70% Of 2004 Virus Activity Down To One Man 452
arpy writes "According to a report produced by anti-virus software provider Sophos, 70% of anti-virus activity in the first half of this year can be blamed on Sven Jaschan, an 18-year-old German who wrote the Netsky and Sasser worms. According to the report, "Sasser claimed the top spot of the virus chart, in spite of the raging battle between the widespread Netsky and Bagle worms." The Register has a good summary of the report."
Are you sure its Sven Jaschan? (Score:4, Funny)
Re:Are you sure its Sven Jaschan? (Score:5, Funny)
Re:Are you sure its Sven Jaschan? (Score:2)
Re:Are you sure its Sven Jaschan? (Score:5, Interesting)
Definately not... The story header here claims that "70% of anti-virus activity in the first half of this year can be blamed on Sven Jaschan", that makes a good headline for sure, but the FA itself says "Sven Jaschan, teenage author of the Sasser worm and member of Skynet, the gang responsible for distributing Netsky, confessed in May".
So 70% of the virus activity has been done by one group of hackers, not by a single hacker.
Facts people, we want facts!
You want facts... (Score:3, Funny)
Re:Are you sure its Sven Jaschan? (Score:5, Insightful)
Re:Are you sure its Sven Jaschan? (Score:2, Insightful)
Nonsense, it's both. Also, the users count as well. To what degree each factors in is a policy decision - it's by no means absolute.
Re:Are you sure its Sven Jaschan? (Score:5, Interesting)
Me, I would have placed the blame squarely on all of the admins out there who allowed their systems to be compromised by the worms in the first place.
You mean that it's Joe user's fault that his DSL connected PC got infected? What do you suggest we do about that?
Re:Are you sure its Sven Jaschan? (Score:2, Informative)
Joe User probably isn't a computer expert, and he isn't PAID to maintain security of a system. Yes, technically he's the admin of his own little PC and DSL connection.
But I believe the grandparent post was saying to blame "ADMINS," those whose job it is to stop this stuff.
It's their job to maintain proper security, apply patches, use recent virus software, watch over incoming / outgoin
Re:Are you sure its Sven Jaschan? (Score:2)
It amazes me how many people use computers, but do not want to be responsible for them, nor do they want to learn how to maintain them. They just want it to work, and expect everything to be totally simplistic. Sorry, we're not in the year 2100.
Re:Are you sure its Sven Jaschan? (Score:5, Insightful)
I think if you're going to lay the responsibility chain, it lies primarily with the virus author.
Subsequently, the responsibility lies on the DSL service provider who KNOWS they are selling to often uninformed users and yet fail to provide adequate first (NOC) or second level (CPE) protection for these users.
Next responsility lands in the laps of those people who wrote software that was prone to infection.
Last, reponsibility makes it to Joe User at that point and then recycles to the beginning for any systems that his infection spreads to.
So I, as the end user, have -final- responsibility, but not primary responsibility nor -blame- for the infections.
The primary person responsible for vandalism is
Subsquent responsibility (for prevention) is law enforcement. Is law enforcement to blame for the vandalism? Only if they do less than is required to reasonably address the situation (I don't expect them to spend all day hunting down the tagger 3 blocks over, but I -do- expect them to patrol all the blocks as much as they can without hampering other worthy law enforcement activities).
Making the assumption that I know that I live in an area where people are vandalizing property, I will probably buy paint and materials that are durable enough to be washed/repaired (if I don't, we hit the next level)
Last, I am responsible for -using- the materials above, I am responsible for calling law enforcement if there is an infraction so that they can address it. However, if I fail to do the above all that happens is the 2nd and 3rd levels of responsibility are void. I am still not responsible for the unknown vandal having decided to unleash their frustrations on my neighborhood.
Re:Are you sure its Sven Jaschan? (Score:5, Insightful)
Set up virus scanners at the ISP level - any mail that passes through an ISP's MTA gets scanned for viruses, double-extensioned attachments that would indicate possible worm payload (ie: anything that Windows will auto execute) should be bounced back to the sender with an "Unable to relay due to potential virus infection, see [website] for why we blocked this" error with instructions on how to fix it. Of course, that won't kill all routes but it'll guard a lot of people.
Next block windows RPC ports at the router level, don't even route traffic between subscriber lines within the ISP network - I'm on Zen and, while Zen block access to windows ports from outside the network, once one machine inside is infected it spreads like mad. Some two thirds of my firewall logs are hits from infected machines owned by other zen subscribers. If people need to share files with remote machines they should use tunnels or VPN.
Finally ISPs should also periodically portscan at least ports 0 to 1024 on subscriber machines and email those running machines without a firewall informing them that they are running a vulnerable box and provide instructions for how to lock it down. Those who fail two months of portscans without providing a valid reason why or start generating virus traffic are sandboxed with restricted email and web access to ISP instructions for how to get out of the sandbox.
Of course, none of this is actually going to happen because ISPs will see it as likely to scare people off.
Re:Are you sure its Sven Jaschan? (Score:3, Interesting)
> connected PC got infected?
Yes.
Just like it's my fault when I never put my car through the yearly inspection and let its brakes rot, I can (and probably will) be made at least partially responsible for the next accident I'm involved - even if some drunken asshole crashes into my car though I have right of way.
If you don't know how to fix it, pay someone who knows. I have no problem admitting that I cannot fix my own car (I can drive it, and look-up
Re:Are you sure its Sven Jaschan? (Score:2, Insightful)
Re:Are you sure its Sven Jaschan? (Score:2)
That includes the admins of the e-mail systems of ISPs.
How many ISPs have had their email systems compromised by viruses or worms? Unless they happen to be using Exchange as a mail server (and I can't think of a good reason for an ISP to do that), I'd guess not many. And I don't blame mail admins for not stripping out various attachments that users open and infect themselves with. Especially now that many worms have started putting themselves in encrypted zip files to prevent
Re:Are you sure its Sven Jaschan? (Score:3, Insightful)
Sorry, that wasn't properly worded. My intent was to say a mail system that allows them to go through. ISPs are now starting to put spam filters on their mail systems, why not AV filters as well?
Unless they happen to be using Exchange as a mail server
I administered Exchange servers for 6 years, never once had a virus on my networks, never once had it used to relay spam, and never once had it compromised. Any Exchange adm
Re:Are you sure its Sven Jaschan? (Score:2)
so its the sysadmins fault for there being no 48 hour days needed to secure and patch windows systems?
"/Dread"
Re:Are you sure its Sven Jaschan? (Score:5, Insightful)
In that twisted logic, I suppose you would blame gunshot victims for not wearing a bullet-proof vest or upgrading to the newest models when better armor piercing bullets came out.
Are some admins just lazy who don't do their jobs? Yes. But an admin can't always patch right away.
Remember in most corporate environments, admins can't simply patch a system when a new patch comes out. MS has burned them too many times with bad patches and this problem isn't an issue of the far past. Just last year, MS released a patch that crippled a computer's network connections. [neowin.net] They released a fix online for the patch, but if you have no Internet, how do you get it?
Admins have to test them first before rolling it out. In some cases this may take up to six months. If they put in a bad patch, it's their blame not MS.
In some companies, admins have been plaqued with downsizes and more duties. This means for some of them security is just another load they have to tackle with normal admin duties.
I think most admins would not want the 10+ hours it takes to clean up a virus/worm. They don't have much of a choice in many cases.
In the words of "Pace Picante Sauce" (Score:5, Funny)
Re:In the words of "Pace Picante Sauce" (Score:3, Funny)
"So you're responsible for me not being able to read my kid's first email, because the prison had to shut down the library's internet access."
"Um... no no it wasn't me, I swear!"
Let the ass-pounding begin.
Also... (Score:3, Funny)
> The Register has a good summary of the report.
70% of slashdottings were caused by Slashdot.
Re:Also... (Score:5, Funny)
Where in the world are you getting your math from?
Re:Also... (Score:5, Funny)
One of the question had a point with multiple lines coming out of it. The question asked you to measure each angle and to write down the sum of the angles. (Hint: 360deg)
What was the "official" answer according to the answer sheet published by the Board of Studies? They would have accepted angles between 355 and 365 degrees.
Re:Also... (Score:2, Insightful)
Re:Also... (Score:2)
*shakes his head in disbelief*
Re:Also... (Score:2)
Moral of the story: we're rewarding stupidity.
Re:Also... (Score:4, Interesting)
In fact, there are several lessons to learn from that. E.g.,:
1. Any experimental data which neatly falls _exactly_ on the theoretical curve, and adds up to _exactly_ the predicted number is most probably cheated.
I.e., had I been a teacher, I would have been a lot more suspicious of anyone who came with 360 there, than of someone whose angles added up to 355. The guy with 360 probably skipped the last angle and just subtracted the sum of the others from 360. Which is _not_ what was asked.
2. Be aware of the imprecision involved in any measurement. Be aware how they add up, subtract or multiply. Especially for anyone working in any experimental science. (E.g., physics.) Or with computers.
I.e., when that board calculated that, within the precision of the measuring device, it can be between 355 and 365, they did their homework. You didn't.
3. If you work with computers, be aware of the limitations of the data type you use.
E.g., if I see another clueless burger-flipper using 4 byte floats to hold money amounts in a database program, I'm gonna barf. Doubly so when then they start wondering why their final numbers are some 10,000$ off the mark.
4. As a corolary, never use == with floating point results. Not even with the most trivial calculations (e.g., that the sum of the individual rows equals what's in the totals field.) Do what scientists and that Board of Studies do: calculate the expected margin for error and use an interval.
Re:Also... (Score:2)
>> using 4 byte floats to hold money amounts in a
>> database program, I'm gonna barf. Doubly so when
>> then they start wondering why their final numbers
>> are some 10,000$ off the mark.
That's really funny. You know why it's so funny?
The leading RDBMS vendor only offers floats.
Re:Also... (Score:3, Interesting)
And all major languages offer libraries to read and process that as a decimal, not as float. At least in Java it's part of the standard library.
You know why? Because of the reason I've mentioned in the post you're answering to. Floating point maths errors. It's an issue known since the 60s.
I.e., I stand by wha
Re:Also... (Score:3, Insightful)
If I ever have an employee look at a circle and tell me he has to measure and add angles to determine it is 360 dgrees around, he'll be flipping burgers the next day. Especially if he comes back and tells me it 365 after measuring.
One of the saddest things about modern education is that we fail to teach people to use logic to solve a problem, instead of relying on formulas to get the answer every time.
Re: Also... (Score:5, Funny)
> an exam all high school students do in year 10 in Australia
Here in the USA, most of us finish high school within 6 or 7 years.
Your State/Territory != Australia (Score:2)
Not wanting to be a pedantic prick, but unless things have changed substantially since my fun filled days of Australian secondary education, not every year 10 student in the country sits this 'School Certificate' thingamo.
In fact, if this web site is to be believed, only students attending high school in the ACT and NSW have the pleasure:
http://www.teachers.ash.org.au/aussieed/seconda [ash.org.au]
Re:Your State/Territory != Australia (Score:2)
Re:Also... (Score:2, Interesting)
The question is, do they think it's the 10% that swing vote, or the 10% that don't vote?
I always thought that Fox was a few cents short of a dollar between the ears.
Re:Also... (Score:2)
I thought everyone knew that 70% of statistics were made up on the fly...
Re:Also... (Score:2)
It can be generalized to refer to any time a popular website links to another one. Typically, less robust sites are unable to cope with the huge increase in traffic and become unavailable -- either their bandwidth is consumed or their servers are unable to cope with the high strain.
W
Re:Also... (Score:2)
OT: Slashdot slashdotted? (Score:2)
Guess this must be the sickening effect of the stupid new color scheme
Kill Him! (Score:5, Interesting)
Re:Kill Him! (Score:2, Insightful)
Re:Kill Him! (Score:2, Interesting)
Re:Kill Him! (Score:5, Funny)
Not really. He keeps people like me in a job.
Re:Kill Him! (Score:2)
Re:Kill Him! (Score:3, Informative)
Re:Kill Him! (Score:5, Funny)
There's nothing more pathetic than a bunch of nrds trying to throw a punch.
Re:Kill Him! (Score:2, Informative)
Re:Kill Him! (Score:2)
Re:Kill Him! (Score:5, Insightful)
Re:Kill Him! (Score:5, Funny)
Can you say... (Score:5, Interesting)
Isn't he the one Valve blamed for the HL2 source code theft as well?
Re:Can you say... (Score:2, Insightful)
Re:Can you say... (Score:5, Informative)
This poor guy may have been arrested for the development of Netsky/Sasser but according to several IT-Newspapers in germany he was not the only one who was developing them. There were some backings and partners who may have made him their scapegoat although these are mainly rumors.
This guy has also been blamed for phatbot although that one was developed by a different person meanwhile arrested (which at some time in the past had made contact to the Netsky Author)
Jeff
Re: Can you say... (Score:4, Funny)
> Should I put on my tinfoil hat now?
Yes, it improves our reception.
Strange coincidence (Score:5, Funny)
Re:Strange coincidence (Score:4, Funny)
It gets worse... (Score:4, Funny)
are caused by just one woman.
I heard the reason is that one can open her ports
in promiscuous mode...
Yeah, if you want some fast physical I/O and you
have insufficient cache, just
Good or Bad (Score:5, Insightful)
Or, you could spend 10% of the time working on each of 10 viruses. Suddenly, you think, I wish I could be 70% sure what the problem will be, it is alot easier.
What About the Russians? (Score:5, Interesting)
Re:What About the Russians? (Score:3, Insightful)
Hi and welcome, you must be new here
Where have you been the last hmmmmm... 2000 years?
Re:What About the Russians? (Score:2)
Somehow I doubt many posting on
*waits for clouds of OAPs to descend on him like flies*
the bounty wins out (Score:5, Interesting)
You got to wonder why Microsoft never did this before. From a business standpoint, the return on investment for this $250,000 bounty is probably going to be quite impressive.
Re:the bounty wins out (Score:2, Interesting)
The fact of the matter is that this strategy only works if there are only a handful of people with the knowledge to write the virii, and you think you can catch them all. However this is not the case... several "authors" have proven to be minors, which only demonstrates that the knowledge is widely available to tho
In other news... (Score:5, Insightful)
Re:In other news... (Score:3, Interesting)
Every single thing in nature, and every single thing created by man is vulnerable to SOMETHING. From a natural standpoint, that is what life is, exploitation of other lifeform's vulnerabilities. Millions of bacteria are doing that in your body righ now, the very second you read this.
Re:In other news... (Score:2)
I agree with your general statement though, just not your specific example. There are many animals which couldn't exist in their niche at ALL without direct microorganism aid (cows and termites immediately spring to mind) and most of the rest would be much worse off.
Re:In other news... (Score:2)
natural vulnerabilities (Score:2)
Re:In other news... (Score:4, Funny)
Choice quote (Score:5, Funny)
duh!
Re:Choice quote (Score:5, Funny)
Seriously. (Score:3, Funny)
I can't rightly apprehend this... (Score:5, Interesting)
The computer worm he created continues to spread despite the fact that their creator has been taken out of the equation.
How on earth must one believe that a worm works (or think that one's readers believe that a worm works) in order for them make such a statement?
I'm reminded of a great quote by Charles Babbage. Babbage was asked (by a member of parliament... of course) whether his analytical engine will, in spite of being given erroneous input, nevertheless arrive at the desired answer. Babbage's response?
"I cannot rightly apprehend the kind of confusion of ideas that would provoke such a question."
Re:I can't rightly apprehend this... (Score:5, Informative)
I suspect a lot of people think they all get sent directly by the person who wrote them, and that they are somehow under his control.
But to be honest, I don't think most pepole actually think about how computer programs work at all. They just do.
It's like when I wrote a chess playing program as an exercise. I showed it off to a friend, and then said I wasn't entirely happy with the way it played. The response: "How can you not be happy? Isn't it playing like you do?"
Err... no... I didn't just copy my brain directly into the computer, actually.
Re:I can't rightly apprehend this... (Score:3, Funny)
You need to copy the brains of those chess guys at the RenFests. I have never failed to get my ass handed to me, on a large period-correct platter with a flagon of mead, and a turkey leg on the side.
Full quote (Score:4, Informative)
Still the more dangerous Worm has been Phatbot (Score:5, Interesting)
There are currently several thousend different modifications of phatbot around and in contrast to Netsky/Sasser, phatboy infected systems are being commercially exploited as spam relays for UCE/UBE and Hatemail. In Europe neofascist/neonazi groups use phatboy to finance and also to distribute their propaganda.
You can buy lists with the ips of compromised phatboy-infected computers to use for your own spam-enterprise. There are even groups which will code you your own version custom-built to your likings.
Strangely the author of Netsky/Sasser has gained much more public interest. Yeah it was probably more annoying and a real hassle for the sysadmins. On the other hand phatboy is more dangerous than netsky and is actively exploited with criminal intent. Although the writer of phatbot has been arrested as well (coincidently also a german) all you ever hear about is the author of sasser.
Jeff
An open letter to Sven Jaschan (Score:5, Insightful)
THANK YOU!
People like you help me argument against the beady-eyed managers that a computer-monoculture is bad for business.
How else could I easily bring Linux or Firefox on Windows to our enterprise customers? And hey, what people know from the office, they will also use at home.
Not to say that you help the OSS community, but you do.
Thanks again.
Re:An open letter to Sven Jaschan (Score:2)
Than, they will buy antivirus from Sophos...
You must be dreaming man...
Netsky variants ! (Score:2, Insightful)
Attention-Seeking Geek (Score:3, Informative)
"...one of Jaschan's schoolfriends revealed the worm author's identity to Microsoft."
http://www.sophos.com/virusinfo/articles/netskyher o.html [sophos.com]
As a self-appointed representative of ... (Score:4, Funny)
I, for one, welcome my Yahoo Serious Overlord.
Once and for all (Score:2, Informative)
Even if it had a Latin plural, it would not be "virIi". That would be the plural of "virIus" which doesn't exist. It cannot be "viri" either, as this is the nominative plural of "vir" (man).
this reminds me a bit of Vernor Vinge's stuff... (Score:5, Interesting)
One of his fundamental ideas is that the growth of technology will give individuals more and more power. I'm not sure if he explicitly says this himself, but one of his themes is that individual people will have the power of atom bombs. It won't BE atom bombs, it will be something else... like the ability to write viruses.
In terms of direct harm, it would appear that Sasser may have done more damage than slamming planes into the WTC. Indirect damage, everyone overreacting and doing stupid things, was tremendously greater with the WTC, of course. But in terms of direct, measurable damage
Speaking, again, purely in economic terms, I wonder how Sasser and Netsky rate against the Hiroshima or Nagasaki bombs? I realise that the viruses probably didn't kill anyone, and they didn't start or end any wars. We don't feel it as much because everyone paid a little bit, instead of a few people paying a whole lot... but in terms of actual dollars/yen/economic value, I wonder how they compare?
However that comparison comes out, being singlehandledly responsible for 70% of all virus activity over the last year is *a lot* of power. Vinge's Singularity may not be that far off... assuming we don't virus ourselves to death first, anyway.
strange comparison (Score:3, Interesting)
His mother must be so proud! (Score:5, Funny)
"So what does your son do?"
"He's in prison after writing the worlds most successful computer viruses. Ouch! Don't hit me! Ouch! Stoppp!
Great job (Score:5, Insightful)
It's bad enough that they feel the need to "compete" against other virus writers for some internet version of "street cred" but now we're fucking ranking them?
How long until people start writing viruses just to "get points" on some chart somewhere? Christ, you people have no logic whatsoever.
Sue Him! (Score:2)
I doubt companies t
Re:Sue Him! (Score:2)
and making an example of him doesn't really work(he already is anyways).. none of those guys writing these expect to get caught(the laws are already tight enough that they're essentially fucked if they do get caught and they know it).
suing him more would lead to lawyers billing more though(and making your company lose even _MORE_ money because of him)..
Odd (Score:4, Funny)
Assuming the average person lives 701280 hours (Score:2, Interesting)
bored germans on the dole (Score:2, Informative)
Wow! Congrats, Sven! (Score:4, Funny)
Kim Vanvaeck (Score:3, Informative)
The funny part is, she might have been good at code - but she was not good at crime.
A quick Google groups search comes up with funny stuff. Like her back in 1998 asking [google.com] for someone to please send her a virus so she could learn about them.
Or her in a discussion about sleep habits which starts out [google.com] asking for the best "hacker babe"...
There are more. But the best part is that in almost all of them she always ties her real name, "Kim Vanvaeck", to her "hacker name", "Gigabyte". It must have taken the authorities a whole 7 minutes to track her down...
As an aside, anyone able to find a photo of her? This is Slashdot... It would be cool if she was as attractive as Angelina Jolie in the [silly] movie "Hackers". (Why else do you think I would be searching on her name?)
Who's numbner two? (Score:3, Funny)
And 23% of all virus activity comes to you courtesy of Margaret Tillman of Chebansee, Illinois who dutifully clicks on every email attachment and forwards every chain email that comes her way.
Here's to you Ms. Tillman; we salute you.
Re:Death threats? (Score:3, Insightful)
Think...how hard is it to clean up Sasser? How hard is it to get DMCA/INDUCE/etc. revoked? Which would you prefer to try?
And the virus writer who can do this has put a lot of effort into it. MPAA/RIAA/SCO just sue people again, and again, and again.
Re:Death threats? (Score:4, Insightful)
This guy wrote the worms. He is directly responsible for 100% of the damage they caused.
I'd say people are justified to be angry at him.
oh fscking please... (Score:2)
Talk about a retarded analogy...
No, if you want to compare those doctors to someone, the apt comparison is with the net admins who had to do overtime to remove worms. If you want to compare this particular cretin to someone, it's with someone who deliberately creates and releases a new strain on flu to make a profit out of th
Re:Blanket Party anyone? (Score:2)
Re:re (Score:5, Insightful)
Newsflash: the real world was not built on being 100 unbreakable and unpenetrable.
E.g., your front door would _not_ be unbreakable to someone determined to get past it with an axe. It's a known vulnerability, for the past few thousands of years, and noone's fixing it. Your windows are likely even more vulnerable.
E.g., locks can be picked. Locks with master keys allow for escalation of privileges by attacking one pin at a time. It's a known vulnerability too.
The way Real Life works isn't to waste manpower and money to make something 100% impenetrable. Real Life works by basically just setting up a big sign that says "you're not allowed past this point." And if you do, we'll throw your sorry ass in jail.
That's really all that your front door and lock are: a sign that other people are not allowed past that point. If someone actually does the effort to pick the lock or hack down the door, it's proof enough that they did get their hint to stay out and deliberately circumvented it. So we throw them in jail.
If someone entered your home, it's not the door manufacturer's fault, it's not the lock manufacturer's fault, it's simply the thief that's to blame. That's the one who deserves some fine time in a state prison.
That's the security model that the Real World society was built upon. It's not perfect, but it worked wonderfully so far.
And here's your free complimentary clue for the day: those Windows users' instinctive expectation of computer security is the same. They don't expect their computers to be an impenetrable fortress, since their RL home or car isn't either. They do expect that whoever breaks past the boundary of their home, car or computer be thrown into state jail.
Unrealistic expectation at the moment? Maybe. But not an _unreasonable_ one. As in: it's not unreasonable to throw the script kiddie or virus writer in jail anyway. Sure, we won't stop trying to make the apps more secure, but in the meantime we also throw the asshole in jail to deter other assholes.
And maybe it's time to give users what they ask for, instead of idiotically insisting that they addapt to what we feel like programming. Not even just in this aspect. The software industry is a fucking disaster in this aspect, and all this whining about "idiot users" and "idiot managers" is just proof of it.
Any other industry, they try to make things comfortable and obvious for the user. In the software industry we just call them idiots and have whole sites dedicated to whining about them.
Re:re (Score:5, Interesting)
It's *going to* get stolen (hijacked) unless you do something about it.
I'm all for putting this guy in jail. But at the same time, it's unrealistic to expect hackers to stay away from a computer whose OS is full of vulnerabilities, from which they stand to profit.
You say you want to give users what they ask for....what all MY users are asking for, primarily, is "not to be bothered with this bullshit virus stuff," and the best way to make that happen at this point, IMHO, is to make it far more difficult to gain access to their computers.
Sure, you can make an example of this guy, but I don't think that's going to stop the tidal wave of virus attacks. Instead of relying on the courts to enforce things like this, I'd much rather see an increase in computer security. Just give all your users personal firewalls (the RL equivalent of locks on their car doors)....something really simple like Zone. Software that DOES make things comfortable and obvious for the user.
And when the problems go away, they will remember that security, not the court system, solved the problem.
--B