Old worm Slammer threatens again
- — 27 August, 2007 08:20
An old worm known as Slammer, which originated back in January 2003, is still going strong according to Gunter Ollmann, director of security strategy at IBM's Internet Security Systems (IBM ISS).
Ollmann, the author of the white paper "Old threats never die", says that Slammer is still the threat most commonly encountered by IBM ISS.
But it isn't just high-profile vulnerabilities and malware that are a problem, Ollmann said. In effect, the security industry is now witnessing a snowball effect, where threats are accumulating at an "exponential" rate, and it isn't really possible to eradicate any of those threats.
"Organizations need to be aware that old threats never actually retire from the digital landscape," Ollmann wrote in the white paper. "Rather, they tend to become background noise on the Internet -- ready to burst into life with each new software update, host recovery, device deployment or embedded system release."
The problem is that many of the protection mechanisms companies rely on, like signature-based security software, are no longer able to keep up with the rate at which new threats are appearing.
That's worsened by the fact that whenever security firms retire older signatures, they open a hole through which old attacks can instantly reappear, Ollmann said.
"Antivirus systems can handle tens of thousands of new signatures without blinking, but after a few hundred thousand they begin to struggle a bit," he wrote in a blog post this week. "Now, with several hundred thousand new virus strains each year (and increasing faster than Moore's Law), things are getting pretty creaky."
Security vendors are at a disadvantage, because it costs nothing for attackers to append the latest exploit to their attack systems, keeping all the old attack methods in place as well, Ollmann said.
"The consequences for all of us are that old exploits (and the threats they represent) will never disappear -- and there continues to be a steady supply of hosts vulnerable to flaws for which patches have existed for half a decade," he wrote in the blog post.
IBM ISS advised companies to think twice about retiring their old, creaking protection systems, but instead to evaluate more efficient protection models such as heuristic engines.
"Instead of a one-for-one signature protection model, more advanced heuristic engines can be used to protect the entire threat class," Ollmann wrote in the white paper.