Next viruses will be silent killersgreenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread |
Next viruses will be silent killers Love bug is childs play developers demonstrate a cross-platform virus that disappears before it can be stopped By Eamonn Sullivan, IT Week ZDNET LONDON, May 11 Mere childs play. Thats the hacker verdict on the Love Letter worm and the more than 20 new permutations of it that are continuing to strike computers around the world. A report this week from a group of developers dismissed the Love virus attack as crude and demonstrated with code examples and a working model how it is possible to create a far more sophisticated virus that would work across platforms, do its work with stealth and disappear before it could be stopped. The next thing will be hackers using e-mail to hack into your database without you knowing, to get important pieces of information.NICK GALEA GFI SECURITY EXPERTS CONCUR that worms in the last year, such as Love and Melissa, merely proved the concept. Corporations should prepare now for much more dangerous worms that operate without user intervention, as opposed to those that rely on a recipient to take some action for instance, to open an e-mail attachment.
Michal Zalewski, a Warsaw-based security specialist working for the Internet division of Telekomunikacja Polska SA, worked on a project to see if such a worm could be developed. The project was called Samhain and was developed by a loosely knit group in Europe. All work stopped on the project last year, but the group managed to create a working model.
This model is a deadly dangerous engine, which can be used to do very, very bad things, Zalewski wrote in the report. Probably we arent the first people who thought about it and tried to write it. Thats what makes us scared.
Protecting organizations from such a threat requires more than updated anti-virus software. The next thing will be hackers using e-mail to hack into your database without you knowing, to get important pieces of information, said Nick Galea, director of Malta-based GFI.
Ive been asked, twice, to develop such spy software, Zalewski said in an interview conducted over e-mail. I dont know if it happens every day, but for sure its possible. Automated worms are better spies than conventional hackers and crackers.
Some analysts, such as the Gartner Group, have suggested that companies employ a content firewall, quarantining executables, scripts and macros at the e-mail server or firewall level. Several companies have products that claim to do that for e-mail, such as GFIs Mail Essentials and Content Technologies MimeSweeper. But if you encrypt your e-mail, those scanners are going to have trouble, said Andreas Junestam, a technical consultant with Defcom Security in Stockholm, Sweden. Encryption itself the answer to many security problems will make content filters very difficult, unless the servers have a master key. But the master key itself will then become a security hole, Junestam said.
Zalewski, however, said companies should not expect a boom in such stealth worms. They are still difficult to develop. It is slow progress, he said, not a boom. But we probably should expect some kind of boom when talking about Visual Basic disk killers.
The code in the report is very Unix- or Linux-specific, but Zalewski said the project developed enough code for Windows to show that it is possible to spread to that platform as well. We only developed a cross-platform virus, called Califax, said proven to ourselves and stopped work on it, he said. The report is available at http://lcamtuf.na.export.pl/worm.txt It summarizes the seven deadly attributes of a more dangerous worm: Portability works across platforms. Invisibility stays undetected. Independence spreads itself without user intervention. Learning learns new techniques and tells other worms. Integrity difficult to trace, modify or destroy. Polymorphism changes frequently. Usability does its work easily and disappears.
) 2000 ZDNet
http://msid.msn.com/mps_id_sharing/redirect.asp?www.msnbc.com/news/create_p1.asp?URL=www.msnbc.com/news/406448.asp
-- Martin Thompson (mthom1927@aol.com), May 11, 2000
This is a very good post. I had a discussion today with a friend of mine who works in the field, and she would concur.
-- (Dee360Degree@aol.com), May 11, 2000.