[ISN] My daily virus

From: InfoSec News (isnat_private)
Date: Tue Apr 09 2002 - 00:43:31 PDT

  • Next message: InfoSec News: "[ISN] Financial firms turn on secure IM"

    Forwarded from: Elyn Wollensky <elynat_private>
    By George Smith, SecurityFocus Online
    Posted: 08/04/2002 at 20:02 GMT
    "I regarded viruses as only good for entertainment," said Guido
    Sanchez about ten years ago. Sanchez ran Nun Beaters Anonymous, an
    underground bulletin board system notable for its free viruses and dry
    wit, the latter a scarce commodity in the world of hacker outlawry.
    For the record, he also said: "I have nothing against nuns, nuns are
    great people. I love nuns!"
    However, nuns notwithstanding and with regard to viruses, Sanchez's
    words are still right on. If you're going to hang around in the
    business for any length of time, it helps to develop a sense of humor
    towards everything.
    How else to regard the recent carnival of the absurd in which the poor
    sod who administers the WildList [Shane Coursen, a former
    SecurityFocus Online columnist -ed] let out an electronic screech of
    pain over lack of funds and job prospects?
    In case you're just checking in, the function of the WildList is to
    compile and publish the names of those viruses reported to be in
    varying degrees of circulation, from high to low, around the world.  
    The received wisdom on this is that it's a valuable service to
    developers and users because (1) vendors can or do calibrate their
    software to it, and (2) everyone else can get a gross sense of what's
    going on in the world, virus-wise.
    Well, if it was so valuable why did the AV industry kind of forget to
    ply it with cash? Here's the dirty little secret, the real skinny on
    the subject. Stage whisper: No one cares.
    While the WildList outburst did apparently succeed in momentarily
    shaming someone into opening their wallet, no AV vendors act like they
    need it. They publish their own lists of virus frequency; citation of
    the WildList, or even reading it, is irrelevant to the process.
    And for everyone else, if your e-mail address is distributed around
    the world in enough Microsoft Outlook address books, you can compile
    your own WildList every week, a list that will generally mirror, to
    some degree, what vendors are reporting. Chalk the WildList's misery
    up to unintended consequences stemming from Microsoft's half-decade
    long horn-of-virus-plenty approach to electronic mail handling.
    Old coot's voice: "Yep, I remember, Sonny, when we didn't actually get
    mailed the Top Ten viruses each week! But now those days are gone --
    eh-eh. I think we're just gonna have to take Old Blue The Virus
    Epidemiologist out to the pasture and put 'im down. It's the merciful
    By now you may be thinking that I get quite a few viruses in the mail,
    and that I think they're funny. This is only partially true. Style and
    elegance are no longer twin fortes of virus-writing mountebanks. Time
    was when the Casino virus jumped out of the blackness of the screen
    and actually played a game of roulette with you before trashing your
    data. That fired the imagination! Now the day begins with a dull file
    in the mailbox with the name "You are FAT!" Yes, I'll be sure to
    double-click on that right away, sir.
    I am constantly reminded that many people, apparently every bit as
    thick and intellectually inelastic as malicious code writers, do bite
    on these doltish come-ons. However, they don't work for me. Without
    automatic execution, there's no chance things like "Look,my beautiful
    girl friend [sic]," "Let's be friends," and, my favorite,
    "introduction on ADSL" are going anywhere not defined by the delete
    In fact, I can't think of a single acquaintance, professional or
    social -- PC expert or illiterate -- that I know well, who has ever
    been sucked in by virus-writer subject lines. Superficially, I can
    picture only saps or children falling prey. But if a sap's PC is
    hijacked by a virus, how much does it matter?
    The party line on the subject is that it matters a great deal because
    too many hijacked sap PCs can flood the system into dysfunction.  
    However, as far as practical matters go, I already get, and have for
    some time, many viruses from total strangers and saps. A few more or
    less isn't a difference, just more junk in the inbox to delete.
    And I think that it is this way for many. Call them a silent majority,
    a mass which employs its own rules-based anti-virus measures, deleting
    anything and everything that smells even faintly stupid or
    time-wasting. To survive the daily flood of electronic crap --
    viruses, spam or foolish messages from certified ninnies and
    professional annoyances -- everyone builds up personal armor that
    includes a strong bull-detector and a joy in giving the waste can a
    workout. Once installed, this never needs updating.
    Which leaves me with one question, rhetorical if you like, for the
    virus trackers. What's the ratio of unreported viruses deleted by hand
    by the skeptical to the number of those reported to lists?
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 03:32:08 PDT