Whitepaper: Oracle Application Express Overview 3.0. Consolidate the management and security of data currently scattered throughout the organization in spreadsheets and personal databases.

Storage Networking , Part 1 eBook: A storage network is any network that's designed to transport block-level storage protocols. But understanding the ins and outs of networked storage takes you deep into several of protocols. This guide covers SANs, Fibre Channels, Disk Arrays, Fabric, and IP Storage. » Storage Networking 2, Configuration and Planning eBook: Picking up where Part 1 left off, Part 2 of our look at storage networking examines configurations for SAN-attached servers and disk arrays, and also includes a look at the future of IP storage. » Storage Management Costs in the Enterprise: A Comparison of Mid-Range Array Solutions Whitepaper: Many factors contribute to the ownership cost for enterprise storage. These include (but are not limited to): physical capacity relative to physical space requirements, performance capacity for data transfer and system reaction time, software maintenance and updates, expandability and flexibility, and much more. » Storage Is Changing Fast  Be Ready or Be Left Behind PDF: The storage landscape is headed for dramatic change, thanks to new technologies like Fibre Channel over Ethernet (FCoE), pNFS, object-based storage and SAS that will affect everything from NAS and SANs to disk drives. Get the knowledge you need to make the most of your storage environment, now and in the future. » HP StorageWorks EVA4400 Demo: Dont settle for an expensive and complex array that lacks functionality. The HP StorageWorks EVA4400 delivers virtual storage with enterprise class functionality at an affordable price. »

Related Articles •Security Firms Forge 'Cyber' Alliance •Viruses Blamed for Expected 80% Spam Saturation by Q3 •A Bio Approach to Network Security •How Long Must You Wait for an Anti-Virus Fix?

eSecurity Glossary biometrics encryption keylogger malware phishing RFID security spyware virus worm Search for more eSecurity terms ...

FREE Tech Newsletters Instant Messaging Planet HTML CIO Update CodeGuru Update Enterprise Networking Planet Practically Networked HTML Enterprise Storage Forum HTML Optically Networked HTML Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Developer.com Update Gamelan Java Update Goodies to Go Javascript Weekly HTML JARS Java Update OpenSource Update SysOpt Tech Notes Grid Computing Planet HTML E-Security Planet HTML Virtual Dr. Text

Virus Attacks Reach 'Epidemic' Proportions
March 2, 2004
By Sharon Gaudin

Wave after wave of new worm variants are pounding IT managers, as well as anti-virus vendors, threatening to overwhelm current security measures.

Just as the industry was reeling yesterday from the weekend release of a new Netsky variant and five new Bagle variants, another two Bagle variants and one more Netsky variant have hit the Internet. The variants are coming so fast that at least one anti-virus vendor has warned its users to update their software every hour.

''It's like a tsunami wave, with all the variants crashing down at once,'' says Ken Dunham, Ken Dunham, director of malicious code at iDefense, Inc., a security intelligence company based in Reston, Va. ''We're getting wave after wave of attacks and they're significant attacks... It's a constant deluge. It's annoying and it's frustrating and people are getting tired of it.''

Anti-virus company, Panda Software, is calling the attacks an 'epidemic'.

Netsky-D, alone, has caused $58.5 million in damages worldwide, according to mi2g, a London-based security assessment company. And as that variant continues to wreak havoc across the Internet, Netsky-E has been discovered. The latest variant spreads via email and network shares, but so far is not causing as much trouble as its predecessors.

''Whoever is behind the Netsky worms is hell bent on causing as much chaos as possible,'' says Graham Cluley, senior technology consultant for Sophos, Inc., a Lynnfield, Mass.-based anti-virus and anti-spam company. ''They have deliberately released new versions of their virus, tweaked to try and avoid detection by anti-virus software. Computer users should heed the warning and be wary of any unsolicited email attachment.''

The Bagle family ushered in Bagle-H and Bagle-I yesterday. Bagle-H, which Sophos upgraded from a low to a medium threat, is an email worm which contains a password-protected Zip file which avoids anti-virus detection. When the attachment is opened, the worm opens up a backdoor on Port 2745 and waits for commands from the virus author. Bagle-I follows the same pattern but has been tweaked to avoid detection by anti-virus software programmed to stop Bagle-H.

''As soon as detection for a new variant is added to anti-virus software, literally, within a couple of hours we'll see the slightest modification done to a new variant to avoid detection,'' says Steve Sundermeier, a vice president at Central Command, Inc., an anti-virus company based in Medina, Ohio. ''It's very apparent to me that there's a cat and mouse game going on. With this kind of timing, this has to be a deliberate attack trying to strain anti-virus companies.''

But while anti-virus companies are struggling to keep up with the deluge of attacks, corporate IT managers are faced with the same problem. They're fighting to keep anti-virus software updated, to keep users from panicking and to keep software patched.

'' That strains us but IT managers have to be on their toes at all times, as well,'' says Sundermeier, who adds that Central Command has told its large customers to update their anti-virus software every hour, as opposed to once a day or every four to six hours. ''This is a definite strain on the IT field. When you have variants C,D,E,F,G,H,I within a matter of 72 hours, that's crazy.''

Dunham of iDefense says he's concerned that it's simply not feasible for some IT managers to have the time and capacity to update their anti-virus software that frequently.

''My question is, How reasonable is that?'', asks Dunham. ''IT managers are having to change the way they operate. It's all about how rapidly they can respond to wave after wave of attack. They're on the line to be in the know about what's going on as it's happening. If they don't have up-to-date information, they're hanging in the wind.''

Tools:

Add www.esecurityplanet.com to your favorites Add www.esecurityplanet.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed

eBook: Evaluating Software as a Service for Your Business. Sponsored by Webroot
Download: Solaris 8 Migration Assistant. Run Solaris 8 apps on the latest SPARC systems and Solaris 10.
Sophos Security Threat Report 2008
Learn Tools & Techniques to Justify and Fund Your IT Investments. Download Complimentary Report Now!
Whitepaper: Enterprise Information Integration--Deployment Best Practices for Low-Cost Implementation