Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Top Viruses, Worms and Malware in 2006

Zonk posted more than 7 years ago | from the and-the-losers-are dept.

Security 74

An anonymous reader writes "HNS is running an article with a list of those malicious codes which, although they may not have caused serious epidemics, stood out in one way or another. Some of the categories are: the biggest snooper, the most moralistic, the worst job applicant and the most tenacious. From the article: 'The most competitive. Once the Popuper spyware has installed itself on a computer, it runs a pirate version of a well-known antivirus application. Far from trying to do the user a favour, it is actually trying to eliminate any possible rival from the computer. It seems that the fight for supremacy has also reached the world of Internet threats.'"

cancel ×

74 comments

Sorry! There are no comments related to the filter you selected.

A bit of bias from the press? (0, Redundant)

Amiga Lover (708890) | more than 7 years ago | (#17347418)

I notice there's no mention of ANY of the Apple viruses/worms or malware out there. You only have to search back through the last year of security news to see the exploits taken advantage of in OSX to see a few examples of this, yet there's still no "FIRST VIRUS ON MACS" headline in the mainstream press.

Especially the one released on a popular mac rumors forum earlier this year that hit a few people hard.

Re:A bit of bias from the press? (3, Insightful)

Rakshasa Taisab (244699) | more than 7 years ago | (#17347644)

By your logic we should be seeing dozens of "FIRST VIRUS ON WINDOWS" headlines per year.

The three S's (3, Insightful)

maztuhblastah (745586) | more than 7 years ago | (#17347986)

The severity of the virus, the spread of the virus, and the stupidity of the users necessary for the the first two.

The few viruses (they were actually non self-replicating trojans -- most were modified versions of Opener) that affected people on rumour forums required people to give the trojan/script admin (sudo) privileges. I'm sorry, but no matter what OS you're on, giving a virus sudo means game over.

Re:The three S's (1)

Beryllium Sphere(tm) (193358) | more than 7 years ago | (#17352096)

>no matter what OS you're on, giving a virus sudo means game over.

SELinux.

where are the reports .. (3, Informative)

rs232 (849320) | more than 7 years ago | (#17348508)

"I notice there's no mention of ANY of the Apple viruses/worms or malware out there"

Where are the reports of thousands of OS X desktops being compromised and bank accounts being emptied.

http://www.macobserver.com/editorial/2003/08/29.1. shtml [macobserver.com]

was Re:A bit of bias from the press?

Text of Linked Mac Virus Article (1)

ProfessionalCookie (673314) | more than 7 years ago | (#17354844)

Mac Viruses By The Numbers - Word Macro: 553, Classic Mac: 26, OS X: Zero
by Charles Gaba, 11:00 AM EDT, August 29th, 2003


So, another week, another Windows virus. Ho-hum.

Computer viruses--Windows-based computer viruses, for the most part--have been around for a long time now, but it's really only since the explosion of the Internet (the modern, commercialized Internet, that is) that they've caught the public eye, and it's only within the past 2-3 years (since the first "rock star" viruses, Melissa, AnnaKournikova and ILOVEYOU) that the media has made a fuss over it.

[...] //Who actually reads the whole article?

6. This is where things start to get very interesting. You see, out of those 579 total viruses which affect some versions of the Mac operating system, you'll notice that the vast majority of their names start with a WM/ or XM/. I checked these out, and sure enough, this means that they're a Macro virus which runs exclusively on some versions of--you guessed it--Microsoft Word or Microsoft Excel (there are a few Word/Excel Macro viruses which don't have WM/ or XM/ in their names as well). In fact, over 95% of these so-called "Mac" viruses are actually directly made possible by Microsoft software. If you take these out of the equation, which seems reasonable to me since there are solid alternatives on the Mac to Word and Excel, just as there are alternatives to Windows itself, you're left with the following number of viruses that affect the Mac and can't be blamed on Microsoft in any way, shape or form: 26.

Yes, that's right: 26 out of a total of over 71,000.

However, I've left out one of the most important factors here: All 26 of these, along with the other 553 Word/Excel Macro viruses, were designed for the OLDER versions of the Mac OS (and the older versions of Word/Excel, to be fair). None of this has anything to do with Mac OS X, which is the relevant system to look at.

If you remove the viruses which don't affect OS X, you know what you're left with--at least, as of this writing, and to the best of my knowledge?

Zero. None. Zip. Zilch.

Good News! (-1)

Anonymous Coward | more than 7 years ago | (#17347432)

Vista made the list.

Re:Good News! (0)

Anonymous Coward | more than 7 years ago | (#17347522)

I heard it made a few other lists as well.

Re:Good News! (3, Funny)

Anonymous Coward | more than 7 years ago | (#17347628)

Me too!!
  • Operating systems with the most uselessly pretty user interfaces.
  • Software products most likely to kick their owner in the nuts after taking his money.
  • Software products with a frightening history of insecurity and horrifyingly bureaucratic development.


  • That's all I got so far.

Re:Good News! (0)

Anonymous Coward | more than 7 years ago | (#17348964)

i have a uselessly pretty interface :(
but its beryl on ubuntu, is that ok?

The worst worm and job applicant - Todd Shriber? (1, Funny)

Anonymous Coward | more than 7 years ago | (#17347440)

Or will we have to wait for next years list to see our new friend Toddy [wikipedia.org] included? :-)

MOD PARENT UP - FUNNY! (0)

Anonymous Coward | more than 7 years ago | (#17347802)

Well ok I laughed.

Top Viruses of 2006... (1, Insightful)

Anonymous Coward | more than 7 years ago | (#17347496)

None of which affected me simply because I chose to run linux. When will the rest of the world catch on... *sigh*

Re:Top Viruses of 2006... (2, Informative)

CapitalT (987101) | more than 7 years ago | (#17347524)

From TFA:
-The most promiscuous. This title goes without doubt to Gatt.A. This malicious code can infect any platform that it is run on: Windows, Linux, etc.

Re:Top Viruses of 2006... (4, Insightful)

Klaidas (981300) | more than 7 years ago | (#17347588)

Well, you see, there are viruses for linux. However, they don't spread a lot (because if someone uses linux, he has enough knowledge not to open an attachment/install an unknown file.)
And well, saying that WIndows is bad because almost all viruses are designed for them is like saying that houses are bad, because thieves might try to break in...

Re:Top Viruses of 2006... (1)

Porchroof (726270) | more than 7 years ago | (#17347676)

Finally. Some wisdom on this forum.

Re:Top Viruses of 2006... (1)

ColdWetDog (752185) | more than 7 years ago | (#17349784)

Where?

(And for the slashdot lamo-slow-the-cowboy-down routine I TYPE SLOWLY YOU INSENSITIVE CLOD!)

Re:Top Viruses of 2006... (5, Insightful)

LainTouko (926420) | more than 7 years ago | (#17347728)

Well, that's only part of the truth. There are three reasons why Linux viruses don't get around like Windows viruses; better security, lower population (also encompasses the lack of monoculture in network applications), and more careful users. And none of those reasons is the "real reason", they work in combination with each other to make the difference really really big.

Re:Top Viruses of 2006... (1)

Raideen (975130) | more than 7 years ago | (#17349272)

Also, an executable sent via e-mail can't be executed until the user saves it to the HD and then makes it executable.

Re:Top Viruses of 2006... (0)

Anonymous Coward | more than 7 years ago | (#17350464)

Forgot - wipes out any viruses when installing yet another Linux distro

Re:Top Viruses of 2006... (2, Insightful)

vtcodger (957785) | more than 7 years ago | (#17347732)

***And well, saying that WIndows is bad because almost all viruses are designed for them is like saying that houses are bad, because thieves might try to break in...***

No, Windows is a target because it is widely used and vulnerable.

Windows is bad because there are so many obscure ways to hide malware and restart it on subsequent boots.

Re:Top Viruses of 2006... (2, Insightful)

the_bard17 (626642) | more than 7 years ago | (#17347734)

Bad analogy. This is more like saying that your wooden house is bad, since it's very susceptible to fire.

My stone house, on the other hand, is not very susceptible to fire. That means it's better.

*Notice that I'm convienently ignoring how difficult it is to run anything through the walls, compared to that wooden house, in addition to how cold the stones get during the winter (and the subsequent lack of insulation), etc.*

Re:Top Viruses of 2006... (4, Insightful)

bl8n8r (649187) | more than 7 years ago | (#17347800)

It sure seems to have come down to a matter of simple denial with the Windows platform. Vista has barely been released yet, and there are exploits[0] out for it. How can anyone claim to be concerned about system integrity[1] *and* be a windows advocate at the same time? It is a blatant contradiction. There are so many different alternatives with a better overall design that it makes no sense to run Windows unless you have been locked-in to the platform. If you are not yet locked-in, it seems Vista will help you with that[2].

[0] http://www.google.com/search?hl=en&q=vista+virus [google.com]
[1] http://www.google.com/search?hl=en&lr=&q=vista+sec urity+lacking [google.com]
[2] http://it.slashdot.org/article.pl?sid=06/11/16/011 2214 [slashdot.org]

Re:Top Viruses of 2006... (0)

Anonymous Coward | more than 7 years ago | (#17348418)


It sure seems to have come down to a matter of simple denial with the Windows platform. Vista has barely been released yet, and there are exploits[0] out for it.

[0] http://www.google.com/search?hl=en&q=vista+virus [google.com]

Uh...care to post something that's not from 2005?

Re:Top Viruses of 2006... (1)

NorbrookC (674063) | more than 7 years ago | (#17347926)

However, they don't spread a lot (because if someone uses linux, he has enough knowledge not to open an attachment/install an unknown file.)

Well, one *hopes* they have that! That practice has been a mainstay since the first viruses cropped up. However, believing that you're safe because you're running Linux, without following good practices is pretty dumb too. The first time someone's running as root and downloads an untrustworthy file...

Yes, it's harder to get viruses in Linux, and the ones that are out there tend not to be as able to spread as the Windows ones. That doesn't mean that you get to forget standard security practices.

Re:Top Viruses of 2006... (4, Insightful)

bmo (77928) | more than 7 years ago | (#17349160)

"The first time someone's running as root and downloads an untrustworthy file..."

But that's not really an issue is it? What Linux distribution has the default user as Root these days? In fact, it's more difficult to run as root in some distributions instead of as a normal user, in that the "root account" is never enabled. Attempt to login to (X,K,Ed)Ubuntu as root at the login screen and it won't work.

How to get a Windows computer infected:

Connect to the 'net without a firewall or run IE and visit a bad page. Or, run OE (interesting that Outlook Express has the same initials as "Operator Error") for your mail. Or run p2p software and download a "song" that doesn't play (but is instead an executable file). In fact, I've got a friend whose daughter did exactly the latter, and I'm going to fix it after the weekend. I beginning to think that these days, that's the most common vector of infection, as I see it time and time again.

Windows gives execute permission based on the file name extension. For this utterly stupid idea held over from the frickin' CP/M days, users are being hosed left, right, up, and down. This bogosity should have died with Windows 3.1 or at least after Bill Gates discovered the 'net and put out Win98. However, the concept is still with us in Vista, so techs everwhere are going to be guaranteed a paycheck for at least the next 5 years.

How to infect a Unix or Linux machine:

Automatically through mail? Impossible to do without user interaction, since everything that comes down the pipe doesn't have the execute bits turned on. Anyone who writes an MUA that does that autmatically will be taken out back and hit with the clue bat.

Visit a web page? There's no such thing as a drive-by install. The user has to download the file and manually set the execute bits high again, through chmod or by right-clicking on the file.

Use p2p? Everything downloaded has no execute bit. What data file _ever_ deserves an execute bit? Indeed, I have yet to ever receive a file from the wire that has execute bits turned on except when they're contained within an installation package, and for that to work, I need to pause and use root permission if it's an install for the whole machine and I still have to unpack it even if it's going in my home directory.

In fact, the simple act of user interaction, even if it's the typing of the current user's password (OS/X) prevents a whole lot of evil. It's that short pause that gives the user the chance to _think_, if even for half a second, and say _no_ to random malware. If you're a malware writer and you give your victims the chance to think, your bit of evil goes nowhere. There are only so many times that people are going to install a fucking purple gorilla.

This ignores the population that will run silly "cupholder" executables and trojan filled "free screensavers," at every opportunity whether in Linux, Unix, or Windows, but then real stupidity trumps artificial intelligence every time. You can only do so much if a user is determined to blow each toe off his foot with a .44 one by one.

If this means that Unix and Linux are more difficult, (as if typing the current user's password is complex) so bloody what? It's damn inconvenient when a computer gets infected, isn't it?

--
BMO

Re:Top Viruses of 2006... (2, Interesting)

spectecjr (31235) | more than 7 years ago | (#17349562)

How to infect a Unix or Linux machine:

Automatically through mail? Impossible to do without user interaction, since everything that comes down the pipe doesn't have the execute bits turned on. Anyone who writes an MUA that does that autmatically will be taken out back and hit with the clue bat.


Unless there's a bug in your libpng implementation, and your MUA automatically displays images.

Re:Top Viruses of 2006... (1)

bmo (77928) | more than 7 years ago | (#17349976)

"Unless there's a bug in your libpng implementation, and your MUA automatically displays images."

Apples. Oranges.

The former is a design decision - to consciously give execute permission to email content. The latter is a bug. Please learn the difference between the two.

Bad troll. No cookie.

--
BMO

Re:Top Viruses of 2006... (1)

spectecjr (31235) | more than 7 years ago | (#17356818)

The former is a design decision - to consciously give execute permission to email content. The latter is a bug. Please learn the difference between the two.

I know the difference between the two. You said, however:

How to infect a Unix or Linux machine:

Automatically through mail? Impossible to do without user interaction, since everything that comes down the pipe doesn't have the execute bits turned on.


Which is patently false.

Re:Top Viruses of 2006... (1)

NorbrookC (674063) | more than 7 years ago | (#17350016)

This ignores the population that will run silly "cupholder" executables and trojan filled "free screensavers," at every opportunity whether in Linux, Unix, or Windows, but then real stupidity trumps artificial intelligence every time.

Which was my point. I cringe every time that someone says "I can't get a virus because I'm running Linux!" Linux makes it more difficult than Windows by several orders of magnitude, but it doesn't mean that it's impossible. In case you're wondering, I have seen people who should have known better running as root on their computers. Their reasoning was related to your last sentence - it was "easier to run as root for what I'm doing." (sob) (head pounding) Running a given operating system does not incur automatic protection in the absence of proper procedure.

Re:Top Viruses of 2006... (1)

bmo (77928) | more than 7 years ago | (#17350554)

"Running a given operating system does not incur automatic protection in the absence of proper procedure."

You and I are on the same side. Heh.

When, at first, I couldn't use the root account in Ubuntu, I enabled it using sudo passwd. But upon reflection, after thinking that not having an active root account was a bit of bogosity (I'm a big boy, I know what I'm doing), I have changed my mind and agreed with the Ubuntu and OS/X method of using sudo for everything. It keeps one from playing "admin" for too long.

I have learned that if I need to do root work in a shell, I can always sudo bash in an xterm. There is no reason for there to be permanent password enabled root account.

As for "it's easier in root" justification, yeah, everything's easier, and this is the justification that Microsoft uses to give admin privs to default accounts in XP. I hear that this is being changed in Vista, but then I also hear they've made it a pain in the arse for the equivalent of sudo, making the user type a password at each step if there are multiple steps to something like a program install.

Gah. Tell me that I'm wrong. Things can't be _that_ screwed up, can they?

BTW, on a side note, Verizon techs are *JERKS*

A short time ago, a friend of mine called me up to say that earlier this week he had a problem with his phone line which required a Verizon tech. He has DSL, and while the tech was working, he changed the PPPoE password on VZN's end. He then proceeded to set up the single Windows machine for the password, absolutely ignoring the *other computer* and neglecting the freakin' router which should have managed the network connection anyway. The result of which was the Windows machine being able to see the net and the other, a Ubuntu test machine (Joe is my guinea pig) unable to see the 'net. This would be an easy fix if I was sitting in front of the thing, but YOU try talking someone through it over the phone who doesn't know what a router does, and that thinks that the Firefox icon is "the internet."

Thanks, Verizon. Thanks much.

Assholes.

--
BMO

Re:Top Viruses of 2006... (1)

Tweekster (949766) | more than 7 years ago | (#17355322)

Barely anything requires you to run as root (so it wont be "easier") so that point is moot.

You cant simply download a cool screensaver and double click it like in windows.

Re:Top Viruses of 2006... (1)

toejam316 (1000986) | more than 7 years ago | (#17351438)

"The first time someone's running as root and downloads an untrustworthy file..."

But that's not really an issue is it? What Linux distribution has the default user as Root these days? In fact, it's more difficult to run as root in some distributions instead of as a normal user, in that the "root account" is never enabled. Attempt to login to (X,K,Ed)Ubuntu as root at the login screen and it won't work.
-------------
While that may be true, you want to know how much effort its required to enable that? not much. Open the Accounts menu, tick a box, and it works. Now, thats somthing that the basic ubuntu user could easily do, isn't it? Combine that with the fact you can easily use a Terminal on any account and run it as root, it doesn't leave much protection does it? "Quake 3 With Mega Graphics!" "Run this as root by doing x, then your done!" *Crash* - Bye bye security.

Re:Top Viruses of 2006... (1)

bmo (77928) | more than 7 years ago | (#17352202)

"While that may be true, you want to know how much effort its required to enable that? "

I know exactly how much effort. I actually mentioned a way to do it up there, in case you hadn't read. However, the newbie is not TOLD to do it, and so by default, only when the newbie _learns_ what to do, the newbie can enable it or not.

But by then, the newbie has probably operated under sudo long enough that it's second nature and probably has picked up the clue that it's more secure that way anyway.

The fact remains, Mister Microsoft Apologist, that it's the little things that make a big difference between the insecurity of Windows and the security of Linux and OS/X. You don't see examples of stupidity like you mentioned all over the OS/X community, do you? OS/X relies on sudo the same way that Ubuntu does, and you know what? It works.

Proof is in the puddin'

Come back when you've got some real world examples that actually happen, OK?

--
BMO

Re:Top Viruses of 2006... (1)

toejam316 (1000986) | more than 7 years ago | (#17411484)

Real world example? Guide to install quake 3 (Alot of people would have a use for this migrating from windows) one of the first things it says to do is LOGIN AS ROOT, INCLUDING A GUIDE

Re:Top Viruses of 2006... (1)

Matumio (1001893) | more than 7 years ago | (#17352180)

I don't see why privilege separation should help. There is no need to run that spambot as root.

Re:Top Viruses of 2006... (2, Insightful)

bmo (77928) | more than 7 years ago | (#17352354)

"I don't see why privilege separation should help. There is no need to run that spambot as root."

Because if a spambot is running as an ordinary user, it's ridiculously easy to kill and remove. A userland spambot is next to useless, because it will have a very short life. Where does it get launched? In .profile? How do you hide it? Unless you're root, you can't modify logs, netstat, or ps. And once you've got root privs, it's stupid to run the bot in userland anyway. So you're wrong. Priv separation matters.

Fer crissakes, I can run Bagle in Wine, but then all I have to do is kill the process, which doesn't hide from me like it does in Windows. Poof. Gone.

But it's not just privelege separation alone, it's combined with the fact that stuff imported into a system from outside doesn't have _execute_ permission in the first place. Windows attaches execute permission to files because they have the supposed correct extension, and this sin is doubled because _windows hides file extensions by default_ so as to "not confuse the user".

I'm sorry, but that is just stupid.

Explain to me why it's beneficial to the user to hide extensions, to hide processes, and to hide files with attributes instead of simply putting a dot before the filename? EXPLAIN TO ME WHY AN OUTDATED CONCEPT FROM CP/M RESIDES IN WINDOWS? WHY DETERMINE THAT A FILE IS A PROGRAM SIMPLY BECAUSE IT ENDS IN THREE MAGIC LETTERS LIKE 'COM' OR 'EXE' OR THE REST OF THE EXECUTABLE FILE EXTENSIONS, OF WHICH THERE ARE TOO MANY?

Gah...

Whatever. Vista will continue to use filename extensions to determine executability, so Windows users are hosed for yet another 5 or so years until Microsoft gets its freakin' act together, if ever.

The security biggies:

1. Privelege separation
2. Frugal execute permissions.
3. User interaction in granting executability and privelege escalation.
4. No hidden processes.

You cannot have security until you have all four. If you give execute permission willy-nilly, a file that shouldn't have execution turned on can exploit a buffer overflow and now you've got privelege escalation and a process that can hide itself. If you take away user interaction, you have drive-by installs, as seen all over the Windows world. If you take away privelege separation, everyone is administrator, and we've seen where that's gotten us. If you hide processes, like is done in Windows easily, how do you even know if a bit of malware is running or not? Indeed, since Microsoft has bent over for the entertainment industry, we'll be seeing more Windows rootkits because they'll be using the same hooks that DRM uses to hide itself from the user and system administrator. Good luck with that.

Windows has done a piss poor job of implementing security in any shape or form. It's about time Microsoft got off its collective ass and done something responsible instead of shoring up its dubious hegemony.

--
BMO

Re:Top Viruses of 2006... (1)

GeezerGeek49 (858719) | more than 7 years ago | (#17354018)

What Linux distribution has the default user as Root these days?

Linspire

Re:Top Viruses of 2006... (1)

Jacek Poplawski (223457) | more than 7 years ago | (#17348686)

Well, you see, there are viruses for linux

Yeah, sure, millions of them.
I read this lie for many years and never seen any true virus for Linux, only "examples which don't work".

Re:Top Viruses of 2006... (2)

bmo (77928) | more than 7 years ago | (#17349420)

"Yeah, sure, millions of them.
I read this lie for many years and never seen any true virus for Linux"

Hear hear!

I have to expound on this a little.

One of the reasons that the Windows apologists say that Linux has poor virus propagation is because of the geek ratio, and that Linux geeks "know what they're doing."

Well, let's take a look at OS/X. OS/X has a higher population of non-geeks that just want to get things done. Indeed, it's got the highest ratio of fashion conscious and arty-types of any user population. Yet OS/X has the same amount of viruses as Linux in the wild (none). It's not because of popularity. It's not about technical experience of the users.

It's about design. Out of the box, OS/X, Linux, Solaris, BSD are all more secure and orders of magnitude easier to keep secure. Windows apologists who ignore that are simply lying.

--
BMO

Re:Top Viruses of 2006... (2, Insightful)

Metasquares (555685) | more than 7 years ago | (#17349546)

And well, saying that WIndows is bad because almost all viruses are designed for them is like saying that houses are bad, because thieves might try to break in...
Windows is like a house where all of the doors are unlocked and most of the residents can't figure out how to use the key. It can be made secure, but not if it's being used by an average user. Linux is more secure by default and the users tend to know what they're doing more.

Great year for malware... (5, Funny)

spywhere (824072) | more than 7 years ago | (#17347526)

Cleansing home PCs, I've seen some of the more exotic exploits become commonplace, including:

Direct Revenue hiding its core .DLL as a print monitor;
one lone .DLL, registered in a CLSID key, warning of SPYWARE!!! from the system tray;
launching executables from Group Policy subkeys;
populating subkeys of Winolgon\Notify with self-renaming .DLL's.

Hiding malware so it launches before Explorer (and even before the antivirus app) is sneaky, underhanded, and ensures a steady stream of income so I don't need to get an actual job. Editing the Registry hives from WinPE is the only cost-effective way to remove many of these things, and Suzy Homeuser wull never be ready for that.
So here's to you, scumbag malware writers... and here's to Microsoft for leaving soooo many ways to launch your malware: Thanks for paying my mortgage. Without security holes, and the slimeballs who exploit them, I'd be back selling auto parts.

Re:Great year for malware... (4, Informative)

Barny (103770) | more than 7 years ago | (#17348010)

/raises glass

That one that warns of "your pc is infected with malware" from system tray, known some places as smitfraud others as VX2, now uses several hundred reinfection methods, from infected active script desktop images, to the old favourite, making itself the default program to open files of type .exe

In fact, all those tricks you list are used by one version or the other (or if you are unlucky and get the latest updated version, all of them).

Faster now just to backup data, format and re-install than try and debug each and every method used by the particular version you have, I have tried auto remove tools, all of them end up out of date less than 24hrs after launch (someone is making enough from this thing that paying lots of money to a few programmers is not a problem).

The pay-off is of course when the user clicks that task bar balloon and it installs the "protection racket" software of choice onto your PC, which says it found 4366724 virus' and spyware, and to please pay them for a full licence to remove them. Of course if you pay them, it does NOT remove even its own malware, at least yesteryears organised crime DIDN'T break stuff if you paid.

The real kicker is, the 3-4 times I have seen it infect a pc (had user, on a fresh pc, do what they did when it first happened) it was through an IE "unpatched code execution" bug of the week.

When I tell people to use firefox, and then pre-install it on their new PC/repair, do they think it is a joke?

Re:Great year for malware... (1)

maxume (22995) | more than 7 years ago | (#17348478)

-->do they think-- there's your problem right there. I don't mean that to be as harsh as it sounds, they problem isn't that they are stupid, it's that they don't care. Something like 99.9% of people just want a 'internet' thingy, they don't care about having a computer or security or whatever, and if the blue e was the internet before, then it is probably still the internet now, and they don't care about the fire in your pants or whatever the hell you were rambling about when they were paying your bill.

One good trick is to tell them that the thing called 'Firefox' is protected from all the snooping software that their spouse uses to spy on their internet habits, and show them how to clear history/cookies.

Re:Great year for malware... (1)

wordsnyc (956034) | more than 7 years ago | (#17349256)

Something like 99.9% of people just want a 'internet' thingy, they don't care about having a computer or security or whatever, and if the blue e was the internet before, then it is probably still the internet now, and they don't care about the fire in your pants or whatever the hell you were rambling about when they were paying your bill.

Seriously, the only reason most people know they're running Windows is because it says so when they turn on the pc. There's the monitor, there's the "CPU," the mouse, and the keyboard. Dazzit. Remember, these are the same folks who ran out a few years back and covered their houses in plastic sheeting and duct tape because John Ashcroft told them to. Operating system? Why, English, of course. Or,as my sis-in-law interjected during a Thanksgiving discussion of Linux vs Windows with my brother, "I just use my Dell."

Classic Help Desk story... (2, Funny)

spywhere (824072) | more than 7 years ago | (#17351076)

"I just use my Dell."

When I was the alpha geek on a four-geek Help Desk, we had to ask each caller for the computer name (we later used bginfo for that). We would ring a bell every time we got the answer "Dell," then patiently explain that the computer is a Dell, but the computer has a name on the network, and we need to figure out what that is...
one woman interrupted me: "Trinitron?"

I slapped the mute switch just in time, and ROTFLMAO.

Re:Classic Help Desk story... (0)

Anonymous Coward | more than 7 years ago | (#17408310)

God bless the mute switch. It saved many customers from my laughing and derision.

One repair strategy (4, Informative)

spywhere (824072) | more than 7 years ago | (#17348536)

I see a lot of machines with multiple infestations, but I rarely rebuild 'em.
My usual algorighm:

Start up in Safe Mode
Use AutoRuns.exe to identify most of the offenders; delete those that don't self-reinstall
Open IE and then System Information; look at Loaded Modules to find the vx2 .DLLs (hint: sort the list by Manufacturer)
Boot to Windows PE; back up and load the Software and System hives & clean them up; do the same with the user hive(s)
Boot into Windows and check for stragglers.

Lots of fun, especially for $1.25/minute.

Winblows is the problem (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17347528)

It's time for Micro$oft to personally apologize for unleashing the fundamentally broken Winblows onto the world. I want to see Bill Gates have a press conference and cry like a sissy Japanese CEO and beg each and every computer user for forgiveness. This virus/spyware/malware shit has gone on too long. We need some corporate heads to roll, god damn it. Furthermore, Micro$oft needs a hostile takeover from IBM, Sun, or dare I say it, the Free Software Foundation to introduce some fucking Programming 101 to M$'s braindead "programmers". Only then will the Internet finally breathe a sigh of relief.

Archaic! (2, Funny)

Warbringer87 (969664) | more than 7 years ago | (#17347546)

Whoever created the DarkFloppy.A worm appears not to have heard of e-mail, instant messaging or P2P systems, as the propagation methods they've chosen to spread this malicious code is... floppy disks. Not much chance of a massive epidemic then, is there?
Oh, well, I think they underestimate just how stupid some people are. I wonder who the unlucky person was who first nabbed that one. Just goes to show, the internet is the "wild frontier" and that probably won't ever change.

Re:Archaic! (2, Funny)

spywhere (824072) | more than 7 years ago | (#17347922)

Ten years ago, I pioneered a foolproof way to clean floppy disks.
I worked at a chain of auto parts stores, with only five Windows machines. The marketing guy was constantly catching the Zombie virus from his drawer full of floppies.
After about the 5th or 6th time, I took all the floppy disks out of his desk and smashed them with a ballpeen hammer.

Re:Archaic! (2, Funny)

flappinbooger (574405) | more than 7 years ago | (#17349216)

Simon Travaglia, is that you?

Re:Archaic! (1)

spywhere (824072) | more than 7 years ago | (#17351088)

No. Sorry. My name is Bob, but my colleagues at the time called me "spok."

Re:Archaic! (0)

Anonymous Coward | more than 7 years ago | (#17350054)

Well quite frankly this technique still works, however it is better distributed by purchasing some cheap usb drives at staples, infecting the drive, then leave them lying around at a college. People are sure to check them out.

Idiots, this makes the problem only worse! (1, Interesting)

Anonymous Coward | more than 7 years ago | (#17347664)

I think that initiatives like these only make the problem much worse and that the people writing them are mere idiots who don't bother to think about the possible consequences. Yes, some people may consider this informative as a way of being kept up to date as to what has happened in the past year. The people who created and spread all this garbage may very well look upon this with a whole different attitude: "Look at that, see, I R teh l33t coder! My h4xkZ r made teh top!" resulting in some other lame clueless kiddie who has but one single goal: get into the position his fearsome "I R Kiddie" mentor is or was.

When it comes to controversial topics like virii and such I think you need to be very carefull and also use some form of self-moderation just to make sure the news you're presenting doesn't start to lead a life in itself. You see the same thing happening when a kiddie breaks into a computer system and the marks of a rootkit are all over the place. Ofcourse you inform your superiors and other staff, but you also try to keep the news low profiled just to make sure that if it was an inside job (which is always possible) you don't create situations like: "Whatever crap he can do I can do better!".

So when it comes to lists like these I can't help seriously question the sanity of the people creating them. IMO you're only creating a competition platform for morons who can't do much more than find a rootkit on google and need help from IRC channels to actually install and use it. Quite frankly thats the kind of attention I really don't need at all.

Voyeuristic spyware (1)

Caesar Tjalbo (1010523) | more than 7 years ago | (#17347714)

This award goes to the spyware Zcodec which, among other actions, monitors whether users access certain web pages with pornographic content. This may simply be a way of determining whether the user is a frequent visitor to these types of pages in order to send personalized advertising. On the other hand, perhaps the author of the spyware just has voyeuristic tendencies.
In stead of being 'just curious' or 'habitually data collective'? But I suppose it is worth knowing that there's more to spyware than your credit card details and the like.

Definitions (3, Informative)

mangu (126918) | more than 7 years ago | (#17347772)

In stead of being 'just curious' or 'habitually data collective'?


Well, the GP said the spyware "monitors whether users access certain web pages with pornographic content". Sexual matters being involved, the expression "voyeuristic tendencies" is appropriate. If I want to know what kind of motor my neighbor has in her car, I'm being "curious", if I want to know what kind of panties she's wearing, then I'm a "voyeur".

Re:Definitions (0)

Anonymous Coward | more than 7 years ago | (#17348532)

and what if *I* wanted to know...?

What the world needs (5, Funny)

Anonymous Coward | more than 7 years ago | (#17347804)

The time is ripe for a beneficial virus, one that does no harm to the host computer, but acts as a keylogger that will play a very loud annoying buzing noise and kill all open apps if the user types: "misa campo", "made of win", "internets", "begs the question", or any other word or phrase from a list of current phrases used by morons.

Re:What the world needs (1)

bestiarosa (938309) | more than 7 years ago | (#17348562)

Pure genius. This is a call to arms to all the blackhats out there!

Re:What the world needs (1)

einexile (159759) | more than 7 years ago | (#17349112)

because rolling your eyes at 4chan memes and being oh SO much smarter than everyone else is what being a mature, sophisticated netizen is all about

Re:What the world needs (0)

Anonymous Coward | more than 7 years ago | (#17349302)

I was fine with em when the memes stayed on 4chan or SA or whatever cespit spawned them, but they spread to digg, and the nwnw boards, and the wow boards, and slashdot, and pretty much every other webboard I read.

So yes, thinking people who type "miso campo, lawl" are scumbag morons who deserve to have their kneecaps busted or their computer destroyed does make me feel good about myself - why do you ask?

Re:What the world needs (1)

CrossChris (806549) | more than 7 years ago | (#17352758)

A really beneficial virus would just low-level format the victim's hard drive after a few reboots - allowing it to propagate to other Windows "using" idiots before completely trashing the host system. The Windows "user" would then be compelled to PAY for a replacement version of Windows, and would have endless grief with device drivers and re-installing all their software. This would focus their minds VERY effectively, cost Windows "users" a LOT of money, and persuade them that a flawed, closed source, expensive "operating system" isn't the way to go....

Malware's ever expanding talents (1, Insightful)

oKAMi-InfoSec (1043042) | more than 7 years ago | (#17347870)

The general public generally only hears about the viruses that spread quickly and do damage...but the range of exploits is just amazing. One of my favorites is summarized this way, in the article:

"- The biggest snooper. In this case, it was not a difficult choice. WebMic.A is a malicious code that can record sounds and images, using a microphone and WebCam connected to the computer. Of course this is not the sort of uninvited guest you would like to have on your PC."

The average joe really doesn't know how much risk they place themselves in when they connect to the net.

Nor does the average joe take the steps necessary to slow the onslaught:

  • Anti-virus
  • Anti-spam
  • Firewall
  • Anti-spyware

Re:Malware's ever expanding talents (1)

flappinbooger (574405) | more than 7 years ago | (#17349306)

Yeah, those 4 items are good, but "Joe" is STILL skating on thin ice unless he adds a 5th item - a clue.

The other user who, I've noticed, rapidly messes up a computer even with the above 4 things installed is "average teen with half a clue" who is somewhat aware they should not install bad things, but assumes that if it is something that all their friends install, or something they feel they just gotta install, then it can't hurt them.

What about the most effective? (1)

superbrose (1030148) | more than 7 years ago | (#17348232)

Any ideas how much malware has gone undetected?

WGA (3, Interesting)

Gonoff (88518) | more than 7 years ago | (#17348282)

That bit of malware is installed on users machines without their knowledge of what it really means.

It may monitor what you are up to, We don't really know yet.

It may pop a message onto your computer suggesting that you go to a certain website and pay money to some questionable organisation.

A new version is reputed to disable your computer if you do not submit to its blackmail...

Re:WGA (0)

Anonymous Coward | more than 7 years ago | (#17348388)

My step mom's computer got bit by this. After some digging, turns out she paid some random dumbass to "clean" her spyware/malware/virus-infected computer (porn dialers, "use me to disinfect your pc", etc).

She paid the guy $400 to spend hours on it. Turns out he just installed a pirated XP on her PC. Damn that WGA.

Re:WGA (1, Funny)

Anonymous Coward | more than 7 years ago | (#17348528)

Yeah, damn Microsoft for trying to ensure that people use legal copies of XP.

The article is wrong and attemts sensationalism (2, Interesting)

FliesLikeABrick (943848) | more than 7 years ago | (#17349524)

They say that Gatt.A can infect any platform like "omg noes Linux and Mac!" but according to http://www.pandasoftware.com/virus_info/encycloped ia/overview.aspx?IdVirus=122900&sind=0 [pandasoftware.com] the IDA (which it exploits) is present on multiple platforms, but there are other things about windows that made the virus function.

I don't know about everyone else, but this damages the credibility of the article for me.

How about linking the original article? (2, Informative)

OfNoAccount (906368) | more than 7 years ago | (#17350522)

For anyone who wants to see the original article, which is without ads, and with links, there's always the original site:
Panda Software Virus Yearbook 2006 [pandasoftware.com]

You forgot the #1 virus of 2006.... (1)

kirk26 (811030) | more than 7 years ago | (#17353202)

Linsux. Merry X-Mas Linsux users.

One Glaring Omission (1)

hobo sapiens (893427) | more than 7 years ago | (#17357986)

HNS is running an article with a list of those malicious codes which, although they may not have caused serious epidemics, stood out in one way or another.
Duh! Vista!
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>