H
Harvey Cohen
Are there any experts that would render an opinion as to whether Swen will
die out and when?
die out and when?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
GSV Three Minds in a Can
from the wonderful person said:Are there any experts that would render an opinion as to whether Swen will
die out and when?
I wouldn't claim to be an expert, but no, I don't believe it will. It'll
die =down=, but x,000 new idiots get a PC every day, and some of them
will install this 'Microsoft patch'.
It'll die down because most large/intelligent ISPs will eventually
filter it.
Gibe.B is, what, 6-9 months old, and is still doing the round, albeit at
a low level.
N
Nic O'Demus
GSV Three Minds in a Can said:I wouldn't claim to be an expert, but no, I don't believe it will. It'll
die =down=, but x,000 new idiots get a PC every day, and some of them
will install this 'Microsoft patch'.
It'll die down because most large/intelligent ISPs will eventually
filter it.
Gibe.B is, what, 6-9 months old, and is still doing the round, albeit at
a low level.
Me and thee got a new pc once. We were uneducated then, I probably still am.
I like to use a pc, it has generally made certain of my tasks a lot easier
than they were 10 years ago. I would not consider myself an expert either,
but I find email extremely useful and certain ngs very informative and
occasionally a good source of jollity after a long day.
New question to the group perhaps:
Should idiots be allowed to own a PC?
(NLL & Tracker exc.)
I posted a similar message to this ng 23/09
Q "Current plague of virus laden crap- when/how will it end?"
A reply: It should diminish as more and more people clean their
computers of the worm and more ISPs become able to
filter the messages out. Maybe the latter will help against
the *next* one.
MS are, for the time being, the largest suppliers of os and therefore the
largest target for both spam/virii and thus MS users are most likely to be
targetted by broadcasters of this infernal crap.
X,000 new users every day do not know how to clean their machines of this
malicious stuff, equally X,000 of existing users don't know how to either.
So what is the answer?
My pc is as secure as I know how to make it. I bat off probably a few
hundred of these bastards every day, but they keep coming. Changing to
another os is not a long term cure. I have all respect for Linux, best
wishes and I hope you can avoid this rubbish.
I suppose the answer is to stop the malicious gits writing/broadcasting spam
and virii. I don't see that happening without changes in the vital way of
internet activity generally. And that definitely ain't going to happen.
I was always happy with pencil and paper anyway.
Good luck
Nic
Y
YoKenny
Harvey said:Are there any experts that would render an opinion as to whether Swen
will die out and when?
As there are reported to be 35 million AOL users out there then the answer
is never. Comcast users will then become second.
G
GSV Three Minds in a Can
from the said:Me and thee got a new pc once. We were uneducated then
Speak for yourself - I read the book (well several books) before I
started spending money. 8>. OK, I cheated - I started with a degree in
CS, back when it was still a branch of applied math.
I'm all in favour of it being an offence to run an 'open' (no virus
checker, open network shares, etc.) on a public network .. just like
it's illegal to drive a car with no brakes on a public highway. ISPs
could enforce that, if they cared to.
How you set a minimum competence level for users, I don't know. I guess
that's what AOL is there for (trainer wheels on the bike).
J
Jason Wade
Are there any experts that would render an opinion as to whether Swen will
die out and when?
I'm not an expert--just someone who has been forced to learn far far
more about e-mail, IP addresses and spam reporting than he ever wanted
to.
Given the fact that Swen has multiple ways to spread (e-mail, p2p,
usenet, Windows shares) and the fact that it does very little to
alert the user to the infection, I'd say that Swen will be around
either forever, or until Internet protocols are changed to defeat
Swen.
F
FromTheRafters
Jason Wade said:I'm not an expert--just someone who has been forced to learn far far
more about e-mail, IP addresses and spam reporting than he ever wanted
to.
Is that a *bad* thing? ;o)
Given the fact that Swen has multiple ways to spread (e-mail, p2p,
usenet, Windows shares) and the fact that it does very little to
alert the user to the infection,
Well, I'd get pretty tired of seeing that memory access violation
error box. But many people would ignore that I'm sure.
I'd say that Swen will be around
either forever, or until Internet protocols are changed to defeat
Swen.
Yes, the whole system could use some tweaking.
Maybe we need the "begin-ternet" with training
wheels, and the internet with the wheels off. The
biggest vulnerability may be in the SE exploit, and
a little education could help there.
If more people used an antivirus product that fairly reliably
detected Swen, then it would fall off the radar, but if people
were better educated about safe computing practices it
likely wouldn't have such a good run.
G
Gabriele Neukam
On that special day, FromTheRafters, ([email protected]) said...
I am afraid it won't help much. There is to some extent a begin-ternet
there, and still we are confronted with clueless masses.
The begin-ternet is AOL.
Gabriele Neukam
(e-mail address removed)
Maybe we need the "begin-ternet" with training
wheels, and the internet with the wheels off.
I am afraid it won't help much. There is to some extent a begin-ternet
there, and still we are confronted with clueless masses.
The begin-ternet is AOL.
Gabriele Neukam
(e-mail address removed)
B
Bart Bailey
In Message-ID:<[email protected]> posted on Mon, 29 Sep
lane of the Autobahn as the Ferraris.
Those AOL learners with the training wheels are out there in the sameOn that special day, FromTheRafters, ([email protected]) said...
I am afraid it won't help much. There is to some extent a begin-ternet
there, and still we are confronted with clueless masses.
The begin-ternet is AOL.
lane of the Autobahn as the Ferraris.
J
Jason Wade
Yes, the whole system could use some tweaking. Maybe we need the
"begin-ternet" with training wheels, and the internet with the wheels
off. The biggest vulnerability may be in the SE exploit, and a little
education could help there.
If more people used an antivirus product that fairly reliably detected
Swen, then it would fall off the radar, but if people were better
educated about safe computing practices it likely wouldn't have such a
good run.
The problem is that AV software detects viruses after they've
been released and reported. Many people's computers will get
infected before the new virus signatures are released.
Teaching people safe hex will help alot, but Swen's primary means
of infection--social engineering--will work as long as humans
use computers.
The problem, ultimately, is that the virus writers are getting
away with it, and they are getting smarter and smarter as well
as more and more agressive.
Begbie wrote Sobig which was bad; he also wrote Swen which is a
nightmare. And I think that Swen is probably the best written
virus in history.
It has so many ways to spread itself; it is so deceptive in terms
of its message; it is so deceptive in terms of its packaging
(faked message headers); it is so network-weakness-aware.
Begbie's skill will not be reduced after his/her Swen success
but probably increased. I predict that
Begbie's next creation will be as much more damaging to the
Internet as Swen is to Sobig.
Virus writers cannot be stopped until they see the inside of
jail cells.
Find Begbie.
F
FromTheRafters
Bart Bailey said:In Message-ID:<[email protected]> posted on Mon, 29 Sep
Those AOL learners with the training wheels are out there in the same
lane of the Autobahn as the Ferraris.
Exactly, any internet worth it's salt would have its
own infrastructure isolated from the beginternet.
I don't know if it's possible though. CB radio may
be a good parallel, with guardbands on both sides
like guardrails. By the time you get sick and tired
of all the swearing and stomping and splattering
that goes on, you see why adhering to rules can be
a *good* thing and can move on to Ham radio.
F
FromTheRafters
Jason Wade said:The problem is that AV software detects viruses after they've
been released and reported. Many people's computers will get
infected before the new virus signatures are released.
True safe practices can make this lag time of little consequence.
The reactionary aspect of signature based AVs is unfortunate,
but signature based AV is not all that is available.
Teaching people safe hex will help alot, but Swen's primary means
of infection--social engineering--will work as long as humans
use computers.
"Microsoft Cumulative Patch" may not work on those educated
in the SE aspect of security, but sexploits will always work
well enough on the average user (it's hardwired in the wetware).
The problem, ultimately, is that the virus writers are getting
away with it, and they are getting smarter and smarter as well
as more and more agressive.
There may well be some professional teamwork involved,
and what they perceive to be a clear agenda. We haven't
seen the worst of it yet I think.
Begbie wrote Sobig which was bad; he also wrote Swen which is a
nightmare.
Begbie wrote the Gibe ones. Are you sure about Sobig?
I think Sobig was a test series, and we haven't seen the
last of it either.
And I think that Swen is probably the best written
virus in history.
Conceptually?
Not even close. But it does make some interesting points
about harvesting addresses (so it's not *completely* lame).
Technically?
I'm not a coder, but I suspect it was well enough written.
It has so many ways to spread itself;
It was not the first to do so (nothing new), and it left out
some vectors.
....but it was big enough already I suppose.
it is so deceptive in terms of its message;
Yes, the SE component was a big hit it seems.
Especially on the tails of Blaster media coverage.
(timing is everything)
it is so deceptive in terms of its packaging
(faked message headers); it is so network-weakness-aware.
Moderately so, but the newsgroup usage seems to be
the one unique characteristic ~ I wonder if it was as
the writer had envisioned it.
Begbie's skill will not be reduced after his/her Swen success
but probably increased. I predict that
Begbie's next creation will be as much more damaging to the
Internet as Swen is to Sobig.
....or maybe he'll find a nice girl, settle down, and raise
a family instead.
J
James Egan
Conceptually?
Not even close. But it does make some interesting points
about harvesting addresses (so it's not *completely* lame).
Technically?
I'm not a coder, but I suspect it was well enough written.
All the vx purists like pax and raid go on about concise coding yet
the most annoying thing about this bugger is the (sort of) denial of
service caused by its large size.
Jim.
F
FromTheRafters
James Egan said:All the vx purists like pax and raid go on about concise coding yet
the most annoying thing about this bugger is the (sort of) denial of
service caused by its large size.
Pax probably wouldn't get past the fact that it is a mass mailing
piece of crap. I suspect (when he was into it) he was more the
AV evasion type than the "do as much as you can during the
'day zero effect' type. I don't know much about raid except that
he didn't seem to like 'people' much.
Optimized code is a good thing for any programmer to do
in general, though reuseable code and data as code may
not be something that legitimate programs need be overly
concerned with. For file infectors small size is a plus for
obvious reasons, for worms it is different. I think Swen
has shown that increased size as a trade off for SE value
works well enough.
D
David Stites
GSV Three Minds in a Can said:Bitstring <[email protected]>, from the
wonderful person Nic O'Demus <[email protected]> said
I'm all in favour of it being an offence to run an 'open' (no virus
checker, open network shares, etc.) on a public network .. just like
it's illegal to drive a car with no brakes on a public highway. ISPs
could enforce that, if they cared to.
How you set a minimum competence level for users, I don't know. I guess
that's what AOL is there for (trainer wheels on the bike).
I don't use a virus checker (at least not on a regular basis) and I have
never had a virus.
ISPs are selling a service and won't want to limit the number of users they
can have. I think education is the answer. A class for new users might be a
good idea. There is a lot of info on the Net but most people don't know how
to find it. 98% of Internet users don't even know about USENET. Remember,
the GUI was invented to sell computers to people who can't program a VCR.
We are trying to protect ourselves from vandals (virus writers and spammers)
and they are never going to go away.
Dave
G
GSV Three Minds in a Can
Bitstring <[email protected]>, from the
I do, although it has only (in 10 years) caught either infected .doc
files that someone I know sent to my wife for review, or files that I
fed it deliberately to see exactly which email virus I was in receipt
of. My firewall stops quite a few probes .. whether harmless or not I
don't bother to discover.
There's a lot of information under 'help' in WinXP .. most users can't
even get that far, based on questions I see asked regularly. I'm all for
education, but I'm not sure how you make it mandatory. Cars have manuals
too, but most states/countries still require a driving test, and a
regular vehicle inspection.
'Protecting myself from vandals' is easy, going on trivial. It's
protecting myself from the people who don't know enough to protect
=themselves= that is the real problem. SWEN.A isn't ever going to infect
my systems, but the email load from all the dumba$$ attempts is a real
PITA.
wonderful person David Stites said:I don't use a virus checker (at least not on a regular basis) and I have
never had a virus.
I do, although it has only (in 10 years) caught either infected .doc
files that someone I know sent to my wife for review, or files that I
fed it deliberately to see exactly which email virus I was in receipt
of. My firewall stops quite a few probes .. whether harmless or not I
don't bother to discover.
ISPs are selling a service and won't want to limit the number of users they
can have. I think education is the answer. A class for new users might be a
good idea. There is a lot of info on the Net but most people don't know how
to find it.
There's a lot of information under 'help' in WinXP .. most users can't
even get that far, based on questions I see asked regularly. I'm all for
education, but I'm not sure how you make it mandatory. Cars have manuals
too, but most states/countries still require a driving test, and a
regular vehicle inspection.
98% of Internet users don't even know about USENET. Remember,
the GUI was invented to sell computers to people who can't program a VCR.
We are trying to protect ourselves from vandals (virus writers and spammers)
and they are never going to go away.
'Protecting myself from vandals' is easy, going on trivial. It's
protecting myself from the people who don't know enough to protect
=themselves= that is the real problem. SWEN.A isn't ever going to infect
my systems, but the email load from all the dumba$$ attempts is a real
PITA.
D
dan
All,
If we monitor trendmicro it shows that SWEN has been steady
state at 6000 or so a day for almost a week. The last time I
looked my spam was coming from Japan, Italy, and Holland.
My hope is that national 'news' adds to the solution.
I still can't believe people actually install something that
came in an e-mail!! But apparently over 100,000 world wide
have.
Dan
If we monitor trendmicro it shows that SWEN has been steady
state at 6000 or so a day for almost a week. The last time I
looked my spam was coming from Japan, Italy, and Holland.
My hope is that national 'news' adds to the solution.
I still can't believe people actually install something that
came in an e-mail!! But apparently over 100,000 world wide
have.
Dan