Security experts have warned that vulnerability assessment worms, which assess computers for security flaws and relay the information back to the author, are likely to become more of a threat.
James Kay, the chief technology officer of Blackspider, said on Friday that vulnerability assessment worms are quite rare at the moment, but their number will probably increase as virus writers focus their attacks more carefully and try to avoid detection.
"We haven't seen many of them so far, but it's an example of a trend that could accelerate," said Kay. "The idea of reconnaissance fits our view that worms are becoming lower volume and more targeted. In order to produce targeted attacks this information [about the computer's vulnerabilities] would be useful."
The code in vulnerability assessment worms will be different to the code found in vulnerability scanner products, such as the open source vulnerability scanner Nessus. The worms are also likely to change periodically, as the author of the worm remotely changes the code in the worm, according to Kay.
"The code people write for assessing vulnerabilities is normally quite big and quite heavyweight," said Kay. "These worms will be smaller and stealthier. They will only look for a small number of vulnerabilities and will change over time."
Bruce Schneier, the chief technology officer of security firm Counterpane Internet Security, also spoke of the risk of vulnerability assessment worms in a blog earlier this week. He suggested that worms like SpyBot.KEG, which Secunia first reported in February, will become more common in the future.
"In 2005, we expect to see ever more complex worms and viruses in the wild, incorporating complex behaviour: polymorphic worms, metamorphic worms, and worms that make use of entry-point obscuration. For example, SpyBot.KEG is a sophisticated vulnerability assessment worm that reports discovered vulnerabilities back to the author via IRC channels," said Schneier.
But F-Secure was less concerned about the threat of worms that assess vulnerabilities. "We have seen a couple of them, but I wouldn't say it’s a big issue at the moment," said Mikael Albrecht, a product manager at F-Secure.
Security firms have already been talking for a number of months about the change in viruses from sudden impact viruses, such as the Slammer worm, to slow-burning worms where the focus is on avoiding detection.
Viruses are often used to make money nowadays, so avoiding detection is important to virus writers to increase the chance of picking up financial information, according to Kay from Blackspider.
"What virus writers don't want is to alert people to what they're doing. The longer it [the malicious code] is there, the more likely they are to pick up something interesting. If someone patches soon after they're infected, the virus writers are less likely to pick up bank details," said Kay.
In order to post a comment you need to be registered and logged in
Log in or create your ZDNet UK account below
By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Membership FAQ
With windows it is always more bloat, and a lot of that seems to be duplicated in various places. I've noticed that you will have freed space on...
6 hours ago by ator1940 on Can you believe it - 2765 kB will be freed?
Buzz My Stat : New search for http://www.zdnet.co.uk Take a look: http://www.buzzmystat.com/site/zdnet.co.uk
10 hours ago on Twitter by BuzzMyStat
Hi Jamie, I'm sorry your comment got caught in the spam filter. We use an industry standard blacklist for this. I suspect that the comment may...
14 hours ago by Karen Friar on Spam? Filter Changed?
Pop - Neither have I. Ever, under any circumstances. I'm much more accustomed to Windows slowly, but inexorably, consuming more and more disk...
15 hours ago by J.A. Watson on Can you believe it - 2765 kB will be freed?
Apple are currently pushing to get tv content on the iPad by April 3rd. This could possibly be seen as a spoiler for that announcement I suppose....
1 day ago by John Molloy
Hey - presume you mean something that builds on Apple's existing TV device? Apple have already had a couple of runs at building Apple TV and it's...
1 day ago by Andrew Donoghue on Google's TV timing may reveal more to come
Google, Sony, Intel may build TV project www.zdnet.co.uk/news/emerging-tech/2010/03/18/google-sony-intel-may-build-tv-project-40088359/
1 day ago on Twitter by BVE2011 70,0000 to 90,0000 computers? A very small number considering some of these botnets are in the millions, and there are so many of them operating,...
1 day ago by ator1940 on Microsoft says it decimated Waledac botnet I agree Roger, and why can't they write secure code? What will happen when they find stolen code in windows? They have a track record of...
1 day ago by ator1940 on Microsoft lashing out at Linux, open source Do you think it will really take days?
1 day ago by ator1940 on Microsoft previews Internet Explorer 9 with HTML 5 support
Wonder how many days it will take before somebody codes an exploitive hack for IE9?
2 days ago by Xwindowsjunkie on Microsoft previews Internet Explorer 9 with HTML 5 support
There are some really good people in Microsoft and I wonder, how embarassing it must be for them to see how the organisation behaves from it's...
2 days ago by roger andre on Microsoft lashing out at Linux, open source On further inspection, it looks like some things are missing, is it possible that there was a time lag between whatever state the site was in that...
2 days ago by J.A. Watson on Welcome to the new ZDNet UK community!
Ok. Now I'm getting annoyed. Previously I could just click on just about any item or comment I saw and get a reply box. How do I manage that...
2 days ago by Tezzer on ZDNet UK: faster, smarter, still IT all the way hey Roger. Think I have spotted a bug as when I click on my name it takes me to the same page as if I had clicked on "Edit Profile". i.e...
2 days ago by Andrew Donoghue on ZDNet UK - Now cleaner than an Archbishop's conscience
Great new look for ZDNET UK web-site http://bit.ly/9R5eAA to check it out @ZDNetUK #zdnet
2 days ago on Twitter by ajclarke
Microsoft previews Internet Explorer 9 with HTML 5 support - zdnet.co.uk http://bit.ly/9FSh23
2 days ago on Twitter by feedfrog
We were just pondering on when IE will get HTML5 and CSS3 onboard! this is excellent
2 days ago by kencogold on Microsoft previews Internet Explorer 9 with HTML 5 support
RT @suziedaniels: relaunched www.zdnet.co.uk raises the bar yet again! its so fast it makes my eyes bleed.
2 days ago on Twitter by riptariFor multi-store outlets, including retail, banking, grocery, gas, hospitality, convenience stores and others, reducing (or avoiding) the cost of in-store system support and maintenance while maintaining compliance with PCI and other requirements has become a strategic challenge.
Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk Management, Forrester Research, Inc. As Enterprises are increasingly connected to the Internet and as hard organizational boundaries are fast disappearing, security professionals are facing fresh challenges in Enterprise computing.
This tutorial is for new MindManager users and teaches you how to get started, by creating maps, reading maps and organizing your information.
Talkback
VARIETY AND COMBINATIONS
10 Jun 05 19:26 ReplyThe information technology is a double edge sword, which can be used for destructive as well as constructive work. Thus, the fate of many ventures depends upon the benign or vice intentions, as the case may be, of the person dealing with and using the technology. For instance, a malicious intention forwarded in the form of hacking, data theft, virus attack, etc can bring only destructive results. These methods, however, may also be used for checking the authenticity, safety and security of one’s technological device, which has been primarily relied upon and trusted for providing the security to a particular organisation. For instance, the creator of the “Sasser worm” has been hired as a “security software programmer” by a German firm, so that he can make firewalls, which will stop suspected files from entering computer systems . This exercise of hiring those persons who are responsible for causing havoc and nuisance is the recognition of the growing and inevitable need of “self protection”, which is recognised in all the countries of the world. In fact, a society without protection in the form of “self help” cannot be visualised in the present electronic era.
The growing tenedency of the virus writers to create a variety of viruses and worms and their clubbing into more deadly combinations is a great concern for security experts all over the world. The problem with these viruses and worms is that they are frequently modified and upgraded that makes it difficult to prevent them from creating havoc.