[ISN] Stand by for More Nasty Web Attacks in 2002

From: InfoSec News (isnat_private)
Date: Wed Dec 26 2001 - 23:54:30 PST

  • Next message: InfoSec News: "[ISN] Why Worm Writers Stay Free"

    By Elinor Mills Abreu 
    December 26, 2001 
    SAN FRANCISCO (Reuters) - If security experts are calling 2001 the
    worst year for computer viruses, and December the worst month, how bad
    will things get in 2002?
    Experts are predicting that viruses and their cousins, the
    self-propagating worms, will find new and even more nasty ways to
    attack computer systems, possibly even hitting mobile devices, pocket
    PCs and smart phones in the coming year.
    Computer users should expect to see more viruses that try to dupe them
    into taking action that will execute the malicious code, said Vincent
    Weafer, senior director of Symantec Corp.'s security response center.
    Virus writers have learned that it's easy to trick people into opening
    attachments by telling recipients they are photos of Russian tennis
    star Anna Kournikova or labeling them "naked wife."
    Other virus ruses included misleading people into believing that by
    clicking on an attachment they could participate in a survey about the
    events in Afghanistan, or indicating that it was an antivirus software
    update from an established vendor.
    While such gimmicks were popular, the most damaging virus didn't
    spread via e-mail. At an estimated $2.6 billion in damages and 300,000
    computers infected, Code Red was the biggest virus this year. It
    spread by exploiting a known vulnerability in servers running
    Microsoft Corp.'s Internet Information Server Web software.
    This year was the year of the "blended threat" virus, featuring
    multiple attack modes such as Nimda, which spread via e-mails and
    infected Web pages and servers. The more methods of attack, the faster
    and farther a worm can spread, experts say.
    "You've traditionally had hacker tools in one corner and virus writers
    in another corner," said Weafer. "Now they've come together."
    Vincent Gullotto, senior research director of Network Associates
    Inc.'s antivirus response team, also warned of more attacks that lure
    computer users to visit infected Web pages.
    In such attacks, victims receive e-mails that include Web addresses
    that, when visited, download malicious code to the computer.
    "You don't have to double click on anything. There's no attachment,"  
    Gullotto said.
    Because devices like the Microsoft Corp. Pocket PC 2002 and Nokia
    Communicator can be plugged into a desktop computer to download
    information, they are susceptible to some of the same computer viruses
    and worms that infect PCs, said Mikko Hypponen, manager of anti-virus
    research for Finnish-based F-Secure Corp.
    "The next wave of attacks are not going to come from the PC, but from
    wireless viruses," George Samenuk, chief executive of Network
    Associates, told Reuters in an interview recently.
    "Less than 5 percent of wireless devices have anti-virus software,
    while wireless networks are really taking hold," Samenuk said.
    Another Network Associates researcher said experts are even more
    concerned with scripts, or malicious pieces of code, that are
    transferred between mobile phones via the instant messaging system.
    "There are things that can be done today in which you can send a
    script and it can shut the phone off," said Vincent Gullotto.
    But the mobile virus threat was played down by Sophos Anti-Virus
    senior technical consultant, Graham Cluley.
    "Is there a mobile threat? One year after the first warning we haven't
    seen a single mobile device virus in the wild," he said.
    Cluley added that Sophos has a team looking at mobile viruses, but for
    2002 he advised that corporate clients spend their anti-virus budgets
    in other areas with higher risks.
    As of early December, corporations had spent an estimated $12.3
    billion to clean up virus damage for the year, according to Computer
    Economics, a Carlsbad, California, firm that analyzes the economic
    impact of viruses and other computer security threats.
    After Code Red, the second most-costly virus, at an estimated $1
    billion, was an e-mail worm dubbed SirCam that exported random
    documents from infected machines, putting the privacy of computer
    users at risk.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Dec 27 2001 - 09:51:21 PST