The average size of email-bourne viruses so far this year has been well under 20 kilobytes.<\/p>\n","protected":false},"excerpt":{"rendered":"
A young virus writer, sitting in his underwear in his parent’s dark basement, takes a hex editor and modifies a few bytes of the latest Netsky.M (16.5kb), Beagle.J (12kb) or Mydoom.G (20kb) mutation, spawns a new virus variant, and then releases it into the wild.<\/p>\n
The resulting few thousand compromised machines, a conservative estimate perhaps, will sit naked as drones or “bots” on the Internet, waiting patiently for their summons and commands.<\/p>\n
A mere 12 kilobytes of action-packed code is impressive.<\/p>\n
For a 12 kilobyte Beagle, you get total system compromise, plus a highly effective spam engine.<\/p>\n
The latest code that brings a Microsoft computer to its knees is small enough that it could be silk-screened onto an extra-large t-shirt: a walking time bomb, if you will.<\/p>\n
With today’s monolithic software programs and operating systems, often barely fitting compressed on a CD-ROM, it’s easy to see how small bits of malicious code can slip under the radar.<\/p>\n
I still remember the days, many computer-years ago now, when BackOrifice and SubSeven Trojans first came out.<\/p>\n
At just over 100kb, they were impressive in their day.<\/p>\n
Back then most people were running Windows 98, and a small 100kb email attachment could easily slip into the operating system and wreak havoc without ever being noticed.<\/p>\n
Today these are 100kb Trojans are monolithic in comparison to our modern email-based worm-virus-backdoor-spam-engines that tend to be under 20kb; these old relics are still a useful footnote, however, for watching the long-term evolution of malicious code.<\/p>\n
Speaking of monolithic: Windows XP Home Edition requires approximately 1,572,864 kilobytes (1.5Gbytes) for a typical install, according to Microsoft.<\/p>\n
Of course, it’s better\/faster\/easier-to-use than previous versions, as the advertisements say, and if you believe the literature too it’s also less buggy and significantly more secure.<\/p>\n
The public relations spin machine for such a large company is fascinating to me Windows has become bloated into millions and millions of lines code, yet it only takes a mere 12 kilobytes to provide full system compromise and an annoying spam engine.<\/p>\n
The divide between David and Goliath has never been greater.<\/p>\n
Consider an analogy on the size of modern malicious code: if Windows XP were the size of the Empire State Building, then the little barking Beagle virus – the size of a small dog – can come in through the front door, lift its leg, deliver its payload, and somehow cause the entire building to come crumbling down.<\/p>\n
The latest craze in the virus-worm-spam war has seen computer worms crawling inside of other computer worms – like watching maggots crawl on top of each other as they make their way through a tender piece of meat.<\/p>\n
Some of the latest worms found in the wild have multi-vector propagation algorithms and also make use of previous viral infections by Beagle and Mydoom.<\/p>\n
I do not know to what extent Microsoft’s code is scrutinized through an exhaustive security audit, but two years after Bill Gates’ long-heralded announcement the holes in the cheese are larger than they’ve ever been.<\/p>\n
For now we’re stuck with millions and millions of lines code compiled into a giant operating system that can be wiped out of existence remotely with nothing but a small 12 kilobyte piece of code, launched by someone in his underwear on the other side of the world.<\/p>\n
http:\/\/www.theregister.co.uk\/content\/55\/36345.html<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-1997","post","type-post","status-publish","format-standard","hentry","category-trends"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1997","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1997"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1997\/revisions"}],"predecessor-version":[{"id":4484,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1997\/revisions\/4484"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1997"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1997"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1997"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}