Uniformity of software and the use of IT networks is creating a fertile environment for so-called “worms”, viruses that copy themselves over the internet.
An Internet security expert has warned that companies using IT could become subject to an increasing number of attacks from new virulent viruses, called worms, such as the Melissa programme, which caused US$80 million of damage last year.
G. Mark Hardy, president of the USA National Security Corporation told the WebSec 2000 conference, in London, that the increasing number of people using the net and the uniformity of their Windows/Intel communications equipment and software, means that fertile ground was being created for worm attacks.
He said: “Migration to a common operating system, common office applications and common e-mail programmes has created a digital monoculture. Just imagine - 300 million computers with virtually identical software and hardware. Pure virus ecstasy.”
Worms are harmful computer programmes that are designed to spread automatically from one computer to many other computers within a network, whereas standard viruses are aimed at infecting as many files as possible in a particular computer and are transmitted more slowly by floppy disks or personal E mail.
Melissa was a classic worm virus, in that it sent a copy of itself to the first 50 address book entries of a PC’s E-mail directory.
Fortunately, Melissa was designed to be a nuisance rather than intensely destructive. But a worm that was released later last year - the ExploreZip Worm, was designed to destroy applications, such as .ppt on Windows NT.
In a paper he released to the conference, Mr Hardy said: “Worms are less interested in how many files they can infect on a single computer, and more interested in how many computers they can infect on a network. They can spread extremely rapidly, since they don’t rely upon humans to spread them. They can spread in Internet time.”
Speaking later, he said that telecommunications companies were at special risk from worms, because their networks contained a lot of computers and are usually designed to facilitate easy access between servers.
Companies should protect themselves against this new risk through frequent updates of anti-virus software, he said. “It’s a matter of ensuring that scanners and virus checks are up to date,” he said. “You can identify a malicious code, with a known signature.”
Other advice included installing anti-virus software on all clients with whom you have electronic communication, installing anti-virus filters on all e-mail servers, updating signature files regularly and educating users.
Mr Hardy also painted a nightmare scenario, where new worms appeared at many times every day. “At this point, plugging holes with anti-virus is futile,” he said.
“You’ve got to address the infrastructure itself. Use products that have no macros. Use access control to prevent all unknown programmes from running. Strip all executable content at the gateway, (to a system). Go back to private e-mail networks.”
He also warned that hackers were increasingly able to spread viruses widely because of the growth in Internet directories, provided by sites such as infospace.com and USENET newsgroups. Mr Hardy warned that the E mail addresses of banks, nuclear plant operators and even software engineers in Silicon Valley could be obtained.
Source
SMT
