|
Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix |
TruSecure CodeRed hype | Projected virus infection rate idiotism | Wild idiotism (Wildlist) |
IBM milking a bank | WAZZU ! GESUNDHEIT ! |
"Anti-virus companies have always been seen as ambulance chasers, and sometimes, it's true," said Dan Schrader, the chief security analyst at Trend Micro. "Because this is an industry that has been built on hype and alerts and pretensions of being good citizens, the industry doesn't have a lot of credibility." |
Virus hypodrom is classic case of security hype and probably is the most developed area of security hype in general. As such it can serve an instructive case for studying security hype in general and might be helpful for understanding of other types of security hype (for example Network IDS hype).
Major players in virus hype includes both commercial AV companies and journalists. Clueless or corrupted journalist are often promote an equally clueless and corrupt "cyber-wizards" . Did you remember JPEG virus scare ? In case you didn't a press release from McAfee that warned "potentially, no file type could be safe". Actually the virus was just someone's project, e-mailed directly to McAfee by its creator. It never became an infection, much less an epidemic.
Critics say the fact that McAfee -- a division of Santa Clara's Network Associates -- sent out a press release containing this FUD is a classic example of virus hype aimed to pump up sales of the $30 to $50 antivirus software packages that McAfee and Symantec sell.
That hype is having a "cry wolf" effect that could make things worse when the next serious virus threat hits. Here is a couple of relevant quotes:
Quote 1: Virus hype - Media circulate the alerts, but some say antivirus firms are pumping up the fear
"I think their motives were that they saw the possibility of getting coverage from the major media," said David Perry, global director of education for Trend Micro, a smaller company that also sells antivirus software.
Customers and computer enthusiasts posted hundreds of messages about McAfee's recent press release on www.slashdot.org, a technology community site, echoing Perry's view. But most of them used much stronger language.
Antivirus programs sell like umbrellas in a rainstorm when word of a big computer infection hits the newspapers and TV. When the Code Red and Nimda viruses made headlines worldwide last fall, Valley firms Symantec and Network Associates both reported jumps in consumer software sales.
McAfee says its intentions with the JPEG virus release were much more pure. The company said it had a duty to inform its 50 million customers it had learned about a new kind of virus, and that the news media is the most effective way of reaching out to them.
"If we didn't do anything last week, I have the feeling that somebody would have picked up the story somewhere down the line, and our customers would be asking us why we didn't tell them," said Vincent Gullotto, senior director of McAfee Avert Labs in Beaverton, Ore.
Actually, McAfee's press release made it clear that the new virus, while a potential future threat, posed no immediate risk.
"There may have been more concern if they had seen it on our Web site, without having us explain what it was," Gullotto said. Antivirus companies say they prevent undue panic by clearly labeling virus press releases as high, medium or low risk.
"Even looking around at the other antivirus companies, in general you find that people are pretty good about highlighting the high-risk ones," said Vincent Weafer, director of the antivirus research center for Internet security firm Symantec.
The only reason antivirus companies sometimes alert the media about low- risk viruses, Weafer said, is to educate the public about a new kind of virus that could be a harbinger of things to come.
The recent JPEG virus alert fell under that category, McAfee's Gullotto said. But industry critic Rob Rosenberger said the JPEG virus wasn't newsworthy even as a new potential kind of virus.
"It's just another virus. Conceptually it's nothing new," said Rosenberger, who runs www.vmyths.com, a Web site critical of the antivirus industry. But because this virus used JPEGs, a popular format for e-mailing photos, McAfee knew reporters would jump on it, he said.
The media has all too often been a willing accomplice in exaggerating the danger of new viruses, said George Smith, another editor at Vmyths.com. He recalled the great press attention given to 1992's "Michelangelo" virus, which was programmed to activate on the Renaissance artist's birthday, March 6.
A Chronicle story at the time, just one of hundreds of media reports, warned that Michelangelo was "set to destroy data on millions of personal computers."
But on March 7, The Chronicle reported the virus had actually "claimed relatively few victims." Michelangelo was never that serious of a threat at all, Smith said. On the other hand, it's unclear whether the extensive media coverage helped prevent a catastrophe by encouraging computer users to protect themselves.
The same scenario repeated itself seven years later, this time with news stories predicting Y2K viruses that never materialized.
"The antivirus industry started the hubbub about it, but the news media glommed onto it and decided it was a good story," Smith said.
There's nothing wrong with the goal of all these warnings -- getting consumers to install antivirus software, which even experts unaffiliated with the industry recommend. The problem is that the warnings are starting to have the opposite effect, said Chris Wraight, a technology consultant with the British antivirus firm Sophos.
"Every week people hear about this killer virus out there, and it never materializes," Wraight said. "I think people start to become a little bit inured to it, the classic 'Boy Who Cried Wolf' kind of thing."
That attitude may explain why a low-level virus called Klez has been popping up in people's e-mail boxes over and over in recent months. Antivirus software can zap Klez, but only if users have updated their subscriptions. Wraight thinks people aren't installing or updating antivirus software that could stop Klez because they've become jaded about the virus threat.
Sophos and Tokyo's Trend Miro pride themselves on avoiding the temptation to hype up viruses, and they don't hesitate to criticize their larger rivals' marketing tactics. But Smith disputes Sophos and Trend Micro's self-description as hype-free antivirus companies. "As a whole in the industry, no one can say that they have never engaged in sending out press releases speculating on a newly received computer virus," he said.
Quote 2: Older sample of the self-promotion among AV companies (Sophos calls for calm over Smash virus hype):
Sophos Anti-Virus, Europe's leading developer of corporate anti-virus solutions, has advised computer users not to panic over the W95/Smash virus, following significant media attention the virus has received as a result of another anti-virus vendor's press release.
Sophos points out that, although W95/Smash is programmed to activate today, the virus does not pose a significant threat.
"The average user is more likely to be abducted by the Martians from the Smash mashed potato advert than get hit by this virus," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "Not only does this virus not appear to be spreading in the wild, but most anti-virus products have been protecting against it since the beginning of May!"
Sophos has published information about the Smash virus online here.
|
Switchboard | ||||
Latest | |||||
Past week | |||||
Past month |
Virus Hype Is The Sky Really Falling - by Ed Lamaster
Antivirus myth busters, Vmyths.com, had dubbed the phenomena "hystericanes" (hysteria hurricanes). According to Vmyths, there are three kinds of hystericanes. The first type seem to follow a 3-4 year cycle, with such names as Columbus Day, Michaelangelo, Hare, and the Y2K viruses. The second type are the result of hoaxes and urban legends, such as Good Times, AOL4FREE, and others. The third type comes as a "red alert" (touted by the usual suspects) that some virus attack is in progress such as Melissa, ILoveYou and Kournikova. It's not that these virus outbreaks aren't real, it's just that they are completely overblown in proportion to what really is going on.
I'm sure there are going to be emails this time from well-meaning system administrators who are going to tell me that they spent sleepless nights battling computer viruses. I have done so myself. I don't discount the reality of these events, but merely want to point out how overblown they become in the media and the dangerous effect of repeatedly warning that the sky is falling. The end result of virus hysteria is that the average person with a computer has no idea what to pay attention to, and so most people simply do nothing.
Slashdot Dyson On Grey Goo, Bioterrorism, and Censorship
Government Executive Magazine - 1-29-03 The worm that turned A new approach to hacker hunting Hacker hype in its best. See also Slashdot Feds Working to Stop Worms. I like the following quote: "Worms were the most vicious new beasts to stalk the Internet. But Gerber had never seen a worm quite like the one he confronted that sweltering Wednesday morning in June. It was named Leaves after "w32.leave. worm," the poisonous file it implanted in unsuspecting computers. Like all worms, Leaves bored through cyberspace, probing Internet connections for holes in personal computers or Web servers. It slithered inside the machines and spewed venomous strings of data that threw its victims into electronic shock. " What a classic sample of virus hype :-)
By Shane Harris
[email protected]
Wednesday, June 20, 2001
6:30 a.m.
FBI Headquarters,
WashingtonAfter 23 years as a CIA analyst, having briefed the president and his team on every conceivable threat to national security, Bob Gerber was scared. More scared than he'd been in a long time.
Holed up in his cramped, 11th floor office on a stark, colorless hallway at FBI headquarters in Washington, Gerber's stomach turned as he took his first look at a new enemy.
Gerber was a hunter, one of the government's best. These days, he was hunting worms, malicious computer programs let loose into the wild of the Internet by some of computerdom's most brilliant hackers. Two months earlier Gerber, 56, had left his job at the CIA, where he helped write the president's daily intelligence briefing, to head the analysis and warning division at the FBI's National Infrastructure Protection Center. There, he and his crew of more than 60 tracked worms, viruses and other computer evils, as well as the hackers who create them. Both threatened daily to shut down the engines of modern life-electrical power grids, the banking system, water treatment facilities, the World Wide Web.
Worms were the most vicious new beasts to stalk the Internet. But Gerber had never seen a worm quite like the one he confronted that sweltering Wednesday morning in June.
It was named Leaves after "w32.leave. worm," the poisonous file it implanted in unsuspecting computers. Like all worms, Leaves bored through cyberspace, probing Internet connections for holes in personal computers or Web servers. It slithered inside the machines and spewed venomous strings of data that threw its victims into electronic shock.
Leaves was hardly the first worm to infest the Internet. In fact, the pests became so common in 2001, that security cognoscenti dubbed it the "Year of the Worm." Worms wrought all sorts of damage. They forced computers to delete critical files or erase entire programs. They also allowed hackers to steal personal information from computers' memories. Once they infested their victims, worms made clones, then used their hosts as launching pads for more worms, whose numbers grew exponentially.
In 2000, Gerber and his team began battling a new species of even more virulent super worms. Rather than devour computers' innards, these worms hijacked their victims' controls, rendering them powerless zombies. With a gang of zombies at his command, the creator of a superworm could mob a Web site or computer system, flooding it with bogus electronic transmissions until it drowned in the data torrent.
In the spring of 2000, Gerber's colleagues took on a 15-year-old hacker who called himself Mafiaboy. The teen-ager turned his zombies loose on World Wide Web giants Amazon.com, eBay and Yahoo!, launching what is called a distributed denial of service attack that shut down business at the sites for five hours. It cost shareholders and the companies billions and shocked the Web world.
But compared with the Leaves worm, Mafiaboy's creation was a larva. Gerber's best analysts had worked late into the night trying to make sense of a sample of Leaves captured by worm watchers at the SANS Institute, a computer research center in Bethesda, Md. They let Leaves infect a computer, and then they watched how it behaved. What Gerber saw fascinated and appalled him.
Leaves was a zombie maker on steroids. It searched out computers already wounded by another Internet scourge called a Trojan, which installs back doors in the machines. Leaves used a Trojan called SubSeven as its entrance. Once transformed, the zombies awaited orders. To communicate with them, Leaves' creator ordered his zombies to rendezvous online through Internet Relay Chat channels. He also told them to visit certain Web sites and download encrypted information to receive instructions on what to do next. No one knew who was controlling the zombies, from where or why.
Reading the guest registries of chat rooms, Gerber discovered that an army of 1,000 Leaves zombies already was on the march. Mafiaboy, by contrast, had a few hundred conscripts and sometimes used only a dozen to attack a Web site.
What's more, Leaves contained an electronic gene enabling its creator to control every zombie at once from any Internet connection in the world.
Gerber never had seen a worm so sophisticated or terrifying.
But to exterminate it, Gerber needed more samples to dissect and more time. Pulling out the lines of computer code that told the worm how to behave might help him shut it down. Or, if he could identify the worm maker's ultimate goal, Gerber might be able to head him off.
The FBI group usually worked alone or with a few select federal officials and private sector consultants. But even Gerber's top-flight team was daunted by Leaves. It was time to call in help. Only a public-private posse of America's best hacker trackers could gut this worm.
By pulling such a group together for the first time and then letting it operate largely unsupervised, Gerber created a new model for federal computer crime fighting.
June 29
FBI Strategic Information
and Operations Center,
WashingtonGerber called the most seasoned and cunning code crackers, worm gurus and cyber soldiers from government and industry to meet at FBI headquarters. On a Friday afternoon, 10 days after Leaves was discovered, the posse gathered in the FBI's crisis headquarters, the Strategic Information Operations Center.
It was the most concentrated arsenal of computer crime-fighting talent the government ever had gathered. They came from leading security companies Symantec and Network Associates, the FBI, the White House and the Defense Department.
But there was a hitch. The private experts were uneasy. Could they trust the G-men? Uncle Sam was a bumbling bureaucrat. His security was notoriously lax. Hackers had been penetrating military and intelligence agency computers for years. What could federal officials possibly know about fighting an enemy as elegant as Leaves?
The two sides eyed each other warily as Gerber laid out what he knew. The evidence seemed to show that Leaves' creator was preparing a massive denial of service attack. Everyone would have to work together to stop it. Mistrust would keep them apart. It took Marcus Sachs, a cyber soldier from a Pentagon unit trained to attack foreign networks, to bridge the suspicion gap.
Sachs dazzled the room with his observations and theories about Leaves. With casual command of hacker lingo and the history of worms and their attacks, he demonstrated both the expertise of the government corps and the urgency of defeating this unique and dangerous foe.
The ice melted. Slowly, a simple sheet of paper passed around the room. First one, and then the next, wrote down his name, e-mail address and phone number. The Leaves posse came to life and it readied for a fight.
Days later
Los AngelesJimmy Kuo left the meeting to conduct an electronic autopsy.
Kuo, a research fellow at the security firm Network Associates, took samples of the worm home to Los Angeles. Many in the Leaves posse returned home to operate on their own turf, not from a single base in Washington. "In this line of work, it doesn't matter where you are, as long as you have a laptop computer and a phone," Kuo says.
The Leaves code was a jumbled mess. It was encrypted and compressed-data had been squeezed together to save space. Mr. Leaves, as some in the posse had begun calling the worm's creator, knew his creation would be captured. He ensured the worm wouldn't easily give up its secrets. Kuo ripped apart layers of code with powerful programs to reveal the deeper truths Leaves was hiding.
Other members of the posse were ripping Leaves, too, untying its knotted innards. One wrote a program to mimic the Trojan that Leaves used as a back door. The posse laid the trap across the Internet.
Sharing their discoveries by phone and e-mail, the code crackers found eight variants, or mutations, of the worm. Mr. Leaves was tweaking his weapon, finding new ways to deliver it. And he was moving faster than the posse.
While Kuo ripped in Los Angeles, a posse member watched for abnormal Internet traffic from SANS in Bethesda. Still others huddled at the FBI. The group worked smoothly because nobody was in charge, Sachs says. "Egos didn't get in the way of progress." They worked fast, but as days passed, their analysis yielded fewer new results. They learned much about the worm's attributes, but little about its purpose.
Mr. Leaves had directed the zombies to synchronize their clocks with the Naval Observatory clock on the Web. The army was prepared to attack in unison. No doubt, Mr. Leaves soon would begin his onslaught.
Unless someone could find him first.
Early July
FBI headquarters,
National Infrastructure Protection Center
computer investigation unitFBI Special Agent Michelle Jupina wanted two things: to find Mr. Leaves and to lock him up. The bureau sought Leaves' creator on criminal charges of unlawfully entering a computer. Jupina was at the first posse meeting in June, but she kept a low profile. Assigned to the infrastructure protection center, Jupina, 36, was well-versed in cyber jargon. She understood how hackers thought and maneuvered.
The posse saw Leaves as a marvel of engineering. But to Jupina, the worm and its maker were just garbage to clean up. Short, quiet and hidden under a mane of frosty blonde hair, Jupina didn't seem capable of bursting through a hacker's door and yanking him off his keyboard. She was so unobtrusive that a posse member recalls he didn't even know she was a cop until she got up from her seat one day and "I saw a cannon strapped to her side."
But as the posse ripped Leaves apart, Jupina was a constant eavesdropper, digging for evidence in the pile of Leaves' secrets the posse unearthed. Even as new revelations slowed, Jupina and the agents under her command feverishly followed leads. Steadily, they shut down the Web sites Leaves' zombies used to receive instructions. They planted tracking devices to pick up the hacker's footprints.
Second week of July
FBI Strategic
Information
Operations CenterWeeks passed. The zombies remained quiet.
Gerber had issued a public warning about Leaves on June 23. The private sector posse members had warned their customers. News that Leaves was on the loose circulated through the computer security trade press. But still no attack.
Ripping continued. The zombie army grew. By July, at least 20,000 computers were encamped in chat rooms or patiently waiting for their orders. "That scared the hell out of us," Gerber says.
Mr. Leaves was getting wily. Whenever the team shut down one Leaves chat room the worm automatically created a new one. Mr. Leaves tried new methods, too. On July 9, one of the companies in the posse found an e-mail claiming to be a security bulletin from Microsoft Corp. The bulletin warned of a new virus, and told users to download a file to protect their computers. In the file was Leaves.
The bogus warning was badly written and eerily self-congratulatory:
"Yesterday the Internet has seen one of the first of it's downfalls. A virus has been released. One with the complexity to destroy data like none seen before."
Today, hackers often mask their worms as official security warnings, but this was the first use of the tactic. Like many outlaws, Mr. Leaves inspired a certain grudging admiration within the posse chasing him. "I had a feeling I was dealing with an artisan," Gerber says.
Or possibly a common crook.
Perplexed by the lack of attack, someone in the posse posed a new theory: Perhaps instead of damage, Mr. Leaves sought money.
The posse knew that some companies paid Web surfers to click on advertisements on their sites in order to inflate estimates of the success of the ads. With 20,000 zombies to click for him, Mr. Leaves could make a killing. Some of the sites the zombies visited contained these ads. If the FBI could find an account where Mr. Leaves put the funds, trace it to a physical address and tie it to him, the case might be solved.
Convinced Leaves had to have been created for a denial of service attack, the posse scorned this theory. Pulling off one of the biggest attacks ever was the only glory befitting such a brilliant worm.
But something didn't make sense. Mr. Leaves was taking an awful risk by not attacking. Every time he logged on to communicate with his zombies, the FBI had another chance to trace him. Why expose himself? Why not just preprogram the zombies to act on their own? The scam began to seem more believable.
But before the posse could prove its theory, an attack began. It wasn't the work of Leaves.
On July 17, a new worm appeared-Code Red. It was named after Mountain Dew Code Red soda, the only thing that kept two private sector analysts awake as they tracked it day and night.
Leaves propagated like a rare illness, targeting only victims with weakened immunity. But Code Red spread like smallpox. The worm exploited a ubiquitous hole in one of the most popular brands of Microsoft Web servers. In a few hours, Code Red had eaten into more than 100,000 servers worldwide. The swarm of worms leaping from machine to machine caused an electronic traffic jam, slowing all Internet traffic. In the aftermath of the attack, companies would spend billions of dollars plugging the holes that let Code Red enter.
Able as it was, the posse didn't have the strength to fight both Code Red and Leaves at once. The choice was clear: Code Red took precedence.
The Leaves posse had built a new model for chasing Internet outlaws. They honed it battling Code Red. But fighting the new menace left Leaves on the back burner. All they could do was hope that Leaves was no more than an Internet heist or pray that Jupina and her crew could track down and nab Mr. Leaves before he, too, unleashed his zombie brigades.
For weeks, Jupina and her technicians had laid traps and tracers across the Internet. She wanted the hacker's Internet protocol address, the digits that identify anyone who sends information online. Hackers cover their tracks by erasing those addresses from the servers they use. But Mr. Leaves had slipped.
In a cache of addresses Jupina had pulled off a server in Oklahoma at the end of June, she found one used by Mr. Leaves. It was a hot lead.
But chasing the address could take Jupina around the world. And she could nab Mr. Leaves only if he lived in a country that considered hacking a crime. If he did, the company that provided his Internet service would have to cough up his home address and Jupina would have her man. Luckily, after some tracking, Jupina hit gold: Mr. Leaves' address originated in the United Kingdom, home to some of the toughest computer crime statutes in the world.
Jupina rang the Scotland Yard computer crime unit. Within days they traced the Internet address and attached it to a name and a place. The hacker was a 24-year-old man living in one of the seedier sections of London. Scotland Yard set up a stakeout at his digs.
July 23
FBI headquarters and
South London, EnglandBack at FBI headquarters, Jupina kept watch on a computer monitoring the Oklahoma Web server. When Mr. Leaves logged on again, Jupina would know. Jupina waited with Scotland Yard's phone number at the ready. Officers in South London sat tight outside the hacker's residence.
Nothing.
And then, there he was.
Jupina watched as the hacker connected to the Oklahoma server. She gave the word to Scotland Yard: Go. The officers arrested the creator of one of the most ingenious worms ever known.
Epilogue
The Leaves posse proved itself during the Code Red attack. Code Red made headline news. The FBI, the White House and security companies launched a coordinated campaign to track it, warn the public and take steps to protect vulnerable systems. Crippling of the White House Web site was narrowly avoided; Pentagon Internet connections were temporarily shut off. Damage was significant-estimates are in the billions of dollars-but it would have been worse had the response not been as fast and well organized. No perpetrator has been identified.
Mr. Leaves caused no major damage before the posse rounded him up. And the same team remains on guard against new worms or other cyber threats. When one appears, the posse comes alive. E-mails fly, home telephones ring as the members swing into action, sharing what they know, tracking, dissecting, devising traps and passing evidence to the FBI.
In November 2002, shortly before leaving the FBI and returning to the CIA, Bob Gerber sat in a new office at FBI headquarters. Next to a bookcase full of hacker treatises, with a can of Mountain Dew Code Red displayed prominently on a shelf, Gerber pondered Mr. Leaves' motive. The FBI never found evidence the hacker had stolen money using the worm. Gerber and Jupina had brought the case all the way to a collar, yet they might never know Mr. Leaves' ultimate goal. "As far as I know, no one ever asked Mr. Leaves why he did what he did," Gerber says.
And no one ever may get the chance. In November 2001, the man who confessed to British authorities that he'd created the Leaves worm received a "formal caution," a legal warning usually reserved for juvenile crimes and minor drug offenses.
The lead officer on the case insists the agency has information about the hacker's motives that the FBI hasn't heard. But Scotland Yard refuses to divulge what it knows. Citing British law, officials refuse even to reveal the hacker's name.
Tens of thousands of computers containing now-dormant Leaves worms await instructions from their master. Should they ever again awaken, a posse will be waiting.
Code Red
TruSecure (and more particularly its affable "Surgeon General" Russ Cooper) came to notice in 2001 for predicting that the Code Red virus had the potential to "meltdown" the Internet.
This warning was, we now know overstated. Cooper told us, when we met up with him before Christmas, that he did not regret the warning. He was acting, he said, on early analysis of Code Red and its possible spread through NT4 boxes. This turned out to be a lesser risk than first believed.Fair enough; but TruSecure is still banging on about Code Red-style attacks to this day. Thompson warning he expects "another attack in 2003 in the class and level of Code Red".
If he means another outbreak of hysteria from sectors of the security community (which ought to know better) over some supposed Internet-crushing threat, how could we disagree?
SINGAPORE (Reuters) - Male. Obsessed with computers. Lacking a girlfriend. Aged 14 to 34. Capable of sowing chaos worldwide.
That is the profile of the average computer-virus writer, an anti-virus expert said on Tuesday.
About 1,000 viruses are created every month by virus writers increasingly intent on targeting new operating systems, said Jan Hruska, the chief executive of British-based Sophos Plc, the world's fourth-largest anti-virus solutions provider. "So far, we've seen no indication of decreased interest in virus writing," Hruska told Reuters in an interview.
"Virus writers are constantly looking for new vectors of infection, targeting the vulnerabilities of operating systems to exploit them for their creations," he said.
Hruska said the number of viruses created would continue to climb in the coming years.
In almost all cases, virus writers were computer-obsessed males between the ages of 14 to 34 years, he said.
"They have a chronic lack of girlfriends, are usually socially inadequate and are drawn compulsively to write self-replicating codes. It's a form of digital graffiti to them," Hruska said.
In January, Welsh virus writer and web designer Simon Vallor, 22, was sentenced to two years' jail for spreading three mass-mailing computer viruses that allegedly infected more than 27,000 computers in 42 countries.
That's funny Macintoch as a more virus resistant system than Windows ;-) |
By contrast, perhaps 35 viruses have been written for the Macintosh and four or five for the Unix-based computers that run most Web sites, says Eugene Spafford, director of the Center for Education and Research in Information Assurance and Security lab at Purdue University.
Aha ! Attachments are bad. What about Mime ? |
"PC operating systems have inadequate security," says Peter Neumann, principal scientist at SRI International in Menlo Park, Calif. "Attachments and executable content are features that should not exist if you are worried about security. Period."
Other operating systems don't work this way
Other programs on other operating systems could not behave this way, Forno says, because applications written for other operating systems - e-mail programs, word processors and the like - do not reach down into the deepest levels of the operating system to function.
And true, Forno says, programs like Outlook and Microsoft Word work smoothly together in part because they share files that are also part of Windows. But that close connection to the operating system also let "new love" destroy those same system files, in effect destroying every file on the targeted computer's hard dive.
The "love bug" and its progeny couldn't procreate so quickly on a Unix system, Purdue's Spafford says.
For even though security specialists and computer vandals regularly find holes in Unix operating systems, they have one real strength that keeps them essentially virus-free: programs don't simply run of their own accord. Rather than clicking on an icon and waiting for a new program to set itself up, Unix users must go through a deliberate, sometimes tricky task of tweaking a software package so that a computer can actually run it.
Is it as easy as Windows? No way, Spafford says. But that's a small price to pay, he says, when millions are clicking on files they should know better than to click on.
...It is anyone's guess how long the love affair with simplicity will last. The German government said Friday that it was considering dumping Outlook altogether in the wake of the latest virus outbreak.
WildList Organization International -- a very interesting organization with a completely unscientific list by Joe Wells see my Overview of VB'97 for the critique of his approach.
Welcome to the World Wide Web Site of The WildList Organization International, the world's premier source of information on which viruses are spreading In the Wild. But don't take our word for it. Read what PC Magazine, MSNBC and others have to say about us here.
We've just added a new section, THANKS, to show our appreciation for all those who have helped us out over the years.
We're also in the process of re-doing our WWW site, adding features which you've asked for. For starters, we're going to be providing Virus Descriptions of the In the Wild viruses. Please keep in mind that your Antivirus product vendor is still the best source of information regarding the technical support of their products.
Names, names, names. How are viruses named? Which name is the 'correct' names? Read 'How Scientific Naming Works' by Joe Wells.
Bank Battles Virus -- how IBM managed to milk one bank who probably needed better NetWare admins more than AV solutions (looks like classical login.exe infection on NetWare network):
Late one Tuesday afternoon, users trying to log on to the NCC network were suddenly being denied access. NCC's IS staff soon realized this was more than a set of isolated incidents. It was the start of a serious virus infection and it was spreading through the network at an alarming rate. Jon Gorney, NCC Executive Vice President, was at a hotel in Pittsburgh when he was alerted to the problem. "I got a call at 2:00 a.m.," he recalls. "A virus of some kind was totally locking out the workstations when you tried to sign on. It was clear that when people came in the next morning and signed on, it would spread even more rapidly."
SARC - Computer Viruses An Executive Brief -- I really like all those two exponential charts and I especially like NCSA data -- they are perfect illustration to what everybody knows -- there are three kinds of lies: lies, damned lies, and statistics :-)
The Virus Threat: Common - And Growing
How real is the threat from computer viruses? Every large corporation and organization has experienced a virus infection - most experience them monthly. According to data from IBM's High Integrity Computing Laboratory, corporations with 1,000 PCs or more now experience a virus attack every two to three months - and that frequency will likely double in a year.
Actual And Projected Virus Infections Worldwide
The market research firm Dataquest concludes that virus infection is growing exponentially. It found nearly two thirds (63%) of survey respondents had experienced a virus incident (affecting 25 or fewer machines) at least once, with nine percent reporting a disaster affecting more than 25 PCs.
The 1993 Computer Crime Survey by Creative Strategies Research International and BBS Systems of San Francisco found 64 percent of U.S. respondents had experienced infection in 1993 alone.
If you have only recently become conscious of the computer virus epidemic, you are not alone. Virus infections became a noticeable problem to computer users only around 1990 - but it has grown rapidly since then. According to a study by Certus International of 2,500 large U.S. sites with 400 or more PCs, the rate of infection grew by 600 percent from 1990 to 1991.
What Is Ahead?
The industry's latest buzz-phrase is "data superhighway" and, although most people haven't thought about those superhighways in the context of virus infections, they should. Any technology that increases communication among computers also increases the likelihood of infection. And the data superhighway promises to expand on today's Internet links with high-bandwidth transmission of dense digital video, voice and data traffic at increasingly cost-effective rates. Corporations, universities, government agencies, non-profit organizations and consumers will be exchanging far more data than ever before. That makes virus protection more important, as well.
In addition to more opportunities for infection, there'll be more and more-damaging strains of virus to do the infecting. Regardless of the exact number of viruses that appear in the next few years, the Mutation Engine, Virus Creation Laboratory and other virus construction kits are sure to boost the virus population. Viruses that combine the worst features of several virus types - such as polymorphic boot sector viruses - are appearing and will become more common. Already, Windows-specific viruses have appeared. Virus writers, and their creations, are getting smarter. In response to the explosion in virus types and opportunities for transmission, virus protection will have to expand, too.
The Costs Of Virus Infection
Computer viruses have cost companies worldwide nearly two billion dollars since 1990, with those costs accelerating, according to an analysis of survey data from IBM's High Integrity Computing Laboratory and Dataquest. Global viral costs are projected to climb another 1.9 billion dollars in 1994 alone. 2
The Cost Of Virus Infections
The costs are so high because of the direct labor expense of cleanup for all infected hard disks and floppies in a typical incident. The indirect expense of lost productivity - an enormous sum - is higher, still. In a typical infection at a large corporate site, technical support personnel will have to inspect all 1,000 PCs. Since each PC user has an average 35 diskettes, about 35,000 diskettes will have to be scanned, too.
Recovery Time For A Virus Disaster (25 PCs)
On average, it took North American respondents to the 1991 Dataquest study four days to recover from a virus episode - and some MIS managers needed fully 30 days to recover. Even more ominously, their efforts were not wholly effective; a single infected floppy disk taken home during cleanup and later returned to the office can trigger a relapse. Some 25 percent of those experiencing a virus attack later suffered such a re-infection by the same virus within 30 days.That cleanup is costing each of these corporations an average $177,000 in 1993 - and that sum will grow to more than $254,000 in 1994. If you're in an enterprise with 1,000 or more PCs, you can use these figures to estimate your own virus-fighting costs. Take the cost-per-PC ($177 in 1993, $254 in 1994) and multiply it by the number of PCs in your organization.
At a briefing before the U.S. Congress in 1993, NYNEX, one of North America's largest telecommunications companies, described its experience with virus infections
- Since late 1989, the company had nearly 50 reported virus incidents - and believes it experienced another 50 unreported incidents.
- The single user, single PC virus incident is the exception. More typical incidents involved 17 PCs and 50 disks at a time. In the case of a 3Com network, the visible signs of infection did not materialize until after 17 PCs were infected. The LAN was down for a week while the cleanup was conducted.
- Even the costs of dealing with a so-called benign virus are high. A relatively innocuous Jerusalem-B virus had infected 10 executable files on a single system. Because the computer was connected to a token ring network, all computers in that domain had to be scanned for the virus. Four LAN administrators spent two days plus overtime, one technician spent nine hours, a security specialist spent five hours, and most of the 200 PC on the LAN had to endure 15-minute interruptions throughout a two-day period.
In the October 1993 issue of Virus Bulletin, Micki Krause, Program Manager for Information Security at Rockwell International, outlined the cost of a recent virus outbreak at her corporation: 3
In late April 1993, the Hi virus was discovered at a large division of Rockwell located in the U.S. The division is heavily networked with nine file servers and 630 client PCs. The site is also connected to 64 other sites around the world (more than half of which are outside the U.S.). The virus had entered the division on program disks from a legitimate European business partner. One day after the disks arrived, the Hi virus was found by technicians on file servers, PCs and floppy disks. Despite eradication efforts, the virus continued to infect the network throughout the entire month of May. 160 hours were spent by internal PC and LAN support personnel to identify and contain the infections. At $45.00 per hour, their efforts cost Rockwell $7,200. Rockwell also hired an external consultant to assist Rockwell employees in the cleanup. 200 hours were spent by the consultant, resulting in a cost of $8,000. One file server was disconnected from the LAN to prevent the virus from further propagating across the network. The server, used by approximately 100 employees, was down for an entire day. Rockwell estimated the cost of the downtime at $9,000 (100 users @ $45/hr for 8 hours, with users accessing the server, on average, 25% of the normal workday). While some anti-virus software was in use, Rockwell purchased additional software for use on both the servers and the client PCs for an additional $19,800. Total Cost of the virus incident at Rockwell was $44,000.
"Digital Immune system" is a really nice marketing term, but that's it. IBM was not stupid and sold AV business to Semantic soon after this Digital Immune System bonanza. Not that the idea is complete junk, but if somebody mention this to me during sale presentation I would immediately decrease the level of trust for the speaker. Boot viruses were recognized and cured this way long before IBM researchers even understand the concept, but for more complex cases this approach is dangerous and too complex. A better weapon is the use of MD5 or similar signatures and KISS principle :-). I definitely do not like the idea of my system automatically sending and receiving files without my knowledge. It puts the integrity of my system into the hands of this "central" virus authority and make this "Immune System" a perfect point of intruder attack. I also don't like to face software problems like allergies where the immune subsystem goes wild and attacks benign things (good old Inoculan managed to do exactly this without any immune system by moving false positives to the infected directory and effectively destroying user files because in large organizations to get to this directory requires contacts with often clueless IS personnel).
THE world's computers seem to have survived the threat of acute, millennium-induced failure as their clocks ticked happily into the new year. But two chronic and altogether more sinister hazards to their health persist: viruses and malicious hackers.
Last month David Smith, the creator of a particularly nasty virus called Melissa, pleaded guilty to causing $80m of damage to American businesses. This figure, however, was the result of a plea-bargain: the true cost of the damage is probably closer to $400m in America alone. According to Computer Economics, a consultancy based in Carlsbad, California, computer viruses cost the world $12.1 billion in clean-up costs and lost productivity during 1999. In one incident, for example, a manufacturing plant operated by Dell, a computer maker, was disrupted for two days by a virus outbreak.
Meanwhile, protecting institutional networks from attacks by external hackers is thought to account for 2.5% of global spending on information technology-in other words about $25 billion. When a company's network security is breached, the standard response is to disconnect that network from the Internet until the problem has been fixed. But as more and more firms come to rely on Internet links with their suppliers and customers, this becomes ever more painful and costly.
The IBM software, developed at the company's Thomas J. Watson Research Centre in New York state by a team led by Steve White, is called the Digital Immune System. It works by exploiting computer networks to speed up the process of identifying and eradicating viruses. In fact, it is the growing use of networks that has caused the problem to get so bad in the first place. So the idea, according to David Chess, a member of the IBM team, is to enable the cure to spread as quickly and easily as the disease.
The Digital Immune System works like this. Normally, when anti-virus software installed on a personal computer (PC) detects a suspected but unknown virus that it cannot handle, it sounds an alarm and waits for human operators to fix the problem. A PC with a Digital Immune System installed, by contrast, automatically hands the suspect file over to a central location for analysis. Here the file is scrutinised and then used to infect an isolated network of PCs, which are automatically tweaked in order to trigger the virus-if that it be. Once a virus has become active, the behaviour of the infected PCs is monitored so that two things can be worked out: a signature by which to identify the virus in future, and an antidote to counteract it.
Why Computer Viruses are Not -- and never were -- a Problem -- an interesting
virus hype example -- more subtle than others.
WAZZU! GESUNDHEIT! -- On January 14 [1996], a military source forwarded a hysterical warning issued by the Joint Chiefs of Staff computer office in coordination with the Defense Information Systems Agency. Sent to ALL U.S. military offices around the world, the JCS alert claimed the Wazzu macro virus -- in particular, a variant of it named Meatgrinder -- could "destroy hard drives, or at a minimum, data on hard drives . . . Be advised, many virus detection packages do not detect or eradicate [Wazzu]."
Google matched content |
Forbes.com Ten O'Clock Tech Handheld Virus Hype
Sophos UK press release Symantec and NAI slammed for Y2K virus hype
Society
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
Quotes
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Bulletin:
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
History:
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
Classic books:
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|
You can use PayPal to to buy a cup of coffee for authors of this site |
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.
Last modified: March 12, 2019