Return-Path: <sentto-279987-3303-1003849350-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 23 Oct 2001 08:04:08 -0700 (PDT) Received: (qmail 19178 invoked by uid 510); 23 Oct 2001 15:01:59 -0000 Received: from n10.groups.yahoo.com (216.115.96.60) by 204.181.12.215 with SMTP; 23 Oct 2001 15:01:59 -0000 X-eGroups-Return: sentto-279987-3303-1003849350-fc=all.net@returns.onelist.com Received: from [10.1.4.53] by n10.groups.yahoo.com with NNFMP; 23 Oct 2001 15:02:31 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 23 Oct 2001 15:02:30 -0000 Received: (qmail 70205 invoked from network); 23 Oct 2001 15:02:30 -0000 Received: from unknown (10.1.10.27) by l7.egroups.com with QMQP; 23 Oct 2001 15:02:30 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2 with SMTP; 23 Oct 2001 15:02:30 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9NF2pi20771 for iwar@onelist.com; Tue, 23 Oct 2001 08:02:51 -0700 Message-Id: <200110231502.f9NF2pi20771@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 23 Oct 2001 08:02:51 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Hacker.exploits.make.PC.worms.deadlier] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hacker exploits make PC worms deadlier By Wendy McAuliffe, ZDNet (UK), 10/22/2001 <a href="http://www.zdnet.com/zdnn/stories/news/0,4586,2818419,00.html?chkpt=zdnn_nbs_hl">http://www.zdnet.com/zdnn/stories/news/0,4586,2818419,00.html?chkpt=zdnn_nbs_hl> Computer worms are set to become a more deadly combination of virus writing and hacker exploits, according to security experts at Symantec. Code Red and Nimda marked the demise of socially engineered worms, by combining a blended threat of proven hacker exploits. Both worms attacked the same buffer-overflow vulnerability in Microsoft's IIS software, while Nimda additionally incorporated a mass-mailing component enabling the virus to propagate on a massive scale. Neither of the worms relied on the traditional need for an infected computer user to double-click on a malicious attachment. "Nimda and Code Red have eliminated the need for human intervention, by virus writers using what hackers have already provided," said Eric Chien, chief researcher at Symantec. "One year ago email worms were the big threat, as they spread quickly and far--but now a lot more virus writers will be looking at the hacker worm." Chien predicts that by next year, the "blended" threat of computer worms could be enough to cause a serious Internet slowdown. Antivirus experts at Symantec have already developed an algorithm to prove that by removing human interaction from the virus equation, every PC connected to the Internet could be affected by a single worm within 20 minutes. But the trend towards blended virus attacks is blurring the lines of responsibility for computer worms. On Wednesday, Microsoft launched a verbal attack on security firms and hackers who release what it calls virus "blueprints". A study done by Microsoft on recent attacks by worms such as Code Red and Nimda found that each had been prefaced by the release of so-called exploit code--sample programs created by security firms and hackers to exploit software flaws. "Responsibility lies with the people who release the worm, not necessarily the people who wrote it," said Chein. The Anna Kournikova virus, for example, was written with the help of an existing virus toolkit available on the Internet, but Chein argues that the script kiddie who unleashed the virus is the person ultimately responsible for any damage caused to the networks. The changing trend in computer viruses is also likely to affect the structure of IT security companies. Hacker worms will make it necessary for antivirus units to merge with intrusion detection systems, according to Chein. "Companies who only concentrate on the antivirus side won't survive," he concluded. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:56 PST