Saturday, April 11, 2009

The Apocalypse Will Not Be Reported

Did you know that the world is currently under a fairly severe malware attack?

Okay, really, every day since like 2003 the world has been under a severe malware attack. The money from these attacks has gotten so profitable that it's less common for some kid with too much time on his hands to be simply building bot armies or other weapons of mass Internet destruction for simple mischief.

Currently, several college campuses in the U.S., including my own, are fighting a at least one worm malware infestation called Tidserv.g by Symantec (Norton) or DNSChanger by F-Secure of Germany. The intentional goal of the infestation is remarkably familiar - to drive your Internet searches or page browsing to unintended sites, which then infect you with more crap and earn them advertising hits and fees. The twist is that if you pick this thing up, it not only may do this to your computer, but also to other machines within your local network stack or home network.

While not nice, this isn't the worst problem. The malware is annoying on your home machines, but on a larger network configured differently, it can severely disrupt all Internet access. The programmer simply makes assumptions which are incorrect about the structure of many non-standard internal networks. And then everyone in the residence hall loses the Internet.

My university has denied network access to over 900 student-owned and faculty computers is demanding that they be impounded by the IT department until fixed. Problem is that the campus anti-virus provider isn't returning inquiries from us, nor has it published detection files or cleanup procedures. We literally are holding these computers without bail or access with no immediate end in sight. And finals are 3 weeks away.

That ain't the worst of it.

This idea isn't new, the exploit was first extensively reported and explained in December 2008.

It's been ranted about for years that legit software engineers are losing the war against malware authors. The afore-linked search brings up phrases extending clear back to 2000. As a large-scale infestation or outbreak occurs, more of these online complaints surface - the items here roughly correspond to past attacks of MSBlaster, or the I Love You Office macro.

But in combination with the current world economic situation, it remains to be seen if the quick and substantial profits malware pushers can make will still be obtainable in the long-term. The anti-virus publishers are certainly feeling the effects of the recession - how much are they cutting back on research and solution? And all companies are cutting back staff and infrastructure upkeep and investment. Never mind what people themselves are doing to lower their own expenses.

So the malware threats are becoming sophisticated, the anti-virus companies have historically had issues keeping up with the threats, a world-wide recession is threatening the bottom line for everyone except maybe the gray-black world of Internet profit. Sounds like a perfect storm to me.


Seven of Six said...

Does it attack Mac's and PC's both equally? I thought Mac's were less susceptible to malware threats?

idiosynchronic said...

Not equally - the pusher of the Windows version has also had a OS X version created. The behavior they exhibit is identical, even if the means is not.

Of the handful of machines our team took in today, 2 were Macs.

Twinky P* said...

Dang. That's insane.

Judith said...

I'm a little concerned about my home computer connecting to the Internet without me signing on. It happened for about four days, but seems to have stopped now. Any suggestions?

idiosynchronic said...

Judith - was this Vista? Vista apparently will start and update itself at like 2am, and quite often will not shut itself off. Is this your problem?