The recent Bagle worm outbreak was over-hyped and did not cause corporate administrators many problems, but as malware authors develop new tricks to launch an attack, the stage is set for a "crippling event", according to IT risk management company TruSecure.
Jay Heiser, chief analyst at TruSecure, acknowledged that the recent Bagle outbreak did cause some damage, but said it was not a "crippling event" and did not have a significant effect on enterprise IT departments. However, it did demonstrate that malware authors are continuing to develop their skills: "The capabilities of malware continue to increase in ways that are very unappealing to home and corporate users alike. Virus writers are not content to just create something that spreads and causes destruction. They are using the innate capability of computers to do interesting things, which is a very worrying trend," he said.
Heiser explains that the current trend is what he calls "parasitic malware", which conquers vulnerable systems in order to launch an attack against a third party. "Parasitic malware not only has the capability of stealing email addresses, but also stealing the online identity, processing power and network connectivity of its victim," he said.
This move by virus writers has resulted in corporate IT systems becoming increasingly dependent on home users keeping their computers patched and virus-free.
Corporate spam and antivirus company Sophos last month estimated that one-third of all spam circulating the Web is relayed through PCs that have been compromised by Remote Access Trojans (RATs). Graham Cluley, a senior technology consultant for Sophos, said that the increasing use of broadband Internet connections and a general lack of security awareness have resulted in around one in three spam emails being redirected through the computers of unsuspecting users. "There are lots of people on cable modems and broadband connections that haven't properly secured their computer. They don't know it, but their PC is being used as a relay for sending spam to thousands and thousands of other people," he said.
As well as sending spam, compromised PCs can be used to launch denial of service attacks or even as platforms for anonymously delivering new malware to unsuspecting Internet users.
TruSecure calculated that the average time period between serious security attacks last year, such as MSBlast and SQL Slammer, was 71 days; the last time a piece of malware caused serious damage was the Sobig.F virus, which hit more than 150 days ago. Although worms are not released according to an organised schedule, TruSecure warns users to be prepared for a major outbreak in the near future.
Talkback
Are you joking?
The real responsibility lies in computer & software makers! Computers are so complicated, how can you expect the average user to understand all their sublties?
I am a computer professional, so I know how to protecte myself, but you can't expect that kind of knowledge for users, it would be the same as requiring car drivers to be trained mechanics...
Seriously, yes, there is a lack of formation, but look at how computers are sold: "it's easy, don't worry", what a LIE!
Blaming worms and virii on users (especially home users) is unfair.
What a stupid comment, is this guy a child, that's the sort of blame shifting I woud expect to hear in a playground,If this is the standard of person who is an IT professional, its no wonder corporatete security is vulnerable. To busy sittiing thinking of the next excuse/person to blame than going out and fixing the real problem.
It's time this industry woke up to the real needs of its users. Clearly it is not practical to expect home-users to educate themselves. What they need is a simpler solution. What SHOULD be happening is ISP's should be developing more secure environments for their customers (who, after all, ultimately pay their bills!). The first ISP to offer genuine VIRUS FREE computing for its subscribers in a SIMPLE way will clean up (as Google did with searching). So come on guys, stop wasting everybody's time developing pointless Flash movies, 3D graphics, websites that take minutes to load on 56k modems, or don't load properly on anything other than IE....shall I go on? Keep it simple. Keep it secure. No-one is going to keep paying you unless you WAKE UP AND START LOOKING AFTER YOUR CUSTOMERS.
Could the mainboard manufacturers incorporate anti virus software in the BIOS. Updating through the www and included in the price of the computer. Re newable updates annually for a small fee. This would at least cover all new buy home user PCs for a year at least.
Hmm,
yes there is something wrong with the marketing of software distríbutors, but do you drive your car around iraq without protection? Maybe we need a licence for using computers, or a new view of "user friendly"
cheers
steve
The IT industry is in la-la land if it's going to blame users for lack of security awareness. It's like the auto industry in the 1950s and 1960s arguing against the added expense of installing seat belts. WAKE UP, you morons! Ig you can't are are unwlling to police your own industry, we the people are going to FORCE lawmakers to regulate the IT industry, and to hell with all the silly "free enterprise" ideas you've been reading in REASON.
No, it's very fair; if it weren't for home users, virus "outbreaks" would be much less severe than they are now.
It doesn't require a user to have intimate knowledge of their entire system, only that they need to have AV software installed and updated daily. To use your allegory, it's the difference between being responsible enough to get your car's routine maintenance done and being a qualified mechanic.
Generally, enterprise networks are fairly virus-proof. It's the irresponsible home user who thinks viruses happen to other people, or who can't be bothered to find out all they need is AV software and correct update settings.