[iwar] [fc:Beware.the.supervirus]

From: Fred Cohen (fc@all.net)
Date: 2001-10-26 11:01:40
Next message: Tony Bartoletti: "Re: [iwar] Is there a hidden strategic goal in current attacks?"
Previous message: Fred Cohen: "[iwar] [fc:YIHAT.incurs.hacker.community's.wrath]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200110261801.f9QI1e401961@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Fri, 26 Oct 2001 11:01:40 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Beware.the.supervirus]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Beware the supervirus 
Computing, 11-10-2001
<a href="http://www.vnunet.com/Features/1126331">http://www.vnunet.com/Features/1126331>

Hoax virus warnings are as central to online culture as broken links and
bust dotcoms. If you receive an email with the subject header XXX
Teletubbies! delete it immediately. It will trash your hard drive and
kidnap your goldfish. The fact that such warnings have achieved parody
status shows just how far the virus has pervaded Net consciousness. But
the proliferation of dire warnings, whether in jest or not, masks a very
real fear: the possible emergence of a computer supervirus. The idea
that a supervirus could knock out a large proportion of the world's
computers in a matter of hours is understandably met with doubt by many.
But there are signs that our scepticism is bordering on complacency.
Some viruses in the wild have serious payloads indeed. In 1998, the
Windows virus CIH (also known as Chernobyl) was the first to overwrite
not only a user's data but also the computer's Bios, rendering machines
unbootable without major surgery. At the end of 1999, the Kriz virus
used a similar technique to attempt to overwrite all the files on your
hard drive and replace them with nonsense. In March of this year,
another Bios-blasting virus, Magistr, was detected - only this time it
could propagate itself as an email worm with random subject lines,
bodytext and attachment names. Fortunately, these and other outbreaks
were caught at an early stage by antivirus companies, who were able to
issue patches for software to their customers. And most of the viruses
didn't have particularly good means of propagation in the first place,
as they required users to click on an attachment. Speed freaks Melissa,
I Love You, and Kournikova were all notable for the speed by which they
spread across the globe's networks. In each of these cases, antivirus
scanners and other security packages were quickly updated to catch
future iterations, but to be effective antivirus software needs to know
the signature of a virus, which means that they must have previously
identified it. While it's true that some antivirus technology, using
heuristic scanners, look for virus-like behaviour rather than
signatures, such products are in their infancy. Many security
consultants and analysts believe that it's only a matter of time before
the rapid propagation of Melissa-type viruses and the destructive
payload of Kriz combine to create a single, corporate-crippling
supervirus. "We've seen destructive payloads, and we've seen wildly
propagating viruses. At some point in the future, we will see a virus
that has a combination of both," says Rob Boltman, principal consultant
for security at IT consulting firm Detica. "I don't think it's
inevitable, but there's certainly a high probability that it will
happen," adds Andy Kellet, senior research analyst with the Butler
Group. Such fears are compounded by the ever-increasing complexity of
corporate IT infrastructures, none of which can be 100 per cent free of
vulnerabilities. And the growing availability of point-and-click
software that allows even novice hackers to create Trojan Horses and
other complex viruses, represents an increasing threat. "They're
becoming rather like Airfix play kits," says Kellet. High risk of havoc
The reliance on a few main applications and operating systems means that
the risk of a supervirus creating havoc is increased, says Neil Barrett,
technical director at risk management consultancy IRM and an expert
advisor to the National High-Tech Crime Unit. It wouldn't be "beyond the
wit of man" to write a smart virus that is spread through Microsoft
Exchange and Lotus Notes, and which relies on the main features of
Office 2000 to deliver its damage, he says. "The only machines that are
going to be safe are Linux and Apple, meaning that 80 per cent of
systems are going to be vulnerable," he says. "Something subtly
imaginative and powerful is going to get out there much faster than the
anti-virus products can sweep it." However, Barrett sees some grounds
for optimism. A virus writer almost always tests the ability of his
creation to spread in the real world before equipping it with the
dangerous payload. This gives antivirus companies a valuable warning of
new strains and a chance to develop strategies to combat them, he says.
In addition, virus writers are as fallible as any other programmer. "I
can't think of any software that's bug free, and this software is no
different," says Barrett. "I'm not going to say it will never happen, in
the same way that nobody would say that the Ebola virus will never
become airborne. The same sort of thing could happen on the internet
with viruses, but it hasn't happened yet." Stop, there's an intruder
about While a supervirus isn't out of the question, corporate IT
departments should be more worried about other system intrusions that
compromise security and provide a way in for viruses, say analysts. "We
frequently trip across some form of monitoring device that's been
deposited on a client's system and has spread throughout the network,
giving hackers a back door into the system or emailing out confidential
information," says Matt Tomlinson, business development director at
security consultancy MIS. "Such viruses and Trojans are available on the
web and many cannot be detected by anti-virus software." Education and
insurance Not surprisingly, security consultants and analysts believe
more investment in security is the answer. But with budget restrictions
and boardroom scepticism over the precise level of risk posed by
viruses, investment in security isn't always a top priority. In that
case, there are other, cheaper ways to minimise security risks, says
Stuart Houghton, network administrator at Amnesty International.
"There's always some new viral threat that your antivirus software might
not grab. The best way to combat it is to educate users and try to stop
them doing the stupid things that would make a virus a threat in the
first place," he says. But for those who still can't sleep at night,
Tomlinson suggests a more traditional solution that doesn't involve
extensive, and expensive, security audits - insurance. "Given that no
system can ever be 100 per cent secure, and insurance is all about
pooling risk, I think that's the direction we'll see the market going,"
he says.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Tony Bartoletti: "Re: [iwar] Is there a hidden strategic goal in current attacks?"
Previous message: Fred Cohen: "[iwar] [fc:YIHAT.incurs.hacker.community's.wrath]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:57 PST