Got the worms or a viral infection?
1 April 2005 | 0
Heard about the latest virus doing the rounds? As well as corrupting your hard drive and forwarding itself to your friends and neighbours, it’s also been known to run off with your wife and tell your kids that the tooth fairy doesn’t exist.
Okay, things may not be that bad yet. According to security experts however, viruses are growing in sophistication as virus writers build on their previous successes. Attacks aimed at exploiting security vulnerabilities are on the increase. The manifestation of these attacks is evidenced by such occurrences, amongst many others, as worms that successfully propagate themselves through any multitude of methods.
For many, 2001 was the year of the virus. Not only was there a rise in the number of viruses circulating around the world, but many of these turned out to be a lot more sophisticated than earlier versions. Traditionally, virus writers have tended to rely on e-mail to spread, but newer multi-tasking worms such as Nimda, Code Red and Goner used a number of different methods and techniques to transmit and spread an attack including launching denial of service attacks on Websites, infecting Web pages and leaving Trojan horses behind for later execution.
Security experts have termed these new types of viruses, ‘blended threats’ because of their ability to propagate using different methods. Traditional viruses usually propagate through human intervention. An individual receives a virus as an e-mail attachment and opens it. Once activated, the virus can deliver its deadly payload before forwarding itself on to everyone listed in that victim’s e-mail address book.
But, while this method used to be hugely effective in spreading viruses, most PC users have begun to wise up to the dangers of infection. As long as users of e-mail have up-to-date anti-virus software installed on their machines and don’t open up suspicious attachments, then the spread of these viruses is limited.
However, multi-tasking viruses tend to be automated and don’t need a helping hand to spread. Take the Nimda virus for example. Nimda employed a combination of numerous software vulnerabilities together with multiple methods of infection. It was so successful that it managed to infect more than 2.2 million servers and PCs in a 24 hour period in September 2001, costing businesses worldwide an estimated $590 million in revenue.
Unusually, Nimda attacked both servers and PCs. It spread itself as an e-mail attachment, via server-to-server Web traffic, through shared hard disks on networks and by automatically downloading infected files to users who browsed Web pages hosted on infected servers.
The worm exploited flaws in Microsoft’s Internet Explorer Web browser and in the company’s Internet Information Server Web server platform. It damaged several types of files and created holes in computer systems that could have potentially been used by hackers.
Just as bad was the Code Red worm which, instead of propagating through e-mail, exploited a weakness in Microsoft’s NT 4.0 and Windows 2000 Internet software, spreading from server to server. It launched denial of service (DoS) attacks on a number of Websites. Attacks included the official White House site and left Trojan horses behind for later execution. The worm was processed in memory, rather than on hard drive disks, allowing it to slip past some anti-virus products. All in all, the damage caused by Code Red and its variant, Code Red II cost an estimated $2.62 billion.
The logic behind blended threats is simple: the more methods of attack you have, the quicker a virus spreads. Security experts are now suggesting that these new types of viruses are likely to develop further and will soon begin to target newer communication methods such as instant messaging, broadband and wireless. The worry is that because these applications aren’t readily associated with viruses, users are much more likely to open them without thinking.
We’ve already seen a growth in the number of viruses for handheld computers and last summer, a virus called W32/Jerrym spread via MSN Messenger. It masqueraded as a real person, saying, ‘Hey, want me to send my new pic? I took it yesterday.’ If users said yes, the virus sent a file along, which once accepted, infected a person’s PC. While the virus wasn’t destructive, it’s only a matter of time before someone takes the next step and unleashes a deadly payload.
While e-mail borne viruses still account for more than 90 per cent of outbreaks, it’s obvious that these new sophisticated programs are going to get more common. Rather than just simply attempting to spread, these programs are likely to take other actions such as stealing or deleting files, or launching denial of service attacks. Virus writers and hackers have learnt from each other’s methods and are now combining the two.
So how do you protect yourself from them? The traditional ‘one threat, one cure’ approach to tackling viruses is no longer sufficient. In the future it looks as though we’ll need to insure that as well as having up-to-date anti-virus software installed on our machines, we’ll also need to have a personal firewall. However, whatever precautions we take in terms of software, nothing beats a bit of cop on.