I saw this morning in a national weekly magazine an ad that made me shake my head. It featured text, "virus that erases your hard-drive", in amongst the rest of the ad. And the ad had lots of yellow in it. Just so you know.
Stuff like this makes me twitch. I realize that readers of this particular magazine aren't as sophisticated with regards to viri as readers of Information Security are, but still. Some things just grate no matter what they are. Like the violation of the Space Is Big principal in movies.
Computer viruses follow, unsurprisingly, epidemiological trends when it comes to 'lethality'. To take a real world example, lets look at Syphilis. When syphilis was first introduced into the human population it was much more lethal than the form we know of today. One of the ways it changed was to lengthen its incubation (i.e. prime infectious time) and reduce the percentage of death amongst people who contract it. In the beginning, the lethality rate was 100%. These days the survival rate of untreated syphilis is pretty high. This is because killing your host is not a good survival strategy for viruses; if you are going to kill them off, at least make the incubation time long enough to infect lots of others (AIDS) or be infectious enough that anyone that comes within so far of the dead body is likely to be infected too (Ebola).
Computer viruses follow these trends too. Successful viruses do not nuke (format the hard-drive of) their hosts, they lay dormant and spew copies of themselves. Some do perform data modification on the infected host, but these are relatively rare. Worms such as Nimda and Slammer had their own ways of causing annoyance; Slammer clogged networks, Nimda replaced image files with copies of itself. The last well known, wide spread format-your-hard-drive virus was back in the days when floppy-disks were a prime infection vector for viruses. I.e. the dark ages.
The idea behind them was simple. Release a bug that infects by boot-sector (or .exe/.com infector). Time-bomb it so that if the system-date is a specific date, the payload delivers and Bad Things Happen. There were scares from these, but I personally haven't heard of any wide-spread damage from them. Like I said, virus-writing in those days was pretty primitive.
That kind of thing is a lot harder to get away with these days. As worms such as Nimda and Slammer have proven, mass propagation as fast as possible is a very good way of defeating the Antivirus-vendor definition cycle. With pressures like that, the AV companies are getting better and better at identifying infectious material and deploying countermeasures pretty quickly. If the theoretical virus-writer writes a timebombed payload that includes "format c:", the AV community will know about the virus as soon as it gets widely spread enough, and the AV community will reverse-engineer it to find out what it does. Said virus-writer has to be very sure of his infection vector working well enough to get enough hosts infected before the major vendors get definitions out that clean up the bug. Too long, and only the badly managed systems (home users typically, these days) will get nailed by it. Too short, and critical mass wouldn't have been reached and the virus kills itself off.
A far more effective campaign, in my opinion, would be to put the fear into the reader that their PC might be part of the SPAM problem. It is proven that some viri turn infected hosts into spam-relay stations. And heck, everyone hates spam. And it'd cause my teeth not to grind as much.
Stuff like this makes me twitch. I realize that readers of this particular magazine aren't as sophisticated with regards to viri as readers of Information Security are, but still. Some things just grate no matter what they are. Like the violation of the Space Is Big principal in movies.
Computer viruses follow, unsurprisingly, epidemiological trends when it comes to 'lethality'. To take a real world example, lets look at Syphilis. When syphilis was first introduced into the human population it was much more lethal than the form we know of today. One of the ways it changed was to lengthen its incubation (i.e. prime infectious time) and reduce the percentage of death amongst people who contract it. In the beginning, the lethality rate was 100%. These days the survival rate of untreated syphilis is pretty high. This is because killing your host is not a good survival strategy for viruses; if you are going to kill them off, at least make the incubation time long enough to infect lots of others (AIDS) or be infectious enough that anyone that comes within so far of the dead body is likely to be infected too (Ebola).
Computer viruses follow these trends too. Successful viruses do not nuke (format the hard-drive of) their hosts, they lay dormant and spew copies of themselves. Some do perform data modification on the infected host, but these are relatively rare. Worms such as Nimda and Slammer had their own ways of causing annoyance; Slammer clogged networks, Nimda replaced image files with copies of itself. The last well known, wide spread format-your-hard-drive virus was back in the days when floppy-disks were a prime infection vector for viruses. I.e. the dark ages.
The idea behind them was simple. Release a bug that infects by boot-sector (or .exe/.com infector). Time-bomb it so that if the system-date is a specific date, the payload delivers and Bad Things Happen. There were scares from these, but I personally haven't heard of any wide-spread damage from them. Like I said, virus-writing in those days was pretty primitive.
That kind of thing is a lot harder to get away with these days. As worms such as Nimda and Slammer have proven, mass propagation as fast as possible is a very good way of defeating the Antivirus-vendor definition cycle. With pressures like that, the AV companies are getting better and better at identifying infectious material and deploying countermeasures pretty quickly. If the theoretical virus-writer writes a timebombed payload that includes "format c:", the AV community will know about the virus as soon as it gets widely spread enough, and the AV community will reverse-engineer it to find out what it does. Said virus-writer has to be very sure of his infection vector working well enough to get enough hosts infected before the major vendors get definitions out that clean up the bug. Too long, and only the badly managed systems (home users typically, these days) will get nailed by it. Too short, and critical mass wouldn't have been reached and the virus kills itself off.
A far more effective campaign, in my opinion, would be to put the fear into the reader that their PC might be part of the SPAM problem. It is proven that some viri turn infected hosts into spam-relay stations. And heck, everyone hates spam. And it'd cause my teeth not to grind as much.