The intense media attention given to the worm outbreaks may have also stimulated virus and worm writers, according to Neel Mehta, a research engineer at ISS X-Force.
"Virus writers get recognized and that encourages them and others to repeat their actions," he said.
While experts tend to agree on the myriad of causes for the new worms, there is less agreement about what to do to stop them in the future.
Most agree that software companies such as Microsoft need to do a better job of weeding out glaring security holes like the RPC vulnerability while companies should be better about promptly applying software patches as they become available.
"You need balance with the (software) vendors. They need to build more stable code, but IT departments need to take patching more seriously and make it part of their overall security plan," Belthoff said.
Corporate IT security personnel should also do a better job educating employees about proper etiquette for opening or forwarding suspicious e-mail messages.
"If your end-user population is educated in the work environment, (e-mail worms) shouldn't be a problem at all," Belthoff said.
But others disagree, saying that part of the blame lies with antivirus technology companies, which still require their customers to apply software patches and updates to be protected against new threats.
"Traditional antivirus protection is very reactive in nature. Antivirus vendors don't know about a new virus until their switchboards start to light up with calls from their customers, then it's a race against time," Sunner said.
Virus writers like the author of Sobig are increasingly savvy and look to exploit that, he said.
"They're trying to get a virus out there for a short period of time and exploit that window of time using a mass propagation tool like e-mail," Sunner said.
More security vulnerabilities like the RPC vulnerability are inevitable, as are new worms to exploit them, according to experts.
Even more troubling, the window of time between when vulnerabilities are disclosed and when worms and viruses that exploit them appear is likely to close even more.
It took six months for the SQL Server vulnerability to be turned into the SQL Slammer worm. The Windows RPC vulnerability was exploited in just three weeks.
"There is more awareness of vulnerabilities and more motivation to go ahead and write malicious code, because of the attention previous worms have gotten," Mehta said.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
Recommend This
