Old worm Slammer threatens again

The security industry is now witnessing a snowball effect, where threats are accumulating at an "exponential" rate, and it isn't really possible to eradicate any of those threats.

An old worm known as Slammer, which originated back in January 2003, is still going strong according to Gunter Ollmann, director of security strategy at IBM's Internet Security Systems (IBM ISS).

Ollmann, the author of the white paper "Old threats never die", says that Slammer is still the threat most commonly encountered by IBM ISS.

But it isn't just high-profile vulnerabilities and malware that are a problem, Ollmann said. In effect, the security industry is now witnessing a snowball effect, where threats are accumulating at an "exponential" rate, and it isn't really possible to eradicate any of those threats.

"Organizations need to be aware that old threats never actually retire from the digital landscape," Ollmann wrote in the white paper. "Rather, they tend to become background noise on the Internet -- ready to burst into life with each new software update, host recovery, device deployment or embedded system release."

The problem is that many of the protection mechanisms companies rely on, like signature-based security software, are no longer able to keep up with the rate at which new threats are appearing.

That's worsened by the fact that whenever security firms retire older signatures, they open a hole through which old attacks can instantly reappear, Ollmann said.

"Antivirus systems can handle tens of thousands of new signatures without blinking, but after a few hundred thousand they begin to struggle a bit," he wrote in a blog post this week. "Now, with several hundred thousand new virus strains each year (and increasing faster than Moore's Law), things are getting pretty creaky."

Security vendors are at a disadvantage, because it costs nothing for attackers to append the latest exploit to their attack systems, keeping all the old attack methods in place as well, Ollmann said.

"The consequences for all of us are that old exploits (and the threats they represent) will never disappear -- and there continues to be a steady supply of hosts vulnerable to flaws for which patches have existed for half a decade," he wrote in the blog post.

IBM ISS advised companies to think twice about retiring their old, creaking protection systems, but instead to evaluate more efficient protection models such as heuristic engines.

"Instead of a one-for-one signature protection model, more advanced heuristic engines can be used to protect the entire threat class," Ollmann wrote in the white paper.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?