Why no really destructive virus?
There are reports on the various tech news sites about yet another Outlook attachment virus going around. Not really interesting in itself, but it made me wonder why no one has written a really destructive variation on the Outlook attachment virus yet.
I have always wondered the same thing. Spreading the virus is the challenging part, so why not add some simple code to "format c:"? Maybe virus writers ARE in it for the glory, not the destruction..?
Just like Ebola, viruses that have a high mortality rate don't spread very far.
A "successful" virus is one that manages to reproduce a lot. That's not possible if you kill your host soon after infection. Everything's a tradeoff. If your virus kills the PC after a few hours, people will learn _very quickly_ that they've been infected, and they'll tell their friends, and the Antivirus companies will come up with a cure _very quickly_. If the virus waits for days before killing the PC, then in general anyone with antivirus software will catch it before it acts. Intuitively, I feel that the _less_ damage a virus does, the _greater_ its chance of reproducing successfully.
I remember the readme.exe virus slowly replacing every file on our server we touched with a copy of itself until the server filled up and we were forced to reboot. That's when it got "root" access and started to really get nasty.
Why do people continue to use Outlook, especially corporations who should know better by now?
Our company just switched from Outlook to Lotus Notes, and everyone agrees it's much worse than Outlook was. In Notes, appointment reminders don't work reliably, if someone forwarded a business card to you, you cannot insert it into your address book, menu commands are not where you expect them, and in general the UI is so slow (you forgot what you were doing while you are waiting for a view to open after you clicked on something).
"Our company just switched from Outlook to Lotus Notes, and everyone agrees it's much worse than Outlook was. "
I used Lotus Notes. Now I use Outlook. Outlook is not bad.
Adrian and ee both made the point about "keeping the host alive so the virus can spread more". But I'm not so sure about this, particularly in regards to Outlook attachment viruses.
I think it was mainly the fact that the parent company is using it, and that, in the future, other (company-specific) databases than just email/calendar/contacts can be integrated. (Maybe that flexibilty is what makes it slow?) Maybe also the security of Notes is better, I don't know.
There was an article about this in Tech Review. The author seems to think that some worms are proof of concepts. They use well known exploits for proof of concept and then discover their own exploits.
I have thought about this question also. I believe the reason traces back to the nature of the virus writer. Is the writer really intending to cause mass destruction? I dont think so, I think its a weak attempt to gain a few seconds of anonymous self gratifying fame.
This reminds me of a great idea for a virus payload that I read somewhere a while ago (but I can't remember where).
The trouble with Outlook is that you don't even have to open any attachments. Merely viewing the mail in the preview pane is enough to have malicious code executed.
I honestly believe that the reason that we don't see more destructive viruses is because many of them are written by the anti-virus software companies. It is in their best interests to constantly have viruses in the news, even when those viruses don't do a whole lot of anything other than spread. This probably helps people feel like the anti-virus software works since they never lose any data.
Now if it could only replace a 2 with a 700 in an database... at a bank... where I have 2,000.00 in a checking account.
The CIH or Chernobyl virus wiped out approximately one third of all the hard drives in Saudi Arabia in one day (26.04.1999) and in many other cases is also reported to have trashed the BIOS where that could have been updated.
Bill, I don't think I made my point very well. Consider a company infected with a virus that either does nothing after an infection, or waits a while and then trashes the hard drive -- each option having 50% probability. As soon as the first hard-drive-trashing occurs, everyone will be told not to touch their email, contingency plans will be activated to remove new viruses, anti-virus software will be purchased and installed if it wasn't already, etc. The virus can no longer exist within the company. Yes, it's a bit of a simplification, but the general point stands I think.
A big company usually runs its own mailserver....so just switch it off :)
Who profits from viruses? Antivirus editors! Reminds me of the kid breaking glasses and a minute later Chaplin offering his services to replace them :-)
Of course, Antivirus editors need to have your computer bootable in order to install their "cleaner". IMHO, that's why viruses are usually soft.
I just got a virus in my mailbox, apparently through a music mailing list I'm on. It was formatted as if it had to do with music - the subject was "re: rehearsal" or something.
what has always surprised me is that email viruses that go through the inbox looking for addresses always go and use the same 10 or 12 reply lines. I would have thought that if they replied to the email in the inbox, they would probably get read. Or just confirm to the spammers that the address was 'live'...
I generally think of users as idiots when they start complaining about "email virus". Did nobody realizes that there is _no such thing_ as an email virus? We should start calling it "Outlook exploits", because they affect exclusively this hell spawn of a mail user agent.
Fog Creek Home