[Institut] Fwd: Virus News: Good Viruses Simply Don't Exist

Sun Aug 24 18:45:58 CEST 2003

This is a forwarded message
From: news at kaspersky.com <news at kaspersky.com>
Date: Friday, August 22, 2003, 3:02:13 PM
Subject: Virus News: Good Viruses Simply Don't Exist

  Na temu "virusom protiv virusa"...

  (Brana će popustiti na više mesta nego što Vi imate prstiju.  -
Edukujte ljude kako da koriste Internet. Samo je neznanje sramota.)

 Miloš T. Kojašević
 mailto:koki.m at yubc.net
home: (+381 11) 5.96-74.5
mob.: (+381 64) 15.11.13.1

===8<==============Original message text===============

Virus News. Friday, August 22, 2003
******************************************************************

1. Good Viruses Simply Don't Exist

****

1. Good Viruses Simply Don't Exist
"Welchia" only offers a false sense of security

The appearance of the "Welchia" network worm has provoked lively debate
over the legitimacy of malware programs that battle other malware.
Unfortunately many users have failed to properly weigh the relative
benefits and disadvantages of "Welchia". Kaspersky Labs feels it is
important to shed light on the situation.

There is no such thing as a good virus. The side effects caused by
"Welchia" in deleting "Lovesan" and its attempts to update Windows are
just the tip of the iceberg. Users need to be aware of the vital issues
lying hidden just beneath the water line.

Firstly, "Welchia" is guilty of breaking into computers, an
unambiguously criminal act. The worm makes every effort to hide itself
and even attacks IIS servers, leaving them vulnerable. Moreover, the
worm only installs the Windows patch, but does not reboot computers.
Until a reboot is done a system is still vulnerable, and in the case of
servers and machines which are rarely rebooted, the "beneficial" effect
of the worm is nil.

Secondly, the network worm modifies infected systems and downloads
potentially dangerous objects (an FTP server module and a carrier-file
containing the malicious program). These objects can lead to operating
system malfunctions and open breaches that can be exploited by
evildoers. For example, using an FTP server makes it easy to steal
sensitive information from infected systems.

Thirdly, "Welchia" creates malicious data streams that compromise the
owners of infected machines and which require additional payments for
network traffic. These data streams clog up Internet channels and can
potentially provoke a global Internet catastrophe. If the number of
infected systems passes a certain threshold, the volume of virus traffic
could overload data transmission channels and lead to an Internet-wide
slowdown.

Finally, the worm gives users a false sense of security and promotes
passivity with regard to self-security. Such user apathy and inaction
can lead to unpredictable consequences. The Internet could turn into a
virus battlefield where network traffic is soaked up by a pack of
malicious programs battling each other for supremacy.

Kaspersky Labs stresses that there is no such thing as a good virus.
There are destructive viruses and seemingly harmless viruses.
Nevertheless, all viruses commit cyber crimes in that they conduct
unauthorized activities and have negative side effects. Additionally,
rather than hope for an "anti-virus virus", it is far better for users
to actively protect their own machines. This is the only way to
significantly prevent malicious programs from penetrating computer
security systems and to avert increasing Internet chaos.

****

Best of Luck,

Kaspersky Lab News Agent

-----
10 Geroyev Panfilovtcev St.,
125363, Moscow
Russia
Telephone/Facsimile: +7 (095) 948 43 31
WWW: http://www.kaspersky.com
FTP: ftp://ftp.kasperskylab.ru
E-mail: webmaster at kaspersky.com

===8<===========End of original message text===========

-- 
 Miloš
 mailto:koki.m at yubc.net
Note:
  File(s) attached: <none>