|
How to prepare for the coming virus onslaught |
|
|
Senior Associate Editor,
CNET/ZDNet Reviews
Monday, March 24, 2003
At one time, virus writers were considered by fellow hackers to be near the bottom of the heap. Not anymore. With increased security in Microsoft Outlook 2002, and better heuristics in today's antivirus software, viruses must be more sophisticated in order to spread--and those who can write them are gaining standing among their peers. As a result, experienced hackers who really know how to program are trying their hand at viral code.
We're already seeing the effects of this trend. While 2002 was notable for its lack of new e-mail virus outbreaks, already this year several sophisticated worms, such as the recent SQL Slammer, have appeared. By the end of 2003, I expect e-mail viruses to become as rare as macro and boot-sector viruses. But in the meantime, we should get ready for a summer of complex and effective new worms.
So how can you prepare? For one, learn about the viral trends security experts are watching. The more we all study trends and learn to anticipate attacks, the better prepared we can be when the next worm hits. Here are some of the key concerns in the virus community you should be aware of.
Time is ripe for attacks
The increase in reported software vulnerabilities, including the recently announced flaws in Windows, Unix, and Linux, could not come at a worse time. While there are patches available for most of the recent flaws, I'm betting there will be a few more serious vulnerabilities--some without patches--discovered before the year is over.
This, combined with a rising tide of anti-American sentiment in the world, could result in politically motivated attacks that exploit these flaws--with worms either shutting down parts of the Internet, or launching denial-of-service attacks against specific commercial or governmental Web sites. We can expect this type of attack to inconvenience more than your average desktop computer user; as with SQL Slammer, these exploits will also affect banking, telecommunications, and even healthcare systems.
Zero Day exploits
One thing worrying security experts today is the smaller and smaller amount of time between the announcement of a new flaw and the appearance of a worm taking advantage of it. A worm or malicious-code attack is considered a "Zero Day exploit" (or just a "Zero Day") when it takes advantage of a software vulnerability that is unknown to vendors and users. Zero Days have the potential to cause a lot of damage, because users often have no immediate defense, such as a patch for their vulnerable software.
On March 17, security experts announced a Zero Day exploit had been found on a Windows 2000 military computer running the Web Distributed Authoring and Versions (WebDAV) service. The previously unreported flaw, a buffer overflow, allows a remote user to run code on the server, and possibly create new accounts or access files. Microsoft has since issued a patch for the flaw. However, the vulnerability could still be exploited later this year because there remain over 4 million potentially vulnerable servers in the world.
Failure to install patches
Why are so many machines still vulnerable to known threats? Well, just because a patch exists doesn't mean that everyone will install it. Take, for example, the SQL Slammer worm outbreak. When the worm first appeared, the patch for the software flaws it took advantage of had been available for some time. But, for various reasons, it had not been installed on every machine containing these vulnerabilities. It took Slammer to make sure more people implemented the available fixes.
This was the case with the Code Red attack in August 2001, too. The flaw behind this worm was discovered about a month before Code Red first appeared on the Net. Again, not every vulnerable system was patched at the time of the attack.
Hackers go to the source
What's really troubling is that hackers are now breaking into security companies to learn about new, unreported flaws. Just last week, an individual using the name "Hack4life" claimed to have details about three new flaws still under wraps at the Carnegie-Mellon Computer Emergency Response Team (CERT) Coordination Center.
The hacker claims to have stolen the information from a security company working with CERT and several other vendors. The flaws were to be made public in June, once all the affected vendors had created patches. Hack4life demonstrated that such secrets may be the new targets for malicious users.
The way to thwart virus writers, of course, is to install patches on servers and office and home desktops as soon as they are available. In addition, software vendors need to take more responsibility for their products by not releasing them until they are truly secure.
These days, attacks are no longer coming from inexperienced script kiddies, but from skilled rogue programmers. Band-aid solutions are no longer good enough to contain the threats we'll see this year. Greater cooperation between vendors, users, and security experts will be necessary to minimize the impact these malicious users will have on our lives.
ZDNet
|
|
|
 |
| "How to prepare for the coming virus onslaught" | Login/Create an Account | 0 comments |
|
| | The comments are owned by the poster. We aren't responsible for their content. |
|
|
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 1
Votes: 1
|
|
|
