Top 10 Viri for 2001

Hack your OS, customize your GUI, announce great software, and configure, configure, configure...
Post Reply
bob
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 7565
Joined: 12/03/01, 12:00 am
Location: St. Louis
Contact:

Post by bob » 01/02/02, 3:57 am

From Computer Associates, the full list, ranked by frequency, is as follows:

1. Win32.Badtrans.B
2. Win32.Sircam.137216
3. Win32.Magistr
4. Win32.Badtrans.13312
5. Win32.Magistr.B
6. Win32.Hybris.B
7. Win95.MTX
8. Win32.Nimda.A
9. VBS.VBSWG.Generic
10. Win32.Goner.A

"The level of expertise exhibited by virus authors continues to dramatically rise, which means that both the user and anti-virus vendor communities must also ratchet up the sophistication of their defensive strategies," says Ian Hameroff, director of antivirus solutions at Computer Associates. "One thing is certain -- either people's habits and practices are going to change, or we are going to see more devastation in the coming year."

<A HREF="http://www.pcmag.com/article/0,2997,s%253D1490%2526a%253D20500,00.asp">PC MAG</A>

<font class=editedby>[ This Message was edited by: bob on 2002-01-02 11:58 ]</font>

BKoT
Member ***
Posts: 19
Joined: 01/01/02, 12:00 am
Location: Detroit
Contact:

Post by BKoT » 01/02/02, 9:29 am

Funny.
I would have though that NIMDA would be placed higher.
I don't see too much trouble from any of the others anymore, but my web server has been constantly bombarded with NIMDA traffic since the day it was released. If I don't flush my access log of NIMDA hits every day, it quickly gets unruly.
-BKoT-
(Big Kahuna of Tuna)

bob
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 7565
Joined: 12/03/01, 12:00 am
Location: St. Louis
Contact:

Post by bob » 01/02/02, 9:42 am

Have you been able to track and contact the host sites sending them?

BKoT
Member ***
Posts: 19
Joined: 01/01/02, 12:00 am
Location: Detroit
Contact:

Post by BKoT » 01/02/02, 11:16 am

(Heh... Let's talk over in this thread for a while. <IMG SRC="/phpBB/images/smiles/icon_smile.gif">

Tracking is the easy part, actually contacting the owners of the machines proves to be difficult because a lot of the time the IP addresses are dynamic. Finding the ISP info is no problem, but that's usually about as far as you can go. I haven't heard of one ISP yet who is actively trying to root out the people still spewing NIMDA traffic constantly. It's just easier to set up blocks and filters on routers to "handle" the problem.
I use Time Warner Road Runner as my cable 'net provider. For about 2 months during the high point of CodeRed, the main routers of Road Runner were flitering ALL traffic on port 80 coming into the network (unless you were a commercial user). This didn't stop any of the virus traffic within the network, just closed off all the extra outside baggage. And as far as I know, that was their whole solution. (The block was finally lifted and of course, virus traffic came pouring in again.)

There was a sort of beat-'em-at-their-own-game solution to CodeRed (http://www.linuxchimp.com/stories.php?story=64)
that used the way CodeRed worked against it. The problem is, it relied on the infected server to not have been patched yet.
The same solution was tried for NIMDA, but as it also relied on the CodeRed hole and just about everyone is finally patched for CR, it didn't work.

So it's back to sending off log files and hoping that someone, somewhere is taking a proactive route.
-BKoT-
(Big Kahuna of Tuna)

Post Reply