John Canavan Symantec
download slides (PDF)
Viruses and worms pose some of the most formidable threats in the modern computer security landscape. With some virus writers on the bleeding edge of technology, making use of zero-day exploits and innovative techniques to circumvent system security features.
However, for every Blaster, there's a worm that repeatedly attempts to infect the same machine. For every 100,000 node botnet Spybot infection there are 20 variants that fail to get as far as even connecting to an IRC server. For every Netsky, there's an intended mass-mailer that crashes before it sends a single copy of itself out.
From exploitable vulnerabilities in their code to incomprehensible goofs there's no shortage of evidence that a large proportion of virus writers aren't quite as capable as they would like others to think. This paper will take a look at the legacy of these slightly less than expert level virus writers, and examine the threat they continue to pose.
