Results 1 to 12 of 12

Thread: Virus's - just my 2p....

  1. #1
    Oh no!I've re-dorkalated! Jiff Lemon's Avatar
    Join Date
    Jul 2003
    Location
    Sunny MK
    Posts
    2,504
    Thanks
    80
    Thanked
    44 times in 41 posts

    Virus's - just my 2p....

    As there seems to be a heavyweight fight at the moment between the various Mydoom Variants and Netsky Variants, it suddenly occurred to me whats going on....

    In a bid for to get the title of "biggest virus spread", the <insert suitable swear words here> that are behind them are changing the damn thing nearly every day.

    So..... here's my idea to solve it.

    Do nothing.

    Now, I don't mean lets all get infected by the damn thing, but more of lets NOT report it.

    ISP's know what the Virus looks like - So why not block it?

    My mailsweepers can block them and their variations, but rather than bounce it back at the spoofed address it came from, thus aiding it's spread, we just delete it - No warnings - it almost never existed.

    Frankly I don't need to know from my antivirus people that there are x million number of infections at the moment - all I need to know is that I'm protected from it.

    What think you?

  2. #2
    Senior Member Kezzer's Avatar
    Join Date
    Sep 2003
    Posts
    4,863
    Thanks
    12
    Thanked
    5 times in 5 posts
    hehe, sounds funny how ISP's would say that. That's just digging themselves a hole. I haven't managed to get any of these viruses yet but at the rate they're spreading it's a worrying thought.

  3. #3
    Photographer; for hire!! shiato storm's Avatar
    Join Date
    Aug 2003
    Location
    next door
    Posts
    6,977
    Thanks
    4
    Thanked
    6 times in 5 posts
    i feel that these clowns enjoy their notoriety at the fact they created such destructive programs, and in the end their own arogance will be their downfall...
    so I guess in the end the culprits will ruin themselves.
    on the filp-side they are constantly looking for recognition for their 'work' and it being reported in the news only serves to fuel their creative-destructiveness [if that makes sense]. thus by not reporting any malicious bugs going around (whilst silently kicking it to bits) these hacker-types get even more worked up and angry and realise their hard work and time is wasted because it failed to get the attention it was intended...

    ...there is a simpler solution: buy a mac!...
    Powered by Marmite and Wet Dog
    Light Over Water Photography

  4. #4
    Senior Member joshwa's Avatar
    Join Date
    Jul 2003
    Location
    Sheffield, UK
    Posts
    4,847
    Thanks
    126
    Thanked
    67 times in 62 posts
    • joshwa's system
      • Motherboard:
      • PC Chips M577 AT/ATX
      • CPU:
      • AMD K6-2 500Mhz
      • Memory:
      • 128mb PC100 SDRAM
      • Storage:
      • 8GB Fujitsu
      • Graphics card(s):
      • 3dfx Voodoo 3 3000 AGP (16mb)
      • PSU:
      • ATX 500watt
      • Case:
      • Midi Tower AT
      • Operating System:
      • Windows 98 SE
      • Monitor(s):
      • 22" TFT Widescreen
    Yeah it's pretty stupid that hotmail / yahoo etc, all of the ISP's with mail servers just ignore them, or say, this email's got a virus etc. Just FRIGGIN delete the virus!!!

    Josh

  5. #5
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,283
    Thanks
    293
    Thanked
    841 times in 476 posts
    Quote Originally Posted by shiato storm
    ...there is a simpler solution: buy a mac!...
    Sorry, I'd rather kill myself.
    PHP Code:
    $s = new signature();
    $s->sarcasm()->intellect()->font('Courier New')->display(); 

  6. #6
    Oh no!I've re-dorkalated! Jiff Lemon's Avatar
    Join Date
    Jul 2003
    Location
    Sunny MK
    Posts
    2,504
    Thanks
    80
    Thanked
    44 times in 41 posts
    You could lay a lot of the blame at the ISP's doors....

    As a company, Our mail servers strip out any Virus's that slip past the gateways.
    Why can't a ISP do that?
    Why can't an ISP instantly block an IP spewing out Spam?
    These things are NOT hard to do.

    Imagine if you came home to find the only pages you could get to, were an ISP's help pages, informing you your machine was infected and heres what you need to do to clean it and then once clean, your net access will be restored.

    How much Bandwidth would they save?

  7. #7
    Photographer; for hire!! shiato storm's Avatar
    Join Date
    Aug 2003
    Location
    next door
    Posts
    6,977
    Thanks
    4
    Thanked
    6 times in 5 posts
    oodles?...
    Powered by Marmite and Wet Dog
    Light Over Water Photography

  8. #8
    Spodes Henchman unrealrocks's Avatar
    Join Date
    Aug 2003
    Location
    Nottingham UK
    Posts
    2,390
    Thanks
    3
    Thanked
    2 times in 2 posts
    Yeah - the newer viruses are simply gang wars ATM ...

    It's a busy time for computer viruses and worms. Over the last three weeks, we've seen nearly two dozen variations of Bagle, Netsky, and MyDoom circulate the Net. What gives? It looks like gang warfare is responsible, drive-by shootings on the information highway.
    YOU HEARD ME right. "Gangs" of virus writers are currently trying to outdo one another and protect their turf. What they're fighting for is control of thousands of Trojan horses that create stealth peer-to-peer networks out of virus-infected computers worldwide. Such networks can be used to launch next-generation computer viruses or distributed denial-of-service attacks. They can also be sold to spammers who use them to anonymously send messages to our inboxes. Because of all their uses, virus writers consider these networks worth fighting for. Unfortunately, you and I aren't just bystanders, we're the targets. And the only solution I can offer is what I've been saying for years: Update your antivirus software and don't open unsolicited e-mail messages. I wish there were a magic fix I could offer that would inoculate us all from these viruses, but, unfortunately, I can't. These infections aren't even very original. They use good old-fashioned social engineering, and not a software flaw, to spread. There appear to be three distinct gangs: the MyDoomers, who are using source code from the MyDoom.b worm to set up stealth networks; the Bagles, who wrote their own unique viral code to establish the same sorts of networks; and the Netskys, who seem to have started the whole imbroglio by thwarting the plans laid down by MyDoom and Bagle.

    THE FIGHT seems to have broken out on Feb. 18, when Netsky.b appeared on the Net and began removing traces of MyDoom and Bagle from infected computers. Netsky.b not only removed the viral code, but also the Trojan horse "back doors." These are the tunnels of communication that allow the MyDoom and Bagle gangs to communicate with infected systems and thus set up the valuable peer-to-peer networks. Needless to say, the authors of the Bagle and MyDoom variants took offense--as Netsky spread, their networks began to shrink in size and thus their ability to do harm online diminished. One week later, on Feb. 25, the Netsky.c variant appeared a hidden message embedded in the code: "We are the skynet--you can't hide yourself---we kill malware...MyDoom.f is a thief of our idea!" (Such messages are known as "greetz.") A few days later, Bagle.J and MyDoom.G responded: "Hey, NetSky...Don't ruin our business, wanna start a war?" and "To NetSky's creator(s): imho, skynet is a decentralized peer-to-peer neural network. We have seen P2P in Slapper in Sinit only. They may be called skynets, but not your...app." (Slapper is a Linux worm that established its own P2P network starting in August 2002; Sinit is a common Trojan horse that also established its own P2P network, starting in October 2003.) Greetz are not new; often they are directed at rival Internet gangs or antivirus researchers. In December of 2001, rival members of Israeli script kiddie gangs unwittingly released the Goner virus. In that case, the virus (which they called Pentagone) contained greetz with Internet nicknames of the authors: "Pentagone coded by: suid, tested by: ThE_SkuLL and Isatanl." Originally, the authors named in the greetz denied their involvement; shortly thereafter, however, they took credit for the virus when the news media started saying the code was cut and pasted from elsewhere. A short time later, the Israeli youths were arrested and sentenced to 2.5 years in jail. Also, the recently arrested Belgium virus writer Gigabyte is famous for using greetz to taunt antivirus researchers, namely Graham Cluley of Sophos Antivirus.

    MOST OF THE VIRUSES that have appeared over the last few weeks rate a 6 on our 10-point Virus Meter , meaning we consider them moderate threats. As of last Friday, only Netsky.d was spreading quickly, infecting one out of every 19 e-mails; this is very close to the infection rate of the original MyDoom, which spread at a rate of one out of every 12 e-mails in mid-January. Despite some interesting programming nuances, such as requiring a password to unlock the Zip file attachment in the e-mail, these variants introduce only minor changes to the original code--just enough to fool the signature files that your antivirus software uses to recognize and stop them. So far, two antivirus companies, Kaspersky and BitDefender, have added the capability to decode the password-protected Zip attachments in infected e-mails, but I expect all antivirus companies will adopt this strategy soon. The viruses' success, in the end, is due to their social engineering. They spread because human beings--hopefully not you--open the files attached to the e-mails they're sent in. As a result, many corporations are now blocking all Zip file attachments, which is surely impacting worker productivity. But until every desktop has up-to-date antivirus technology, and until every user stops opening unsolicited e-mail attachments, viruses like these will continue to afflict us.
    I won't quote the source as I don't think the mods'll like me linking it

    G4 PowerMac - Tiger 10.4 - 512MB RAM
    MacBook - 2Ghz - 1GB RAM - 120GB HDD

    Rotel RC970BX | DBX DriveRack |2x Rotel RB850
    B&W DM640i | Velodyne 1512

  9. #9
    Registered+
    Join Date
    Jul 2003
    Location
    123 Fake Street, London
    Posts
    811
    Thanks
    35
    Thanked
    3 times in 3 posts
    I like the idea about the not reporting viruses, but you know how the media love a sensationalist story, a pandemic computer virus sound good <sigh>.

    Anti-virus companies have an interest in letting us know how many copies of a virus there are out there. It helps them sell their software.

    These two facts combined make it difficult to keep these things quiet.

    I agree a lot of the blame lies with ISPs. Jiff Lemon’s idea about restricting infected users access is a great one. Surely the protection that Jiff is talking about would be a great selling point? Maybe it is too costly to do?
    "Keyboard missing - press F3 to continue" Message seen on an Apricot PC.
    "To start press any key. Where's the any key?" Homer Simpson.
    Hexus Trust

  10. #10
    Oh no!I've re-dorkalated! Jiff Lemon's Avatar
    Join Date
    Jul 2003
    Location
    Sunny MK
    Posts
    2,504
    Thanks
    80
    Thanked
    44 times in 41 posts
    Thats' the idea - Make me in charge of ISP's MUHAHAHAHAHAHAHAHA!

    The point I'm trying to make is that an ISP is simply a company. My role in the company, is to stop virus infected mail hitting the desktops (as well as ensuring a few minor things, like making sure mail actually works!). We support 35,000 users with a team of 5 - Now this is only for mail. So that's one mail admin for 7,000 users. We could do a lot more for our users - stop spam etc, but the company is paranoid about false positives so won't.

    Now, if we can do it with limited resources, why can't an ISP?

  11. #11
    Sexiest Hexus user? quite possibly Russ's Avatar
    Join Date
    Jul 2003
    Location
    North Norfolk
    Posts
    5,200
    Thanks
    11
    Thanked
    69 times in 44 posts
    • Russ's system
      • Motherboard:
      • Apple Logic Board
      • CPU:
      • Core i5 2.8GHZ 8MB Cache
      • Memory:
      • 2x2GB
      • Storage:
      • 1TB
      • Graphics card(s):
      • ATI 5750
      • Case:
      • iMac
      • Operating System:
      • Mac OS X Snow Leopard
      • Monitor(s):
      • 27" iMac
      • Internet:
      • 2mb(on a good day)
    jif, one word.

    effort.

    its easier to let the problem cascade downward then having to fix it im afraid. ISP servers bounce virus's back, they dont get infected. its us, the users that do. (well not me, /pats f-secure).
    Gamertag - Russonf (xbox and ps3)

  12. #12
    Pixel Abuser Spunkey's Avatar
    Join Date
    Nov 2003
    Location
    Milton Keynes
    Posts
    1,523
    Thanks
    0
    Thanked
    0 times in 0 posts
    the thing is though, all it takes is 1 ISP to be the first to market with the virus protection at their level, and the other ISPs would have to follow suit.

    With consumer awareness of viruses as high as it is (i wouldnt say knowledge as lets face it, most would probably open a dodgy looking attachment mailed to them right now - but they know that viruses are something to avoid) im sure with some simple marketing people would transfer ISPs if it offered them some form of protection.

    i know id gladly pay a few quid extra to be covered (except to AOL ).
    the problem would be when a virus gets through, as people who offer protection are obviously going to become prime targets. and then with todays american 'sue first, think later' attitude, that'll be that.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •