The security arms race is escalating to unprecedented levels and has security professionals more nervous -- and more vigilant
-- than ever.
What was once the domain of hacker hobbyists looking for glory and free digital content is now the realm of criminally minded
professionals. For years, IT administrators viewed most malware as more of a nuisance than something that could inflict lasting,
six- and seven-figure damage.
In years past, malware might leave “greetz” messages to other hackers in their code, set up file-trading sites, or open IM
chat channels. Not anymore. Today’s top threats are professionally written programs coded to steal identities and passwords,
break into restricted Web sites, conduct corporate espionage, and install spyware. Even after administrators discover and
remove these intrusions, it is difficult to assess the extent of the damage or how much confidential information was compromised.
It’s not surprising, then, that when asked for the most serious security challenge their companies will face in the next 12
months, nearly half (49 percent) of the survey respondents in this year’s InfoWorld Security Research Report cited the increased sophistication of Trojans, viruses, worms, and other malicious code flooding
the enterprise.
“You’re now looking at the low and slow attack,” observes Nand Mulchandani, vice president of marketing at the security software
vendor Determina. The bad guys “don’t want to take a machine down. They want it up and running so it will give up user identities
and so on.”
Fifty-seven percent of the 474 individuals who responded to our survey in July cited viral attacks as the most dangerous threat to network security, up from 29 percent last year. The respondent companies
also reported that each had foiled an average of 368 attacks in the preceding 12 months. An average of 44 attacks, however,
successfully breached defenses, and what is getting by is ever more threatening because their mechanisms are much more complex
-- even self-evolving.
Mothership Code
In the past, most malicious code was stagnant. When released, it did only what it was programmed to do, exhibiting no deviation
from its instructions. Often, malware would announce its presence to the user, as schemes were more about bragging rights
than they were about genuine malice. Even the malware that was designed to inflict damage was relatively tame. The ILoveYou
virus, for example, deleted files when executed, but only script and graphic files. Moreover, the SQL Slammer worm, which
infected almost every Microsoft SQL Sever on the Internet in under 10 minutes, didn’t set out to delete every file on every
file server it could touch, nor did it target Microsoft Office files.
The malicious programs now making the rounds leave corporate administrators wishing for the days when viruses and Trojans
were relatively simple and benevolent, and when intrusive code was removed after the crisis was over. With much of todays
malware, the initial infection vector is only the setup and data destruction is the least of the administrator’s worries.
After a computer has been exploited successfully, many worms and bots will connect to outside servers and download new programs
or instructions. Using this “mothership approach” the malware becomes self-updating. Its eventual instructions are never known
-- many times, even to the code’s writer -- until it has run its course. Several bots end up installing themselves as malicious
Web servers, awaiting connections from their related progeny. The malware removes itself after it successfully downloads code
a certain number of times and completes its task.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
