20 years of innovative Windows malware

[Chiefcrowe]

http://infoworld.com/d/security/20-years-innovative-windows-malware-021

 

[Wyndru]

Hehe, nice read. Thank you.

I remember when ILOVEYOU hit and mangled our systems. "i hate go to school" was one of the lines of code in it lol.

And backorifice, all the students were spreading that one around to spy on each other.

 

[Chiefcrowe]

yea it really took me back. I think we didn't really get hit with a lot of those too badly except for Conficker (because at the time sophos was being used a lot and it didn't catch it in time!)

 

[spikespiegal]

I recall all of these, and the ones I regarded with the most fear were Nimda / Code Red and Blaster. Some of the junk on the list required end users to do stupid things in a 'give everybody admin rights' environment, which qualifies as a management problem more than a security problem.

Nimda's multiple vectors and sophisticated architecture made it nearly impossible to eradicate, and the really scary thing was Nimda and Code Red we're written in a way that didn't exploit their devastating potential. Either could have 'taken over the world' had the original writers intended them also.

Also, unlike most of the VB trash that came earlier, Nimda / Code Red went after sloppy practices via network and server engineers and not dumb users clicking on E-mail attachments while having local admin rights. Every punk consultant setting up Win2k serverswith IIS installed for no reason, etc. They actually changed the culture in IT departments rather than just made Symantec and McAfee more money and irritated cube citizens.

Blaster also could have been a lot worse than it was and changed Microsoft's attitude towards patching from re-active to pro-active.