Fog Creek Software
Discussion Board




Viruses

Just wondering: How come that so few viruses have malicious damage routines in them?
The last one that actually did something on the target machine was a few years ago and renamed (or removed?!?) all mp3 files on the machine. All other popular viruses I have heard of were limited to sending mails or spreading themselves.

whatever
Friday, October 31, 2003

Perhaps it has something to do with the theory that viruses can't be too destructive, or they risk damaging their own growth rates.  They don't want to shut down services that allow them to replicate and spread.

Also, virus writers have an incentive to write quieter viruses that simply steal information that may have various payoffs.  Or backdooring machines for future use.  Sheer, untargetted destruction provides far less motivation.

anonymous
Friday, October 31, 2003

I get all kinds of wacky hits on my website now, and get 2-3 spam messages a day to my posted address where i used to get 2-3 a month.
what's weird is that most of the messages and strange hits (people trying to post to formmail.pl) come from all sorts of IP addresses, typically from a residental pool.

Either lots of people are joining in some sort of 'make money stuffing email envelope' scam, or their machines have been hijacked, or both.

mb
Friday, October 31, 2003

Even in the real world, viruses that kill the host very quickly do not go very far.

A lot of virus writers seem to be doing it for the street cred. For that to happen, the virus has to travel, and multiply.

If it kills the host machine, then it won't travel too far.

Tapiwa
Friday, October 31, 2003

However, the "destructive payload vs growth rate" issue isn't as limiting in the computer domain as it is in the natural world.

In the natural world, killing the host too quickly cuts down on the number of people the host can transmit it on as a) the host will be too ill to transmit and b) it takes time for the host to meet other people and c) transmission is a bit more haphazard i.e. even if you meet the host, there's no guarantee you'll catch the virus.

In the digital domain, this isn't so much the case. Computers are, when online, connected with most other possible victims due to the connected network of the web. Transmission is, hypothetically, more guaranteed. And finally, there is nothing stopping someone making use of a delayed payload i.e. not release the payload when a certain amount of time has elapsed, no of ither machines affected and/or date>detonation date.

I think social/psychological factors are more to blame. I'm guessing (emphasis on guessing) that virus writers (or virus generator writers) either do it for fun and wish to try out techniques or gain kudos, or realise that destructive payloads are bad for everyone, including themselves if someone comes after them. Or they realise that there are more profitable goals i.e. using the virus to relay private/important info or opening a backdoor into system.

SC
Friday, October 31, 2003

10 years ago, most viruses were destructive (deleting files, etc).  This doesn't seem to be the case now, so what's changed?

I don't really buy the argument of "if you kill the host it prevents the virus from spreading".  This might be true of real virsues in the real world, where it takes a long time for a person to come in contact with a lot of other people.  But  there's no reason why a computer virus couldn't e-mail copies of itself to everyone in your address book, maybe even do it a few times over a period of several days, and then delete everything on your hard-drive.

My guess is that there's been a cultural change among virus writers.  The destructive virus writers have grown up and gotten bored with trashing people's computers.  They've been replaced by less talented "script kiddies" who are more interested in widely propagated virsues to impress their peers ("street cred').

And spammers.  There's a lot of evidence suggesting that spammers are behind many of the latest viruses.

TV's Mr. Spock
Friday, October 31, 2003

Surprisingly enough the internet is probably a significant factor in the reduction of the number of terninator viruses.

On April 26th 1999 something like one third of all the computers in Saudi Arabia had their hard drives wiped clean by CIH. The country had only been on the internet for two months (during most of which you couldn't connect anyway) and there were less than ten thousand subscribers. Yet it was the country hardest hit. One of the reasons is that countries with a lot of internet access would have had up-to-date anti-virus definitions in place, and would have caught the deferred payload.

Also there is the fact that loads of windows computers no longer have real mode dos so "format C:" becomes problematic, even if the user is running as administrator. There have been plenty of cases where the payload hasn't taken effect because of sloppy programming.

And are there a lot less lethal viruses. or is it simply that there are a lot more of all kinds of virus, so the lethal ones don't appear so common?

Stephen Jones
Friday, October 31, 2003

Anti-Virus software presents a solution for solving yesterays problem, also it doesn't protect against any SERIOUS threats, any custom crafted to get to you type of virus.

Programmer and User education is the way forward. Sorry.

fw
Friday, October 31, 2003

I think deterrence must play a factor - it's patently obvious that if you deploy a virus that causes loss, you WILL go to jail.

But a non-destructive virus feels "safe" - it's like grafitti. Sneak into a building, leave "Kilroy was here" on the restroom wall, and out again.

It seems to me that the headline-making viruses are actually mistakes - they work so well they turn into DOS attacks. The virus writer just wanted to "mark" every system he could, and ends up taking down networks everywhere.

You know, if someone does deploy a successful destructive virus (say something that randomly changes twelve cells in every .xls file and does an "UPDATE [table] SET [column]=[column] * randomValue" on whatever tables it can find) then we all need to stand by for the inevitable call for development tools to be licensed. (Including Notepad, I guess...)

Philo

Philo
Friday, October 31, 2003

The problem is that if you don't have a destructive payload, you still get strung up for damaging computers.

I'm putting stock in two things:
1) Viruses are proof-of-concept things for street cred
2) Spammers and other folks are benefitting from viruses with a "useful" payload (generally either an SMTP relay or a full-fledged wingate proxy)

I'm getting a LOT of spam from random cable modem or DSL IP addresses.  I guess that it's not completely surprising that spammers would resort to viruses.  ;)

Flamebait Sr.
Friday, October 31, 2003

Maybe they are being destructive, but in very subtle ways.

The best idea that I ever heard of for a virus is one that (after attempting to propigate) searches the computer for all Excel files and randomly changes one, just one, 7 to a 2 in the spreadsheet (and does it in such a way that you can't be sure if the file was modified). And then probably removes itself so you can't be sure if any particular computer was infected.

If something like this had had the penetration of sobig just think of the chaos in the business world.

Bill Tomlinson
Friday, October 31, 2003

Who profits from viruses?  Anti-virus companies.
It is an old conspiracy theory that the anti-virus companies write most of the viruses.  I doubt it, but can't help wondering.

Can't help wondering
Friday, October 31, 2003

Yeh, places like symantec won't hire you if you've done any research work on virii, they're manned to the teeth with marketing droids and sales monkeys, from what I've seen the average staff memeber in there is awful, they open .exe files from people they don't know, they have no concept of security.

User education is the only thing that will fix this. I mean if you're going to allow outlook to wreck your machine, I think you deserve to have it wrecked. I'm sick to the teeth of people claiming ignorance, when in fact they know what to do but are lazy. I've never seen anybody get infected with a virus who didn't deserve it.

fw
Sunday, November 02, 2003

*  Recent Topics

*  Fog Creek Home