Forgot your password?
typodupeerror

Predicting Malware 61

Posted by timothy
from the seasonal-malice dept.
Pseudonymous B*ard writes "SANS has an interesting article showing how to predict what forms future malware will take. For example, last year there were many hurricane-related scams, while this year, another bad hurricane season is predicted. SANS has noticed that the scammers are gearing up for this and that many new domains with the words Alberto, Beryl, donation, and hurricane have been registered (Alberto & Beryl are the first two names on the hurricane list). The only question now is whether hackers will be able to preempt any of these scams before they have a chance to be used?"
This discussion has been archived. No new comments can be posted.

Predicting Malware

Comments Filter:
  • Hurricane scams... (Score:1, Insightful)

    by creimer (824291)
    SANS has noticed that the scammers are gearing up for this and that many new domains with the words Alberto, Beryl, donation, and hurricane have been registered (Alberto & Beryl are the first two names on the hurricane list).

    This wouldn't be a problem if the Federal government wasn't in such a hurry to shovel cash out the door everytime there's a natural disaster to some politician's poll numbers.
    • by corbettw (214229)
      This wouldn't be a problem if the Federal government wasn't in such a hurry to shovel cash out the door everytime there's a natural disaster to some politician's poll numbers.

      Bzzzt! Wrong! This is about scammers tricking Mr. and Mrs. Citizen to send them money "to help hurricane victims". It has nothing to do with money the Feds may, or may not, send out.
  • by Crashmarik (635988) on Monday June 05, 2006 @06:53PM (#15476231)
    But this boils down to Malware will likely be associated with major events. Color me unimpressed. I have another one future malware will exploit unpatched security flaws.
  • Oblig. (Score:2, Insightful)

    by Odin_Tiger (585113)
    Obligatory grammar post.
    "Last year X, while this year X again." "And" for pete sakes. If you are comparing two things which are the same in nature but different in time, it should be "and". "While" would be used if, say, it was hurricanes last year and earthquakes this year (i.e., things which are different in their nature).
  • Big Surprise (Score:5, Interesting)

    by Umbral Blot (737704) on Monday June 05, 2006 @06:53PM (#15476234) Homepage
    Summary of article: malware authors may try to take advantage of disasters. That's not exactly cutting edge reporting. What I would be more interested in hearing about is if malware authors start creating rumors of disasters in order to cash in anyways if nothing bad happens. Let's say Alberto fizzles. Will we still get spam asking for donations to help the newly homeless? I guess I'll have to wait and see.
    • I hear there are increasing numbers of people becoming dependent on tuning out the world and only listening to audio signals that are pleasing to their ears. This self-centered madness must stop, before we lose an entire generation to its own self-centredness! Please, for the sake of the children, donate [itunes.com] what you can today!
    • Re:Big Surprise (Score:1, Insightful)

      by Anonymous Coward
      Yeah, but in this case, it has to be pretty clear that the people who registered the domains have nefarious intent, so it might not be unreasonable to get them shut down early. Or at least blacklist 'em somehow (e.g. blacklist the URLs in your spam filters).

      Unless, perhaps, your name is Alberto.
    • Summary of article: malware authors may try to take advantage of disasters. That's not exactly cutting edge reporting.

      Sad part is, it doesn't need to be cutting edge reporting. They got on Slashdot, cashed in the banner impressions, job well done.

      It's a variation of the same issue that people create site and contents for search engines and not for people.
      • cashed in the banner impressions, job well done.

        HA! That's where they went wrong! Little did they know that no /.ers actually RTFA!

        -Eric

    • Fake news (Score:3, Interesting)

      by dj245 (732906)
      I would be most impressed if someone created a bunch of fake news sites that claimed that Alberto was a great disaster and millions of lives were lost with the flooding in, say, North Carolina. And blasted the mainstream press for not carrying this most important piece of national news in this great crisis. And then pointed to websites collecting donations for the millions of displaced and homeless people.

      Go on, then, get to it.

  • by Mr. Samuel (950418) on Monday June 05, 2006 @07:02PM (#15476288)
    Clearly, the solution is to infect natural disasters with malware before they can strike.
  • Shouldn't one assume that the scammers and the cr|hackers are working hand in hand with the former providing technical services and entire networks of compromised computers to the latter who perform the commercial tasks?

    Happy National Day Sweden 060606 (play some Slayer please)
  • Two little words, kid: Pluto's Kiss. Only Linux will be spared!
  • No way out (Score:2, Informative)

    by nlago (187984)
    As much as I think it sucks that people would actually do such things, they do. And they have been doing it for ages (anyone up to buy a bridge?). In the "real world" people still get caught in naughty scams, but maybe they are a little more aware nowadays. When online, however, I guess most people lower the guard; maybe it is "the internet" or the fact that it is in written form that gives some sense of seriousness to them. Add to it the fact that the vast majority of internet users does not know how easy
  • by Andorion (526481) on Monday June 05, 2006 @07:14PM (#15476360)
    For those of you who've never heard of it:

    Kaspersky Anti-Virus [kaspersky.com] is the top of the line when it comes to protecting your system from all current and future virus and malware threats. I was skeptical until I tried it, but it really does work. It protects your system at an extremely low level without degrading performance, preventing the mal in malware, and requiring you to OK the way applications access your system sort of like how ZoneAlarm confirms each time a program accesses the internet. ANY possibly harmful action is checked against and you can set up very complex exception rules, so in a few days all your regular apps are up and running like normal and absolutely nothing slips into your system without you knowing about it.

    No, I don't work for them, just want to share a wonderful product.
  • You can be confident a major nuisance will be gaining momentum on June 30, 2006, just in time to ruin your major US holiday weekend.
  • Who is SANS, anyway? (Score:3, Interesting)

    by tb3 (313150) on Monday June 05, 2006 @08:16PM (#15476671) Homepage
    I have to ask this, just who is SANS, anyway? We get tons of alarmist reports from them, but nobody ever checks the source. I haven't been able to find much more than this entry on Wikipedia: "The SANS Institute (SysAdmin, Audit, Networking, and Security) is a trade name owned by the for-profit Escal Institute of Advanced Technologies. SANS provides computer security training, professional certification, and a research archive . It was founded in 1989."

    And Wiki doesn't even have an entry for "Escal Institute of Advanced Technologies". Try Google, there's also next-to-nothing there. I don't like placing a lot of trust in something when I don't even know the source.

    Does anyone have any more information?
    • I have to ask this, just who is SANS, anyway? We get tons of alarmist reports from them, but nobody ever checks the source. [...] Does anyone have any more information?

      The story comes from a SANS ISC Handler's Diary [sans.org] entry from a few days ago. The Handler's Diary is basically a security blog maintained by the volunteers manning the ISC (Internet Storm Center), and the content varies from day to day. It may contain information about new exploits, workarounds, upcoming patches, requests for data on u

      • Sorry, but I'm still not comfortable with it. The "About SANS" link you provided has quotes like, "SANS is the most trusted and by far the largest source for information security training and certification in the world." Well, says who? I'd like some third-party verification, or at least, a little more background on the 'Institute' and its owners.
        What really started me wondering was the story they had a while ago about "Mac OS security reputation in tatters" or words to that effect. They had absolutely no s
        • What really started me wondering was the story they had a while ago about "Mac OS security reputation in tatters" or words to that effect. They had absolutely no supporting evidence, and a grand total of two links to outside sources. One of them was a site known for trying to hawk bogus spyware scanners for OS X, and the other was a Mac security discussion board that had been hacked!

          Okay, that was from their Spring 2006 Top 20 Vulnerabilities [sans.org] press release. The actual quote regarding Mac OS/X was:

          • From this page [sans.org] at SANS. The link is to www.securemac.com [securemac.com]. Feedback on both Versiontracker and MacUpdate suggests that the SecureMac application is at best, useless and at worst, dangerous. The hacked discussion board seems to be missing from their links now. :P

            I still think the actual quote is extreme and alarmist, considering we are comparing a fixed vulnerability with thousands of known exploits. I am still unaware of a single remote exploit against OS X.

            Anyway, this is going off the subject a bit. I stil
            • The link is to www.securemac.com. Feedback on both Versiontracker and MacUpdate suggests that the SecureMac application is at best, useless and at worst, dangerous.

              Fair enough - I'm not familiar with their product, but with the first three pages of Google searches essentially just regurgitating press releases from the company I'm more than willing to accept that the only source touting this software is the company itself.

              The hacked discussion board seems to be missing from their links now. :P

              • Okay, I take your point. It looks like those diaries are worth looking into. And I'm reasonably interested in Windows issues anyway, given that I have a few Windows boxes to look after, and I'm always looking for more ammo to convince people to switch. :p

                Thanks for all your input, I think I now have a better idea of what's going on.
  • Of programs that take advantage of flaws in Internet Explorer and Windows. ;)
  • another bad hurricane season is predicted ... the scammers are gearing up for this
    These guys aren't just assholes; they take the long view of things: "So, you can see from this chart, in Q2 and Q3, we've got our shit-heel plan well mapped out. And our top asshole thinkers are hard at work in R&D, developing asshole plans for Q4 and the Christmas season."
  • by WoTG (610710) on Monday June 05, 2006 @09:13PM (#15476923) Homepage Journal
    IMHO, the far more likely purpose of registering domains related to the next hurricane names are simply for SPAM. When the hurricanes hit, tens of thousands of people will mistype or find some other way of ending up on what I expect will be plain old ad serving pages. Considering the miniscule costs of setting this up, I'd suspect that it would make a few bucks. Especially compared to some of the other ad based domains I've stumbled on in the past...
  • i guess my old crystal ball and tarot cards just aren't cutting it anymore. I foresaw future malware being based on Vista.
  • Say what? (Score:3, Insightful)

    by Omega Blue (220968) on Monday June 05, 2006 @11:55PM (#15477541)
    I am not sure about you, but to me malware is clearly distinct from e-mail scams.

    Malware is a program that do nasty things to your computer. e-mail scams have nothing to do with that.
  • In the near future, Doc Terror, and his cyborg companion Hacker, unleash their forces to conquer Earth and spread malware!

    Only one force can stop this evil: a handful of brave men; in specially created exoframes they can sniff packets anywhere to fuse with incredible anti-malware weapons. Beamed down from the space station Sky Vault, becoming man and machine,

    Power Xtreme!

    The SANS [wikipedia.org] turions [wikipedia.org]

    * lon3st4r *

  • Forms? (Score:3, Funny)

    by geminidomino (614729) * on Tuesday June 06, 2006 @07:36AM (#15478654) Journal
    He will come in one of the pre-chosen forms. During the rectification of the Vuldrini, the malware came as a large and moving Torg! Then, during the third reconciliation of the last of the McKetrick supplicants, they chose a new form for him: that of a giant Slor! Many Shuvs and Zuuls knew what it was to be roasted in the depths of the Slor that day, I can tell you!

Numeric stability is probably not all that important when you're guessing.

Working...