MyDoom
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: MyDoom

  1. #1
    Senior Member
    Join Date
    Oct 2002
    Posts
    314

    Talking MyDoom

    Just for a different take on the subject, this from vmyths.....



    "Many headlines now proclaim the new "MyDoom" virus/worm as "the fastest
    spreading virus ever." MessageLabs, for example, announced "1 in 12"
    emails carried an infected attachment -- much to the delight of
    reporters who crave numbers. What was left unsaid (because it's not really
    news) is that MessageLabs announced "1 in 2.4" emails carried spam
    throughout the month of December. Do the math and you'll see it's two-fifths
    versus one-twelfth.

    Remember this when virus hysteria strikes:
    http://Vmyths.com/resource.cfm?id=31&page=1

    Computer firm SCO (a main target of MyDoom's wrath) extended the media
    frenzy when they offered a $250,000 reward for the capture of what they
    hint is a "radical" Linux user. Vmyths does not accept SCO's
    presumption -- we strongly suspect MyDoom came from a Microsoft-centric virus
    writer. Vmyths suspects SCO's senior officers (including president Darl
    McBride) engaged in media sensationalism at the expense of the Linux
    community.

    Reporters crave anecdotes; some of their stories proclaimed Boeing lost
    its fight with the MyDoom virus. Vmyths notes the aerospace firm has a
    long history of losing fights with viruses and making irrational
    computer security decisions (see http://Vmyths.com/rant.cfm?id=241&page=4 for
    example). It shouldn't impress anyone if MyDoom overwhelmed Boeing's
    networks.

    (Memo to Boeing's computer security team: Vmyths.com has sent/received
    ZERO copies of MyDoom as of Wednesday 18:00 CT.)

    Common clichés in the antivirus world:
    http://Vmyths.com/resource.cfm?id=22&page=1

    Once again, this media hype misses the point. If a firm shut down its
    email servers to stop a virus attack, then it did so because their
    antivirus solution FAILED to do its job, NOT because infected attachments
    overwhelmed their networks. Reporters, and even security experts, often
    confuse symptoms (infected attachments) with causes (inferior antivirus
    technology).

    History tells us someone will soon declare a "guestimate" damage value
    for the MyDoom virus/worm, strictly for its PR value. Two of the more
    dubious candidates include Computer Economics Inc. and mi2g. Visit
    http://Vmyths.com/resource.cfm?id=57&page=1 for links to these firms'
    mathematical atrocities.

    Vmyths notes stock prices rose for both Symantec and Network Associates
    -- despite the fact their products once again failed to do their job.
    If your antivirus solution didn't protect you, then you need a better
    antivirus solution. (Unless you work for Boeing.) Enough said.

    Don't confuse symptoms with causes. Stay calm. Stay reasoned. And
    stay tuned to Vmyths."
    Quis custodiet ipsos custodes

  2. #2
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Good Article, however I must note....

    I too have had ZERO infections as of today 14:00 -10

    Vmyths notes stock prices rose for both Symantec and Network Associates
    -- despite the fact their products once again failed to do their job.
    If your antivirus solution didn't protect you, then you need a better
    antivirus solution. (Unless you work for Boeing.) Enough said.
    And I use one of those in a very big way.

  3. #3
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    I like that site... it says Tony Bradley needs a better antivirus product

  4. #4
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    No offense to Bradley, but he obviously needs a better antivirus product.
    That's hillareous!

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Originally posted here by RoadClosed
    Good Article, however I must note....

    I too have had ZERO infections as of today 14:00 -10

    And I use one of those in a very big way.
    Same here... I've had ZERO infections (knock on wood) on PCs that I'm responsible for in at least two and a half years....

    /me prays to the av gods that I didn't just jinks myself.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    0 infections in the last 8 years on my home box . The last infection I had was the One/Half virus that destroyed all the data on my 486SL laptop. That thing had a 250 meg hard disk if you can believe it .
    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  7. #7
    Same here, zero MYDOOM on my PC too, clean as can be. But remember, we're the folks that know what we're doing, most of the rest of the world isn't.

    Also, simple way to avoid MyDoom without AV or anything -- DON'T OPEN EMAIL ATTACHMENTS! Don't do that, don't screw with Kazaa, and no MyDoom for you. Problem solved.

    Of course if everybody else did that, we'd all be out of jobs.

  8. #8
    Senior Member
    Join Date
    Jan 2004
    Posts
    124
    No infection on 8 boxes I am responsible, and I'm usign Symantec Antivurs Enterprise...

    Don't confuse symptoms with causes. Stay calm. Stay reasoned.
    the software is safe and stable as person who administer it!!!

    If you cut off your foot with axe, would you sue steelworks that made that axe??? or will you spend some time practicin aiming so you don't miss log next time
    Ikalo
    ------
    Make your knowledge your deadliest weapon.

  9. #9
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    No offense to Bradley, but he obviously needs a better antivirus product.
    LOL. Who knew that Rob Rosenberger or Negative read my site?

    For the record, I have *never* personally had a virus infection whether using McAfee, Norton, Trend Micro, CA or no AV software at all. My wife runs no AV software and has also never had an infection.

    IMHO keeping your system patched and having the common sense not to open file attachments called "ParisHiltonNaked.exe" that claim to be from "security@microsoft.com" with messages written in broken English will keep you 100% safe. Viruses and worms tend to rely on exploiting known vulnerabilities. SQL Slammer spread using a vulnerability that users could have patched 6 months prior.

    The implication seems to be that heuristics *is* the AV of the future. For zero-day type threats that exploit a vulnerability that nobody was previously aware of or that a patch has not yet been created for, heuristics is a good defense.

    However, heuristics- by definition- is making an educated guess about whether something is or is not a malicious program based on past malware or what we think we know about how malware would / should act. It would seem that the only way for heuristics to catch 100% of malware is to have the criteria set so strict that you also catch a good amount of false-positives in the process.

    When a file is scanned with a signature, the detection is positive, and it is determined to be either a specific (or family) virus or not. Although While prone to errors or false positives occur sometimes, signature scanning is pretty accurate. Heuristic techniques, on the other hand, are working on the probabilities of a file being infected. Heuristics is not an exact science. Currently, the industry claims a 70%-80% detection rate of new and unknown viruses with heuristic scanning, which is pretty good considering the complexity of the problem...

    Full article on ExtremeTech.com: Antivirus Research and Detection Techniques
    I do agree with the basic premise of Rob Rosenbergers stance regarding the spread of MyDoom though. I have gotten tons of replies to me from AV software replying to spoofed Sender adddresses and I have received a handful of server notifications letting me know that such and such an email was blocked because the system doesn't allow this file attachment type or that file attachment type- but I personally haven't received an actual MyDoom-infected (or any other virus for that matter) message that made it inside the network.

    What saved the corporation I work for though wasn't heuristic scanning- it was the fact that we already block all executable file attachments by default and simply added ZIP to the default stripping rule until the AV software could be updated.

    At any rate- I guess I appreciate the exposure. With "fame" (ha ha) comes notoriety. I am certainly not the most knowledgable or experienced security expert and there is more that I don't know than what I do so I am bound to be incorrect at times and critics are bound to find flaws regardless of what I write.

    I don't agree that heuristic scanning alone is the holy grail of malware detection though- although I agree completely that the AV industry has no vested interest in providing a true solution- no matter how simple it may be just as the medical industry has a vested interest in finding ways to treat symptoms more than cure diseases- cured people don't come back to spend more money.

  10. #10
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    I would say also that the level of software engineering and installation has a direct impact. For instance, if you only run an AntiVirus product on each client then heuristic scanning would be less important than say, if you run an enterprise level configuration: Like AntiVirus, NetShield, Groupshield, Outbreak Manager etc, all controlled and monitored by E-policy Orchestrator. (McAfee Plug)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •