Security analysts are warning corporate administrators to stay vigilant and keep their software patched and up-to-date as viruses and worms continue to grow in sophistication and potential for damage.

"Each time we see something, we see more complexity," says Dan Woolley, a vice president at Reston, Va.-based SilentRunner, Inc., a security company under the parent umbrella of Raytheon. "As that complexity gets greater, the more chance we have of getting hit really badly. This is getting much more serious."

The recent release of the W32.Bugbear worm sent up yet another warning flag to security analysts and those fighting the virus battle. The mass-mailing computer virus reportedly accounted for approximately 320,000 infected email messages, attacking systems running the Windows operating system and an unpatched version of Internet Explorer V5.5.


"It's part of the ongoing blended threat issue that we're facing," says Woolley. "Bugbear wasn't a lethal worm. We haven't seen any lethal payloads yet, but the technology is there that they can be deployed. This is part of the progression. They're becoming much broader and they're using different technologies to get at the systems."

Woolley says there has been a definite progression in the sophistication and dangerousness of viruses and worms. And other analysts agree that the industry is on the cusp of an evolution in computer worms -- those malicious programs that replicate themselves and can spread automatically over the network from one machine to another, wreaking havoc as they go. That evolution is bringing a new breed of problems for network and security administrators.

Woolley says the progression has gone through many progressions or evolutions:

  • designer attacks, (viruses that go after a specific server or application);
  • disguised attacks, (viruses that disassemble and then reassemble inside the network to hide their entrance);
  • blended or hybrid worms (they can propagate themselves and can pack a number of vulnerabilities into one payload).

    The really deadly viruses and worms do exist, says Woolley, but so far they haven't been released into the wild. But he adds that it's probably only a matter of time before it happens.

    'The Fourth Phase'

    Roger Thompson, technical director of malicious code research at TruSecure, agrees that the industry faces a new phase of attacks.

    "I've thought for some time that we're in for the fourth phase of computer viruses," says Thompson, who adds that so far the viruses and worms have been fairly easy to stop. "The virus writing skill set and the security skill set have merged. Previously, there were hackers and there were virus writers and they were two worlds that never met. With the advent of Code Red and Nimda last year, we saw a merging of skill sets. They exploited a vulnerability to get started. It's a blended threat.

    "A lot of people have been thinking just in terms of email worms, but those are just about a done deal," adds Thompson. "The only things that will be successful will use something other than email. They will find security vulnerabilities, a weak password or a buffer overflow."

    Analysts generally agree that new attacks are targeting instant messaging, which is quickly gaining momentum in the workplace and on the home computer. Another coming attack may be the sleeper worm, which invades a computer but doesn't automatically attack the system once it's in. Instead, the worm will wait for a signal to attack, allowing the attacker to coordinate his efforts.

    "What people have to understand is that the bad guys will throw more things at us that exploit vulnerabilities as they're discovered," says Thompson. "Things will come in that don't require you to say 'yes' or click on something. It will just blast in and if you're not patched and updated, it will hit you. They're more sophisticated and that's what's coming."