monitoring status of active malwares on honeypots Feb 08 2008 01:24PM
Bhatnagar, Mayank (mbhatnagar ipolicynetworks com) (1 replies)
Re: monitoring status of active malwares on honeypots Feb 08 2008 04:40PM
Valdis Kletnieks vt edu
On Fri, 08 Feb 2008 18:54:40 +0530, "Bhatnagar, Mayank" said:
> 2. Those which are dormant and for a long period of time, how can we
> conclude a particular malware/virus is not active any more? Basically we
> should not worry about it more. Is there any way we can conclude about
> the same.

It's pretty safe to assume that unless a competent researcher has reverse
engineered it and found positive proof that a malware has a hard-coded
'drop dead' date, that it's still active. And even then, it's not perfect,
because people will run with their system clock set to sometime in 1987
because their CMOS battery died and they haven't replaced it...

Here's last week's report from our e-mail gateway virus scanners:

Breakdown by Virus Family:
719 NETSKY (19.47%)
549 MYDOOM (14.87%)
509 MYTOB (13.79%)
438 AGENT (11.86%)
292 IFRAME ( 7.91%)
207 ( 5.61%)
204 NYXEM ( 5.53%)
181 BAGLE ( 4.9%)
88 BUGBEAR ( 2.38%)

Bagle, Mytob - 2005. Netsky, Mydoom - 2004. Bugbear - 2002. So the *vast
majority* of stuff we're seeing is *old*.

It's best to consider malware to be Internet Herpes - they're forever, and
you have to keep treating with antivirals to keep the itching away....

Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus