By Wendy McAuliffe
Computer worms are likely to become a more damaging combination of virus writing and hacker exploits, according to security experts at Symantec.
Code Red and Nimda marked the demise of socially engineered worms by combining a blended threat of proven hacker exploits. Both worms attacked
the same vulnerability in Microsoft's Internet Information Server software, while Nimda additionally incorporated a mass-mailing component enabling the virus to propagate on a massive scale. Neither of the worms relied on the traditional need for an infected computer user to open a malicious e-mail attachment.
"Nimda and Code Red have eliminated the need for human intervention by virus writers using what hackers have already provided," said Eric Chien,
chief researcher at Symantec. "One year ago, e-mail worms were the big threat as they spread quickly and far. But now a lot more virus
writers will be looking at the hacker worm."
Chien predicted that by next year, the "blended" threat of computer worms
could be enough to cause a serious Internet slowdown. Antivirus experts at Symantec have already developed an algorithm to prove that by removing human interaction from the virus equation, every PC connected to the
Internet could be affected by a single worm within 20 minutes.
But the trend toward blended virus attacks is blurring the lines of responsibility for computer worms. On Wednesday, Microsoft launched an
attack on security firms and hackers who release what it calls
virus "blueprints." A study done by Microsoft on recent attacks by worms
such as Code Red and Nimda found that each had been prefaced by the
release of so-called exploit code--sample programs created by security firms and hackers to exploit software flaws.
"Responsibility lies with the people who release the worm, not necessarily the people who wrote it," Chein said. The Anna Kournikova
virus, for example, was written with the help of an existing virus tool kit available on the Internet, but Chein argues that the script
kiddie who unleashed the virus is the person ultimately responsible for any damage caused to the networks.
The changing trend in computer viruses is also likely to affect the
structure of IT security companies. Hacker worms will make it necessary
for antivirus units to merge with intrusion detection systems, according
to Chein. "Companies who only concentrate on the antivirus side won't
survive," he concluded.
Staff writer Wendy McAuliffe reported from London.