[ISN] Hacker exploits make PC worms deadlier

From: InfoSec News (isnat_private)
Date: Fri Oct 19 2001 - 11:24:02 PDT

  • Next message: InfoSec News: "[ISN] [defaced-commentary] Pakistani Hackers Deface U.S. Site With Ultimatum"

    By Wendy McAuliffe
    ZDNet (UK) 
    October 18, 2001 5:20 AM PT
    Computer worms are set to become a more deadly combination of virus
    writing and hacker exploits, according to security experts at
    Code Red and Nimda marked the demise of socially engineered worms, by
    combining a blended threat of proven hacker exploits. Both worms
    attacked the same buffer-overflow vulnerability in Microsoft's IIS
    software, while Nimda additionally incorporated a mass-mailing
    component enabling the virus to propagate on a massive scale. Neither
    of the worms relied on the traditional need for an infected computer
    user to double-click on a malicious attachment.
    "Nimda and Code Red have eliminated the need for human intervention,
    by virus writers using what hackers have already provided," said Eric
    Chien, chief researcher at Symantec. "One year ago email worms were
    the big threat, as they spread quickly and far--but now a lot more
    virus writers will be looking at the hacker worm."
    Chien predicts that by next year, the "blended" threat of computer
    worms could be enough to cause a serious Internet slowdown. Antivirus
    experts at Symantec have already developed an algorithm to prove that
    by removing human interaction from the virus equation, every PC
    connected to the Internet could be affected by a single worm within 20
    But the trend towards blended virus attacks is blurring the lines of
    responsibility for computer worms. On Wednesday, Microsoft launched a
    verbal attack on security firms and hackers who release what it calls
    virus "blueprints". A study done by Microsoft on recent attacks by
    worms such as Code Red and Nimda found that each had been prefaced by
    the release of so-called exploit code--sample programs created by
    security firms and hackers to exploit software flaws.
    "Responsibility lies with the people who release the worm, not
    necessarily the people who wrote it," said Chein. The Anna Kournikova
    virus, for example, was written with the help of an existing virus
    toolkit available on the Internet, but Chein argues that the script
    kiddie who unleashed the virus is the person ultimately responsible
    for any damage caused to the networks.
    The changing trend in computer viruses is also likely to affect the
    structure of IT security companies. Hacker worms will make it
    necessary for antivirus units to merge with intrusion detection
    systems, according to Chein. "Companies who only concentrate on the
    antivirus side won't survive," he concluded.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Oct 19 2001 - 16:37:08 PDT