A rise in malicious threats and the birth of the ‘superworm’ in 2004, is being predicted following an analysis of 2003 and the detection of a private peer-to-peer malware network. The Sobig project last year, consisting of six successive viruses, marked the emergence of long-term malware projects, involving multistage attacks using spam, worms, trojans, spryware and proxies. Furthermore, 2003 saw a clear switch in motivation of the virus writer – intellectual challenge or simple- minded cyber-vandalism is no longer the primary motive.
This is according to Clearswift, a provider of software for managing and securing electronic communications, who is advising organisations to review their e-mail and Web security to ensure their PCs are not used to distribute viruses or execute criminal activities on behalf of malicious groups.
Financial gain has now become the principal reason behind virus development. It has become apparent that the Sobig project was instigated by organised crime gangs which are now deploying the tools of spammer, virus writer and hacker in a coordinated manner to expand their operations into cyberspace. These groups have now established a network of broadband home PCs that can be covertly used as an anonymous platform for criminal activity.
More recently, a private peer-to-peer malware network has been created, a major milestone in the evolution of the virus landscape. The network, dubbed Sinit, removes the single-point-of-failure that is often targeted by law enforcers in order to terminate viruses (as was the case with the last Sobig virus). With Sinit, there is no central server that can be shut down. Each infected host becomes part of a peer-to-peer network through which additional trojans are spread to all hosts. It has been estimated that hundreds of thousands of PCs have already been infected.
Sinit enables rapid dispersal of viruses and uses sophisticated encryption technology to prevent anti-virus companies from tracking development activity or modifying the virus codes. It could also constitute the launch pad for a highly efficient 'superworm'. Theorists have postulated that a superworm could, in minutes, be capable of infecting all vulnerable hosts on the Internet.
No longer can organisations expect to be protected from malicious codes by deploying just firewall and anti-virus technology, believes Clearswift. The ever-evolving nature of viruses requires a more proactive defence. Content security provides an additional layer of defence by enabling the generic blocking of executables, scripts and specified file types. It will also intercept other malicious code in e-mail and Web pages.
For more information see www.clearswift.com.
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version