as well is that trojan writers will make more and more use of crippleware that's installed by third party software (for example, software that's supposed to ensure you don't break copyrights). Simply because this kind of software is more or less omnipresent (or will be soon), while not going through the rather strict screening process that normal OS modules go through. Yes, no matter what you think of MS, their soft is one of the best tested in the world (in the non-open source world at least, screening in OS outmatches it by magnitudes).

The goal for virus and trojan writers isn't anymore the spreading and the rather masturbatory enjoyment of knowing your virus spreads like crazy. Money's made its way into the trojan biz. And 3 goals are predominantly present:

1. Spambots
2. DDoS sheep
3. Phishing

While 1 and 2 have already had their heydays, phishing is strongly on the rise. I can say without breaking any NDA agreements that we are currently facing very well organized, very strongly pushing phishing attacks targeted at passwords for the "usual" targets (amazon, ebay, paypal), as well as a lot of national and international banks (online banking is something I would not really do right now on a Windows-based system...).

The organization behind it is stunning. Ways to launder the money that makes some old mafia tactics look bland. Update cycles and update services for those trojans that rival or outmatch large corporations.

Teach your peers. Tell them about it. Tell them to friggin' install that damn antivirus tool. And to upgrade their Windows. And most of all, to finally abandon that insecure webbrowsing pest that comes with every MS System!

Re:A brief summary of my experience (1)

sheriff_p (138609) | more than 8 years ago | (#14755219)

Since when does a bunch of half-baked predictions for the future, without any evidence to back it up at all, constitute "my experience".

+Pete

Re:A brief summary of my experience (1)

Opportunist (166417) | more than 8 years ago | (#14755469)

Unfortunately revealing the evidence would definitly violate the NDA I had to sign.

So no, I cannot back it up with evidence. It was also not labeled "the naked truth" but "my experience". I can look at what happened in the past, look at what's going on now and extrapolate into the forseeable future. So this is what I saw, what I see, and what I predict to happen.

If I had the ability to predict the future without any fault, I would stop looking for viri and start daytrading.

Re:A brief summary of my experience (1)

GoofyBoy (44399) | more than 8 years ago | (#14755475)


I would say that he wouldn't be far off.

Look at how much network security is needed for WoW. Or gold farmers and how organized they are.

Look at how the Nigerian email scams are still going around ... and succeeding.

Getting access to someone's bank account is low risk and effort, high reward.

Re:A brief summary of my experience (0, Redundant)

squidsuk (850172) | more than 8 years ago | (#14756592)

Teach your peers. Tell them about it. Tell them to friggin' install that damn antivirus tool. And to upgrade their Windows. And most of all, to finally abandon that insecure webbrowsing pest that comes with every MS System!
Where's the part about finally abandoning that insecure Windows OS pest, and installing Linux instead?

Re:A brief summary of my experience (1)

hackstraw (262471) | more than 8 years ago | (#14756911)

online banking is something I would not really do right now on a Windows-based system...). ...

Teach your peers. Tell them about it. Tell them to friggin' install that damn antivirus tool. And to upgrade their Windows. And most of all, to finally abandon that insecure webbrowsing pest that comes with every MS System!


Why do you still recommend a broken solution?

Nobody that I know of that uses a Mac has virus problems, spyware, or any of the chronic probelems that plague Microsoft operating systems. In fact, I don't even know if there are antivirus or spyware removal programs for the Mac OS.

Besides games, I don't know what is so compelling about the Windows platform.

Rapid immune response (4, Interesting)

Mostly a lurker (634878) | more than 8 years ago | (#14755113)

It does seem that some virus attacks are occurring too quickly for traditional AV approaches to provide adequate protection. Perhaps an approach suggested by Israeli researchers, Distributive immunization of networks against viruses using the 'honey-pot' architecture [netdimes.org] [warning: PDF], has virtue. The basic idea is to automate virus recognition and immediately push a "vaccine" to potentially vulnerable machines.

Re:Rapid immune response (0)

Anonymous Coward | more than 8 years ago | (#14755146)

The real solution is to write a secure OS.

Automating virus recognition with honey-pots is an expensive and convoluted solution for a problem which shouldn't exist in the first place.

Re:Rapid immune response (0)

Anonymous Coward | more than 8 years ago | (#14757505)

Pushing a "vaccine" to vulneable machines is a noble idea.
The real problem lies with people who argue that "No way in hell am I gonna let someone push and install data on my machine"

Analogue to the many people out there who still thinks that MS installs "other than security patches" when automatic update is run and therefore disables it.

Nice free advertising (1, Interesting)

imipak (254310) | more than 8 years ago | (#14755177)

Nice free advertising on Slashdot. Any chance of equal exposure for some competing sources [google.co.uk] ?

Vaginas for Jesus (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14755184)

I've been an enthusiastic supporter of the Vaginas for Jesus convent in Worcesterchire for some time now.

I'd like to invite you to their annual "DripFest," where you can see the nuns strut their stuff as they squat over the holy water fountain.

Fun and prizes to be had by all!

Re:Vaginas for Jesus (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14755208)

I'd like to invite you to their annual "DripFest," where you can see the nuns strut their stuff as they squat over the holy water fountain.

A chick bleeding out of her vagina is no miracle. Chicks bleed out of their vaginas all the time!

Re:Vaginas for Jesus (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14755241)

It is not blood, my fine young padawan.

It is the viscous secretions of their fragrant arousal.

When they see the big man himself nailed to a plank, it makes them do the vaginal drippy drip.

Anyone else smell tuna fish in here?

Obl limerick (1)

DaSwing (902297) | more than 8 years ago | (#14755189)

There is news from Commtouch how the attacks are just too much they searched a lot of mail containing pictures of an adult male and found out that there was no such

Re:Obl limerick (1)

DaSwing (902297) | more than 8 years ago | (#14755207)

There is news from Commtouch
how the attacks are just too much
they searched a lot of mail
containing pictures of an adult male
and found out that there was no such

hi hello bonjour internet (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14755196)

GOP tok all my bas rutans! 599,,9o999,999 dinners at bas rutan

Virus Outbreak Filters (0)

Anonymous Coward | more than 8 years ago | (#14755238)

Ironport makes a product called Virus Outbreak Filters to address this problem and quarantine potential virus mail. http://www.google.com/search?q=VOF+IronPort [google.com]

Maybe I'm being paranoid... (1)

JustNiz (692889) | more than 8 years ago | (#14755264)

I wonder just how many of these reported virusses are either:
1) Developed and released by anti-virus companies themelves to sell more product
2) Non-existent myhts propagated by anti-virus companies to sell more product
3) Other software intentionally miscategorised as virusses by antivirus comapnies to sell more product.

Re:Maybe I'm being paranoid... (3, Insightful)

Opportunist (166417) | more than 8 years ago | (#14755310)

1. No, thank you. We got enough work analyzing and prodding viri, we don't need to write them. We get them, for free. Why bother working more than you really have to?

Detach yourself from the idea of the "fun" virus that spreads, displays junk or wipes your hard drive. Those are becoming fewer and fewer. The "new" generation of viri and trojans have a very defined goal: Making money for their creator. Either by using the infected machines for another attack (use it in a DDoS blackmail attack), gathering your passwords to steal from you directly (paypaling your money away or "making" you buy their stuff for horrible prices at EBay) or use you as a relay station for spam and other malware so it cannot be traced back to them (and spam being the most harmless of them).

2. I do admit, we sometimes exaggerate the threat. Not for our personal gain. People don't go out and buy antivirus soft just because the threat level is rising. There're a LOT of free antivirus solutions that are by no means worse than commercial products, and a lot of commercial products do have a non-commercial free version.
But, for example, because the trojan poses a threat to the net as a whole while the damage to the single machine infected would be minimal. Why should YOU care, if YOUR damage is low? People are selfish like that, unfortunately.

3. Something you won't see soon again. There was a quite nasty lawsuit against a German antivirus company for labeling some adware correctly as adware. I certainly wouldn't label anything that's not most certainly BAD BAD BAD software bad. The lawsuit is right at your tail if you do.

Re:Maybe I'm being paranoid... (1)

thogard (43403) | more than 8 years ago | (#14757046)

1. I know people who got paid to "find" unknown viruses. It was a long time ago so things may have changed but I don't see anything in a new anti-virus startup business model that would prevent them from doing such things.

This proves antivirus is useless (5, Insightful)

J0nne (924579) | more than 8 years ago | (#14755269)

If this report proves anything, is that running antivirus software is not good protection. You have to educate users not to open suspicious attachments, not to run IE, and to keep their systems updated (every modern OS does this automatically! Windows also does this since SP2). A firewall and/or NAT router is always a good idea too.

I don't run antivirus (except the occasional ClamWin run if I downloaded something I don't trust completely), and I manage to keep my computer clean just by following the above rules. Antivirus won't protect you from ad/spyware anyway, and these things have become worse than viruses.

If the antivirus vendors can't keep up with new viruses, you might aswell stop paying for antivirus. After all, it won't protect you.

Antivirus is NOT useless (2, Insightful)

Opportunist (166417) | more than 8 years ago | (#14755351)

It's just not the perfect cure. When you install an antivirus suit and consider yourself completely safe, click on everything you can because "hey, I have antivirus, I'm safe", you're in a very dangerous misconception.

I mean, you do wear a condom when having intercourse, right? But still you don't do it with people of "questionable background", right? Why?

The best protection is still having an antivirus suit and behaving like you don't.

Re:Antivirus is NOT useless (1)

J0nne (924579) | more than 8 years ago | (#14755462)

It's just that people do fall into that trap of trusting their antivirus. Why would you pay for an antivirus application which will probably screw up your system more than an infection, if you can keep your computer clean by following some simple guidelines?

I see computers with P4's that run the speed of a PIII just because they're running Norton's crap. And those computers are infected with tons of adware too, because Norton won't do anything to stop those.

I just have Clamwin on my system as a regular application, it doesn't hook into the system, and doesn't do real-time scanning. It doesn't suck resources, I don't even let it start up with Windows.

Running an antivirus application is just not worth it. They suck resources and money out of you wallet, and it won't even protect you when the next worm hits because worms spread faster than anyone can produce antivirus definitions.

Oh yes it is! (2, Informative)

code65536 (302481) | more than 8 years ago | (#14755470)

Anti-virus has become more or less snake oil in respect to their effectiveness. They are slow to respond to new threats and are too easily disabled by attacks. Knowledgeable users have no need for AV because they know how to avoid infections quite easily (I'm a Windows user who has never used AV in 15 years and I have never been infected). People who are not knowledgeable will get a false sense of security and feel that they do not need to bother with learning all the ins and outs of safety.

I remember doing some maintenance on a small network once, and discovered that a number of the machines were infected. The boss was surprised. "But they all had anti-virus software!" And what a jolly amount of good that has done...

Yes, there is certainly a limited benefit to AV, as I would imagine that knowledgeable users can sometimes make a mistake. But AV software causes so many problems of their own, from the slowdowns caused by on-the-fly scanning, to the system bogdown whenever it does its scheduled full system scan, to the various slew of compatbility and stability issues that it creates (*cough* Norton *cough*).

Education is better than a technical solution (1)

Opportunist (166417) | more than 8 years ago | (#14755582)

That's a given. Unfortunately it's not reality. Look around you amongst your peers, subtract the ones that have a clue when it comes to computers, and then try to teach them.

You'll get an answer akin to this: "Lemme alone, I don't wanna learn that, I just wanna surf and enjoy it."

People don't want to learn. You don't want to be a mechanic to drive your car, all you want is to turn the key and kick the throttle. It's the same way with computers.

Yes, you might actually not need an antivirus tool. Not something I'd recommend, since there are so many other ways to get infected and bugged even if you're careful, but that's your decision.

There are on the other hand people who don't want to learn the ins and outs of computers. They just want to use them and play around. And for them, having one is better than not having one. Simply 'cause they will cause havoc regardless, but at least some of those ancient worms would stop knocking against my firewall.

Re:Education is better than a technical solution (1)

pilkul (667659) | more than 8 years ago | (#14756374)

Yes, you might actually not need an antivirus tool. Not something I'd recommend, since there are so many other ways to get infected and bugged even if you're careful

Really? I'm behind a NAT router which forwards no ports, and all my contact with the outside world is through the latest versions of Firefox and Thunderbird. How exactly can I be infected if I don't run any suspicious executables?

Re:Oh yes it is! (3, Insightful)

isorox (205688) | more than 8 years ago | (#14756709)

I have never been infected

How do you know?

Antivirus isn't great, or even very useful (2, Informative)

squidsuk (850172) | more than 8 years ago | (#14756698)

Antivirus isn't great, as it comes with a bunch of issues, such as resource implications, acting as a threat vector itself, and generally being a case of shutting the stable door after the horse has bolted (zero-day exploits).

So add-on antivirus software isn't exactly *useful*, and isn't anything like running a sane operating system with pragmatically chosen security settings - which wouldn't include, by and large, anti-virus or anti-spyware scanning type software.

Re:This proves antivirus is useless (2, Insightful)

Anonymous Coward | more than 8 years ago | (#14757198)

I certainly wouldn't call AV software useless... It's a good first line of defense... But it certainly isn't a silver bullet.

A lot of AV software out there is simply crap to start with. It burns up your system resources and doesn't even protect you properly. The problem is, your average user has absolutely no way to judge what is "good" AV and what is "bad" AV. Every box out there claims to be the best, and every self-respecting geek has a strong opinion about which brand is the best.

Even if you get yourself some "good" AV, it's only going to be as protective as you let it. If you disable all the assorted protection and download an attachment called "lesbians.mpg" anyway, you're pretty much doomed. No AV out there can protect you when you intentionally circumvent it.

Finally, education goes a lot further than any software ever will. If you know enough not to download the attachments you're going to be vulnerable to a lot less stuff.

What is really necessary is good AV combined with education and, where available, sysadmin-imposed security policies. Only by combining those things are we actually going to be able to curb malware. Everything else is just a bandaid solution.

indemnification against viruses (1)

rs232 (849320) | more than 8 years ago | (#14755273)

Why don't the lawyers provide indemnification against getting "computer viruses".?

Why don't they make an OS that is immune from getting viruses just by clicking on a hot link or opening an attachment?

http://fudwatcher.blogspot.com/ [blogspot.com]

Re:indemnification against viruses (2, Insightful)

URSpider (242674) | more than 8 years ago | (#14755524)

Why don't they make an OS that is immune from getting viruses just by clicking on a hot link or opening an attachment?

Because it's very, very hard. First of all, users are constantly demanding that progams interact with each other, and with each other's data. This gives the web browser permission to pass that hotlink off to another piece of code and process it, sometimes without your intervention. It's these hand-offs that cause the problem. All it takes is one good buffer overflow error to drop some virus code into the instruction queue, and you can make all kinds of interesting things happen. Programmers are learning to add boundary checks to their code, but every now and again, someone's going to make a mistake. Not to mention, many viruses today are actually straight-up executable code or scripts that users are fooled into running.

And, if that attachment is an executable, then no operating system ever created, or that ever will be created, can stop you from clicking your way to oblivion (unless you completely remove the ability for users to execute programs other than some pre-existing sub-set, which is completely impractical).

All you Linux users out there, stop snickering from behind your keyboards. I'm willing to bet there are one or two good holes in Firefox that could be used to install malicious code on a Linux box. Sure, it would run as the individual user, not as root, but that's not going to matter much when your ISP cuts off your data pipe because 'dumbuser1' has a spam bot running in the background.

A good OS (or mail program, rather) (1)

Opportunist (166417) | more than 8 years ago | (#14755791)

...will at least make sure that no program gets executed without the expressed consent by the user (i.e. no automatic execution of possibly malicious code). Furthermore, it will inform its user who just clicked on an attachment, that said attachment is exectuable code.

If the user is dumb enough to STILL execute it, well, then he's the only one to blame. The biggest security problem of a system is still sitting in front of it.

Re:indemnification against viruses (2, Informative)

v1 (525388) | more than 8 years ago | (#14756050)

Lets see, this'll get me modded +5 Troll (truthful)

Why don't they make an OS that is immune from getting viruses just by clicking on a hot link or opening an attachment?

Because software companies (most notably MS) prefer to sacrifice security to provide increased "ease of use". Or, "it's not a bug, it's a feature". Features sell. Bugs... well they do affect sales, but not to anywhere the same magnitude as new features. Company P.R. can spin the new features as wonderful and huge, and play down or totally ignore the problems.

So if a new feature introduces a security risk, and it's not currently en vogue to exploit that particular feature, they include it. Then next year after that feature has gotten hundreds of thousands of their customer's boxes owned, they sell you another feature of a "more secure" xyz. See, they sell it to you broken, then they sell you the fix for it. And they call this "a good business model". The phishers make money, the software vendors make money, and you my friend, are the one that pays them, both.

There ought to be a law that makes it illegal for a company to make a "feature" in computer software that automatically executes a program that was not "reasonably verified" to be executing with the knowledge and consent of the owner. In a nutshell, if someone sends you something through a public medium, and it contains instructions that can tell your computer to do something without your permission, it should never be allowed to execute.

So many viruses (-1)

Anonymous Coward | more than 8 years ago | (#14755335)

...and no culprits. Almost like Al Qaeda: they're always striking/going to strike, yet know one has a clue who they are. They're so clever to always wear masks.

Re:So many viruses (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14755466)

huh? But you just said who they were - Al Qaeda. No one has a clue where the US army is going to strike next either - they keep that information top secret, and do it from planes and missiles hundreds of miles away. At least Al Quada always own up.

AWWWW! (0)

Anonymous Coward | more than 8 years ago | (#14755346)

"Commtouch Detection Center, which analyzed more than 2 billion messages from over 130 countries during the month of January 2006..."

nuff said.

never ever heard of that "company" ...

Nice graphics? (5, Funny)

RT Alec (608475) | more than 8 years ago | (#14755349)

Pretty graphics, lots of "ooooo" factor. I find that they tell me nothing. This is a trend in the "network security" field:

  1. find a subject for which a lot of data can be collected
  2. preparing a bunch of colorful charts and graph that don't actualy convey any meaningful information
  3. Profit (or at least get mentioned on Slashdot, et al.)

Tufte [edwardtufte.com] would be ashamed.

Could not care less. All Win. (-1, Troll)

Werrismys (764601) | more than 8 years ago | (#14755399)

Windoze. Everything that the article covers is winblows. Oh yeah, mod me troll - use of 'Winshit', 'Winblows', 'Windoze' or 'Wincrap' result in insta- -5

Mac Attack (0)

Anonymous Coward | more than 8 years ago | (#14755508)

and DON'T FORGET the first (?!) real mac virus.
The iMacs are dropping like flies. Save the mac!
Will some please think of the MAC???

The Slashdot story is a press release only. (4, Interesting)

Futurepower(R) (558542) | more than 8 years ago | (#14755517)

I wish that Slashdot editors would not post stories about press releases! Did someone get paid under the table?

It's very common that press releases contain entirely invented "information". Certainly the people who write them can be expected to have NO technical knowledge, and not to care that they have no technical knowledge.

--
If they enjoy it or it makes them money, rich people and leaders can kill small animals and Iraqis?

press releases, patents and tax monies (0)

Anonymous Coward | more than 8 years ago | (#14755843)

3/4s or so of most tech related articles can be traced back to a rewritten press release. Go to any of the big science or IT websites and look, you'll see it. Even the mainstream pay per view places are just running press release type stories, based on the summaries, then make you pay to read the academic paper. I think it's better to just post the release and be done with it, let people know that's what it is. And I think we need to end pay per view on academic articles if there's so much as a penny of governmental grant money involved in it. Same with letting them take tax payer money and get a patent on stuff they research, that should be ended as well, make the results be free and available to anyone to use to develop useful products.

fuck spam (0)

Anonymous Coward | more than 8 years ago | (#14755575)

i do not like spammmm
inbox constantly filling
please die cocksuckers

"AVERAGE anti-virus" (3, Insightful)

Avohir (889832) | more than 8 years ago | (#14755736)

they never note specifics on which anti-virus performed how well, Their tests are based on the AVERAGE time to detect and the AVERAGE number of viruses missed. Not all anti-viruses are created equal, and some are distinctly less equal than others. Symantec and McAfee in particular have abysmal response time in updating their definitions. Granted since they're much bigger than their competitors, and with size comes sluggishness, but I've personally submitted samples to them and had to wait weeks before the definitions were added. That kind of delay is inexcuseable (if it takes that long to review samples, hire more people!)

Also, when you take into account that McAfee detects fully half the files with any sort of file packer used (thats what they call 'heuristics', they've detected Hijackthis as a virus during 4 separate updates), you have to wonder how they can miss actual viruses with such a "shoot first and fix false positives later" mentality.

as a positive counter-example, NOD32 and Kaspersky generally detect a new threat within an hour after they first see it, if their heuristics dont already pick it up.

When it says that its the average of 21 major anti-virus vendors, I question whether the statistic is meaningful with so broad a spectrum of response times

ionformatIve ShitShit (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14755967)

want them there. users. This Is declined 1n market

I'm sick of all of these scares. (5, Funny)

kadathseeker (937789) | more than 8 years ago | (#14756299)

I wish, after all of this hyping, that we'd get a bug as well written as some of these (you know, that gets into everything and around all defenses) but gets old-school on its victims. None of this pussyfooting around, I mean like copy itself, mailing itself to all of your contacts, and delete everyone's hard drives. Or filling it with beastiality pron. Nasty stuff.

Show these kids what a real virus is about. Put that hype to good use. And make everyone stop acting like EVERY LITTLE BUG IS A RIDER OF THE APOCALYPSE. Because most of these, like even the Sober worm, aren't really that harmful. Most malware writers are really only out for money, not general misanthropia. I just want ONE killer bug to put all of this in perspective. And maybe get people to switch to a modern OS like Linus, BSD, or OS X.

Because no, not even Norton can save you.

Macintosh (1)

1336.5 (901985) | more than 8 years ago | (#14756487)

The only antivirus slution.

That is all.

kk thx

yuo fail It! (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14756567)

You got there. Or be 'very poorly they want you to more gay than they

Did anyone else... (3, Funny)

Sfing_ter (99478) | more than 8 years ago | (#14757909)

Did anyone else find it interesting that they are hosting this on a Win2k iis server?
Funny choice given the stats...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>