Schneier on Attack Trends: More Complex Worms

Gary W. Longsine writes "Bruce Schneier has posted an interesting entry on expected attack trends to his blog. Of particular interest is the increasing sophistication of automated worm-based attacks. He cites the developing W32.spybot.KEG worm -- once inside a network it scans for several vulnerabilities and reports its findings via IRC. Trend Micro also has information on a scanning-capable version of this worm, which they call: WORM_SPYBOT.ID"

obligatory

[IEBEYEBALL]

and we have microsoft to thank for all of this.

Why can't companies guard against this crap?

[ZosX]

First of all shouldn't most IDS systems pick up on this worm if it has been announced enough to be named and is obviously now a known exploit? I don't know if Kerio picks up on this worm, but I'd imagine they would have some sort of security update in the near future, and I'm sure it has to be in some signature databases. Secondly, what exactly does this affect? Unpatched windows systems? I'm sure anyone running a network that knows what they are doing (tm) would have clear safeguards for this kind of thing. Hell, even Kerio personal firewall will not let anything execute that I know of, and for the rare times that websites try to pass on some sort of java virus, Norton usually detects it before it hits the cache.

Secondly is there any excuse anymore other than incompetence and companies that are operating on a small budget? Someone needs to make a firewall device that the windows network can be plugged into (think small company lan /w web and e-mail) that offers relatively little configuration and just basically works right out of the box. Even my cheap ass linksys router does some basic port forwarding and such.

Oh, it needs to be cheap and update itself with new security rules (IDS, firmware, etc) on a fairly constant basis, for a relatively low fee you could have it send security logs to the manufacturing company, which could say add rules or manipulate the box. Honestly, I think a well thought out firewall running on a fairly secure NOS would go an awfully long way in protecting their assets.

I think we are going to see some clever attacks in the future. I can think of so many ways that a network could be easily compromised and a trusted connection could be made. Think of all the business travelers that head out with their Cen-f'in-trino and connect to the nearest open hotspot then proceed to log right into a VPN session. Think of company wireless hotspot spoofing and imagine sending the visitor directly to the real network with their intercepted log in. How easy would something like that be? Hell you could even throw something like that in a backpack. How would they find *that*? I don't think that many companies have realized the gaping holes that they have left in their networks. Any company that thinks FedEx is secure enough to send unencrypted tapes is likely going to have a few more suprises along the way. I predict that the future is going to get worse for a lot of companies *cough*banks*cough before it gets better.

BTW, if this post is incoherent, my apologies. It *is* rather late. And to the FBI agent who may come across this message: Go find some real criminals. The last I heard, there are still plenty of real crimes still being committed on a daily basis. Murder, rape, child exploitation, etc. Why not devote some time on the big stuff?

Re:work work work... Anti-malware tips....

[suitepotato]

Why bother doing all that when you could just spend 40 minutes installing one of the already user friendly enough Linux distros on the market

I'll repeat this again. The same people who confound desktop support on Windows, easily the single easiest to use desktop OS ever made, are the yardstick by which you judge "user friendly". People who can't install and run AOL 9.0 are the yardstick. Your mother who can't make the VCR stop flashing 12:00 is the yardstick. NOT GEEKS WHO THINK IN SHORTHAND AND BINARY.

Can we please stop this nonsense about using "user friendly" and "Linux" in the same sentence already? The only people who believe it are defining user==technowizard. If you don't believe me, then try moving a user from Windows XP Home to DOS 6.22 and Windows 3.11 and then support them for a month. If they can't make DOS work right then they aren't going to work Linux right either. Simple as that. It was funny at first, a veritable lolacaust, but it's getting tired and inane now.