January 2006 Virus and Spam Statistics 115
Ant writes "Commtouch reports the January 2006's virus and spam statistics. Its summary said there were four massive virus attacks (including a multi-wave attack of 7 variants) and the most aggressive attacks penetrated before the average antivirus (AV) solution could even release a signature. The data is based on information continuously gathered by the Commtouch Detection Center, which analyzed more than 2 billion messages from over 130 countries during the month of January 2006..."
Problematic Signature Release Issue (Score:5, Insightful)
Re:Problematic Signature Release Issue (Score:5, Funny)
Re:Problematic Signature Release Issue (Score:3, Funny)
Re:Problematic Signature Release Issue (Score:3, Funny)
Yeah, but the second argument is PoolBoy
Re:Problematic Signature Release Issue (Score:2, Informative)
http://www.grisoft.com/ [grisoft.com]
Re:Problematic Signature Release Issue (Score:2, Insightful)
Oh yeah, I tried that as well, but as far as I can tell, it was zero day and nothing was working. Of course this was an email worm and it was not on one of my own machines. First and foremost, the first line of defense for this sort of thing is education. If we didn't have people out there that would open any attachment they receive, we wouldn't have anywhere near the problem with this so
Re:Problematic Signature Release Issue (Score:2)
A few examples.
* Whitelisting executables that are allowed to run on the system. It seems to work well for firewalls such as Zone Alarm, which starts from a deny-all policy and prompts the user for things it wants to allow. Substitute "user" with "admin" for executables, though.
* Any app used for communication should follow some common-sense rules
Re:Problematic Signature Release Issue (Score:4, Informative)
Re:Problematic Signature Release Issue (Score:2)
Re:Problematic Signature Release Issue (Score:2)
I do not bounce on matching the SPAMassassin signature. I only defang and users know that it is reversible. There has not been a single user requesting a reversal of the defang.
As far as the greylisting is concerned it has no false positives as far as viruses are concerned either.
Re:Problematic Signature Release Issue (Score:1)
Re:Problematic Signature Release Issue (Score:2)
describe VIRUS_WARNING_EXE1 Message appears to contain a Windows executable
score VIRUS_WARNING_EXE1 2.0
rawbody VIRUS_WARNING_EXE2
describe VIRUS_WARNING_EXE2 Message contains a UUencoded Windows executable
score VIRUS_WARNING_EXE2 2.0
Re:Problematic Signature Release Issue (Score:2)
Re:Problematic Signature Release Issue (Score:1)
Re:Problematic Signature Release Issue (Score:3, Informative)
The virus is reported [bbc.co.uk] to have first emerged on the 16th January 2006. Sophos [sophos.com] says [sophos.com] they provided protection from 16:03:20 GMT on that day. So while it may have taken ages for you to find an anti-virus vender with detection or removal, there *were* solutions on the same day. Trend Micro also sa [trendmicro.com]
Re:Problematic Signature Release Issue (Score:2)
Re:Problematic Signature Release Issue (Score:2)
Tell me about it. (Score:5, Funny)
Spam Gestapo (Score:3, Interesting)
Re:Spam Gestapo (Score:1)
Re:Email Spoofing (Score:2, Informative)
Nope. Not a single credible anti-spam solution out there today pays any attention to the return address on the e-mail (unless it's explicitly in your whitelist). The filtering is done based on the actual origin of the message, or failing that, the first trusted server that handled the message.
The authors of the FA are saying that spam is ACTUALLY coming from gmail.com, which means it is proba
Re:Email Spoofing (Score:1)
Re:Email Spoofing (Score:2)
Re:Spam Gestapo (Score:2)
Re:Spam Gestapo (Score:1)
Re:Spam Gestapo (Score:2)
Re:Spam Gestapo (Score:2)
Ask Hotmail. Last I heard, they were getting payed by advertisers to let stuff pass through their antispam filters.
Yahoo has (recently?) added captcha's for every message you send out and they're moving towards a heavy JavaScript interface too.
Google are still relatively protected by theirs being a full AJAX interface. But I'm willing to bet there are JavaScript-enabled bots out there used for spam purposes (collecting addresses and operating such interfaces
Re:Spam Gestapo (Score:2)
Differentiating between spam and complaints is a non-trivial problem. Most clued administrators don't block by domain, but by IP address. This reduces the problem of blockages considerably.
What are the long term trends of spam? (Score:5, Insightful)
Is spam burning out, finding new markets, or are people just continuing to send spam even if they don't make a profit on it?
Re:What are the long term trends of spam? (Score:5, Funny)
ahem, sorry.
Re:What are the long term trends of spam? (Score:2)
Well I'm pretty sure someone is making a profit out of it. It costs next to nothing to send a million emails, and there are a lot of dumbasses out there.
Re:What are the long term trends of spam? (Score:2)
While this is certainly true (money drives spam), I don't see why this is being attributed to dumb people who click on links due to cluelessness. I'd venture to say it's more likely that spam messages sell something that people want. They send out a million messages a day for whatever merchendise: viagra, bogus kits for enlargement of various body parts, fa
Spam is here to stay (Score:5, Insightful)
The people who do click on one simply have no clue what's going on and thus have no spamfilter. So spamfilters are simply for our convenience of not having to deal with junk.
Laws won't make spam go away. Unless you have a globally universal and most of all equal law concerning spam, all it does is to go to another place. And since making spam legal equals tax income for a country, I'd give a the possibility of the RIAA realizing that copycrippling their music isn't the right way a higher chance of coming to reality.
So Spam is here, and it's here to stay. It will maybe become more sophisticated, and it will most certainly become used by people wanting to plant other malware onto your system (e.g. the combination of spamming a link and planting a bogus WMF onto the referred site).
But Spam won't stop.
Re:Spam is here to stay (Score:2)
Perhaps they should get together to build an antispam service. Think about it, they can analyse every incoming mail. If more than X% of the message text matches Y% of total messages recieved over a time period (i.e. most spam is sending chunks of identical text to lots of people in very little time) then it's automatically flagged as spam, the SMTP server is blocked, and a bayesian pattern is
Re:Spam is here to stay (Score:2)
Re:Spam is here to stay (Score:1)
No, Gmail uses SMTP within its own network.
Received: from gmail-pop.l.google.com [64.233.185.111]
by localhost with POP3 (fetchmail-6.2.5)
for pjr@localhost (single-drop); Sun, 19 Feb 2006 16:33:50 +0000 (GMT)
X-Gmail-Received: 713bd0b9259c38cc4ff423185da512b6eba2bb86
Delivere d-To: *******@gmail.com
Received: by 10.65.177.12 with SMTP id e12cs41859qbp;
Sun, 19 Feb 2006 08:29:38 -0800 (PST)
Received: by 10.70
Good idea. But there's one problem (Score:2)
You label something spam. That's allright, I don't care about the size of my penis (or breasts, or left pinky or whatever), and I certainly don't care that Mr. Mumbutu's wife needs a secure way to transfer her money.
On the other hand, some governments would definitly enjoy not delivering messages that points out their flaws. Or some companies to have some of their more questionable practices revealed.
Who gets to define spam? Who gets to make the f
Re:Good idea. But there's one problem (Score:2)
Re:What are the long term trends of spam? (Score:2)
sometimes come with porn-like pictures, I don't think the free advert^H^H^H^H^H^H^H^Hresearch article shows that porn traffic has really dropped to 5%.
Re:What are the long term trends of spam? (Score:1)
Remember, its still highly illegal to offer drugs to kids inside 1000 ft of a school. People have been busted when the dealer was outside of the area but the buyer was inside.
A brief summary of my experience (Score:4, Insightful)
What's also coming is "multi facetted attacks". I.e. spyware and adware that is being used not only to display pesky ads but also used as a foot in the door to install malware on your PC (i.e. malware that's MORE destructive than just popups).
What I foresee as well is that trojan writers will make more and more use of crippleware that's installed by third party software (for example, software that's supposed to ensure you don't break copyrights). Simply because this kind of software is more or less omnipresent (or will be soon), while not going through the rather strict screening process that normal OS modules go through. Yes, no matter what you think of MS, their soft is one of the best tested in the world (in the non-open source world at least, screening in OS outmatches it by magnitudes).
The goal for virus and trojan writers isn't anymore the spreading and the rather masturbatory enjoyment of knowing your virus spreads like crazy. Money's made its way into the trojan biz. And 3 goals are predominantly present:
1. Spambots
2. DDoS sheep
3. Phishing
While 1 and 2 have already had their heydays, phishing is strongly on the rise. I can say without breaking any NDA agreements that we are currently facing very well organized, very strongly pushing phishing attacks targeted at passwords for the "usual" targets (amazon, ebay, paypal), as well as a lot of national and international banks (online banking is something I would not really do right now on a Windows-based system...).
The organization behind it is stunning. Ways to launder the money that makes some old mafia tactics look bland. Update cycles and update services for those trojans that rival or outmatch large corporations.
Teach your peers. Tell them about it. Tell them to friggin' install that damn antivirus tool. And to upgrade their Windows. And most of all, to finally abandon that insecure webbrowsing pest that comes with every MS System!
Re:A brief summary of my experience (Score:2)
+Pete
Re:A brief summary of my experience (Score:2)
So no, I cannot back it up with evidence. It was also not labeled "the naked truth" but "my experience". I can look at what happened in the past, look at what's going on now and extrapolate into the forseeable future. So this is what I saw, what I see, and what I predict to happen.
If I had the ability to predict the future without any fault, I would stop looking for viri and start daytrading.
Re:A brief summary of my experience (Score:2)
I would say that he wouldn't be far off.
Look at how much network security is needed for WoW. Or gold farmers and how organized they are.
Look at how the Nigerian email scams are still going around
Getting access to someone's bank account is low risk and effort, high reward.
Re:A brief summary of my experience (Score:2)
Teach your peers. Tell them about it. Tell them to friggin' install that damn antivirus tool. And to upgrade their Windows. And most of all, to finally abandon that insecure webbrowsing pest that comes with every MS System!
Why do you still recommend a broken solution?
Nobody that I know of that uses a Mac has virus problems, spyware, or any of the chronic probelems that plague Microsoft operating systems. In fact,
Re:A brief summary of my experience (Score:2)
It's there when you unpack your new PC or laptop.
Re:A brief summary of my experience (Score:2)
Huh?
I haven't unpacked a PC or laptop that came with windows since 2001. And in 2001, yes, you are right, it was there when I unpacked it until I put something else on it. But since that date, none of the computers I have bought or worked with (roughly 100) have come with Windows on them.
Re:A brief summary of my experience (Score:2, Insightful)
Most of your phishing is originating from shared web hosting servers. This is because quite often they do not verify their accounts and offer instant account setup with unadulterated access to exim. Check your spam headers and see how much came from "nobody".
The other problem is insecure scripts, or scripts made insecure due to a lack of knowledge on the part of the
Rapid immune response (Score:5, Interesting)
Nice free advertising (Score:1, Interesting)
Maybe I'm being paranoid... (Score:2)
1) Developed and released by anti-virus companies themelves to sell more product
2) Non-existent myhts propagated by anti-virus companies to sell more product
3) Other software intentionally miscategorised as virusses by antivirus comapnies to sell more product.
Re:Maybe I'm being paranoid... (Score:4, Insightful)
Detach yourself from the idea of the "fun" virus that spreads, displays junk or wipes your hard drive. Those are becoming fewer and fewer. The "new" generation of viri and trojans have a very defined goal: Making money for their creator. Either by using the infected machines for another attack (use it in a DDoS blackmail attack), gathering your passwords to steal from you directly (paypaling your money away or "making" you buy their stuff for horrible prices at EBay) or use you as a relay station for spam and other malware so it cannot be traced back to them (and spam being the most harmless of them).
2. I do admit, we sometimes exaggerate the threat. Not for our personal gain. People don't go out and buy antivirus soft just because the threat level is rising. There're a LOT of free antivirus solutions that are by no means worse than commercial products, and a lot of commercial products do have a non-commercial free version.
But, for example, because the trojan poses a threat to the net as a whole while the damage to the single machine infected would be minimal. Why should YOU care, if YOUR damage is low? People are selfish like that, unfortunately.
3. Something you won't see soon again. There was a quite nasty lawsuit against a German antivirus company for labeling some adware correctly as adware. I certainly wouldn't label anything that's not most certainly BAD BAD BAD software bad. The lawsuit is right at your tail if you do.
Re:Maybe I'm being paranoid... (Score:1)
This proves antivirus is useless (Score:5, Insightful)
I don't run antivirus (except the occasional ClamWin run if I downloaded something I don't trust completely), and I manage to keep my computer clean just by following the above rules. Antivirus won't protect you from ad/spyware anyway, and these things have become worse than viruses.
If the antivirus vendors can't keep up with new viruses, you might aswell stop paying for antivirus. After all, it won't protect you.
Antivirus is NOT useless (Score:3, Insightful)
I mean, you do wear a condom when having intercourse, right? But still you don't do it with people of "questionable background", right? Why?
The best protection is still having an antivirus suit and behaving like you don't.
Re:Antivirus is NOT useless (Score:1)
I see computers with P4's that run the speed of a PIII just because they're running Norton's crap. And those computers are infected with tons of adware too, because Norton won't do anything to stop those.
I just have Clamwin on my system as a regular appl
Oh yes it is! (Score:3, Informative)
I remember do
Education is better than a technical solution (Score:2)
You'll get an answer akin to this: "Lemme alone, I don't wanna learn that, I just wanna surf and enjoy it."
People don't want to learn. You don't want to be a mechanic to drive your car, all you want is to turn the key and kick the throttle. It's the same way with computers.
Yes, you might actually not need an antivirus tool. Not somethin
Re:Education is better than a technical solution (Score:2)
Really? I'm behind a NAT router which forwards no ports, and all my contact with the outside world is through the latest versions of Firefox and Thunderbird. How exactly can I be infected if I don't run any suspicious executables?
Re:Oh yes it is! (Score:3, Insightful)
How do you know?
Antivirus isn't great, or even very useful (Score:2, Informative)
Antivirus isn't great, as it comes with a bunch of issues, such as resource implications, acting as a threat vector itself, and generally being a case of shutting the stable door after the horse has bolted (zero-day exploits).
So add-on antivirus software isn't exactly *useful*, and isn't anything like running a sane operating system with pragmatically chosen security settings - which wouldn't include, by and large, anti-virus or anti-spyware scanning type software.
Re:Antivirus is NOT useless (Score:1)
hcoder
Re:This proves antivirus is useless (Score:2, Insightful)
A lot of AV software out there is simply crap to start with. It burns up your system resources and doesn't even protect you properly. The problem is, your average user has absolutely no way to judge what is "good" AV and what is "bad" AV. Every box out there claims to be the best, and every self-respecting geek has a strong opinion about which brand is the best.
Even if you get yo
You use ClamWin, but say AV is useless? (Score:1)
Getting past your idiotic/inconsistant statements, raincoats are useless if you stay indoors, condoms are useless if you don't have sex, and AV software is useless if you don't interact with the real world (and don't have kids).
indemnification against viruses (Score:1)
Why don't they make an OS that is immune from getting viruses just by clicking on a hot link or opening an attachment?
http://fudwatcher.blogspot.com/ [blogspot.com]
Re:indemnification against viruses (Score:2, Insightful)
Because it's very, very hard. First of all, users are constantly demanding that progams interact with each other, and with each other's data. This gives the web browser permission to pass that hotlink off to another piece of code and process it, sometimes without your intervention. It's these hand-offs that cause the problem. All it takes is one good buffer overflow error to drop some vi
A good OS (or mail program, rather) (Score:2)
If the user is dumb enough to STILL execute it, well, then he's the only one to blame. The biggest security problem of a system is still sitting in front of it.
Re:indemnification against viruses (Score:3, Informative)
Why don't they make an OS that is immune from getting viruses just by clicking on a hot link or opening an attachment?
Because software companies (most notably MS) prefer to sacrifice security to provide increased "ease of use". Or, "it's not a bug, it's a feature". Features sell. Bugs... well they do affect sales, but not to anywhere the same magnitude as new features. Company P.R. can spin the new features as wonderful and huge, and play down or totall
Nice graphics? (Score:5, Funny)
Pretty graphics, lots of "ooooo" factor. I find that they tell me nothing. This is a trend in the "network security" field:
Tufte [edwardtufte.com] would be ashamed.
The Slashdot story is a press release only. (Score:5, Interesting)
It's very common that press releases contain entirely invented "information". Certainly the people who write them can be expected to have NO technical knowledge, and not to care that they have no technical knowledge.
--
If they enjoy it or it makes them money, rich people and leaders can kill small animals and Iraqis?
"AVERAGE anti-virus" (Score:3, Insightful)
Also, when you take into account that McAfee detects fully half the files with any sort of file packer used (thats what they call 'heuristics', they've detected Hijackthis as a virus during 4 separate updates), you have to wonder how they can miss actual viruses with such a "shoot first and fix false positives later" mentality.
as a positive counter-example, NOD32 and Kaspersky generally detect a new threat within an hour after they first see it, if their heuristics dont already pick it up.
When it says that its the average of 21 major anti-virus vendors, I question whether the statistic is meaningful with so broad a spectrum of response times
I'm sick of all of these scares. (Score:5, Funny)
Show these kids what a real virus is about. Put that hype to good use. And make everyone stop acting like EVERY LITTLE BUG IS A RIDER OF THE APOCALYPSE. Because most of these, like even the Sober worm, aren't really that harmful. Most malware writers are really only out for money, not general misanthropia. I just want ONE killer bug to put all of this in perspective. And maybe get people to switch to a modern OS like Linus, BSD, or OS X.
Because no, not even Norton can save you.
Did anyone else... (Score:3, Funny)
Funny choice given the stats...