It's difficult to have a week go by when there isn't another virus alert for some new destructive malware variant and this week has been no different.
Despite an increased focus on security this week, Trojans, worms, and viruses continue to mutate into new variants and new attacks against internet users and infrastructure.
US-Cert, the U.S Computer Emergency Readiness Team that is part of the U.S Department of Homeland Security currently lists no less than 12 high-impact security 'incidents', four of which are new.
Topping the list is the W32/Netsky.C virus which in less than 2 days of proliferation has already pushed the Netsky family of viruses to become the 8th most destructive piece of malware ever, according to London based security firm mi2g. Infections have been reported by mi2g in over 190 countries. This particular variant, like its' predecessors, spread via e-mail or network file shares and contains its own SMTP (define) engine.
According to Ken Dunham, director of malicious code at Reston, Virginia-based iDefense, a security and anti-virus company, "Using their own SMTP is now a trend it allows for the virus authors to get around restrictions placed by local networks. Basically it allows them to use their own email program to send out viruses without restriction."
Weighing in at number two of the US-Cert list is the W32/Bizex instant messaging virus. This is an ICQ (define) instant messaging client borne virus that exploits a number of previously identified vulnerabilities. Bizex is an IM message (define) that includes a link that when clicked downloads a Trojan that activates a keylogger when certain financial Web sites are loaded in Internet Explorer. As of Wednesday, ICQ steward AOL said it has taken action to stop the continued spread of the virus.
At number three is the ever-popular latest MyDoom variant, this time called W32MydoomF. This particular version now also targets the Recording Industry Association of America (RIAA) Web site if the system date is between the 17th and the 22nd of the month.
RIAA spokesperson Amanda Collins said the recording industry does not comment on its Web site status or security. Netcraft statistics, however, would seem to indicate that the RIAA is in indeed being targeted by a DoS attack (define).
On a positive note though, Ken Dunham of iDefence said that the previously disclosed Microsoft ASN.1 heap overflow vulnerability is too difficult at this point in time for hackers to exploit. Though he noted that the DoS attacks based on ASN.1 have now been reported and are expected to continue against un-patched machines.
Like many other security firms Dunham said an increase in so called 'zero-day' exploits (an attack that takes place against a new vulnerability that has no patch) is expected to continue in 2004.
"It's a massive trend we've seen moving forward," says Dunham. "We're seeing more zero-day attacks than ever before and we're seeing more rapid exploitation of vulnerabilities than we've ever seen before."
It seems like there's never enough time, money or resources to fix all your computer security problems, but that doesn't mean you should just give up and open your company to the world. Fortunately, there are things you can do that will prevent 90 percent of your security problems without costing you loads of money or resources. These include establishing and enforcing a security policy. There are services available than can help keep your servers up-to-date with security patches and PCs flush with virus-prevention software. The key is to never keep any of the manufacturer's default settings. This item trips up more systems managers than care to admit. Immediately change all the default settings on your systems as you install them. The crackers know all the holes better than you do.
Adapted from internetnews.com.