Where Do Viruses Come From?

stooge

Just want to get general opinion on where viruses mainly come from.

Obviously there are people out there looking to steal information and trying to find glitches in computer OS's to do this. But then again, there are lots of AntiVirus software companies who would go out of business if there were no viruses.

I was quite suspicious today when I heard of a friend getting a virus on his laptop. 'pushu-a trojan' was the name. It was detected by Sophos AV but not by any other up to date AV software that I got him to install. Sophos are the only ones I can see that recognise the virus and the only ones to give a solution. Led me to believe they created it. Or mayb I'm just a conspiracy theorist!

mathias

AVG detected that one on my PC 2 days ago , in answer to your question , most virus , are written by pre-teen american brats with parents that have too much money to spend on them.
Just the equivalent of internet graffitti and vandalism , trojans and keyloggers are written by thieves , pure and simple.
Try using one of the free packages , it may cut down on paranoia if you know that your not paying for your product.

scojones

Pre-teen American brats? I find that fairly insulting, and I'm not even an American. You're speculating. This entire thread is speculation. Viruses come from two kinds of people:

1. People who write them with an aim to learn.
2. People who write them with an aim to cause trouble.

I do not think for an instant that virus companies create viruses and spread them in the wild because I have no reason to believe that this sort of carry on happens.

The people who write them with intent to cause trouble are usually people in their teens/people in their early to mid 20s who find enjoyment in doing so. Sometimes these people have a belief that doing so will land them a job with a security company.

If you want to blame anyone, blame Microsoft for writing a rubbish OS with very bad security. If they cared, and if there wasn't a billion dollar industry that is anti-virus solutions, they would re-write parts of the OS so that viruses can't exist on their OS. Will they do this? No, they won't. They would make a lot of people broke if they did.

What's also funny is that Microsoft also CHARGE you for viewing a database (technet) which has documentation of known issues with their OS. This should really be freely visible.

mickoneill30

Don tinfoil hat now.

scojones wrote:

If you want to blame anyone, blame Microsoft for writing a rubbish OS with very bad security. If they cared, and if there wasn't a billion dollar industry that is anti-virus solutions, they would re-write parts of the OS so that viruses can't exist on their OS. Will they do this? No, they won't. They would make a lot of people broke if they did.

Good idea. People complain when Vista isn't compatible enough because of the new security features. How about they make it even more incompatible to stop virus writers totally. Good idea. Just nobody would be using it because nothing would work. Nobody can write an OS that is virus proof. Name one. I've worked in companies where moving from NT - 2000 was a major feat. Major organizations can't just upgrade when they feel like it. Months of testing and code rewriting has to be done before they can move. If Microsoft want companies to upgrade their systems have to maintain a huge amount of backwards compatibility with their older OSes. They could make huge sweeping changes like other OS companies but which OS is the one primarily used in big business?

And the point about MS not fixing their OS to stop viruses because they'd make anti virus vendors broke. Are you serious? Do you really think Microsoft would care about making Symantec or McAfee broke if they could stop viruses in the OS themselves? That's Microsoft for ya. Always caring about the smaller companies. There are way more security threats to an IT infrastructure than viruses. They wouldn't make anybody broke. Don't lose any sleep over them.

scojones wrote:

What's also funny is that Microsoft also CHARGE you for viewing a database (technet) which has documentation of known issues with their OS. This should really be freely visible.

Like this www.microsoft.com/technet
I didn't see the button to pay them money for that. I did see the subscription bit to download MS software but I wouldn't expect that for free. I know they do charge for the DVD version where they send you out piles of updates and software every month. Would you expect that for free?

But back on topic. I would say that most successful viruses are written by hackers. Just look at the last few years. All the big ones were written by hackers (and a fair few of the writers were caught). They didn't seem to be employed by any anti virus vendors. A whole pile are written by script kiddies (that would be your pre-teen "insert nationality here" brats or someone of similar intellect) but they're not usually successful.

mathias

The comment about pre-teen american brats was not speculation at all and comes from a well known case that IBM had to deal with , upon investigating the source , it was found that it was impossible to prosecute due to age , however he was stopped , because two guys from IBM dropped around to the house and told his Mother what he was doing !!
Thats true!

That case is used as an example in most of IBM's computer security seminars by the way !

Oh and by the way , suggesting that AV companies write viruses is ridiculous , do you really thing that software Giants like IBM , Oracle , etc , with that amount of programming talent , would not spot it if that was the case, these companies spend millions with the likes of Norton and Mcafee , there is absolutely no way!

And just in case your wondering why they dont write their own Virus Scanners , Its always better to have a trusted third party expert with no company involvement verify your systems , something Microsoft dont seem to get !

Blowfish

mickoneill30 wrote:

Nobody can write an OS that is virus proof. Name one.

OpenBSD pretty much is, although with regards to your point, its usually the users that cause the problem and not the OS. What you really should be asking is what OS protects the user from themselves best.

mickoneill30 wrote:

I would say that most successful viruses are written by hackers. Just look at the last few years. All the big ones were written by hackers (and a fair few of the writers were caught). They didn't seem to be employed by any anti virus vendors. A whole pile are written by script kiddies (that would be your pre-teen "insert nationality here" brats or someone of similar intellect) but they're not usually successful.

I agree, the ones you have to worry about would be written by hackers.

Skiddies basically either take the hackers exploits or white hat proof of concept exploits and add stuff in, usually with consequences that they didn't predict.

You are far more at risk from malware these days anyway.

NutJob

Virus writers maybe. Though traditional virus writing has died a little and been replaced by worms.

In my day it used to be a specialised area with e-zaines all of its own. Hacking and virus writing were very different areas. But in those days you had to write all the code in x86 assembler.

Now the lines have become a little more blurred with poorly thought out malware using bindshell exploits nailed to an irc client. If a real hackers or virus writers were writing the malware it would be a little more sophisticated.

As for the Av companies writing viruses i seriously doubt it.

Imo majority(not all) of malware is written by script kiddies

themole

scojones wrote:

Pre-teen American brats? I find that fairly insulting, and I'm not even an American. You're speculating.

Most malware, including virii, do indeed come from America, with China a close second.

Cake Fiend

NutJob wrote:

Imo majority(not all) of malware is written by script kiddies

I'd say re-written.

hantakage

In my experience the majority of the threats that are out there are no longer written by the "Pre-teen American brats". While it was true that 5 years a lot of the threats were been written by people "just to see could they do", nowadays the writers are doing it for financial gain.

Every year there are literally tonnes of Infostealers, Targeted attacks, Password Stealers, Phishing attacks, Stock Spam etc whose entire aim is to relieve you of your hard earned cash, and in general they suceed quite well. Also the sophistication of these threats has come on massively. Years ago it was simple Run key pointing to a Backdoor style stuff. Howadays every trojan worth its salt employs a multitude of tricks to both stay undetected, and be extremely difficult to remove - Kernal mode rootkits being the obvious example. If you want an example of what a modern day threat does look at this analysis of Backdoor.Rustock ( http://www.virusbtn.com/virusbulletin/archive/2006/09/vb200609-rustock )

These days threats are been written by financially motivated individuals with excellent coding skills, and generally a very high knowledge of the inner workings of the Windows OS. The "Pre-teen american brat" doesn't get a look in.

scojones

mickoneill30 wrote:

Don tinfoil hat now.



Good idea. People complain when Vista isn't compatible enough because of the new security features.

What security features in Vista have made it "incompatible"? Incompatible with what, exactly?

mickoneill30 wrote:

How about they make it even more incompatible to stop virus writers totally. Good idea.

It is a good idea. You can increase the security of your OS without having to make anything tougher for your end users. Vista has some nice ideas, but they are badly implemented. This is not the end users' fault.

mickoneill30 wrote:

Nobody can write an OS that is virus proof. Name one.

I believe blowfish answered this. There are several others, too.

mickoneill30 wrote:

I've worked in companies where moving from NT - 2000 was a major feat. Major organizations can't just upgrade when they feel like it.

I agree.

mickoneill30 wrote:

If Microsoft want companies to upgrade their systems have to maintain a huge amount of backwards compatibility with their older OSes. They could make huge sweeping changes like other OS companies but which OS is the one primarily used in big business?

I don't see how window's market penetration has anything to do with backwards compatibility.

mickoneill30 wrote:

And the point about MS not fixing their OS to stop viruses because they'd make anti virus vendors broke. Are you serious? Do you really think Microsoft would care about making Symantec or McAfee broke if they could stop viruses in the OS themselves? That's Microsoft for ya. Always caring about the smaller companies. There are way more security threats to an IT infrastructure than viruses. They wouldn't make anybody broke. Don't lose any sleep over them.

I don't think Microsoft care that their OS is vuln to viruses because of the way it is both designed and implemented. If they did, they would have sorted it out ages ago.

mickoneill30 wrote:

Like this www.microsoft.com/technet
I didn't see the button to pay them money for that. I did see the subscription bit to download MS software but I wouldn't expect that for free. I know they do charge for the DVD version where they send you out piles of updates and software every month. Would you expect that for free?

That is a very very lightweight version of technet, compared to the one rolled out where I work; that was my point.

mickoneill30 wrote:

But back on topic. I would say that most successful viruses are written by hackers. Just look at the last few years. All the big ones were written by hackers (and a fair few of the writers were caught). They didn't seem to be employed by any anti virus vendors. A whole pile are written by script kiddies (that would be your pre-teen "insert nationality here" brats or someone of similar intellect) but they're not usually successful.

What exactly is a hacker? My definition of people who write viruses is valid, because those are the category of people who write them. Label them hackers if you want, I don't think it's a valid label though.

Script Kiddies, as the term goes, are people who use code written by other people. So in essence script kiddies don't actually write anything.

mickoneill30

scojones wrote:

What security features in Vista have made it "incompatible"? Incompatible with what, exactly?

Well if you have a look there are some programs updated because of security changes in Vista. Hamachi is one for example.

scojones wrote:

It is a good idea. You can increase the security of your OS without having to make anything tougher for your end users. Vista has some nice ideas, but they are badly implemented. This is not the end users' fault.

End users use software. If you change your OS enough so that the end users old software doesn't work then you are affecting end users.

scojones wrote:

I believe blowfish answered this. There are several others, too.

Well name them then. How hard is it if you know them? In fairness though I did ask for just one to be named so Blowfish did answer me. But you're saying there are more. So fire away.

scojones wrote:

I don't see how window's market penetration has anything to do with backwards compatibility.

Just because you don't see something doesn't mean it doesn't exist. MS want you to move forward. They want big business to move forward. Big business will sit on an old OS if they can't move forward. MS won't support the old OS forever. If big business can't move forward or if it's too hard they'll start looking at other alternative OSes.

scojones wrote:

That is a very very lightweight version of technet, compared to the one rolled out where I work; that was my point.

Fair enough. I've got both and I've given up on the DVD version ages ago as the very lightweight version is enough for my role (which currently includes supporting 1100 Windows servers). To be honest I've never had to resort back to the DVDs. But that's just my experience.

scojones

mickoneill30 wrote:

Well if you have a look there are some programs updated because of security changes in Vista. Hamachi is one for example.

What security changes in Vista render Hamachi unusable?

mickoneill30 wrote:

End users use software. If you change your OS enough so that the end users old software doesn't work then you are affecting end users.

Obviously the key is to implement the security features in an area of the OS that does not affect usability.

mickoneill30 wrote:

Well name them then. How hard is it if you know them? In fairness though I did ask for just one to be named so Blowfish did answer me. But you're saying there are more. So fire away.

You're getting childish now. Use Google to educate yourself. I'm not going to stoop down and start naming them, I don't see how this would help. Getting you to research this stuff would help you open up your mind a little bit. Off you go.

mickoneill30 wrote:

Just because you don't see something doesn't mean it doesn't exist.

Did I say that because I didn't see something that it doesn't exist?

mickoneill30 wrote:

MS want you to move forward. They want big business to move forward. Big business will sit on an old OS if they can't move forward. MS won't support the old OS forever. If big business can't move forward or if it's too hard they'll start looking at other alternative OSes.

Ok...

mickoneill30

scojones wrote:

You're getting childish now. Use Google to educate yourself. I'm not going to stoop down and start naming them, I don't see how this would help. Getting you to research this stuff would help you open up your mind a little bit. Off you go.

In the amount of time you typed that you could have typed in the name of one current OS. I have used Google. I didn't know that OpenBSD was entirely virus free before Blowfish typed it above. If you can't be bothered backing up your claims with links don't bother typing. I really can't stand the "Google is your friend" brigade. If people want to use Google for everything why bother typing in forums at all.

Of course you could use Google yourself for the Hamachi question. But as I said you should backup up your talk with links I'd better do too.

forums.hamachi.cc/viewtopic.php?t=12650&highlight=vista
It shows how Defender (a security feature) caused problems with the then current version of Hamachi. There are other security features that have caused problems before. I heard of users not upgrading to SP2 for XP for a year or more because they had problems with the firewall. It was valid in some cases when it was first released but then user error and ignorance in a lot of cases too (especially after a year) but it's an example of a security feature causing users problems.

Edit.
Just saw this bit.

scojones wrote:

Obviously the key is to implement the security features in an area of the OS that does not affect usability.

:eek:
Ya think. When you figure out how to do that get onto Bill and he'll give you millions.

mick.fr

scojones wrote:

Pre-teen American brats? I find that fairly insulting, and I'm not even an American. You're speculating. This entire thread is speculation. Viruses come from two kinds of people:

1. People who write them with an aim to learn.
2. People who write them with an aim to cause trouble.

I do not think for an instant that virus companies create viruses and spread them in the wild because I have no reason to believe that this sort of carry on happens.

The people who write them with intent to cause trouble are usually people in their teens/people in their early to mid 20s who find enjoyment in doing so. Sometimes these people have a belief that doing so will land them a job with a security company.

If you want to blame anyone, blame Microsoft for writing a rubbish OS with very bad security. If they cared, and if there wasn't a billion dollar industry that is anti-virus solutions, they would re-write parts of the OS so that viruses can't exist on their OS. Will they do this? No, they won't. They would make a lot of people broke if they did.

What's also funny is that Microsoft also CHARGE you for viewing a database (technet) which has documentation of known issues with their OS. This should really be freely visible.

That was funny and entertainning but purely wrong from point A to Z.
Try to read some magazines, newsletters, technical books, OS vulnerabilities reports.

scojones

mickoneill30 wrote:

Ya think. When you figure out how to do that get onto Bill and he'll give you millions.

If that's your level of ignorance then I'm not going to bother replying to you anymore.

mick.fr wrote:

That was funny and entertainning but purely wrong from point A to Z.
Try to read some magazines, newsletters, technical books, OS vulnerabilities reports.

Really? So people who write them aren't in their teens or 20s, they don't write them with intent to cause trouble for other people, virus companies write viruses and Microsoft don't charge for Technet. That's fascinating.

Honestly if this is the childish mentality of the security forum on here I'm only going to engage in conversation with the few regulars who actually know what they are talking about. Have a nice day lads.

mickoneill30

scojones wrote:

If that's your level of ignorance then I'm not going to bother replying to you anymore.

Agreed. Your arguments seem to be that I'm wrong and that you're right but you can't back them up. Not much point replying if that's your level. Saying somebody is ignorant doesn't make you smart. Showing how somebody is ignorant is much smarter. All you've done is shown your own.

NutJob

hantakage wrote:

Howadays every trojan worth its salt employs a multitude of tricks to both stay undetected, and be extremely difficult to remove - Kernal mode rootkits being the obvious example. If you want an example of what a modern day threat does look at this analysis of Backdoor.Rustock ( http://www.virusbtn.com/virusbulleti...200609-rustock )

In general rootkits are written as POC code by someone with real talent. Then a script kiddie will come along and steal chunks of the engine and tweak it to avoid signatures where necessary.

There are always going to be individuals/groups with talent who will turn to the dark side but they are the minority. That's why there are so many variants of successful worms out there.

Currently on-line there does seem to be a market for talented malware authors who sell there pre-prepared worms/trojans to organised fraudsters but again this seems to be in the minority of cases. But there are a number of areas av-companies are not talking about. e.g P2P based Command and control structures.


some are organised (ish):
http://www.f-secure.com/weblog/#00001152
http://www.vnunet.com/vnunet/news/2164113/zotob-worm-gang-jailed-morocco

Some less so:
http://news.bbc.co.uk/2/hi/technology/4659329.stm


The simple fact is the majority of malware is very simple like this example.
http://geocities.com/rahulmohandas/hacking_the_malware.pdf
(Will report my post to a mod as unsure if this is safe to post)

I ran a nepenthes node(http://nepenthes.mwcollect.org/) a few months back to collect malware and just to see what kind of crap was scanning the network and to my surprise it was just huge amounts of older simpler malware. I only found one new variant after a week(not a scientific test due to not being able to sleep with a pc running in my bedroom).

If anyone wants to see the logs let me know and ill post them after i remove ip addresses.

openfly

Where do viruses come from?

Well jimmie... I am glad you asked! A lot of Europeans would argue that viruses are the product of malicious youths in the United States. This theory originates from the same schools of thought that argue the United States is evil and Imperialistic. That school being the school of mental retardation. For those of you with an IB diploma... take off the football helmet and mittens and listen up.

Viruses originate largely from 4 major countries.

1. Romania
2. Russia
3. China
4. Brazil

The people in these countries largely do it for profit with the exception of brazil. Romanians need viruses to maintain their organized crime driven botnets so they can blackmail US companies under threat of DDOS. Russians and Chinese use their botnets as spam relays. The brazilians are just being brazilians and do it for ****s and giggles before they go out and get wasted and hook up with hot brazillian bitches. Timmie a brazillian isn't a number... it's a type of person who lives south of the fence but doesn't speak mexican.

Anyways I am glad I could shed some light of infinitely great american knowledge into the dark corners of the uneducated world.

Enjoy the being held hostage by Iran!

openfly

No of course there's no links. The only people with large amounts of stats concerning the origins of viruses are law enforcement agencies and their information is not disclosed for obvious reasons.

I am basing this off of my many years in the IT field, and the numerous botnets i've shut down, and the even more numerous machines I've had to figure out how they got compromised and to what extent.

Of all the botnets I've come across with the exception of very small (10-20 nodes) botnets none of them originated from Major western nations... largely because anyone smart enough to produce a decent bot in those nations has no reason to jeopardize their lifestyle.

In a country like Romania or china / russia / brazil where there is almost no enforcement of computer crimes it's very easy to make a very good living producing viruses.

Additionally... I am 31337 and you should simply listen to me because of my k-r4d 0-d4y sk1lletz n00b.

If you ever disassemble a bots code you'll find fun stuff like comments left by the bot owner when they modified some other virus for their use.
9 times out of 10 you can actually track that **** down using the info they've left in there. And guess what... almost every time its some douchebag from romania.

Martyr

im american , if i wanted to spread a virus and get away with it, i'd probably pick the least secure computers, in countries that have least law enforcement..especially in areas of computer crime.

i mean, man..i'm the best trained, best educated hacker on the globe, am i not?

i would deliberately leave comments in the code to manipulate any analysts notion that the code originated from me, in my great capitalist country, where i live the highlife :P ....if i want any security analyst to believe the code was written by a romanian, and that it originated in romania..then perhaps i will try to make all security analysts believe that, by running it from a romanian computer system, code full of romanian comments or quotes..nicknames maybe of wanabe hackers in romania, write an irc bot so that it joins a romanian irc server or channel..i don't know.

there are many possibilities.

to not get caught, i would try do everything to hide my tracks.

that belgium "virus writer" who called herself "gigabyte" wasn't liked by a few russian "virus writers" because she always appeared in the media, and i noticed some comments they made shortly before her arrest.

what i think might have happened (all speculation), they took her codes, changed them to perform some malicious actions, more severe than previously, left in all the comments she had written, then released it onto compromised belgium computers...wasn't long before she got arrested.

as i recall before 9/11 it was not unusual for westerners to invade computers in poor countries to hide their tracks while attacking systems in the west..pretending you originate from there is just another tactic in covering your tracks.

i just don't think you can confidently say "viruses come from.." without being just a bit arrogant.

who really knows? and how could you possibly ever tell these days?

scojones

You'd be surprised the amount of servers that are still vulnerable to that BIND exploit from circa 2001/2002, in Africa. Nothing to stop you rooting several of those, then connecting to each one, then going elsewhere. The same goes for Korea.

Martyr

You'd be surprised the amount of servers that are still vulnerable to that BIND exploit from circa 2001/2002, in Africa.

how do you know?

i wonder, is it possible to use VOIP to dial-in to an isp in romania?

EDIT:
is there some software which would do this? i don't know for what purpose, but i'm curious.
would there be some advantage of having up to 10 different ip addresses on a DSL connection using VOIP and some kind of virtual modems maintaining each connection?

just don't understand why there would be such a high concentration of virus/bot attacks from the countries that openfly and a few other people mentioned.(apart from the poverty factor)

i know they're big countries, but doesn't it seem strange most virus activity occurs mainly from those few mentioned?

Capt'n Midnight

mickoneill30 wrote:

Nobody can write an OS that is virus proof. Name one.

Virus resistant is another matter, but was it AIX or SOLARIS that advertised about having 0 viruses, and it might be out of date but OpenVMS makes claims about being virus free too.

Sophos and F-prot make AV for many OS's, but in many cases the AV is not for that OS but to clean files destined for windows clients of that OS.

Botnets, spam, trojans, - you can make enough money to live on from them so some people do. Unless you can find a way to make it impracticable for people to make money at it the problem won't ever go away.

Wibbs

Capt'n Midnight wrote:

Virus resistant is another matter, but was it AIX or SOLARIS that advertised about having 0 viruses, and it might be out of date but OpenVMS makes claims about being virus free too.

The Apple OS is virus free. Ubuntu's another one.

Sophos and F-prot make AV for many OS's, but in many cases the AV is not for that OS but to clean files destined for windows clients of that OS.

I've both Mac and Windows PCs and on the mac I've an anti virus specifically to stop windows viruses. I pretty much gave up using the windows PC to go online, email etc. Too much hassle by comparison to using KDE or MacOS.

themole

Wibbs wrote:

The Apple OS is virus free.

It would appear not :rolleyes:

I think this discussion has gotten side tracked. On the issue of an OS being virus free, the real issue is not which OS has never had a virus, but which OS is truely resistant to a virus being written for it.

On the question of which OS has not had a virus written for it, just pick any obscure OS thats more advanced than a calculator and it will probably not have any virii written for it, but that does not mean its not susceptible.

Windows gets more virii for several reasons, the two most important of which are: 1) its sheer dominance of the PC market, and hence the bigger target it represents 2) The desire of ease of use which means that the user should not need to know how the os works.

If you want to make any system truly secure you need to reduce features and require manual intervention for system changes. While that may be fine for you average linux user, who already knows what an os is, but its not for your average windows user who just wants stuff to work.

openfly

OpenVMS had an apache and php port. Ergo it has viruses.

Blowfish

openfly wrote:

OpenVMS had an apache and php port. Ergo it has viruses.

No.

OpenVMS has an apache and php port, ergo it has/had security vulnerabilities, which may or may not have left the OS vulnerable.

Skalragg

The kind of person who creates such disruption differs in age, income, location, social/peer interaction, educational level, likes, dislikes and communication style

There is a stereotype that it is some spotty teenager who has a point to prove but in reality virus writers can have various reasons for creating and spreading malware. they have been written as research projects, vandalism,pranks, to attack the products of specific companies or to get revenge.

While other more sinister individuals use viruses to distribute political messages, and financial gain from identity theft, spyware, and cryptoviral extortion.When they are motivated by financial gain, they are more and more likely to be working with spammers and hackers. Money is coming from the spammers and we are seeing evidence that they are starting to employ the best of breed virus writers to help them A large organised crimanil movement exists online, trying to extort money and steal identities. This is one of the reasons why roughly 50% of email traffic is spam.

Some coders consider their creations to be works of art or a form of self expression and shouldn't be stopped. While others see virus writing as a creative hobby.Many writers consider attacking systems an intellectual challenge or a logical problem to be solved.Not all viruses are designed with bad intent in mind, Some of these "good viruses" spread improvements to the programs they infect, or delete other viruses. These viruses are, however, quite rare, still consume system resources, they may also accidentally damage systems they infect, and, on occasion, have become infected and acted as vectors for malicious viruses.

A poorly written "good virus" can sometimes become a virus in and of itself (for example, such a 'good virus' may misidentify its target file and delete an innocent system file by mistake).These generally operate without permission of the computer owner. Since self-replicating code causes many complications, it is questionable if a well-intentioned virus can ever solve a problem in a way that is superior to a regular program that does not replicate itself.Simply there is no one reason why people code viruses , it comes down to weather it is for fun, financial gain or for self achievment

And regarding someones comment saying that if Microsoft made their OS more secure against viruses they'd put AV companies out of business....they are trying to do that .....their kernal based security on Vista is making alot of AV software companies products very ineffective and that is why Microsoft is being brought to court.

mick.fr

scojones wrote:

If that's your level of ignorance then I'm not going to bother replying to you anymore.

Really? So people who write them aren't in their teens or 20s, they don't write them with intent to cause trouble for other people, virus companies write viruses and Microsoft don't charge for Technet. That's fascinating.

Honestly if this is the childish mentality of the security forum on here I'm only going to engage in conversation with the few regulars who actually know what they are talking about. Have a nice day lads.

Same remark goes to you then.
Viruses is not as a big threat anymore as the spyware/malware/spam/phishing/social engineering are nowdays.

A virus, just for your information, is a piece of software that aims to destroy data.
Cyber criminals do not aim at destroying data, their purpose is to gather data and financially exploit it.

Nowdays viruses do not even represent 10% of the malicious activities.

Please take a look to the 2006 Symantec Security Report, this is really informative. This is just an example, still there are hundreds of good and reliable sources and stats available out there.
http://www.symantec.com/enterprise/theme.jsp?themeid=threatreport

mick.fr

Skalragg wrote:

And regarding someones comment saying that if Microsoft made their OS more secure against viruses they'd put AV companies out of business....they are trying to do that .....their kernal based security on Vista is making alot of AV software companies products very ineffective and that is why Microsoft is being brought to court.

No this is totally wrong.
The way apps are now working on Vista are completely separate from the Kernel.
If an apps now crash on vista, you will not bluescreen (Theorically).
An app is now a completely autonomous process. Like a sandbox.

Symantec took Microsoft to the court because they thought they could not access the API to run AV engine. But they lost simply because they did not understand this was a separate process from the Kernel, so they thought they could not protect the Kernel against root kits etc...But this was wrong.
For your information Symantec has since released a full anti AV/Spyware/Malware for Vista.

http://www.symantec.com/norton360/about/sysreq.html

Martyr

mick.fr wrote:

A virus, just for your information, is a piece of software that aims to destroy data.
Cyber criminals do not aim at destroying data, their purpose is to gather data and financially exploit it.

some definitions i found online were:

A dangerous computer program with the characteristic feature of being able to generate copies of itself, and thereby spreading. Additionally most computer viruses have a destructive payload that is activated under certain conditions.

A computer program with the ability to modify other programs usually to the determent of the computer system.

A computer virus is a self-replicating program containing code that explicitly copies itself and can "infect" other programs by modifying them or their environment such that a call to an infected program implies a call to a (possibly evolved) copy of the virus. More on viruses

*most* have destructive payloads?..i dispute this, based on source code i've read..i can only think of 1 person who wrote destructive payloads and his code was for ms-dos exclusively..so it didn't even apply.

i'm not saying destructive payloads don't exist, but they would be quite rare these days.

name *one* boot infector viruses for win32? nada
i'm sure there are variants based on chernobyl virus that tried to erase bios/hard drive..but these only worked in win9x systems, not relevant today.

i'm losing track of topic, but can't we just refer to someone stealing identities, capturing keystrokes for profit as just a criminal?
ok, they can do some programming on a computer, so what? why call those people "hackers" or "crackers" because they steal just like any other common crook?

in these discussions nobody ever agrees!

Skalragg

mick.fr wrote:

A virus, just for your information, is a piece of software that aims to destroy data.

I have to completely disagree with you

The term virus comes from the term virus in biology. A computer virus reproduces by making, possibly modified, copies of itself in the computer's memory, storage, or over a network. This is similar to the way a biological virus works. As im sure you know unlike biological viruses tho, computer viruses do not simply evolve by themselves or come into existence spontaneously, nor are they likely to be created by bugs in regular programs. They are deliberately created by programmers, or by people who use virus creation software. Computer viruses can only do what the programmers have programmed them to do.

A computer virus is informally defined as

"A self-replicating segment of executable computer code embedded within a host program"

Yes , SOME viruses are programmed to release a destructive payload on their victims, however they are only one of many types of virus types out there,

Trojan horses, Worms , Logic bombs, Backdoors, Self-encrypting viruses etc etc perform different tasks.....they do what they have been programmed to do....but most definetely they are all not created to destroy data, worms for eg, are network viruses who unlike "standard" viruses,it does not require a host program, but is a stand-alone executable program. Some viruses are used to aid in breaking into a system, while others are used to steal information.......

so to say

A virus, just for your information, is a piece of software that aims to destroy data.

is just inaccurate imo

Two good books on viruses

A Pathology of Computer Viruses - David Ferbrache
The Art of Computer Virus Research and Defence - Peter Szor

mick.fr

You guys should better get your sources elsewhere than the first result page of Google.
A virus is not necessary replicating itself, and this is actually rarely the case.
A single virus can infect several files/partitions, fair enough, but this is not replication, this is propagation.

Why ?

Because this is bloody complicated to program and it involves lots of factors than has to be common. It is much easier to spam thousands of email addresses with a virus or even to send it as an activex or so.

There are all sort of viruses, and I say it again the aim of viruses is to destroy or corrupt data, system file whatever.
Although some of them were pretty harmless, like just showing some Windows popup very often etc...

The aim of a virus is not to spy what you do on your computer and send a dump back to a server. This is another type of threat and has another name :-)

This was my all point. Viruses threat is very low, and it is getting lower years after years.

Capt'n Midnight

mick.fr wrote:

Viruses is not as a big threat anymore as the spyware/malware/spam/phishing/social engineering are nowdays.[/url]

Suppose someone had written an email virus that sent out .ani .cur or .ico files during the last 3 months ?

ILOVEYOU was destructive, thankfully none of the recent viruses were, but I reckon it's only a matter of time before politically motivated person or group might try some cyber terrorism.

There are fewer computer manufacturers than before, fewer hard driver manufacturers, so the idea of mis-flashing the BIOS on 10% of the world's PC's or reprogramming the controller on some of the most popular hard drives is not science fiction. you can erase 256 sectors at a time or apply a password or issue a security erase unit command and then change the microcode too http://www.seagate.com/support/disc/manuals/ata/d1153r17.pdf
Shouldn't be too difficult to generate a generic app to trash flash

I keep referring to the saphire worm, infecting 90% of it's target hosts in 10 minutes, just imagine it was as destructive as the Bulgarian viruses back in the 80's that allegedly caused the stepper motor on the drive head to keep stepping or to overdrive monitors.

Worst case scenario we are half an hour away from millions of computers becoming paper weights. The risk of this happening are low, but the consequences aren't.

Capt'n Midnight

mick.fr wrote:

A virus is not necessary replicating itself, and this is actually rarely the case.

Please tell that to the anti-virus companies.

They charge extra to clean non-replicating programs and other malware. (stuff that most home users would consider viruses )

I would consider propogation to other machines without needing human intervention to be a defining characteristic of a virus. It's not as easy to make money out of a virus as from spambots, if you blackmail someone with a DoS they may come looking for you :eek:

ActorSeeksJob

root kits are gonna be the main future security problem. generally viruses can be dealt with easily enough, root kits on the other hand can be an extreme headache. Will be interesting to see how they turn out in a few years.

ecksor

mick.fr wrote:

You guys should better get your sources elsewhere than the first result page of Google.

What is your source?

The closest definition I have to hand is:

Definition 22-4 A computer virus is a program that inserts itself into one or more files and then performs some (possibly null) action.

From Computer Security; Art and Science by Matt Bishop, Page 616.

Note the bit in brackets.

A virus is not necessary replicating itself, and this is actually rarely the case. A single virus can infect several files/partitions, fair enough, but this is not replication, this is propagation.

Er? Are you saying that it propagates without replicating itself?

There are all sort of viruses, and I say it again the aim of viruses is to destroy or corrupt data, system file whatever.

This is your opinion, and quite different to claiming that a virus necessarily is created for that motive.

Although some of them were pretty harmless, like just showing some Windows popup very often etc...

How does this reconcile with your earlier statement,

A virus, just for your information, is a piece of software that aims to destroy data.

The aim of a virus is not to spy what you do on your computer and send a dump back to a server. This is another type of threat and has another name :-)

I don't think these things are orthogonal.

Black Swan

mathias wrote:

The comment about pre-teen american brats was not speculation at all and comes from a well known case that IBM had to deal with , upon investigating the source , it was found that it was impossible to prosecute due to age , however he was stopped , because two guys from IBM dropped around to the house and told his Mother what he was doing !!
Thats true!

That case is used as an example in most of IBM's computer security seminars by the way !

This one case exemplifies and ID's the source of most viruses? I am sure that the pre-teens, teens, and bored young hacking/cracking adults around the world will be relieved to know that they are not to blame for the spread of viruses, worms, trojans, RATS, and other related malware, spyware, adware, and spam. Oh, and it's wonderful to be Irish and not American, knowing that none of my countrymen/women would ever write malicious code, even if they were wrongfully terminated or laid-off from the computer software corporation they once worked for.

OP: You might want to offer more choices than just two in your survey?