Forum Archive Index - September 2003

["Gavin Treadgold" <gav@rediguana.co.nz>]

> I agree, these virus writers really do need to get a life.
> Some good opportunities for a real whiz kid rather than
> wasting their time (and everyone else's)  with writing the damn things.

Dave, there is the belief right now that virus writers are more than just
pimply kids in need of a life. Links appear to be forming between virus
writers, spammers and pornographers. Some of the new viruses are getting
extremely cunning and have commercial intent behind them.

Spammers are fast losing a lot of mail servers and ISP's that they can
communicate from and administrators secure them to cut down on outlets for
sending spam. This has caused some hackers to work with spammers to create
malicious software that will infect a computer, spread, and develop a
distributed network of mail servers on poorly secured Windows computers. Now
the spammer has a distributed mail network at their control from which they
can safely send out their spam. This is then much much harder for
administrators to shut them down as often the people who have the malicious
software installed on their machine don't know, as often they are home
broadband users. Pornographers are doing the same as they run out of ISP's
that will host their web sites.

This is nothing more than evolution of how the Internet it used. I wouldn't
be too concerned about the pimply script kiddies writing malicious code that
doesn't get that far. I am concerned about professionals paid to write
malicious software for the bottom-feeders of the Internet. Or those that
purposely attack critical infrastructure.

Now for the scary bit.

We have not yet seen well written malicious software. Most of what we have
been exposed to spreads too quickly, is too blatant about advertising
itself, and does relatively little damage. Most malicious software hogs too
much bandwidth and resources to hide infection. What is going to happen when
malicious code is happy to take months to infect computers, rather than
current minutes and hours? And it would use unnoticeable bandwidth and
system resources? It may lie dormant for many months, infecting hundreds of
thousands of computers and syphon personal information elsewhere for use in
identity theft. And to quote The Usual Suspects - 'and then like that, it
was gone'. Would people even know? There is the alternative ending of course
where it attempts to corrupt the hard drive or your data. This could be as
simple as encrypting all your files with a key that you don't know.

It may happen, it may not. But there will most likely be another Sobig in
the very near future. Here is some info from www.messagelabs.com - they scan
email.

Variant (No. emails with)               Risk    First Identified
W32/Sobig.A-mm  (830966)                Low     9 Jan 2003
W32/Sobig.B-mm  (409514)                Low     17 May 2003
W32/Sobig.C-mm  (180368)                Low     31 May 2003
W32/Sobig.D-mm  (4354)                  Low     18 Jun 2003
W32/Sobig.E-mm  (358851)                Low     25 Jun 2003
W32/Sobig.F-mm  (3201261)               High    18 Aug 2003

Sobig has had a pretty regular release schedule for the B through F
versions. F is timed to expire on the 10th of September. Previous evidence
has indicated that a new release soon follows an expired version. Whilst no
guarantee of a release, you have to admit that based on the stats above it
is highly likely that we will see a Sobig.G in the near future.

What should you do?

1. If running Windows, run Windows update repeatedly and install all
critical updates. Sometimes you have to install and reboot, then run windows
update again as some need earlier patches installed first. Use Windows
update regularly - say once a week. If you had done this your computer would
have been patched against the Blaster worm 3 weeks before it reached
critical mass. If you use MS Office, consider using Office update to patch
Office flaws.

2. Keep AV signatures up to date. Viruses spread so quickly now that if you
are not updating your signature files every 24-48 hours there is little
protection to be gained from new viruses.

3. Back up your data.

Don't delay, do it today.

Cheers Gav


----------------------------------------------------------------------------
To remove yourself from this list, please use the form at
http://www.sharechat.co.nz/chat/forum/