I often clean up computers that have been overwhelmed with viruses, trojans, spyware and whatnot. Usually the owner of the computer ignores the problem until the machine basically becomes unusable or their ISP cuts them off until they do something about it. (They will click OK to a message from their virus scanner, and just keep on going. This drives me insane, but that’s a rant for another day.)
I’ve done this clean up dozens of times, and no one has ever lost any data, despite ignoring my advice to back up anything important. Why is it that a PC can be infected with literally hundreds of trojan programs, but not one of those programs does anything that would really matter to the user like deleting music and picture files?
I know that most trojans are trying to capture passwords, banking data, etc. but it seems weird to me that none of them seem to be intentionally destructive.
It seems perverse, but I can’t help but feel people would take the threat more seriously if they actually lost important files. Nobody really seems to care that their machine is infected and spreading the nastiness to others because they don’t actually lose anything important. Have I just been lucky or is there really such a lack of truly destructive viruses these days?
A virus that destroys its host is unable to spread. Besides, virus writing is a lost art; I don’t think any of the authors of the VBA viruses could actually do any permanent damage if they tried (IMO, of course).
It’s all about motivation. Random destruction just doesn’t benifit the virus writer in any tangible way. They can brag to one or two well trusted associates, maybe feel somewhat self satisfied that they caused some anarchy, but that’s about it. Even if you delight in the misery of others, not being able to see the look on your victim’s face when they find out all their files are gone takes a lot of the fun out of it. If you have a grudge against someone or some organization, a virus is too clumsy of a weapon to use on them, some kind of DDOS attack would be much more effective.
These days, people who write this stuff are often looking to profit in some way, by delivering ads, selling personal information, or even just getting a few keys for various online games.
You have a point though, I have often wondered what would happen if someone wrote the ultimate virus. It would be small, spread using 20 different methods, and try to be as stealthy as possible. It could mutate and try to hide from 5 of the biggest anti-virus programs. It looks for .doc, .txt, and .xls and changes a few words here, a few numbers there. It knows how to use Access, Oracle, and DB2 and modifies a few pieces of data in random tables. When you finally notice it on your system, you have no idea how long it’s been there, or how many of your backups it had already affected.
Heh, but like I said, fortunately no one has the motivation to write such a thing. I guess it’s the same part of human nature that makes random destruction in the real world pretty rare.
Sure, but it would draw attention to itself quicker if it started doing that; drawing attention to itself quicker means it would have less time to propagate, less time to act as a proxy for sending spam emails, less time to take part in distributed denial of service attacks etc.
The destructiveness of a virus is inversely proportional to how widespread it is (roughly). A virus that trashes the hard drive spreads slowly because it can only spread for a short period of time (i.e., until the hard drive is trashed).
In the old days, viruses that trashed hard drives usually had a timed payoff (e.g., Michealangelo), so they could spread up until the payoff date. The disadvantage of this was that there was plenty of time to update antivirus: if you’re virus doesn’t become active until next March, any update of antivirus software during that time would remove it before that date.
Also, a truly dangerous virus would get a lot of press, causing people to update their antivirus for protection. This sort of thing worked when no one used antivirus, but nowadays people have some protection and many know to update (especially in corporate environments).
Well, it seems to me that you have pretty much answered your own question right there.
‘Professional’ coders don’t have anything to gain by being destructive - they just do what they need to get whatever they want.
‘Amateur’ or hobbyist coders may have the motivation to vandalize millions of machines, but either lack the skills or are worried about getting the likes of the FBI even more riled up than they would already be.
There have been plenty of destructive viruses (MSBlast springs to mind), but they are definitely the exception rather than the rule. Most tend to do collateral damage rather than set out to wreak havoc.
I disagree. A virus can be widespread without being destructive. It can also be both. I’m trying to figure out why we don’t see this. For example a virus that spreads itself for awhile, and then deletes data files.
I wish that were true. But that simply doesn’t jive with my experience. I see many, many people who know their PC is infected; yet continue to use it anyway. I believe they do this primarily because if they didn’t they would never get to use it. It would always be in the shop getting cleaned up. And until it becomes totally bogged down, they don’t care because their data files are still there and usable. Their data files are sitting on a virus and trojan infected PC, not backed up, and still they don’t lose them. I find that amazing.
I have always suspected that the folks writing and distributing viruses, and the folks writing and selling antivirus programs have a little too much in common interests.
I don’t have an anti virus progran. I did once, for a full year. It found and removed a grand total of zero (0) viruses after completing 365 half hour long searches of my two hard drives. A year later, after having it disabled for most of the year, I ran it again, it updated itself, and then scanned, and found another zero (0) viruses.
I now have a spy ware scanner that has found the same number of spy programs in a month. At least it was free.
Also, I think we’re forgetting something important. 10-15 years ago, virii weren’t spread via the internet. They transfered from one computer to another by [floppy] disk. So I use an infected disk in my machine where it transfers the code into my computer. Now, depending on the type of virus, each time I put a disk in my machine (say to transfer files to a friends machine) I’ve now infected that disk and that friends machine and so on and so forth. So even if the virus hosed my computer it’s still on my disks and can still be transfered to another computer. Sure it was a lot slower, but it was pretty effective for it’s time.
Like sailors with on-shore leave, there are some that will pick up viruses quickly and frequently and those that never will. People that stick to reputable internet sites, don’t install questionable programs, don’t do file sharing, and don’t attract or open unsafe emails aren’t at much risk.
However, many of us are real sluts when it comes to that type of thing. I work in It and although that type of support isn’t my job I have found that many people get infected all the time. It isn’t just viruses but also spyware and adware and page hijackers and everything else.
The bad stuff is out there. Boy Scouts usually don’t CTD’s at the same rate as others with questionable habits.
Not to be a jerk, but if I may, I’d like to point out that the plural of “virus” is “viruses”. This is something of a pet peeve of mine. There’s actually no Latin plural of “virus”, though if there were, it wouldn’t be “virii” - Latin plurals virtually never end in “-ii”; that only happens when an I in the stem is next to an I marking the plural, as in “radius - radii” (where the stem is “radi-” and the plural marker is “-i”.) “Virus” is not a second declension noun anyway, so if a plural had existed in Latin, it wouldn’t be “-i”.
Thus the modern English usage of the word, which is vastly different from its meaning in Latin and thus requires a plural form, is to form the plural in the English fashion by adding “-es”.