WishX Posted July 30, 2002 Share Posted July 30, 2002 New Trends in Virus Technology By Jay Lyman NewsFactor Network July 29, 2002 http://www.newsfactor.com/perl/story/18796.html Many machines are falling prey to attackers who are using back-door viruses to take over computers to use them in distributed denial-of-service attacks. This year might seem like a summer break compared to last year's swarm of viruses, including Code Red and Nimda , that wreaked havoc on computer systems worldwide. But experts say that viruses and the mechanisms for spreading them continue to evolve. True to their history of building on one another's work, virus writers continue to blend hacking techniques with worms and trojans -- hidden programs designed to open back doors into unprotected systems -- to take control of systems around the world. Virus technology is becoming more complex and difficult to spot, according to experts, who see malicious code working its way onto the Internet and, increasingly, onto peer-to-peer (P2P) or wireless networks. Complexity Up Senior director for Symantec (Nasdaq: SYMC) Security Response Vincent Weafer told NewsFactor that an increasing rate of disclosure of software and other vulnerabilities is driving the creation of more computer viruses. "It's a question of when vulnerabilities get exploited with a worm," Weafer said. Weafer said that he sees the continuation of the blended threat -- a virus that leaves systems vulnerable to attack as it spreads -- as driving virus technology, which is becoming more widespread because of automated tools. Wiley Worms Weafer also said that virus payloads are becoming more complex and that by using metamorphic or polymorphic abilities, viruses are able to change their signatures to avoid the fingerprint-type filtering that most antivirus applications employ. "It's one example of them pushing the complexity limits on us," Weafer said. The antivirus expert also said that while there have not yet been many high-profile cases, viruses will likely have an impact on P2P file-sharing networks and on wireless platforms. "We're going to see more of those as these devices become more popular around the world," Weafer said, referring to wireless worms that have emerged in Japan. Peer-to-Peer Unprotected McAfee.com virus research manager April Goostree told NewsFactor that because users do not approach them as cautiously as they do e-mail or other Internet activities, peer-to-peer file sharing presents serious virus risks. "P2P is a breeding ground for viruses -- absolutely ripe," Goostree said. "People are sending files back and forth and they don't think anything of it." Goostree said that even though they are not truly viruses, another technology trend -- JavaScript trojans -- is increasingly becoming a problem by redirecting Web browsers to expose users to malicious code. Goostree also said that the ability to spoof is a new and troubling technique among viruses. She said Klez, which changes the "from" and subject lines as it spreads via e-mail, will likely be the biggest virus of the year. "That technology prevents people from tracking down the source to clean the PC and get the infection under control," Goostree said. "[Klez] is not the only [virus that behaves this way], but it's the one that does it most successfully, and I think you're going to see more of it." Striking Antivirus Goostree said that another troubling virus trend is the emergence of viruses that specifically target antivirus or other defensive security measures, pointing to the Yaha worm, which "disabled an awful lot of antivirus and firewalls" in June. "We're seeing more viruses carry through and disable antivirus or firewall products," Goostree said. "It's just another technology we're seeing used more." Symantec's Weafer also said that lots of machines are falling prey to attackers who are using back-door viruses to take over computers. Once an attacker has penetrated a system, that system can then be used by the attacker in distributed denial-of-service (DoS) attacks. Zombie Machines "We're certainly still seeing a lot of bot nets and zombies," Weafer said, referring to the compromised machines used in distributed denial-of-service attacks -- one of the most powerful versions of the DoS attack, in which an attacker sends so many packets of malformed data at a server that no legitimate traffic can get through. In a distributed DoS attack, there can be literally hundreds of zombie machines under the control of the person who planted back doors in each of them. These machines distribute the DoS attack, making it a very difficult attack to stop. "This shows how you have to think beyond antivirus to comprehensive security -- firewalls, authentication -- and a lot of it is policy," she said. "There is no one technology; you need a combination of these on your machine." Link to comment Share on other sites More sharing options...
Recommended Posts