[ISN] Fizzer Worm Sparks Concern About Remote Security Risks

From: InfoSec News (isnat_private)
Date: Tue May 20 2003 - 00:18:34 PDT

  • Next message: InfoSec News: "[ISN] RFP statement"

    MAY 19, 2003
    Last week's Fizzer worm appears to have had little impact on corporate
    networks, according to IT managers and analysts. But the malicious
    code and spyware that such viruses leave behind on unprotected systems
    could prove to be a long-term headache for companies, they said.
    Fizzer represents an emerging class of worms that try to circumvent
    increasingly sophisticated corporate defenses in a variety of ways.  
    The worm was contained in executable attachments embedded in e-mail
    messages with innocuous-sounding subject headers.
    In general, companies that keep their antivirus software up to date
    and have policies for filtering executable attachments would have been
    protected against Fizzer, said Russ Cooper, an analyst at TruSecure
    Corp. in Reston, Va.
    Pete Lindstrom, an analyst at Spire Security LLC in Malvern, Pa., said
    IT and security managers who haven't yet taken such basic defense
    measures are simply being "derelict in their duty."
    But workers who dial into corporate networks from their homes and
    other remote locations may not have full-blown defenses available to
    them and are therefore more vulnerable to having their PCs infected by
    such viruses, said Michael Allgeier, data security officer at the
    Lower Colorado River Authority in Austin, Texas.
    That could prove dangerous because of the payload carried by worms
    like Fizzer. According to F-Secure Corp., a Helsinki, Finland-based
    antivirus software vendor, Fizzer contains a built-in Internet Relay
    Chat back door, a denial-of-service attack tool, a keystroke-logging
    Trojan, an HTTP server and other components.
    Such capabilities could allow hackers to remotely control compromised
    machines and steal data from them or mine them for passwords, analysts
    said. And connecting a compromised system to a corporate network might
    let hackers burrow past other defenses.
    "I think the biggest security threat today is remote users," said
    David Krauthamer, director of information systems at Advanced Fibre
    Communications Inc. in Petaluma, Calif. "It's becoming easier to gain
    an access foothold to a corporate network."
    "We don't have any control over remote workstations or home PCs or
    kiosks or wherever it is that people access our networks from,"  
    Allgeier said. "We can't really rely on personal firewalls and
    antivirus software to detect Trojans and keystroke-loggers."
    The Lower Colorado River Authority has begun to roll out software
    developed by Austin-based WholeSecurity Inc. that scans individual
    desktop PCs for malicious code. Allgeier said it's looking to deploy
    the tool for remote users as well.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue May 20 2003 - 02:12:06 PDT