Tuesday, May 4, 2010

An 'Interesting' Virus

Wal-Mart.com USA, LLC

An 'Interesting' Virus, originally uploaded by Reciprocity.

Microsoft Store

ArabicChinese (Simplified)Chinese (Traditional)DeutchEspanolFrenchItalianJapaneseKoreanPortugueseRussian

Ten years ago this coming week an important and unpleasant event occurred: The ILOVEYOU virus. It was, at the time, the biggest malware event ever, and inspired a generation of script kiddies and greedy, sociopathic programmers. I asked Dave Perry of Trend Micro, an old pro in the field, about the lessons of the Love Letter.

It hit on May 4th, 2000. Like all e-mail viruses of that age it was right out there in the open: The subject line was "I love you"--a notion appealing to many of us, and sent before we all learned to be skeptical of unsolicited solicitations in e-mail.

Within a few days it had received massive publicity and yet people kept clicking the attachment, named "LOVE-LETTER-FOR-YOU.TXT.vbs". This immediately raises one of the lessons learned, and one not learned, from this attack: For many years now, many e-mail clients, including Microsoft's, block directly-executable attachments like .vbs (VBScript, run by the Windows Script Host program). On the other hand, Microsoft continues to identify file types inconsistently: The last, and operative extension, may be hidden from the user's view, leaving the ILOVEYOU file named "LOVE-LETTER-FOR-YOU.TXT".Thus many users assumed it was a plain text file.

The author of the worm, Onel de Guzman of the Philippines, was arrested with a co-conspirator, Reomel Ramones. The two were released when the authorities realized there were no laws in the Philippines against writing malware. De Guzman had been forced to drop out of a University because his thesis, a proposal for commercializing a password-stealing trojan horse, was rejected by the faculty. Perry adds that de Guzman had applied for a job at Trend Micro's Manila offices shortly before ILOVEYOU hit the fan.

Once run, the worm overwrote existing system files with copies of itself. Music files, multimedia files and others were transformed into relaunch points for the worm if it should be removed. It also used the victim's mailbox as a source for it's next spreading. This is why the social networking worked so well--you would almost always know the sender. It wasn't the first example of social engineering; Melissa, which used porn as a lure (a list of passwords for X-rated web sites). "I love you" is a much better appeal in so many ways.

So the obvious contribution of ILOVEYOU was great social engineering, but Perry says that there was a more important change in the technology that it, along with Melissa, spurred: Prior to these new e-mail worms, malware was largely invisible. Attacks infected files or boot sectors of computers. They were rarely destructive, at least on purpose. For a sense of malware of the 80's and 90's, see the VSUM database.

Prior to the e-mail worm phenomenon, few people took malware seriously; in 1988 Peter Norton actually said "We're dealing with an urban myth. It's like the story of alligators in the sewers of New York. Everyone knows about them, but no one's ever seen them." (In fairness to Norton, that was a very long time ago.) But it's true that the average user just wasn't all that worried about malware, or even aware of it, before ILOVEYOU.

There followed a several year period in which the majority of malware was highly-visible. Every few weeks saw another major e-mail worm outbreak. Advances in security software and changes in client programs, such as blocking executable attachments, turned the corner on these worms.

This highly-visible wave of malware brought massive growth in the anti-malware business and raised awareness of malware. Eventually, users got used to the idea that these things were real and ubiquitous, and that they had to be careful about opening unsolicited messages and files from the Internet.

Malware authors learned too. Today, malware is again largely invisible. One major category is visible: fake anti-virus, and that is the ultimate in social engineering malware. Other trojans and rootkits exist to hide from the user, giving them no clue they are running as they steal passwords and credit card numbers.

Looking back at the days of ILOVEYOU, Perry remembers it felt like a crisis, but now it seems like the good old days. The problems were so manageable, the solutions fairly straightforward. Now they get 100,000 unique malware samples a day. Where's the love?

Originally posted to the PCMag.com security blog, Security Watch.

Source Citation
"'I Love You' Virus Turns Ten: What Have We Learned?" PC Magazine Online 28 Apr. 2010. Computer Database. Web. 4 May 2010.
Document URL
http://find.galegroup.com/gtx/infomark.do?&contentSet=IAC-Documents&type=retrieve&tabID=T003&prodId=CDB&docId=A225076194&source=gale&srcprod=CDB&userGroupName=broward29&version=1.0


Gale Document Number:A225076194

(Web-Page) http://computer.tutor2008.googlepages.com/tutor2 (Album / Profile) http://www.facebook.com/album.php?aid=5745&id=1661531726&l=970be7e401
leonard.wilson2009@hotmail.comShop the Official Coca-Cola Store!Click here for the Best Buy Free Shipping Offers
ArabicChinese (Simplified)Chinese (Traditional)DeutchEspanolFrenchItalianJapaneseKoreanPortugueseRussian
Personalized MY M&M'S® Candies

No comments: