emergency message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: SoBig virus update
- From: Rex Brooks <rexb@starbourne.com>
- To: karl.best@oasis-open.org, jamie.clark@oasis-open.org, webmaster@oasis-open.org
- Date: Fri, 22 Aug 2003 06:59:48 -0700
Title: SoBig virus update
Hi Folks,
I only had 12 new Sobig.F messages overnight, so that is an
improvement over the last two days, but, following the news about this
is leading to some unpleasant conclusions.
http://informationweek.com/story/showArticle.jhtml?articleID=13100925
One of the reasons why I am writing about this has to do with the
fact that this is the first unabashed and unconcealed or unconcerned
glimmering of what I considered to be the inevitable course of
malicious and/or greed-based hacking back in 1999-2000 when I thought
about these issues after having spent two years getting accustomed to
working cross-platform. I was deciding then how to configure my own
office.
In terms of malicious hacking, I worried about the blackout, but
it has not proven to be a result of this kind of activity as terrorist
tactic, yet. Unfortunately, if it was successful, it would not be
discovered easily, so the jury is still out on that.
However, with the coincidence of MSBlaster and the .F variant of
Sobig, we are seeing the first fairly clear evidence of widespread,
indiscriminate, criminal hacking for profit. When I say this, I mean
that we are seeing the first such efforts that seem fairly unconcerned
about being successfully tracked down or which have arranged for
prepared fall-guys to take the blame and do the time after having
already banked their advance payments in secured accounts. This is not
just paranoid speculation, it is the way the smartest people I talked
to about it, would do it, if they were going to do it.
Regardless, paranoid delusions or not, the point is that the
perpetrators appear to have the kind of grasp of how to successfully
turn a profit on this stuff--by making it unavoidable, painful, not
too-costly, and widely publicized. This means a lot of growth for the
anti-virus, security community. If it were catastrophic, I would be
worried about the skill and intelligence of the terrorists, not that I
am not, but that's another issue. Based on the evidence, this is more
parasitic than fatal. That is to say, it's a cash cow.
The last piece of the puzzle, for me at least, was the
essentially re-useable nature of the Sobig core program, and the
ability to succesfully forge source addresses without having to
actually send from the individual's machine while not also completely
bogging down the infected servers long enough to spread effectively.
It will take quite a bit of work, and more profit of course, to
require verification for source addresses, so this particular scam has
a limited lifecycle, but the point is just that, it has a lifecycle,
and the re-useability makes it clear that is simply going to milk us
in the fine old tradition of planned obsolescence which plagues our
entire economy, not just the software industry where it is so
egregious.
That is also why I recommend to those irretrievably married to
Windows servers that they skip the intervening, and endless,
troubleshooting, hit and miss, measures. Get and keep a clean install.
Wash all your data. and scrub you servers down to the metal and
reinstall that clean install. And start negotiating with you
outsourced security. It will have to hurt them, beyond simply losing
your business, as much as it hurts you. If you are doing your own
security, be paranoid.
FWIW,
Rex
--
Rex Brooks
GeoAddress: 1361-A Addison, Berkeley, CA, 94702 USA, Earth
W3Address: http://www.starbourne.com
Email: rexb@starbourne.com
Tel: 510-849-2309
Fax: By Request
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]