Eric Chien, chief researcher for Symantec Security Response, argues that cybercriminals have been struggling throughout 2002 to deal with the advances made in virus destructiveness in late 2001. "There used to be things like Loveletter, which were script viruses written in plain English text. Script kiddies were copying them, modifying them and distributing new variants," he said. "But with Code Red and Nimda, those things are difficult to create. You have to understand the code underlying them, low-level things like assembly code and operating systems. It's harder now to get the fame and glory." An innovation of Nimda and Code Red was that they did not rely on users downloading and executing an email attachment. "These use hacker exploits and combine them with viruses so that they can execute on their own. You can now be infected without your downloading anything or knowing anything about it," said Chien. "Really what has happened is that the bar has risen on how fast and how hard viruses can hit." The Linux-based Slapper worm included an innovation that is likely to reappear in a more dangerous form in the future: it establishes a peer-to-peer network among affected servers, enabling a hacker to take over the servers and use them to attack another Web location -- known as a distributed denial of service attack (DDoS). Another watermark security event in 2002 was the attack on the root servers of the domain name system (DNS), which translates Web domain names such as zdnet.co.uk into numeric Internet protocol addresses. While the attack caused little damage, security experts say it was probably just a test. "It was a rather trivial attack... and all but four of the servers went down," Chien said. "In the past, corporations were worried about their email server, but today that's the least of their worries. If there are no packets going across the Atlantic, it doesn't matter if your email server is up or down." Being neighbourly on the Internet
While the bar has risen for what constitutes a really dangerous virus, it has also become more difficult for the simpler generation of email-borne script viruses to succeed, experts argue. This is partly because users are more wary of what they click on, and partly because of more aggressive antivirus measures by ISPs and companies. "In 2000, Loveletter was the largest ever virus case. It wouldn't be as successful today, because at least some users have a clue. They know they shouldn't be clicking on a VBScript attachment." Some companies have begun filtering Internet content much more closely, dropping all VBScript files and .bat files, as well as detecting strange patterns of email traffic that could be the signs of a a spreading virus. More far-reaching virus remedies include Internet Protocol version 6 (IPv6), which prevents the "spoofing", or faking, of email headers, and self-healing computer systems that spontaneously react to attacks. But these will not be really effective until they are universal, which could take years. In the mean time, the best protection against new generations of attacks will have to be education, says Symantec's Chien. "We are no longer responsible only for our own machine," he said. "If you're connected to the Internet, you need to be a good neighbour. Some home users on ADSL aren't concerned about viruses, but their machine could be leveraged to attack someone else. Users have to learn that they're responsible for the Internet as a whole."
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
