You've never heard of jpeg, javascript, or html buffer overrun exploits,
I assume?
Those virus DO exist. In fact, a new one just appeared a few weeks ago,
exploiting an unpatched flaw in Internet Explorer.
Heres the top 10 list from the University of Arizona's Chemical
Engineering Dept.
http://www.che.arizona.edu/intranet/virus.htm
Top 10 viruses in November 2005
1 W32/Sober-Z - How it spreads Email attachments
2 W32/Netsky-P - How it spreads Email attachments
3 W32/Mytob-GH - How it spreads Email attachments
4 W32/Mytob-EX - Variant of above.
5 W32/Zafi-D - How it spreads Email attachments
6 W32/Mytob-BE Variant of above.
7 W32/Zafi-B-Variant of above.
8 W32/Mytob-AS Variant of above.
9 W32/Netsky-D Variant of above.
10 W32/Mytob-C Variant of above.
You can also go here:
http://www.sophos.com/virusinfo /
http://www.sophos.com/virusinfo/topten /
If you read their white papers section you'll see it concentrates on
email worms and spyware/adware - meaning executable programs that you
got probably with something like Bonzi Buddy(in the old days), kazaa,
AIM, WeatherDesktop etc or that you downloaded seperately for whatever
bizarre reason.
Prove me wrong, show me a virus that requires no user interaction, I'll
read up on it and either agree or disagree that it's real and I'll also
state how much of a threat I think it is to the average Joe. Every
buffer bug I've ever seen was either a hoax or you had to have such
perfect conditions for it to work that it would most likely never effect
very many people. Whenever you hear about a mass virus outbreak, it is
always an email virus. You may read about buffer overflow bugs on
various tech news sites but if you dig deep and really read up on it
you'll generally find that it's next to impossible for it to really
work. Some of these things you really have to work at it to spread.
I never said they were a major threat - but there is a big diffrence
between "They are not a major threat." and "They don't exist."
The ones I have seen require you to visit a malicous website, whereupon
the malformed data exploits a flaw in the browser or plugin and begins
to execute code on your computer - with no other user interaction aside
from visiting the website. Now, its not a big stretch of the imagination
to see hybrid email/web viruses - many people (perhaps outnumbered by
those that don't, sadly, but its slowly spreading) know not to open
attachments now. But how many people know not to click the link in the
"joke" their friend just sent them?
Now, as far as one in existance, here's some from the last several
weeks, though it appears Microsoft just patched this one, finally.
http://secunia.com/advisories/15546 /
And heres another one, that was recently fixed by google blocking the
exploit (though the bug was in IE):
http://www.hacker.co.il/security/ie/css_import.html
Now, these have been patched (And we all know users always update
windows, right?), but they did exist in the wild for a time without
patches. Its foolish to think it can't happen again.
Thanks for responding John. Both of these are really exploits(Albeit
mischievious ones) and not viruses themselves. The first issue(which
could DELIVER a virus) apparently has 5 methods of attack. The first
two are really just 'dumb pet tricks' in that they trick the user into
accepting a file download dialog, and granted, that's a cruel joke but
it's nothing particularly exotic. The third issue isn't likely to bug
anyone. The fourth and fifth are interesting, although reference is
made to tricking the user into visiting a malicious webpage. I don't
know what the trick is, they didn't specify what it said or how it
worked but the end result was code execution of some variety in MS's com
objects. Note that this is one of those many bugs that hasn't actually
been perpetrated in the real world. It was only discovered by security
folks actively trying to find these things. Most virus writers aren't
this clever but more importantly there is a much less likelyhood of
success with obscure hacks such as this. There's a reason the biggest,
most widespread viruses use email and downloadable executables,, because
they are the simplest to guarantee successful execution. Hell everyone
wants to see 'XYZ' naked right? Just Click Here!
The second item isn't a virus either. It's just another exploit that
requires a certain string of events to occur. It does not propogate
anything. It requires the user to have performed a series of steps,
namely visiting a site that loads another site within it and then traps
the user's data as it is displayed or entered. That's not a virus, it's
a devious gimmick designed to steal information but it's not something
that will get picked up on by the Anti Virus scanning software. It's a
bug and requires specialized knowledge to make it function.
However:
The first exploit 'sounds' like it could install a virus on your system
but I suspect it cannot deliver much in terms of payload size. Meaning
that it can't do much even if it did execute something. Once you're
infected it can go no farther unless it tries to use outlook to send out
emails to other users which brings us back to that the email issue
again. It would probably provide links in those emails so that people
would visit the same site. This is the sort of stuff that people really
just don't encounter in their day to day lives. Yes I'll grant you that
any number of things are possible, but the likelyhood of success is
minimal and even more importantly the likelyhood of propagation is even
less. There' just 'dumb pet tricks' if you get my meaning.
Perspective:
Bird Flu is reported as being such a dangerous new contagious virus
that's going to kill us all. Thing is only a handful of people have
been killed by it over the last few years but yet AIDS has killed
thousands in the same period of time, yet somehow bird flue is more
dangerous than aids. Now granted, AIDS requires a different infection
method but perhaps you understand what I mean. Anyone for instance
could probably infect a very high percentage of broadband users simply
by scanning broadband networks for network shares on users' harddrives.
Many people share their entire C drive because it's easier to specifiy
individual folder shares for their family members on their home
network. You can use that to install any number of things. You could
put a batch file in their startup folder to do a format C: > nul for
instance. There are literally thousands and thousands(probably
millions) of people who have shares open on their PC and have left
themselves wideopen. Now if they're behind a firewall they're probably
safe, except that they've possibly granted special access to another
user on their home network to said shares who DOESN'T have a firewall
running.
The point is that yes there are exploits, but there also a hell of a lot
more ways to do mischief and in way that you're much more likely to
encounter.
One further line of rambling: My car has a recall notice for break
problems in freezing snowy weather, oh no! What do I do!? Um, well
nothing because I live in sunny, non snowy central california, meaning I
probably won't ever encounter the problem involved in the recall. See
what I mean?
Oh and by the way I use the Mozilla Suite myself and don't care much for
IE or TiredSox for that matter. I recommend that other people also use
Mozilla for browsing and email because they are somewhat less prone to
the most common issues.
Their are 25 or more in the wild IE exploits that load Trojan code just by
visiting a website.
I've seen it in action in the wild and in labs.
in less then 700ms, the zeno codes loads up a few horses.
heck , even "cool search" loads up this way.
I think you should report the scam being perpetrated by the entire
computer industry to the US Attorney General or even the UN. Its a
world wide scam!!!
Phil, there is a very profitable segment of the IT world which makes
money by solving problems that don't necessarily exist or that are
highly unlikely to affect any significant number of people. If you
would rather live by a paranoid mindset then that's your choice.
Someone however that has a little bit of technical knowledge and a
little bit more common sense can get by just fine.
PS The TV doesn't send images of you back to Big Brother either ;)
I work with the 'profitable segment' of IT that you refer to. If you
saw what people do to their computers with viruses & spyware, you
wouldn;t make statements like that. The software serves a purpose.
Here's a concept you might want to contemplate - employee
productivity.
Polytechforum.com is a website by engineers for engineers. It is not affiliated with any of manufacturers or vendors discussed here.
All logos and trade names are the property of their respective owners.