Virus numbers dwindle, but impact increases

Though the overall number of viruses being detected each month is falling, the severity of the viruses that are being written is increasing, with this year's Code Red and Nimda worms as perfect examples of this trend, according to Vincent Gullotto, the senior director of McAfee AVERT Labs, who spoke here at Comdex Wednesday.

AVERT Labs is the virus research division of Network Associates Inc., the company that owns the McAfee family of antivirus and security companies.

As macro and VBS (Visual Basic Script) viruses are becoming less prevalent and more generally defended against, malicious code has turned more to worms and exploiting security vulnerabilities, he said. Macro viruses attack the feature offered in many applications that allow users to create their own mini-programs, or macros. Worms are distinct from viruses as they are able to spread themselves, rather than relying on user action to spread them, as viruses do.

Companies are largely doing a good job of protecting themselves against mass mailer worms that spread using e-mail attachments, by blocking those attachments from entering the network, he said. However, the rise of mobile devices like PDAs (Personal Digital Assistants) and laptops create an environment in which malicious code that may not be a mass mailer can enter into a corporate network by bypassing corporate security measures, Gullotto added.

Despite the strides being made in the enterprise, users are still spreading viruses that require an attachment to be double clicked, he said. These outbreaks, however, are more likely to occur in the home, rather than in the office, as there is no IT administrator to help guard against such actions at home, he added. Users may also unintentionally infect corporate networks by downloading files from Web-based e-mail accounts, he added.

Virus writers have been largely quiet in recent months, with few major outbreaks or newly created viruses popping up, he said. It's not clear whether this is a good or a bad thing, however, because the quiet may mean that the post-Sept. 11 computer crime laws have had an effect or it "could be the quiet before the storm," Gullotto said.

The most recent major outbreak -- Nimda, which infected hundreds of thousands of systems in September -- was "the ultimate cocktail," a worm that exploited multiple methods of spreading, and attacked systems through multiple security holes in Microsoft Corp.'s IIS (Internet Information Services) software, he said. Code Red also attacked IIS. Nimda was a proof-of-concept worm -- a worm created to show that such a thing could be made -- and though "they're not always effective," they are "where we see things going," he said. The U.S. Federal Bureau of Investigation still has no solid leads on who wrote the Nimda worm, he added.

Nimda is likely only the next step in the evolution of similar malicious code, Gullotto said in a separate interview. Current virus-writing projects are likely tackling the problem of making a worm that functions like Nimda -- that has multiple methods of spreading -- without needing to exploit the same vulnerabilities that Nimda did, he said.

"Even if all IIS servers are patched, these guys aren't going to stop," he said.

Another disturbing trend finds that "the Internet is not only a vehicle by which a virus can be spread, but it's becoming a target," he said. A recent paper released by the CERT/Coordination Center, a government-funded security research body, warned that Denial of Service attacks, attacks which knock systems offline by flooding them with false traffic, are increasingly being directed against Internet infrastructure components like routers.

Such a scenario is not out of the realm of possibility for virus writers, since Code Red, which cropped up in July and also hit hundreds of thousands of systems worldwide, included a Denial of Service attack component, he said.

"If somebody's serious about taking down the Internet ... that's one area they're going to go after," Gullotto said.

Despite such dire warnings, useful actions are being taken, he said. Companies need to continue their efforts to educate users, communicate between departments and organizations and keep their software and patches up to date, he said.

Antivirus companies will have to make their own changes, he said, noting that those companies will need to change their methods of detecting viruses from signature-based to behavior-based systems. Currently, signature-based systems detect the presence of malicious code based on the appearance of a virus' code, whereas behavior-based detection will discover malicious code based on how it acts, not how it looks. Such improvements will show up in McAfee products in the first quarter of 2002, when the company begins to integrate technology from Network Associates' PGPfire and encryption products, he said.

"Security has to become a context .... a way of being," he said, adding that that context won't come in one easy step.

"It's going to have to just be people chipping away," he said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sam Costello

Computerworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?