Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier on Attack Trends: More Complex Worms

Posted by timothy on from the malice-on-the-loose dept.

Gary W. Longsine writes "Bruce Schneier has posted an interesting entry on expected attack trends to his blog. Of particular interest is the increasing sophistication of automated worm-based attacks. He cites the developing W32.spybot.KEG worm -- once inside a network it scans for several vulnerabilities and reports its findings via IRC. Trend Micro also has information on a scanning-capable version of this worm, which they call: WORM_SPYBOT.ID"

4 of 189 comments (clear)

  1. work work work... by rd4tech · · Score: 5, Insightful

    We expect to see more blended threats: exploit code that combines malicious code with vulnerabilities in order to launch an attack.
    This mixed with irc connectiviy, LAN port scanning, update downloads...
    Sounds like a full time job to create one. What are these people gaining anyway?

    1. Re:work work work... by satanami69 · · Score: 5, Insightful

      They turn your machine into a zombie and then sell it to spammers.

      --
      I really hate Dan Patrick.
    2. Re:work work work... by pschmied · · Score: 5, Insightful
      What are these people gaining, anyway?


      Automated access to large numbers of systems inside big corporations and government, where they collect passwords, account names, scan for vulnerabilities and gather information from PC disk drives for evaluation and sale (corporate espionage). Use of thousands of home systems for spambots and DDoS attack fleets. It's all about organized crime and money to be made these days.



      No, it ain't just kiddies seeing who they can 0wn anymore. They are playing for keeps now.

      --
      . Penguins Surely Ca
  2. Modern viruses attack from 2 directions by Dancin_Santa · · Score: 5, Insightful

    The whole problem is twofold. The first is stupid users. How can you possibly secure a network against attacks if your users are constantly undermining your lockdown efforts? The second is privilege escalation at the binary level. System-level software with any sort of hole will allow an attacking program the ability to do whatever it wants, even if the user isn't running as root (the daemon is running at that level).

    We had a guy who was constantly downloading and running every attachment he ever received. We finally set him up with an ePod terminal and some crayons and haven't had a significant virus problem since. As a bonus, we get some interesting artwork to hang in the lobby.

    This goes to show the benefits of Open Source software. Being able to see the code gives attackers a practically clear window into the guts of any network relying on that software. More eyes means more vulnerabilities found, so the network is actually safer because all these holes are known, if not by the security companies themselves, by the attackers who attempt to exploit the bugs.

    We can't take the drastic step of eliminating Windows on our networks because it is so entrenched, but the slow migration away from it one desktop at a time is giving us a whole new outlook on viruses.