Sponsor for PC Pals Forum

Author Topic: Virus flood threatens home users  (Read 1293 times)

Online Clive

  • Administrator
  • *****
  • Posts: 75742
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
Virus flood threatens home users
« on: June 14, 2005, 08:48 »
By Mark Ward
Technology Correspondent, BBC News website  

Virus writers have adopted a new tactic to try to make sure their malicious programs reach as many victims as possible.

Instead of releasing Windows viruses intermittently, many creators of worms and trojans are pumping them out with increasing frequency.

For a while new variants of one virus, called Mytob, were appearing every hour. Some viruses appear in hundreds of different guises.

This tactic is designed to fox security firms that use software to scan e-mail attachments for the signatures of known viruses.

The variants are appearing far faster than firms can analyse them and update their scanners to spot the malicious code.

The tactic seems to be paying off. Currently, Mytob variants are filling 14 of the positions in the Top 20 threats list collated by security firm Sophos.

Spot and scan

James Kay, chief technology officer at mail filtering firm Blackspider, said the accelerating number of virus variants highlighted the dangers of simply relying on e-mail scanners to catch viruses.

"If you have lots of viruses to combat and a limited amount of resources, you have to choose which ones you are going to patch," he said.

This can mean that protection against some viruses, typically ones that appear in small numbers, is unavailable for a long time. These unnamed viruses can then go on to catch out more people than they would otherwise.

"There's a connection between the window of exposure and the volume of a virus," he said.

If anti-virus companies could produce patches within three hours of the first appearance of a virus, outbreaks would almost disappear, suggests research by Andreas Marx of the independent AV-Test Organisation of the Institute of Technical and Business Information Systems at the Otto-von-Guericke University in Magdeburg.

However, Mr Marx's work has found that although response times from anti-virus companies are improving it still takes them, on average, 10 hours to update scanners and produce patches for new malicious programs.

Novel threat

A study carried out by security firm Checkbridge found that, on some days, scanning programs missed more than one-third of e-mail borne viruses.

To gather its statistics Checkbridge ran two million e-mail messages sent over five days through three well-known e-mail scanners. None of the tested programs caught all the viruses.

On the best day the top-performing scanner caught 97% of the malicious programs in the body of messages. By contrast on one day only 64% of the infected messages were spotted by one scanner.

"Even using two scanners is not going to catch all the viruses all the time," said John Turley, managing director and founder of Checkbridge.

Also necessary were programs that use general rules, called heuristics, to spot unknown variants that resemble known viruses.

"Heuristics are essential, otherwise it's just not going to work," he said.

Future versions

James Key from Blackspider said it used scanners, heuristics and programs that can take a broad view of what is happening to a mail server.

If an e-mail server is suddenly struck by thousands of messages bearing the same attachment, it was a fair bet that a virus outbreak was under way, said Mr Kay.

But Graham Cluley, senior technology consultant at Sophos, said few mail security firms relied solely on scanners to spot and stop viruses getting through to users.

"Anti-virus is not just about finding known viruses," he said. "We use a heuristic system that will predict what future variants look like."

He said that companies should also ensure that their e-mail gateways use simple rules, such as refusing messages bearing program files, to help viruses getting through.

Most large anti-virus companies were now 24-hour operations that can deal with the 1,000 or so viruses and variants they see every month. Many update their scanning programs hourly to keep up with the evolution of viruses.

While this helps large companies, it can mean home users will be the most likely to be caught out.

"The main people suffering are the home users who have always been more laid back about their security," said Mr Cluley.


Offline Tony

  • Loyal Member
  • *****
  • Posts: 3367
    • http://www.sugrue.ndo.co.uk
Virus flood threatens home users
« Reply #1 on: June 14, 2005, 17:19 »
Yes I got this the other day, it supposedly came from "administrator@ my own bloody email address"

Well I know I'm getting on a bit, but I knew I had not sent myself this email   :roll:

Anyway the auto email scan sussed it and deleted it, and in any case I always read unknown source emails via "Mailwasher"

But what a cheaky message:

We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.

InterScan_SafeStamp.txt    File name: InterScan_SafeStamp.txt
****** Message from InterScan E-Mail VirusWall NT ******

** WARNING! Attached file info-text.zip contains:

     WORM_MYTOB.FC virus in compressed file info-text.txt                                                                      .scr

   Attempted to clean the file but it is not cleanable.
   It has been deleted.
*****************     End of message     ***************
Athiesm is a non-prophet organization.

Offline sam

  • Administrator
  • *****
  • Posts: 19988
Virus flood threatens home users
« Reply #2 on: June 15, 2005, 00:15 »
i was getting similar last week, damn virus's. I spent about 3hours making sure that all the software i run on my webserver was secure, which of course it was  -argh!
- sam | @starrydude --

Offline Tony

  • Loyal Member
  • *****
  • Posts: 3367
    • http://www.sugrue.ndo.co.uk
Virus flood threatens home users
« Reply #3 on: June 16, 2005, 07:56 »
I received two more this morning, one from support@.... and administrator@..

The email address of mine they are using is one I receive a bit of spam on. Nothing major, two or three emails a week, but this worm business is somethng else. You know, I would hate not to have something like "Mailwasher" to intercept my mail between my mailbox back at my ISP and my PC.
Athiesm is a non-prophet organization.

Offline davy51

  • Loyal Member
  • *****
  • Posts: 1690
Virus flood threatens home users
« Reply #4 on: June 16, 2005, 13:44 »
It is comming to most of the email services i know of

some can block it and some cant

its bad when your admin and it tells you your account is being closed lol

Don't walk behind me, I may not lead. Don't walk in front of me, I may not follow. Just walk beside me and be my friend

Albert Camus

Offline Tony

  • Loyal Member
  • *****
  • Posts: 3367
    • http://www.sugrue.ndo.co.uk
Virus flood threatens home users
« Reply #5 on: June 16, 2005, 13:55 »
Quote from: "davy51"
It is comming to most of the email services i know of

some can block it and some cant

its bad when your admin and it tells you your account is being closed lol

yer quite rich isn't it  :D  

I've just "Blacklisted" administrator@ and support@ in Mailwasher, and as I only get around 6 to 10 emails a day on average, it ain't hard to spot the "iffy" ones.
Athiesm is a non-prophet organization.

Offline davy51

  • Loyal Member
  • *****
  • Posts: 1690
Virus flood threatens home users
« Reply #6 on: June 16, 2005, 16:36 »
some are getting past the cr on my emails and the blocked

between 8 emails im getting about 50 a day

some i can block some not

Don't walk behind me, I may not lead. Don't walk in front of me, I may not follow. Just walk beside me and be my friend

Albert Camus

Show unread posts since last visit.
Sponsor for PC Pals Forum