Why 6 viruses after the first one?

  • Thread starter Thread starter mm
  • Start date Start date
M

mm

A curiosity question, but probably with practical uses eventually:

My frrend with the virus seems to have gotten 6 more viruses in two
weeks that she and I and another friend have been trying to get rid of
the first one.

Is that likely because

1) The first virus calls up his friends and says "Come on over. I've
got plenty of beer",

or

2) The webpage scan scam that she fell for in the first place
installed more than just that first virus,

or

3) The first virus disabled her real-time virus checker. 2 or 3 of
her viruses are supposed to arrive by email, but she still didn't
click on any attachments, so how would that have given her extra
viruses?

Very confused,

Thanks
 
From: "mm" <[email protected]>

| A curiosity question, but probably with practical uses eventually:

| My frrend with the virus seems to have gotten 6 more viruses in two
| weeks that she and I and another friend have been trying to get rid of
| the first one.

| Is that likely because

| 1) The first virus calls up his friends and says "Come on over. I've
| got plenty of beer",

| or

| 2) The webpage scan scam that she fell for in the first place
| installed more than just that first virus,

| or

| 3) The first virus disabled her real-time virus checker. 2 or 3 of
| her viruses are supposed to arrive by email, but she still didn't
| click on any attachments, so how would that have given her extra
| viruses?

| Very confused,

| Thanks

You use the term "virus" to explain what the computer may have. That's your first
confusion. I'll bet NONE or maybe just ONE is a type of virus but the rest are all forms
of trojans as all viruses and trojans are malware but not all malware are viruses or
trojans.

When you talk/write about "malware" you need to be more precise than "My frrend with the
virus seems to have gotten 6 more viruses in two weeks".
 
Hello, David!

You wrote on Sun, 19 Sep 2010 09:16:44 -0400:

|
|> A curiosity question, but probably with practical uses eventually:
|
| When you talk/write about "malware" you need to be more precise than "My
| frrend with the virus seems to have gotten 6 more viruses in two weeks".
|
I was computer illiterate at 1 time too... (still am)
 
mm said:
A curiosity question, but probably with practical uses eventually:

My frrend with the virus seems to have gotten 6 more viruses in two
weeks that she and I and another friend have been trying to get rid of
the first one.

The one with the 'five specific threats' would be more correct than the
one with 'viruses'.

However, some of those threats can indeed be considered 'viruses'.
Is that likely because

1) The first virus calls up his friends and says "Come on over. I've
got plenty of beer",

As I recall, Hybris got 'plug-ins' from encrypted plug-ins posted to
alt.comp.virus. One such plug-in allowed Hybris to spread in a viral
manner as well as its own native e-mail worm vector. If Hybris executed
on the victims machine, it introduces the *unknown* factor into the
equation and makes "flatten and rebuild" look like a better option.

Magistr just does what it does (no added *unknown* functions) - there is
a nasty payload as well as a rather tame payload, and the detection of
legal documents on the current host might trigger the more nasty
payload. Your AV should be able to handle Magistr removal.
or

2) The webpage scan scam that she fell for in the first place
installed more than just that first virus,

Possible, but the scareware does not qualify as a virus. It gets
distributed in the manner that you describe, but does not distribute
*itself* (known as 'spreading') like viruses and/or worms do.
or

3) The first virus disabled her real-time virus checker.

The scareware (not a virus) probably did this.
2 or 3 of her viruses are supposed to arrive by email,

Yes, Hybris and Magistr are both primarily e-mail vector worms (pseudo
worms I like to call 'clickworms' - if not for the need for the user to
click, they would be true worms).
but she still didn't click on any attachments, so how
would that have given her extra viruses?

Maybe they weren't ever executed, and an e-mail scanner is picking up on
them. You never did mention *where*, *what* was found.
Very confused,

Join the club. :oD

Many of the official vendors' sites add to the confusion. If you are
going to discuss malware, it is important to agree on terminology. Many
places online seem to have their own unique definitions for worms,
viruses, and non-self-replicating malware.

So do I.

It helps to think of worms and viruses as self-distributing mobile code.
They have the ability to replicate more than just themselves, so can
carry a 'payload' which makes them a favorite for malware distribution.
If someone chooses a beneficial payload, they would still be considered
inherently bad because there are safer ways to distribute beneficial
payloads without the risk of uncontrolled outbreaks or unanticipated
behavior.
 
From: "gufus" <[email protected]>

| Hello, David!

| You wrote on Sun, 19 Sep 2010 09:16:44 -0400:


||> A curiosity question, but probably with practical uses eventually:

|| When you talk/write about "malware" you need to be more precise than "My
|| frrend with the virus seems to have gotten 6 more viruses in two weeks".

| I was computer illiterate at 1 time too... (still am)

That's why it is "good" to discuss these points. To raise situational awareness and
subject matter litteracy.
 
Hello, David!

You wrote on Sun, 19 Sep 2010 18:00:30 -0400:

|> I was computer illiterate at 1 time too... (still am)
|
| That's why it is "good" to discuss these points. To raise situational
| awareness and subject matter litteracy.
|
My ears are up...
 
From: "gufus" <[email protected]>

| Hello, David!

| You wrote on Sun, 19 Sep 2010 18:00:30 -0400:

| |> I was computer illiterate at 1 time too... (still am)

|| That's why it is "good" to discuss these points. To raise situational
|| awareness and subject matter litteracy.

| My ears are up...

:-)
 
Hello, David!

You wrote on Sun, 19 Sep 2010 18:27:58 -0400:

|> My ears are up...
|
| :-)
|
Everybody learns differently..|
 
Back
Top