Schneier on Attack Trends: More Complex Worms 189
Gary W. Longsine writes "Bruce Schneier has posted an interesting entry on
expected attack trends to his blog. Of particular interest is the increasing sophistication of automated worm-based attacks. He cites the developing
W32.spybot.KEG
worm -- once inside a network it scans for several vulnerabilities and reports its findings via IRC.
Trend Micro also has information on a scanning-capable version of this worm, which they call: WORM_SPYBOT.ID"
work work work... (Score:5, Insightful)
This mixed with irc connectiviy, LAN port scanning, update downloads...
Sounds like a full time job to create one. What are these people gaining anyway?
Re:work work work... (Score:5, Insightful)
Dumb sysadmins (Score:1, Insightful)
Modern viruses attack from 2 directions (Score:5, Insightful)
We had a guy who was constantly downloading and running every attachment he ever received. We finally set him up with an ePod terminal and some crayons and haven't had a significant virus problem since. As a bonus, we get some interesting artwork to hang in the lobby.
This goes to show the benefits of Open Source software. Being able to see the code gives attackers a practically clear window into the guts of any network relying on that software. More eyes means more vulnerabilities found, so the network is actually safer because all these holes are known, if not by the security companies themselves, by the attackers who attempt to exploit the bugs.
We can't take the drastic step of eliminating Windows on our networks because it is so entrenched, but the slow migration away from it one desktop at a time is giving us a whole new outlook on viruses.
Re:work work work... (Score:5, Insightful)
Automated access to large numbers of systems inside big corporations and government, where they collect passwords, account names, scan for vulnerabilities and gather information from PC disk drives for evaluation and sale (corporate espionage). Use of thousands of home systems for spambots and DDoS attack fleets. It's all about organized crime and money to be made these days.
No, it ain't just kiddies seeing who they can 0wn anymore. They are playing for keeps now.
Re:Modern viruses attack from 2 directions (Score:5, Insightful)
Human stupidity is greatly amplified by weak architectures. If one lucky user gets a malicious email and executes the attachment (after unlocking the password protected zip and clicking on "Natalie_Portman_Naked.zip") that's bad enough. But cleaning up dozens or hundreds of PC systems clobbered by the resulting worm infestation is catastrophic. The industry is only starting to realize that we need better tools to fix stupid.
-Peter
Re:Dumb sysadmins (Score:1, Insightful)
Re:Dumb sysadmins (Score:3, Insightful)
-Peter
Are We Glad.... (Score:3, Insightful)
What happened to fixing the OS, so an AV isn't needed?
Why do I even bother?
a successful argument for platform diversity? (Score:4, Insightful)
Say what you want about Microsoft, and while much of it's true, the users are to a degree at fault as well. If I leave my keys in my car and the doors unlocked, I can't very well blame the manufacturer for it being stolen.
Re:Worm? (Score:3, Insightful)
Re:IIS == Thumper (Score:1, Insightful)
Didn't Joshua/WOPR* say that? (Score:3, Insightful)
*WOPR (War Operation Planned Response) computer system A.K.A Joshua
Re:Why can't companies guard against this crap? (Score:4, Insightful)
But small businesses are the fastest growing section of the economy, and the only way they can remain productive and competitive is to leverage cheap IT. Translate that to: not paying consultants. That means that the person who is supposed to be worrying about what the small company actually produces is instead worrying about being a home-grown IT person. I can't tell you the number of small businesses I've seen in this mode, and the lack of just-add-water total security systems leaves them pretty vulnerable. But even if there were such magic bullet products out there, any small network open enough to be actually useful to a small business is going to be vulnerable to attacks that have been crafted by a large team of highly skilled, motivated Russian techno-mobsters. That's a tough enemy to fight when you're just, say, a 5-man gardenening retailer, or a mom and pop sign making company.
I think the real solution is thin clients and hosted apps. That way the ASP can use some economy of scale to deal with the threats. I know, thin clients don't work for everyone, but even if you use a fat machine as a thin client, at least your core business apps and data would be safe at Acme Hosting, and the worst thing you'd have to do is burn down your local network and start over.
BTW:
And to the FBI agent who may come across this message: Go find some real criminals. The last I heard, there are still plenty of real crimes still being committed on a daily basis. Murder, rape, child exploitation, etc. Why not devote some time on the big stuff?
Come on, don't fall for the "we can't do two things at once" concept. That's BS. I would imagine that a small company being extorted by Russian DDoS attackers would be "big stuff" to everyone who depends on that small business for their families' income. Dealing with that stuff, and dealing with murderers and rapists (usually local law enforcement, anyway) aren't mutually exclusive. I think what you're really lobbying for is a larger budget for the FBI so that they can deal with sophisticated info-criminals and deal with the more traditional crimes in a large and growing population. Stealing a company's trade secrets, or knocking their business offline, or running off with banking info and using it - the guys who do that for a living sure as hell are "real criminals." Just because they happen to be geeks doesn't make them any less criminal. Don't give them any sympathy just because they have an interest in code or know what NAT stands for.
Re:work work work... Anti-malware tips.... (Score:4, Insightful)
Go into IE and turn off ActiveX, and scripting or (religiously) use the Off By One browser or Lynx which both doesn't understand ActiveX and scripting.
Treat your email and email attachments like 'text files' like I do. I only use Outlook to send email--not receive it.
Use a software firewall and antivirus. I use Agnitum's Outpost and Grisoft's AVG. I also recommended Trend Micro's Sysclean.
A great help would be to surf the internet from behind a hardware router that drops ALL incoming unsolicited connections.
Do you see how cumbersome is to keep the Windows machine free of *ware and viruseseses?
Why bother doing all that when you could just spend 40 minutes installing one of the already user friendly enough Linux distros on the market (Linspire, Xandros, Mandrake, Suse...)???
Re:Modern viruses attack from 2 directions (Score:3, Insightful)
Between good imaging tools (ghost, etc.), setting policies, using industry lock down tools (deep freeze, driveshield, etc.), and creative use of license management software along with partitioning schemes and well set up network drive management keeping users under control is not that too much of a challenge.
My departments are all underfunded to boot, and we can still pull this stuff off. We have the added detriment of using some software (Discreet products mostly) that require admin access by all users, or they just don't work.
We even have a set of machines running XP that we don't use driveshield on so that we can experiment with configurations. Number of worms/virus's: 0. Spyware, well more than 0, but not much considering that 18-20 year olds use them every day.
The first step is deploying infrastructure that is appropriate. When I first started working on our campus, one of my departments wanted to set up a Win2003 server. I finally convinced them that deploying a Mac OS X server was better. And for our needs it certainly is. We also use a number of Linux machines to get other background work done (interestingly enough to make Windows network browsing actually work across subnets).
I by no means am a Microsoft fan. The more I work with their products, the more they annoy me. But even I concede that you can lock them down in a business/educational setting very well if you do the research and take the time.
Niche products don't help (was: Anti-malware tips) (Score:2, Insightful)
You could also use a non-Microsoft, niche product like the ISS personal firewall to help protect yourself if you must use Windows.
And then you can get nailed with something like Witty [caida.org].
There were only about 12,000 Black Ice systems out there. There are over 10 million OS X systems deployed in the world, and no telling how many others (Linux, *BSD, etc.). Each is probably a big enough "niche" to get attention when the opportunity arises (which will happen sooner or later).
There is really no longer anywhere safe to hide.
/jonathan
Re:a successful argument for platform diversity? (Score:2, Insightful)
The problem with this analogy is that you are implying that Microsoft actually provides the door locks which the users are neglecting to use. While things have gotten better with respect to default services and firewalling, it is still de riguer to add on third-party software to any Microsoft Windows OS in order to get it to an acceptable level of security.
Say what you want about Ford, GM, Daimler-Chrysler, etc., but they do always provide the door security mechanisms!