Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

Don't Be an Unwitting Collaborator

Ryan Russell, senior threat analyst at Security Focus, expects that future "super" viruses will take advantage of presently unknown or more obscure vulnerabilities in our software, just as Nimda did. "A key factor in the future is that we're going to have to train ourselves to respond better. Like it or not, we're being forced into playing war games—and that's really the only thing that's going to save us from the unknown threat of the future," he concludes.

Stand-alone or combined into hybrids like Nimda and Simile.D, the next generation of these types of programs will be harder to detect and more capable than ever. Another increased threat is Code Red itself. The tactics and vulnerability exploits that Code Red uses can be applied on a much larger scale to take out more critical systems.

Stephen Trilling, director of research at Symantec, notes, "[I]n a Doomsday scenario, you could see a blended threat spreading not just to a few hundred thousand machines, like Code Red, but potentially to millions of machines, which could bring down the business-to-business transactions of every single online Fortune 500 company....It's that kind of scale of attack we could see, where we're not talking about individual sites or businesses being impacted but entire sectors."

Richard Mogull, research director at GartnerG2, comments that the Code Red and Nimda viruses both exploited security holes that already had patches available, "proving that we never learn from our mistakes."

Finally, we should keep in mind the advice of Ryan Russell: "To date, most worms and viruses don't have too much of a payload. Once they get on your box, they don't actually do a lot—they've been relatively nice to us." An example of that was a section of the Nimda. After disassembling the code and analyzing it, Russell found a section that's programmed to erase the victim's hard drive after a few days. This section of code was turned off.

A cyberterrorist won't be so accommodating.

  • + Share This
  • 🔖 Save To Your Account