Schneier on Attack Trends: More Complex Worms

← Back to Stories (view on slashdot.org)

Schneier on Attack Trends: More Complex Worms

Posted by timothy on Tuesday June 7, 2005 @04:39PM from the malice-on-the-loose dept.

Gary W. Longsine writes "Bruce Schneier has posted an interesting entry on expected attack trends to his blog. Of particular interest is the increasing sophistication of automated worm-based attacks. He cites the developing W32.spybot.KEG worm -- once inside a network it scans for several vulnerabilities and reports its findings via IRC. Trend Micro also has information on a scanning-capable version of this worm, which they call: WORM_SPYBOT.ID"

5 of 189 comments (clear)

Min score:

Reason:

Sort:

work work work... by rd4tech · 2005-06-07 16:40 · Score: 5, Insightful

We expect to see more blended threats: exploit code that combines malicious code with vulnerabilities in order to launch an attack.
This mixed with irc connectiviy, LAN port scanning, update downloads...
Sounds like a full time job to create one. What are these people gaining anyway?
1. Re:work work work... by satanami69 · 2005-06-07 16:40 · Score: 5, Insightful
  
  They turn your machine into a zombie and then sell it to spammers.
  
  --
  I really hate Dan Patrick.
2. Re:work work work... by pschmied · 2005-06-07 16:50 · Score: 5, Insightful
  
  What are these people gaining, anyway?
  
  Automated access to large numbers of systems inside big corporations and government, where they collect passwords, account names, scan for vulnerabilities and gather information from PC disk drives for evaluation and sale (corporate espionage). Use of thousands of home systems for spambots and DDoS attack fleets. It's all about organized crime and money to be made these days.
  
  No, it ain't just kiddies seeing who they can 0wn anymore. They are playing for keeps now.
  
  --
  . Penguins Surely Ca
Modern viruses attack from 2 directions by Dancin_Santa · 2005-06-07 16:46 · Score: 5, Insightful

The whole problem is twofold. The first is stupid users. How can you possibly secure a network against attacks if your users are constantly undermining your lockdown efforts? The second is privilege escalation at the binary level. System-level software with any sort of hole will allow an attacking program the ability to do whatever it wants, even if the user isn't running as root (the daemon is running at that level).

We had a guy who was constantly downloading and running every attachment he ever received. We finally set him up with an ePod terminal and some crayons and haven't had a significant virus problem since. As a bonus, we get some interesting artwork to hang in the lobby.

This goes to show the benefits of Open Source software. Being able to see the code gives attackers a practically clear window into the guts of any network relying on that software. More eyes means more vulnerabilities found, so the network is actually safer because all these holes are known, if not by the security companies themselves, by the attackers who attempt to exploit the bugs.

We can't take the drastic step of eliminating Windows on our networks because it is so entrenched, but the slow migration away from it one desktop at a time is giving us a whole new outlook on viruses.
1. Re:Modern viruses attack from 2 directions by pschmied · 2005-06-07 17:13 · Score: 4, Insightful
  
  The whole problem is twofold. The first is stupid users... The second is privilege escalation at the binary level.
  
  Human stupidity is greatly amplified by weak architectures. If one lucky user gets a malicious email and executes the attachment (after unlocking the password protected zip and clicking on "Natalie_Portman_Naked.zip") that's bad enough. But cleaning up dozens or hundreds of PC systems clobbered by the resulting worm infestation is catastrophic. The industry is only starting to realize that we need better tools to fix stupid.
  
  -Peter
  
  --
  . Penguins Surely Ca