CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
image Commentaries: Security: From Bad To Worse? image
Cyber Security
Security: From Bad To Worse?
Dec. 29, 2003

A TruSecure security study says additional threats from peer-to-peer file-sharing software and spyware could make 2004 even tougher for businesses than 2003.
By Gregg Keizer,
TechWeb News

As difficult as 2003 was for businesses battling security problems, next year promises to be just as bad--and perhaps worse, as additional threats develop from peer-to-peer file sharing software and spyware, an end-of-the-year analysis released Monday by TruSecure said.
Based on research conducted on malicious code from the WildList Organization--a virus and worm clearinghouse that tracks malware actually out and in the wild on the Internet--TruSecure's ISCA's Labs tagged 2003 as a long, difficult ride. No doubt, 2003 was bad, said Bruce Hughes, the director of malicious code research at ICSA Labs.

The biggest news, he said, was the huge increase in what he called perimeter killer worms--those that don't spread via the traditional method of E-mail but instead directly attack networks through software vulnerabilities and open ports to the Internet. The best examples in 2003--SQL Slammer, Blaster, and Nachi--knocked out thousands of servers and workstations during the year. The number of such worms increased by 200% from the start of 2003 to its conclusion, according to Hughes' research.

Although mass-mailed viruses and worms like SoBig will continue to increase, albeit at a relatively slow rate, most businesses are blocking their payloads at the gateway by refusing to allow executable file attachments through to users. Not so with consumers, who will still struggle with these more-or-less traditional security threats during 2004.

Instead, it's the perimeter killers that pose the greatest threat to businesses in the coming year, said Hughes. We'll definitely see another big event in 2004 that causes at least $1 billion in damages, he said, alluding to other Slammer- and Blaster-sized attacks still to come.

Like other security analysts who have probed the year's threat patterns, Hughes sees the incredibly shrinking span between a vulnerability and a developed exploit as another of this year's trends likely to be observed repeatedly in 2004.

Hughes predicted that these so-called zero day attacks--named because of the ability of an exploit to appear before a vulnerability is even known, much less patched--will increase in 2004.

There are so many vulnerabilities in Linux, Microsoft, and Internet Explorer that haven't been patched yet, he said. And these are only those we know about. There are a lot more we don't know about. Some hacker is going to release exploit code ahead of the patch and create significant damage to those unprepared.

Other threats which will plague users in 2004, he predicted, will come from peer-to-peer file-sharing software, and spyware--utilities for tracking Web usage that often piggyback on free-for-the-downloading software.

Hughes sees peer-to-peer software, such as Kazaa, as being particularly troublesome. After analyzing hundreds of the most popular files shared on Kazaa--including cracks that let users break copy protection on commercial software--he discovered that 45% actually contained viruses, worms, or Trojan horses.

Unfortunately, peer-to-peer is almost impossible to block, Hughes said. They're actually designed to get past firewalls.

He recommended that companies not only implement policies restricting P2P use on their networks, but also that they audit the enforcement of those policies and spend time educating workers about the danger this software poses. It's not just the security concerns companies should worry about Recording companies are also coming after corporations for illegal file sharing. The fact that exploits using peer-to-peer as an exploit vector climbed by 133% during 2003 is an indication that file sharing is a developing security threat, Hughes said. ...................................more

More at informationweek
Posted on Tuesday, 30 December 2003 @ 04:25:00 UTC by phoenix22 (750 reads)
[ Trackback ]		image

"Commentaries: Security: From Bad To Worse?" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· Linux.com
· Microsoft
· HotScripts
· W3 Consortium
· More about Cyber Security
· News by phoenix22

Most read story about Cyber Security:
Booby Trapped software!
block bottom
Article Rating
spacer
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
97ppm 0.122s (0.008s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer